Revoke-AzureAD

RawatP 61 Reputation points
2021-02-10T19:35:22.63+00:00

What does below PowerShell command exactly performs, I am confused whether it just revoke current session for users or revoke session permanently
I want to logout active user from all current sessions and afterwards let him able to login same asl before .

Revoke-AzureADUserAllRefreshToken -ObjectId "Enter Object ID here"

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,664 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,846 Reputation points Microsoft Employee
    2021-02-11T01:01:40.343+00:00

    Based on the description it should just revoke and invalidate the refresh tokens.

    "The Revoke-AzureADUserAllRefreshToken cmdlet invalidates the refresh tokens issued to applications for a user. The cmdlet also invalidates tokens issued to session cookies in a browser for the user. The cmdlet operates by resetting the refreshTokensValidFromDateTime user property to the current date and time."

    To actually disable the user you would use:

    Set-AzureADUser -ObjectId johndoe@contoso.com -AccountEnabled $false  
    

    References:

    https://learn.microsoft.com/en-us/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0

    https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/users-revoke-access


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.