![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 52%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELC%3C/text%3E%3C/svg%3E)
25,130 questions
Hello @LEW CHENG CHEE · Thank you for reaching out.
The purpose of invalidating refresh token is for administrator to revoke all access for a user in scenarios like compromised accounts, employee termination, and other insider threats. This functionality is NOT available for standard users.
Best you can do to avoid having long lived refresh tokens for users is to implement sign-in frequency via conditional access policy. Please refer to https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime for more details on this.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.