cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Force user to log off / revoke session in O365 / Azure

Hi there,

 

I'm trying to build a cloud flow for our Cyber team - what I've got so far is linking MCAS to Power Automate, so that when we get an Impossible Travel alert I can get a series of options presented. One of this is what I want to be a playbook, which signs out the user from 365 / Azure and sends an email to them letting them know of the alert. I can automate the email okay, but can't find an option to force a sign out. How do you do this?

6 REPLIES 6
Expiscornovus
Super User
Super User

Hi @Anonymous,

 

I would have a look at the revokeSignInSessions method of the Microsoft Graph REST API:

https://docs.microsoft.com/en-us/graph/api/user-revokesigninsessions?view=graph-rest-1.0&tabs=http

 

Below is an example of that approach.

Be aware, this approach uses a HTTP action (premium connector) and requires an Registered App in Azure AD with User.ReadWrite.All, Directory.ReadWrite.All permissions.

 

revokesigninsessions.PNG

Anonymous
Not applicable

Thanks for this @Expiscornovus , assuming I did not want to tack on additional costs, would it be possible to trigger this some other way? I.e. using Powershell to force a sign off based on this flow?

Expiscornovus
Super User
Super User

Hi @Anonymous,

 

In the Azure AD PowerShell module there should be a Revoke-AzureADUserAllRefreshToken cmdlet which you can use:

https://docs.microsoft.com/en-us/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0

 

Hi @Expiscornovus,

you can use "Send an HTTP request"  action of non-premium "Office 365 groups" connector to do the same.

--------------------------------------------------------------------------------------
Contact me if you are interested in custom Power Automate development.
Expiscornovus
Super User
Super User

Hi @VictorIvanidze,

 

Yes, I always try the Office 365 Groups one first (thanks btw for your escape ? forward slash workaround) 😀 But, it did not work in my development tenant setup.

 

Got a 403 with Access to invalidate refresh tokens operation is denied error.

 

Did you get it to work with that specific revokeSignInSessions Graph API request?

Hi @Expiscornovus 

you are right - Office 365 Groups connector doesn't work for this.

My bad, sorry.

--------------------------------------------------------------------------------------
Contact me if you are interested in custom Power Automate development.

Helpful resources

Announcements
October Events

Mark Your Calendars

So many events happening this month - don't miss out!

 WHAT’S NEXT AT MICROSOFT IGNITE 2022

WHAT’S NEXT AT MICROSOFT IGNITE 2022

Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.

Register for a Free Workshop.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Users online (3,139)