Instantly revoke users and enforce restrictions


Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned

Enabled for Public preview General availability
Users, automatically Jul 7, 2023 Sep 2024

Business value

With this feature, you'll be able to revoke users instantly and enforce IP restrictions. This feature uses continuous access evaluation (CAE) while complying with Azure Active Directory (Azure AD), part of Microsoft Entra, identity policy for user revocation and conditional access IP enforcement policy.

Feature details

CAE evaluates critical events like user account deletion or disablement, password changes, whether multi-factor authentication is enabled for users, and conditional access policy like IP enforcement in near real time. Once the CAE detects changes, a user is denied access to the resource.

The key benefits of CAE are:

  • User termination or password change or reset: User session revocation is enforced in near real time.
  • Network location change: Conditional access location policies are enforced in near real time.
  • Token export: Token export to a machine outside of a trusted network can be prevented with conditional access location policies.

See also

Continuous access evaluation (docs)