Revoke Entra ID Sign-in session using entity trigger

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook will revoke user's sign-in sessions and user will have to perform authentication again. It invalidates all the refresh tokens issued to applications for a user (as well as session cookies in a user's browser), by resetting the signInSessionsValidFromDateTime user property to the current date-time.

Attribute	Value
Type	Playbook
Solution	Microsoft Entra ID
Source	View on GitHub

Logic App Connectors

This playbook uses 3 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	0
`microsoftsentinel`	Managed	0	1
`http`	Built-in	0	1

Action parameters (URLs, paths, function IDs)

`microsoftsentinel` (Managed)

Action	Method	Endpoint	Other
Add_comment_to_incident_(V3)_-_session_revoked	post	`/Incidents/Comment`	—

`http` (Built-in)

Action	Method	Endpoint	Other
HTTP_-_revoke_sign-in_session	POST	`https://graph.microsoft.com/v1.0/users/@{concat(triggerBody()?['Entity']?['properties']?['Name'], '@', triggerBody()?['Entity']?['properties']?['upnSuffix'])}/revokeSignInSessions`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks · Back to Microsoft Entra ID

Revoke Entra ID Sign-in session using entity trigger

Logic App Connectors

microsoftsentinel (Managed)

http (Built-in)

`microsoftsentinel` (Managed)

`http` (Built-in)