Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,525 questions
Hello @scarecrow kakashi and thanks for reaching out. Azure AD refresh tokens can be revoked by a user using the AzureAD PowerShell Revoke-AzureADSignedInUserAllRefreshToken cmdlet or by an admin using the Revoke-AzureADUserAllRefreshToken cmdlet. For other instances when refresh tokens will get revoked during the device flow take a look to the password-and non-password based token columns of the Token revocations table.
On the other side, Azure AD access tokens cannot be revoked. You can however control their lifetime using Configurable token lifetimes (mobile and desktop clients that access SharePoint Online and OneDrive for Business resources) and Conditional Access Session Management.
Default lifetime for an access token ranges from 60 to 90 minutes. For more information take a look to Access token lifetime.
Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.
Thanks for your question and for accepting my answer @scarecrow kakashi . Also, please complete the quality survey. It will help others with similar questions. Please let me know if you need any additional help!