Password changes are not immediate, there's a lot of caching happening on both the front- and back-end in order to minimize the number of times users are nagged to re-enter credentials, which in turn affects situations like this as well. If you want to immediately revoke access/force re-authentication, you can use the Revoke-AzureADUserAllRefreshToken cmdlet or go to the M365 admin center > users > select the user > sign out of all sessions.
How can GMail app still access emails using old O365 password?
The GMail app on my android phone is set up to access my work emails from Exchange using my Office 365 password. I have changed the password on the computer, and if I try to access the email from the Outlook app, it asks for the new password. But the GMail app can still access Outlook, and send and receive emails several hours later, still using the old password. The password was changed because of a security issue, so this is not acceptable.
4 answers
Sort by: Most helpful
-
-
Karl Parker 16 Reputation points
2021-02-16T10:35:11.987+00:00 This is now asking for the new password, but took almost a full working day. I assumed that any third party application accessing using the password would have to ask for the new password after it was changed, I will change our procedures to make sure that we force sign out of all sessions if an account may have been comporomised.
-
KyleXu-MSFT 26,271 Reputation points
2021-02-22T09:37:26.68+00:00 You could know where is this account logged from the Azure AD Sign-ins:
-
Karl Parker 16 Reputation points
2021-02-22T09:56:53.677+00:00 This was my user account, I only tried this to test it, as someone reported the app still being able to access emails after a password change for a security problem, and I had the same delay. This thread can be closed down, now I know that I just need to force log off.