How to revoke Microsoft Office 365 access in bulk

From time to time, organizations may have a situation where the IT admin is asked to block certain users from Microsoft Office 365 access. For example, you may want to reset passwords, or revoke access for certain employees who are already signed into various Microsoft 365 applications.

Blocking users and revoking their access can be done in the Microsoft admin center but revoking access for employees who are already signed into apps can only be done one by one in the admin center. This makes it a time-consuming and tedious process.

You should note that it can take up to 15 minutes for this process to complete regardless how it’s done. A user who is signed into an app will be able to immediately sign back in unless you have also blocked their sign-in status.

1. Go to the Microsoft Admin Center and choose Active users from menu on the left side.
2. Click on the employee.
3. Click on “Sign out of all sessions”.
4. Choose to initiate a one-time event that will sign this person out of all ‎Microsoft 365‎ sessions across all devices.

While revoking user access in the Microsoft Admin Center can only be done one user at a time, blocking users from signing in can be applied to several users. However, if you have a very large use environment, again, this will have to be done one by one since you will need to search for each user to select them, taking time and effort. Another option would be to use a PowerShell script that you either write or find online.

Because of the Microsoft Admin Center’s limitations, many IT admins choose to use a PowerShell script to accomplish this job. However, this particular script will be complex. Your PowerShell script will need to connect to Microsoft Graph and you will need to include a cmdlet for revoking access and another for blocking users’ ability to sign in.

1. You’ll first need to connect to Entra ID (aka Azure AD) by running: Connect-MgGraph.
2. Revoke access for a user with this cmdlet: Revoke-MgUserSignInSession.

Details on using this PowerShell cmdlet can be found on this page.

Of course, you need to have a certain level of familiarity with PowerShell, ideally the ability to write complex scripts in order to take advantage of this option. You may be able to find a script online but there is no way to check that the script actually works as it should. There is always the threat of introducing errors into your environment. For those IT admins who want to avoid using PowerShell, it’s great to have another option.

Another way to revoke Microsoft Office 365 access is by using a software tool such as sapio365. With sapio365, you don’t need a PowerShell script, you only need to click.

1. Go to the Users module in sapio365.
2. Select your users individually or you can select them all at once through a file. Using a file is more accurate and it helps ensure that you won’t miss any.
3. To block users from signing in, click on the “Edit” button and set Sign-in to False.
4. To revoke access, click on the “Revoke access” button.

You will see that these employees now have “Revoke Pending” showing next to their names, and their “Sign-in status” has been set to “Blocked”. You can review these users for accuracy and save. Once saved, the users will be kicked out of their sessions.

For added convenience you can select your users and choose the automated USER OFFBOARDING job in the job library on the left-hand side. This allows you to automate the offboarding process. When you click, you will see a dialog box with a user detail section where you can choose the same options, such as block sign-in, reset password and revoke access. You should note that the USER OFFBOARDING automated job provides many options and allows you to customize your process.

Revoking Microsoft Office 365 access is often part of the offboarding process. Offboarding multiple employees can be time-consuming, and you must make sure you don’t forget any steps as that may create security issues. Learn more about standardizing Microsoft 365 offboarding here.

There is an entire library of automated jobs in sapio365, created to make your life easier. Discover how using sapio365 to handle typical Microsoft 365 administration can save you hours of time every single day.