- 13 Feb 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Microsoft Entra ID (Azure AD) - Revoke Users Session
- Updated on 13 Feb 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Microsoft Entra ID (formerly Azure AD) - Revoke Users Session triggers a "revoke session" command on a user account in Entra ID.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Use Adapter Credentials - Select this option to use the first connected Entra ID adapter credentials.
To use this option, you must successfully configure an Entra ID adapter connection.
Required Fields
These fields must be configured to run the Enforcement Set.
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
If Use stored credentials from the Entra ID adapter is not enabled, these fields are required. For definitions for these fields see the Entra ID adapter page.
- Azure Client ID
- Azure Client Secret
- Azure Tenant ID
- Verify SSL
- Account Sub Domain
- User Name
- Password
- 2FA Secret Key
- SSO Provider
Use the scheduling options to execute Enforcement Actions on specific dates and times. You can also configure repeat schedules.
For more details, see Scheduling Enforcement Set Runs.
APIs
Axonius uses the Revoke sign-in session API.
Required Permissions
This action requires the following additional Delegated (for work or school accounts) or Application permission to revoke a user session:
'Application User.ReadWrite.All'
For more details about other Enforcement Actions available, see Action Library.