Chris_CHC on Thu, 12 Jan 2017 23:11:18
background: We are a hybrid Office 365 customer with Azure AD premium. We sync on premise AD to the Azure AD (but no passwords). We use an On Premise IDP for SSO (not ADFS).
challenge: when a user is terminated, we disable the AD account, which syncs to the Azure AD user. because the user is actively signed into Exchange Online with an STS token, thus bypassing SSO authentication with the IDP until it expires. How can we ensure that the user cannot access Office 365 immediately, including killing active sessions. Ideally the solution should be executed via Azure AD power shell, not in the Admin Console. Any examples would be appreciated.
Loydon Mendonca on Fri, 13 Jan 2017 17:47:06
Thank you for posting on the Microsoft Azure forums!
You can follow the below steps to disable access.
1- Change the password on the mailbox
2- Remove the mailbox using the “Remove-Mailbox” command
Remove-Mailbox -Identity "Loy Castro"
Wait 15 minutes
3- Restore the mailbox
Restoring the mailbox is an important step in this process, since the mailbox will be automatically deleted if you do not restore it within 30 days.
Let me know if this helps.
I shall be moving this thread to Azure Active Directory forums since this appears to be in the wrong place.