How to immediately revoke access for a user in SharePoint Online

It’s been a while since I covered the new stuff happening around SharePoint Online/OneDrive for business. Yesterday, a message popped up on the O365 Message center, which prompted me to recap the recently introduced features.

First of all, make sure to update the version of the SharePoint Online PowerShell module. Otherwise you will not be able to configure the new features or even view the settings. The latest ones are available here: http://go.microsoft.com/fwlink/p/?linkid=255251.

With this version of the module, Microsoft has introduced the Revoke-SPOUserSession cmdlet. As the name suggests, the cmdlet will force logoff a user from all his sessions opened with SharePoint Online on different devices. Some additional details can be found here: https://technet.microsoft.com/en-us/library/mt637161.aspx

To use the cmdlet, you need to login as admin via the SPO PowerShell module and simply provide the user name:

PS C:\> Revoke-SPOUserSession -User baduser@michev.info -Confirm:$false
We successfully signed out baduser@michev.info from all devices.

Simple as that. In addition, some other valuable features have been introduced. We can now:

  • Set a predefined quota for all ODFB site collections via the OneDriveStorageQuota parameter. Previously this was only possible on a user by user basis. Well, it was actually possible back in the day, but this functionality was removed with the introduction of the 1TB quotas.
  • Restrict access to only ADAL-enabled clients via the LegacyAuthProtocolsEnabled parameter.
  • Restrict the lifetime of anonymous links via the RequireAnonymousLinksExpireInDays parameter.
  • Restrict external sharing to specific domains only. This can be configured using the SharingAllowedDomainList, SharingBlockedDomainList and SharingDomainRestrictionMode parameters.
  • Enable ODFB for guests, judging by name of the OneDriveForGuestsEnabled parameter. No idea how it works though J

All of the above are for the Set-SPOTenant cmdlet. Additional help can be found here: https://technet.microsoft.com/en-us/library/fp161390.aspx

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.