Whether due to a phishing attack that created a compromised account, or you want to have a definitive offboarding process, everyone needs to be aware of the capabilities to immediately revoke and deny access to a specific user account. Microsoft has several ways to accomplish this and even provides a full documented process for user terminations:
- OneDrive Sign Out
- SharePoint Online PowerShell
- Azure AD PowerShell
Each has their own process and while there are limitations to the first two options, all three should be included in any script to ensure sufficient termination of access to an account.
The first method provides a Graphical User Interface (GUI) method for those that are not comfortable with PowerShell. The process involves going to the Office 365 Admin Center (https://admin.microsoft.com) and using the following process:
- In the admin center, go to the Users > Active users
- Select the key icon box next to the user's name, and then select Reset password.
- Enter a new password, and then select Reset. (Don't send it to them.)
- Select the user's name to go to their properties pane, and on the OneDrive tab, select Initiate sign-out
Using SharePoint Online PowerShell is equivalent to the OneDrive GUI method; however, this can be scripted. Use the following commands to connect to SharePoint Online PowerShell and revoke the users’ sessions across Office 365 and all devices.
Keep in mind, regardless of which method above is used, the refresh token is good for an hour by default, so the timeline depends on how much time is left on their token and whether they navigate out of their current webpage. This is configurable to a minimum of 10 minutes. The following chart shows the token types and the possible values. Each of these can be configured using an Azure AD Policy (Get|Set|New-AzureADPolicy)
Enabling Technologies can help you properly prepare for moving to the cloud based on Microsoft Best Practices and utilizing a secure and productive environment. You can check out more in the Security section of our website.