Instantly revoke users and enforce restrictions
Important
Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned
| Enabled for | Public preview | General availability |
|---|---|---|
| Users, automatically | 
Jul 7, 2023 |
Mar 2025 |
Business value
With this feature, you'll be able to revoke users instantly and enforce IP restrictions. This feature uses continuous access evaluation (CAE) while complying with Azure Active Directory (Azure AD), part of Microsoft Entra, identity policy for user revocation, and conditional access IP enforcement policy.
Feature details
CAE evaluates critical events like user account deletion or disablement, password changes, whether multi-factor authentication is enabled for users, and conditional access policies like IP enforcement in near real-time. Once the CAE detects changes, a user is denied access to the resource.
The key benefits of CAE are:
- User termination or password change or reset: User session revocation is enforced in near real-time.
- Network location change: Conditional access location policies are enforced in near real-time.
- Token export: Token export to a machine outside a trusted network can be prevented with conditional access location policies.
Additional resources
Continuous access evaluation (docs)