Azure has many features to help secure your use of the cloud. Several methods like Multi-Factor Authentication are standard to any IT workload. Some are less well-known, such Continuous Access Evaluation. Below is an excerpt from our white paper “10 Cybersecurity Practices You Must be Implementing Now to Secure Microsoft Azure Active Directory” where we describe the security use of Continuous Access Evaluation for your environment.
Protect Your Network with Continuous Access Evaluation (CAE)
Using access tokens to request information to perform an action is a given for Application development. What may not be at the forefront of consideration is the lifetime of this token. Long-lived access tokens can become invalid during operation. The Azure Continuous Access Evaluation policy is a feature to enforce changes in the privilege of a token in real time. It is similar in thought to MFA, but for your access tokens.
A scenario is disabling an admin account from sign-in once they’ve been notified that they have been compromised. Once disabled, network data flow by the account will be shut off. This also includes Applications that the account is authenticated for. This is an excellent feature to keep a network secure from such situations.
A real-life example would be giving out keys to cleaning staff. If one of the staff becomes compromised by having their keys stolen, that thief could access to your building. Using CAE in this example would be akin to having a guard at each locked door, verifying the key holder’s photo before they enter.
This is one section of our white paper “Senserva Top 10 Cybersecurity Practices“. This is a link to the full document that you can download and read yourself.