Microsoft to Retire Revoke-SPOUserSession Cmdlet in SharePoint Online

Microsoft promises enhanced security by extending sign-out capabilities across all Microsoft 365 services.

Last Update: Oct 07, 2024 | Published: Oct 04, 2024

Microsoft SharePoint

SHARE ARTICLE

Key Takeaways:

  • Microsoft will retire the Revoke-SPOUserSession cmdlet for SharePoint Online in early November.
  • The new cmdlet works across all Microsoft 365 services.
  • Microsoft urges administrators to update their automated workflows and migrate to the new cmdlet.

Microsoft is phasing out the Revoke-SPOUserSession cmdlet for SharePoint Online, replacing it with a more comprehensive Microsoft Graph alternative. This transition, which is set to begin next month, promises enhanced security by extending sign-out capabilities across all Microsoft 365 services.

Microsoft introduced the Revoke SPOUserSession cmdlet back in January 2016. It allows administrators to invalidate the SharePoint Online sessions of a user across all devices. Once triggered, it signs the user out of all platforms, including browsers, desktop apps, and mobile devices. This tool is especially useful when a user leaves an organization or if their account is compromised.

Why Microsoft is deprecating the Revoke-SPOUserSession cmdlet?

Microsoft’s telemetry data shows that only a small number of organizations use the Revoke-SPOUserSession cmdlet for user management. As a result, the company is replacing it with the Microsoft Graph Revoke-MgUserSignInSession cmdlet, which signs users out of all Microsoft 365 services, not just SharePoint Online.

“We will be retiring the Revoke-SPOUserSession PowerShell cmdlet for Microsoft SharePoint Online (SPO), as part of our ongoing efforts to enhance security and streamline scope and permissions for our users. Instead, please use the Revoke-MgUserSignInSession, where we will continue to invest resources,” the company explained in a message on the Microsoft 365 admin center.

How will this change affect your organization?

Starting in early November, Microsoft will begin blocking all attempts to use the old cmdlet. Users will receive the error message: “This cmdlet has been deprecated and replaced by Microsoft graph cmdlet ‘Revoke-MgUserSignInSession.”

Microsoft urges enterprise admins to begin migrating to the new Revoke-MgUserSignInSession cmdlet as soon as possible. The company also recommends ensuring that automated processes and workflows are updated to avoid disruptions caused by the deprecation of the old cmdlet.

SHARE ARTICLE