Can someone please explain how and when you would use the Microsoft Azure AD Admin ICON Plugin?
For example how would it improve response in the hypothetical event of a compromised o365 account? Why would you disable the Azure AD user in addition to the AD on prem user?
Based on what I’ve read, we could, using the Azure AD Admin plugin in ICON :
- Disable the Azure AD account
Disable User Account
This action is used to disable a user account. This action will not disable an administrative account.
- send a revokesession action so that the active user session (includes O365?) will last at max 1 hour, if a refresh or reboot doesn’t take place first.
Revoke Sign-In Sessions
This action invalidates all the refresh tokens issued to applications for a user (as well as session cookies in a user’s browser), by resetting the signInSessionsValidFromDateTime user property to the current date-time.