We’re thrilled to announce that Continuous Access Evaluation (CAE) is now supported on Azure DevOps, bringing a new level of near real-time security enforcement to your development workflows.

🔐 What Is CAE?

Continuous Access Evaluation (CAE) is a feature from Microsoft Entra ID that enables near real-time enforcement of Conditional Access policies. Traditionally, Microsoft Entra access tokens in Azure DevOps are valid for up to an hour, meaning that even after a user’s account is disabled or a password is changed, access may persist until the token expires. CAE changes that.

With CAE, Azure DevOps can revoke access quickly after critical events occur, such as:

• User deletion or disablement
• Password changes or resets
• Admin-triggered token revocations
• Multi-factor Authentication enablement
• IP/location changes

This is achieved through a two-way conversation between Entra and Azure DevOps, allowing for access-time policy enforcement rather than relying solely on enforcement at time of token issuance. Real-time enforcement means that compromised accounts or policy violations are addressed as soon as we learn of the event, reducing exposure windows and improving incident response. (See Microsoft Entra documentation for any expected considerations and latency per critical event.)

These changes are now rolling out across the Azure DevOps web platform and ought to be available by end of August.

🧪 What’s Changing for Developers?

If you’re using our latest .NET client library, you’ll need to handle CAE rejections gracefully. When a token is rejected, the client will receive a 401 Unauthorized response with a claims challenge. Your app must extract the challenge, fetch a new token, and retry the request. CAE is expected to arrive in our Python and Go client libraries by the end of 2025.

Learn more about claims challenges in the Entra documentation. We’ll also update this blog shortly with code samples for our latest .NET client library.

Let us know what you think about this new CAE support in the comments below!