Comments on: Why Continuous Access Evaluation (CAE) for Azure AD Matters https://practical365.com/why-continuous-access-evaluation-cae-for-azure-ad-matters/ Practical Office 365 News, Tips, and Tutorials Sun, 29 Jan 2023 13:47:20 +0000 hourly 1 https://wordpress.org/?v=6.3.2 By: Thijs Lecomte https://practical365.com/why-continuous-access-evaluation-cae-for-azure-ad-matters/#comment-252685 Sun, 29 Jan 2023 13:47:20 +0000 https://practical365.com/?p=55687#comment-252685 In reply to Frank Ludovic.

Hi Frank

A workload identity is an app registration with application permissions. So this means a backend script running or a scheduled task. For those app registrations which are using the Graph API (no other API’s are supported), CAE will take into effect

]]>
By: Frank Ludovic https://practical365.com/why-continuous-access-evaluation-cae-for-azure-ad-matters/#comment-251298 Mon, 16 Jan 2023 15:08:07 +0000 https://practical365.com/?p=55687#comment-251298 Hello,

Thank you for your article, in Microsoft documentation about CAE for Workload identities “The continuous access evaluation for workload identities public preview scope includes support for Microsoft Graph as a resource provider.
The preview targets service principals for line of business (LOB) applications”
That’s mean CAE for workload also support thirt party application registred in Azure AD ?

Thank you for your reply

]]>
By: David Gorman https://practical365.com/why-continuous-access-evaluation-cae-for-azure-ad-matters/#comment-238142 Thu, 31 Mar 2022 07:56:47 +0000 https://practical365.com/?p=55687#comment-238142 In reply to Thijs Lecomte.

Yes, we use known IP addresses in some CA polices.

I might see if they could be based more on the device itself rather than IP though.

]]>
By: Thijs Lecomte https://practical365.com/why-continuous-access-evaluation-cae-for-azure-ad-matters/#comment-238060 Wed, 23 Mar 2022 10:46:30 +0000 https://practical365.com/?p=55687#comment-238060 In reply to Dave.

I fear that’s not going to be possible. Did it cause reauthentication at that time? Do you have different CA policies setup based on IP locations?

]]>
By: Dave https://practical365.com/why-continuous-access-evaluation-cae-for-azure-ad-matters/#comment-238058 Wed, 23 Mar 2022 09:24:22 +0000 https://practical365.com/?p=55687#comment-238058 This seems excellent but I was running into issues when I had to connect/disconnect from the VPN. Obviously it makes sense, my IP and location had changed, but it was annoying.

Wondering if in future we could identify networks that don’t count as “change”.

]]>