Revoke All User Sessions for Microsoft Entra ID and Office 365

.wp-grid-builder .wpgb-card.wpgb-card-hidden .wpgb-card-wrapper{opacity:1!important;visibility:visible!important;transform:none!important}.wpgb-facet {opacity:1!important;pointer-events:auto!important}.wpgb-facet *:not(.wpgb-pagination-facet){display:none}

Revoke All User Sessions for Azure AD and Office 365

Whether due to a phishing attack that created a compromised account, or you want to have a definitive offboarding process, everyone needs to be aware of the capabilities to immediately revoke and deny access to a specific user account. Microsoft has several ways to accomplish this and even provides a full documented process for user terminations:

OneDrive Sign Out
SharePoint Online PowerShell
Microsoft Entra ID (formerly Azure AD) PowerShell

Each has their own process and while there are limitations to the first two options, all three should be included in any script to ensure sufficient termination of access to an account.

OneDrive GUI

The first method provides a Graphical User Interface (GUI) method for those that are not comfortable with PowerShell. The process involves going to the Office 365 Admin Center (https://admin.microsoft.com) and using the following process:

In the admin center, go to the Users > Active users
Select the key icon box next to the user’s name, and then select Reset password.
Enter a new password, and then select Reset. (Don’t send it to them.)
Select the user’s name to go to their properties pane, and on the OneDrive tab, select Initiate sign-out

SharePoint PowerShell

Using SharePoint Online PowerShell is equivalent to the OneDrive GUI method; however, this can be scripted. Use the following commands to connect to SharePoint Online PowerShell and revoke the users’ sessions across Office 365 and all devices.

Keep in mind, regardless of which method above is used, the refresh token is good for an hour by default, so the timeline depends on how much time is left on their token and whether they navigate out of their current webpage. This is configurable to a minimum of 10 minutes. The following chart shows the token types and the possible values. Each of these can be configured using an Microsoft Entra ID (formerly Azure AD) Policy (Get|Set|New-AzureADPolicy)

eGroup | Enabling Technologies can help you properly prepare for moving to the cloud based on Microsoft Best Practices and utilizing a secure and productive environment. You can check out more on our Data Protection page.

Work with our team of Cloud Computing Consultants who have years of experience and know all of the “minefields” to prevent missteps.

Learn more about Entra ID and Office 365

Interested in moving to the cloud?

Contact our team of experts to get started with cloud and Data Protection!

Last updated on October 31st, 2023 at 12:41 pm

Microsoft Azure Services

Security Services

Microsoft 365 Services

Consulting Services

Hybrid Data Center Services

Data, AI, Apps & Automation

Managed Services

Learn more about Entra ID and Office 365