cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Force user to log off / revoke session in O365 / Azure

Hi there,

 

I'm trying to build a cloud flow for our Cyber team - what I've got so far is linking MCAS to Power Automate, so that when we get an Impossible Travel alert I can get a series of options presented. One of this is what I want to be a playbook, which signs out the user from 365 / Azure and sends an email to them letting them know of the alert. I can automate the email okay, but can't find an option to force a sign out. How do you do this?

6 REPLIES 6
Expiscornovus
Super User
Super User

Hi @Anonymous,

 

I would have a look at the revokeSignInSessions method of the Microsoft Graph REST API:

https://docs.microsoft.com/en-us/graph/api/user-revokesigninsessions?view=graph-rest-1.0&tabs=http

 

Below is an example of that approach.

Be aware, this approach uses a HTTP action (premium connector) and requires an Registered App in Azure AD with User.ReadWrite.All, Directory.ReadWrite.All permissions.

 

revokesigninsessions.PNG



Happy to help out! 🙂

Interested in more #PowerAutomate #SharePointOnline or #PowerVirtualAgents content?
Visit my blog, Subscribe to my YouTube channel or Follow me on Twitter


Anonymous
Not applicable

Thanks for this @Expiscornovus , assuming I did not want to tack on additional costs, would it be possible to trigger this some other way? I.e. using Powershell to force a sign off based on this flow?

Expiscornovus
Super User
Super User

Hi @Anonymous,

 

In the Azure AD PowerShell module there should be a Revoke-AzureADUserAllRefreshToken cmdlet which you can use:

https://docs.microsoft.com/en-us/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0

 



Happy to help out! 🙂

Interested in more #PowerAutomate #SharePointOnline or #PowerVirtualAgents content?
Visit my blog, Subscribe to my YouTube channel or Follow me on Twitter


Hi @Expiscornovus,

you can use "Send an HTTP request"  action of non-premium "Office 365 groups" connector to do the same.

--------------------------------------------------------------------------------------
Contact me if you are interested in custom Power Automate development.
Expiscornovus
Super User
Super User

Hi @VictorIvanidze,

 

Yes, I always try the Office 365 Groups one first (thanks btw for your escape ? forward slash workaround) 😀 But, it did not work in my development tenant setup.

 

Got a 403 with Access to invalidate refresh tokens operation is denied error.

 

Did you get it to work with that specific revokeSignInSessions Graph API request?



Happy to help out! 🙂

Interested in more #PowerAutomate #SharePointOnline or #PowerVirtualAgents content?
Visit my blog, Subscribe to my YouTube channel or Follow me on Twitter


Hi @Expiscornovus 

you are right - Office 365 Groups connector doesn't work for this.

My bad, sorry.

--------------------------------------------------------------------------------------
Contact me if you are interested in custom Power Automate development.

Helpful resources

Announcements
Microsoft 365 Conference – December 6-8, 2022

Microsoft 365 Conference – December 6-8, 2022

Join us in Las Vegas to experience community, incredible learning opportunities, and connections that will help grow skills, know-how, and more.

Difinity Conference 2022

Difinity Conference 2022

Register today for two amazing days of learning, featuring intensive learning sessions across multiple tracks, led by engaging and dynamic experts.

European SharePoint Conference

European SharePoint Conference

The European SharePoint Conference returns live and in-person November 28-December 1 with 4 Microsoft Keynotes, 9 Tutorials, and 120 Sessions.

Users online (1,881)