Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,531 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Is it possible to invalidate/kill the user session tokens (Id_Token, Refresh_Token) whenever the user changes their password? If yes, how can it be done?
They will be invalidated by default due to the Continuous Access Evaluation feature supported by first-party Microsoft apps. If you have your own app and want to support such behavior, follow the instructions here to implement CAE support: https://learn.microsoft.com/en-us/entra/identity-platform/app-resilience-continuous-access-evaluation?tabs=dotnet