Microsoft Corporation
EVALUATING A RESULT OF ENFORCEMENT OF ACCESS CONTROL POLICIES INSTEAD OF ENFORCING THE ACCESS CONTROL POLICIES

Abstract:

Techniques are described herein that are capable of evaluating a result of enforcement of access control policies instead of enforcing the access control policies. For instance, a result of enforcement of an access control policy with regard to sign-in processes is evaluated instead of enforcing the access control policy with regard to the sign-in processes. The evaluation includes monitoring access requests that are received during the sign-in processes. Each access request requests access to a resource. The evaluation further includes comparing attributes of each access request against the access control policy that specifies criteria that are to be satisfied as a prerequisite to granting access to the resource to which access is requested by the respective access request. Metadata associated with the sign-in processes is generated instead of enforcing the access control policy with regard to the sign-in processes.