I tried to Revoke-AzureADUserAllRefreshToken for a user but that fails while I have the authentication administrator and user administrator elevated by PIM. That fails with the following error:
Get-AzureADUser -All:$true -SearchString username | Revoke-AzureADUserAllRefreshToken
Revoke-AzureADUserAllRefreshToken : Error occurred while executing RevokeUserAllRefreshTokens
Code: Authorization_RequestDenied
Message: Access to invalidate refresh tokens operation is denied.
RequestId: 863a01c8-84bc-443d-815b-e09cb7a633e7
DateTimeStamp: Mon, 21 Dec 2020 12:35:15 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:82
| Revoke-AzureADUserAllRefreshToken |
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Revoke-AzureADUserAllRefreshToken], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.RevokeUserAllRefreshTokens
Environment data
$PSVersionTable
Name Value
PSVersion 5.1.19041.610
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.19041.610
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
I tried to Revoke-AzureADUserAllRefreshToken for a user but that fails while I have the authentication administrator and user administrator elevated by PIM. That fails with the following error:
Environment data
$PSVersionTable
Name Value
PSVersion 5.1.19041.610
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.19041.610
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1