Remote-access Guide

remote access cae filespace

by Terry McClure Published 2 years ago Updated 2 years ago
image

There are two ways to access your group filespace: Remote Access to CAE Files 1. Navigate to myfiles.cae.wisc.edu. Make sure you are connected to either WiscVPN or Engineering VPN. Then, log in with your CAE credentials.

Full Answer

How to remotely access CAE applications online?

Remotely access CAE applications online through XenApp. How to install and connect to XenApp. XenApp allows you to access many of CAE's software remotely. You do not need WiscVPN running to use this program.

What accommodations does the CAE provide for registered students?

The CAE can support registered students with accommodations related to student organization events and/or co-curricular activities. Reasonable accommodations for co-curricular activities will be determined with students on an individualized basis.

What is the initial implementation of continuous access evaluation (CAE)?

The initial implementation of continuous access evaluation focuses on Exchange, Teams, and SharePoint Online. To prepare your applications to use CAE, see How to use Continuous Access Evaluation enabled APIs in your applications.

How do I disable continuous access evaluation for a tenant?

To disable continuous access evaluation please select Enable preview then Disable preview and select Save. You can query the Microsoft Graph via continuousAccessEvaluationPolicy to verify the configuration of CAE in your tenant.

image

If You Require Both Text-based and Graphical Programs

Select your computer's operating system from the list below for instructions on setting up a secure shell (ssh) client and X server. Installing both a secure shell client and an X server will allow you to access CAE Unix and Linux systems from anywhere in the world, and will enable the display of graphical programs on your local computer's display.

If you Require Only Text-based Programs

Select your computer's operating system from the list below for instructions on setting up a secure shell (ssh) client. Installing a secure shell client by itself will allow you to access CAE Unix and Linux systems from anywhere in the world, but will disable the display of graphical programs on your local computer's display.

What is CAE client?

A CAE-capable client presents credentials or a refresh token to Azure AD asking for an access token for some resource.

Why do CAE clients rely on CAE?

Because risk and policy are evaluated in real time, clients that negotiate continuous access evaluation aware sessions will rely on CAE instead of existing static access token lifetime policies, which means that configurable token lifetime policy will not be honored anymore for CAE-capable clients that negotiate CAE-aware sessions.

How long does a token last in CAE?

Token lifetime is increased to long lived, up to 28 hours, in CAE sessions. Revocation is driven by critical events and policy evaluation, not just an arbitrary time period. This change increases the stability of applications without affecting security posture.

What is continuous access evaluation?

Continuous access evaluation is implemented by enabling services, like Exchange Online, SharePoint Online, and Teams, to subscribe to critical events in Azure AD so that those events can be evaluated and enforced near real time. Critical event evaluation does not rely on Conditional Access policies so is available in any tenant. The following events are currently evaluated:

How long does it take for a conditional access policy to be effective?

Changes made to Conditional Access policies and group membership made by administrators could take up to one day to be effective. The delay is from replication between Azure AD and resource providers like Exchange Online and SharePoint Online. Some optimization has been done for policy updates, which reduce the delay to two hours. However, it doesn't cover all the scenarios yet.

What does Leaving the default selected Auto Enable after general availability do?

Leaving the default selected Auto Enable after general availability enables the functionality when CAE is generally available.

What are the two scenarios that make up continuous access evaluation?

There are two scenarios that make up continuous access evaluation, critical event evaluation and Conditional Access policy evaluation.

image

Scenarios

Image
There are two scenarios that make up continuous access evaluation, critical event evaluation and Conditional Access policy evaluation.
See more on docs.microsoft.com

Client Capabilities

  • Client-side claim challenge
    Before continuous access evaluation, clients would replay the access token from its cache as long as it hadn't expired. With CAE, we introduce a new case where a resource provider can reject a token when it isn't expired. To inform clients to bypass their cache even though the cached toke…
  • Token lifetime
    Because risk and policy are evaluated in real time, clients that negotiate continuous access evaluation aware sessions no longer rely on static access token lifetime policies. This change means that the configurable token lifetime policy isn't honored for clients negotiating CAE-awar…
See more on docs.microsoft.com

Example Flow Diagrams

  • User revocation event flow
    1. A CAE-capable client presents credentials or a refresh token to Azure AD asking for an access token for some resource. 2. An access token is returned along with other artifacts to the client. 3. An Administrator explicitly revokes all refresh tokens for the user. A revocation event will be sen…
  • User condition change flow
    In the following example, a Conditional Access administrator has configured a location based Conditional Access policy to only allow access from specific IP ranges: 1. A CAE-capable client presents credentials or a refresh token to Azure AD asking for an access token for some resourc…
See more on docs.microsoft.com

Enable Or Disable Cae

  • The CAE setting has been moved to under the Conditional Access blade. New CAE customers can access and toggle CAE directly when creating Conditional Access policies. However, some existing customers must go through migration before they can access CAE through Conditional Access.
See more on docs.microsoft.com

Limitations

  • Group membership and Policy update effective time
    Changes made to Conditional Access policies and group membership made by administrators could take up to one day to be effective. The delay is from replication between Azure AD and resource providers like Exchange Online and SharePoint Online. Some optimization has been d…
  • IP address variation
    Your identity provider and resource providers may see different IP addresses. This mismatch may happen because of: 1. Network proxy implementations in your organization 2. Incorrect IPv4/IPv6 configurations between your identity provider and resource provider Examples: 1. Your identity p…
See more on docs.microsoft.com

FAQs

  • How will CAE work with Sign-in Frequency?
    Sign-in Frequency will be honored with or without CAE.
See more on docs.microsoft.com

Next Steps

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9