Revoke-EntraBetaUserAllRefreshToken
Invalidates the refresh tokens issued to applications for a user.
Syntax
Default (Default)
Revoke-EntraBetaUserAllRefreshToken
-UserId <String>
[<CommonParameters>]
Description
The Revoke-EntraBetaUserAllRefreshToken cmdlet invalidates the refresh tokens issued to applications for a user.
The cmdlet also invalidates tokens issued to session cookies in a browser for the user.
The cmdlet operates by resetting the refreshTokensValidFromDateTime user property to the current date and time.
The user or an administrator usually performs this operation if the user's device is lost or stolen. It blocks access to the organization's data by requiring the user to sign in again to all previously authorized applications, regardless of the device
Examples
Example 1: Revoke refresh tokens for a user
Connect-Entra -Scopes 'User.RevokeSessions.All'
Revoke-EntraBetaUserAllRefreshToken -UserId 'SawyerM@contoso.com'
Value
-----
True
This example demonstrates how to revoke the tokens for the specified user.
-UserIdparameter specifies the unique identifier of a user.
Parameters
-UserId
Specifies the unique ID of a user.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.