User.RevokeSessions.All

Allow the app to revoke all sign in sessions for a user, on behalf of a signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the User.RevokeSessions.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	77f3a031-c388-4f99-b373-dc68676a979e	fc30e98b-8810-4501-81f5-c20a3196387b
DisplayText	Revoke all sign in sessions for a user	Revoke all sign in sessions for a user
Description	Allow the app to revoke all sign in sessions for a user, without a signed-in user.	Allow the app to revoke all sign in sessions for a user, on behalf of a signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	POST /me/revokeSignInSessions
	POST /users/{id \| userPrincipalName}/revokeSignInSessions

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	POST /me/invalidateAllRefreshTokens
	POST /me/revokeSignInSessions
	POST /users/{id \| userPrincipalName}/invalidateAllRefreshTokens
	POST /users/{id \| userPrincipalName}/revokeSignInSessions

	Commands
	Revoke-MgUserSignInSession

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Invoke-MgBetaInvalidateAllUserRefreshToken
	Revoke-MgBetaUserSignInSession

Table of Contents

User.RevokeSessions.All

Graph Methods