I'm trying to build a cloud flow for our Cyber team - what I've got so far is linking MCAS to Power Automate, so that when we get an Impossible Travel alert I can get a series of options presented. One of this is what I want to be a playbook, which signs out the user from 365 / Azure and sends an email to them letting them know of the alert. I can automate the email okay, but can't find an option to force a sign out. How do you do this?
I would have a look at the revokeSignInSessions method of the Microsoft Graph REST API:
Below is an example of that approach.
Be aware, this approach uses a HTTP action (premium connector) and requires an Registered App in Azure AD with User.ReadWrite.All, Directory.ReadWrite.All permissions.
Thanks for this @Expiscornovus , assuming I did not want to tack on additional costs, would it be possible to trigger this some other way? I.e. using Powershell to force a sign off based on this flow?
In the Azure AD PowerShell module there should be a Revoke-AzureADUserAllRefreshToken cmdlet which you can use:
you can use "Send an HTTP request" action of non-premium "Office 365 groups" connector to do the same.
Yes, I always try the Office 365 Groups one first (thanks btw for your escape ? forward slash workaround) 😀 But, it did not work in my development tenant setup.
Got a 403 with Access to invalidate refresh tokens operation is denied error.
Did you get it to work with that specific revokeSignInSessions Graph API request?
you are right - Office 365 Groups connector doesn't work for this.
My bad, sorry.
So many events happening this month - don't miss out!
Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.
Learn to digitize and optimize business processes and connect all your applications to share data in real time.