Microsoft 365 : PowerShell – Microsoft Graph PowerShell tutorial – Part 8 – Exploring CMDLET – Revoke-MgUserSignInSession

by · Published · Updated

Microsoft Graph PowerShell - Exploring PowerShell - "Revoke-MgUserSignInSession"
Microsoft Graph PowerShell - Exploring PowerShell - "Revoke-MgUserSignInSession"

Hi All,

Greetings for the day!!!

Today exploring one more GRAPH PowerShell CMDLET- Revoke-MgUserSignInSession.

Details:

  • Module:Microsoft.Graph.Users.Actions
  • This PowerShell CMDLETs invalidates all the refresh tokens issued to applications for a user.
  • It also invalidates session cookies in a user’s browser.
  • Refresh tokens are invalidated by resetting the signInSessionsValidFromDateTime user property to the current date-time.
  • This operation prevents access to the organization’s data through applications on the device.
  • It requires the user to sign in again to all applications that they have previously consented to. This requirement is independent of the device.

Use Case:

  • This PowerShell used mostly when user lost his/her device or device is stolen

Syntax

Revoke-MgUserSignInSession
      -UserId <String>
      [-ResponseHeadersVariable <String>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Revoke-MgUserSignInSession
      -InputObject <IUsersActionsIdentity>
      [-ResponseHeadersVariable <String>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Permissions needed to execute this CMDLET

Permission typeLeast privileged permissionsHigher privileged permissions
Delegated (work or school account)User.RevokeSessions.AllDirectory.ReadWrite.All, User.ReadWrite.All
Delegated (personal Microsoft account)Not supported.Not supported.
ApplicationUser.RevokeSessions.AllNot available.
Table : Permissions needed to execute this CMDLET

Demo / Example

  • Lets execute this CMDLET
  • To execute this CMDLET we need to connect to Microsoft Graph API using CMDLET – Connect-MgGraph

We have detailed article on Connect-MgGraph CMDLET – Microsoft 365 : PowerShell – Microsoft Graph PowerShell tutorial – Part 2 – exploring Connect-MgGraph with couple of scenarios

  • Open the Microsoft PowerShell ISE
  • Import the module – “Microsoft.Graph.Users.Actions

Import-Module Microsoft.Graph.Users.Actions

  • Connect to Microsoft Graph using – Connect-MgGraph
  • As “Revoke-MgUserSignInSession” requires “User.RevokeSessions.All” permissions, while connecting to Microsoft Graph use the value to scope attribute to “User.RevokeSessions.All
Connect-MgGraph -Scopes "User.RevokeSessions.All"

  • As we successfully connected to “Microsoft Graph“, we are ready to execute “Revoke-MgUserSignInSession” CMDLET
# A UPN can also be used as -UserId.
Revoke-MgUserSignInSession -UserId prasham@knowledgejunction1.onmicrosoft.com -Confirm
  • This PowerShell CMDLET returns “True” or “False”.

Complete PowerShell

Import-Module Microsoft.Graph.Users.Actions

Connect-MgGraph -Scopes "User.RevokeSessions.All"

# A UPN can also be used as -UserId.
Revoke-MgUserSignInSession -UserId prasham@knowledgejunction1.onmicrosoft.com -Confirm

Microsoft Graph PowerShell - Exploring PowerShell - "Revoke-MgUserSignInSession"
fig : Microsoft Graph PowerShell – Exploring PowerShell – “Revoke-MgUserSignInSession”
  • As “Revoke-MgUserSignInSession” CMDLET executed successfully, next time when we login to any service of Microsoft 365 / Azure, we will get an prompt for authentication (password)

REFERENCES:

Thanks for reading ! Stay tuned for more articles on Microsoft Graph PowerShell and PowerShell !

HAPPY LEARNING 🙂 LIFE IS BEAUTIFUL 🙂

Tags:

Prasham Sabadra

LIFE IS VERY BEAUTIFUL. ENJOY THE WHOLE JOURNEY :) Founder of Microsoft 365 Junction, Speaker, Author, Learner, Developer, Passionate Techie. Certified Professional Workshop Facilitator / Public Speaker. Believe in knowledge sharing. Around 20+ years of total IT experience and 17+ years of experience in SharePoint and Microsoft 365 services Please feel free me to contact for any SharePoint / Microsoft 365 queries. I am also very much interested in behavioral (life changing) sessions like motivational speeches, Success, Goal Setting, About Life, How to live Life etc. My book - Microsoft 365 Power Shell hand book for Administrators and Beginners and 100 Power Shell Interview Questions - https://www.amazon.in/Microsoft-Administrators-Beginners-Interview-Questions/dp/9394901639/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1679029081&sr=8-11

You may also like...

1 Response

  1. MAJOR UPDATE - Microsoft 365 - Microsoft SharePoint: “Revoke SPOUserSession” retires starting November 2024 - Time to take action
    October 21, 2024

    […] This cmdlet has been deprecated and replaced by Microsoft graph cmdlet ‘Revoke-MgUserSignInSession’ as described in: Revoke-MgUserSignInSession […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Microsoft 365

Subscribe now to keep reading and get access to the full archive.

Continue reading