Microsoft promises enhanced security by extending sign-out capabilities across all Microsoft 365 services.
Last Update: Oct 07, 2024 | Published: Oct 04, 2024
Key Takeaways:
Microsoft is phasing out the Revoke-SPOUserSession cmdlet for SharePoint Online, replacing it with a more comprehensive Microsoft Graph alternative. This transition, which is set to begin next month, promises enhanced security by extending sign-out capabilities across all Microsoft 365 services.
Microsoft introduced the Revoke SPOUserSession cmdlet back in January 2016. It allows administrators to invalidate the SharePoint Online sessions of a user across all devices. Once triggered, it signs the user out of all platforms, including browsers, desktop apps, and mobile devices. This tool is especially useful when a user leaves an organization or if their account is compromised.
Microsoft’s telemetry data shows that only a small number of organizations use the Revoke-SPOUserSession cmdlet for user management. As a result, the company is replacing it with the Microsoft Graph Revoke-MgUserSignInSession cmdlet, which signs users out of all Microsoft 365 services, not just SharePoint Online.
“We will be retiring the Revoke-SPOUserSession PowerShell cmdlet for Microsoft SharePoint Online (SPO), as part of our ongoing efforts to enhance security and streamline scope and permissions for our users. Instead, please use the Revoke-MgUserSignInSession, where we will continue to invest resources,” the company explained in a message on the Microsoft 365 admin center.
Starting in early November, Microsoft will begin blocking all attempts to use the old cmdlet. Users will receive the error message: “This cmdlet has been deprecated and replaced by Microsoft graph cmdlet ‘Revoke-MgUserSignInSession.”
Microsoft urges enterprise admins to begin migrating to the new Revoke-MgUserSignInSession cmdlet as soon as possible. The company also recommends ensuring that automated processes and workflows are updated to avoid disruptions caused by the deprecation of the old cmdlet.