If you are are ever in a situation where you have to deal with a compromised O365 account or situation similar to mine where users were assigned Onedrive/SPO license and you want to revoke them and stop users from using them immediately, the below cmdlet is much helpful.
If you are dealing with a large group of users, you may tire your fingers clicking on “initiate sign-out” or better get all members of the group and use cmdlet Revoke-AzureADUserAllRefreshToken which invalidates the refresh tokens issued to applications for a user. The cmdlet also invalidates tokens issued to session cookies in a browser for the user. The cmdlet operates by resetting the refreshTokensValidFromDateTime user property to the current date and time.
Get the group objectid
Get-MsolGroup [groupname] | fl ObjectId
Next, export the users of the group to a csv
Get-MsolGroupMember -GroupObjectId xxxxx-xxxxx-xxxxx-xxxxx | Select-Object EmailAddress | Export-Csv -Path c:\temp\users.csv
Import the csv and revoke th refresh token for these users.
Import-CSV “c:\temp\users.csv” | % {Get-AzureADUser -SearchString $_.emailaddress | Revoke-AzureADUserAllRefreshToken}
Exchange KB 
Hello Daniel,
Does it permanently revoke sessions for user.
I need to revoke only current session for one active user, and afterwards let user to login as usual, but didn’t want to disable or permanently revoked.
LikeLike
Hi Preeti,
If it’s just one users, better to do it from the admin portal, just select the user and clear the sessions.
LikeLike
No it’s not permanent, only kill all logged on sessions
LikeLike
Helped me a lot to revoke multiple users at the same time
LikeLike