Revoke-EntraUserAllRefreshToken

Module:

Microsoft.Entra

Invalidates the refresh tokens issued to applications for a user.

Syntax

Revoke-EntraUserAllRefreshToken
      -UserId <String>
      [<CommonParameters>]

Description

The Revoke-EntraUserAllRefreshToken cmdlet invalidates the refresh tokens issued to applications for a user.

The cmdlet also invalidates tokens issued to session cookies in a browser for the user.

The cmdlet operates by resetting the refreshTokensValidFromDateTime user property to the current date and time.

This operation is usually performed by the user or an administrator if the user's device is lost or stolen. It blocks access to the organization's data by requiring the user to sign in again to all previously authorized applications, regardless of the device.

Examples

Example 1: Revoke refresh tokens for a user

Connect-Entra -Scopes 'User.RevokeSessions.All'
Revoke-EntraUserAllRefreshToken -UserId 'SawyerM@contoso.com'

Value
-----
True

This example demonstrates how to revoke the tokens for the specified user.

• -UserId parameter specifies the unique identifier of a user.

Parameters

-UserId

Specifies the unique ID of a user.

Type:	System.String
Aliases:	ObjectId
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

Related Links

• Revoke-EntraSignedInUserAllRefreshToken