Continuous Access Evaluation — Solving Microsoft 365

Continuous Access Evaluation (CAE) is the Microsoft Entra ID feature that revokes active access tokens in near real time when risk signals change. Without CAE, OAuth access tokens are valid for their lifetime (typically 60–90 minutes), so a user who's disabled or has their password reset can still access resources until the token expires. With CAE, services like Exchange Online, SharePoint Online, and Microsoft Graph re-validate tokens against Entra ID in real time and reject them when account state, location, or risk has changed. CAE applies automatically to supported workloads in supported clients; no admin configuration required for the basic capability.