Invoke-MgBetaInvalidateAllUserRefreshToken (Microsoft.Graph.Beta.Users.Actions)

Invalidates all of the user's refresh tokens issued to applications and session cookies in a user's browser, by resetting the refreshTokensValidFromDateTime user property to the current date-time. Typically, this operation is performed (by the user or an administrator) if the user has a lost or stolen device. This operation would prevent access to any of the organization's data accessed through applications on the device without the user first being required to sign in again. In fact, this operation would force the user to sign in again for all applications that they have previously consented to, independent of device. For developers, if the application attempts to redeem a delegated access token for this user by using an invalidated refresh token, the application receives an error. If this happens, the application needs to acquire a new refresh token by making a request to the OAuth 2.0 /authorize endpoint, which forces the user to sign in. Permissions Permission type Permissions (from least to most privileged) Delegated (work or school account) User.RevokeSessions.All, User.ReadWrite, Directory.ReadWrite.All, Delegated (personal Microsoft account) User.ReadWrite, Application User.RevokeSessions.All,