RawatP 61 Reputation points

What does below PowerShell command exactly performs, I am confused whether it just revoke current session for users or revoke session permanently
I want to logout active user from all current sessions and afterwards let him able to login same asl before .

Revoke-AzureADUserAllRefreshToken -ObjectId "Enter Object ID here"

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,498 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 29,291 Reputation points Microsoft Employee

    Based on the description it should just revoke and invalidate the refresh tokens.

    "The Revoke-AzureADUserAllRefreshToken cmdlet invalidates the refresh tokens issued to applications for a user. The cmdlet also invalidates tokens issued to session cookies in a browser for the user. The cmdlet operates by resetting the refreshTokensValidFromDateTime user property to the current date and time."

    To actually disable the user you would use:

    Set-AzureADUser -ObjectId -AccountEnabled $false