Process to remove login access and close all login sessions

Gurudas 886 Reputation points
2022-05-03T05:58:10.26+00:00

Hello Team,

Please let me know process to remove login access and close all login sessions of terminated users via kb article for Office 365.

Exchange Online E3 license
Mailbox: John.dave@Company portal .com
Requirement: John is a terminated user and still tries to access the mailbox, azure ad and sharepoint sites. We need to close all ongoing sessions and block future logins.

Thank you in advance.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,214 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,361 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,467 questions
0 comments No comments
{count} votes

Accepted answer
  1. T. Kujala 8,706 Reputation points
    2022-05-03T07:05:37.423+00:00

    Hi @GurudasSatardekar,

    You can simple do this by using the PS commands.

    Connect-AzureAD

    Set-AzureADUser -ObjectId John.dave@Company portal .com -AccountEnabled $false

    Revoke-AzureADUserAllRefreshToken -ObjectId John.dave@Company portal .com

    https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/users-revoke-access#azure-active-directory-environment


2 additional answers

Sort by: Most helpful
  1. Yi Lu_MSFT 17,471 Reputation points
    2022-05-03T07:04:58.733+00:00

    Hi @Gurudas
    You could delete the user in Azure Active Directory:

    198406-image.png

    You could also reset password, block sign-in or delete user in M365 admin center:

    198400-image.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

  2. JamesTran-MSFT 36,531 Reputation points Microsoft Employee
    2022-05-03T22:44:34.787+00:00

    @GurudasSatardekar
    Thank you for your post!

    Adding onto what @Yi Lu_MSFT and @T. Kujala mentioned, when it comes to delete users within Azure Active Directory you can also revoke their sessions via the Portal.
    198574-image.png

    When access is revoked:
    The user can't gain new tokens for any application tied to Azure Active Directory. The elapsed time between revocation and the user losing their access depends on how the application is granting access:

    • For applications using access tokens, the user loses access when the access token expires.
    • For applications that use session tokens, the existing sessions end as soon as the token expires. If the disabled state of the user is synchronized to the application, the application can automatically revoke the user's existing sessions if it's configured to do so. The time it takes depends on the frequency of synchronization between the application and Azure AD.

    For more info:
    Disable user and Revoke tokens
    Revoke a user's access Best practices

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments