RevokeSignInSessions API Not Signing Out User

Ashutosh Gairola 0 Reputation points
2024-05-29T13:46:51.61+00:00

I am experiencing an issue with the revokeSignInSessions Microsoft Graph API. I am calling the API to sign out a user from Microsoft 365 sessions while for other applications like Onedrive, Teams and Outlook the user got signed out immediately. While the API returns a success code (200), the user remains signed in even after waiting for 30 minutes.

Steps Taken:

  • I have confirmed the revokeSignInSessions API call is made correctly with a valid access token targeting the specific user.
  • The response body from the API call does not contain any error messages.
  • Network connectivity has been verified and there are no apparent issues.
  • I have reviewed Microsoft documentation for known issues or delays related to revokeSignInSessions but found nothing relevant.

Request:

I kindly request assistance in investigating this issue. Please advise on the following:

  • Why the user sign-out is experiencing a significant delay (30 minutes) despite a successful revokeSignInSessions call.
  • Any additional troubleshooting steps I can take to resolve this issue.I am experiencing an issue with the revokeSignInSessions Microsoft Graph API. I am calling the API to sign out a user from Microsoft 365 sessions. While the API returns a success code (200), the user remains signed in even after waiting for 30 minutes.
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,125 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 98,676 Reputation points MVP
    2024-05-29T17:00:06.25+00:00

    The call revokes Refresh tokens, i.e. the ability to get new access tokens. It does not affect any already issued Access tokens, so the user will still be able to access certain services until the corresponding access token(s) expire.

    Some applications can behave differently if they have implemented the Continuous access evaluation feature, as detailed here: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-continuous-access-evaluation

    For such apps, access tokens can also be invalidated, which usually happens few minutes after you issue the call. However, not every app supports said feature, including many apps owned by Microsoft.