Based on the description it should just revoke and invalidate the refresh tokens.
"The Revoke-AzureADUserAllRefreshToken cmdlet invalidates the refresh tokens issued to applications for a user. The cmdlet also invalidates tokens issued to session cookies in a browser for the user. The cmdlet operates by resetting the refreshTokensValidFromDateTime user property to the current date and time."
To actually disable the user you would use:
Set-AzureADUser -ObjectId firstname.lastname@example.org -AccountEnabled $false