![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 66%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHT%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,066 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Thank you for reaching Microsoft Q&A Forum!
I understand that you are trying to revoke the Microsoft Entra app user access token immediately after the user access is removed from a registered application in Microsoft Entra admin center.
You can implement Continuous access evaluation, which allows access tokens to be revoked based on critical events, user termination or password change/reset and policy evaluation, rather than relying on token expiry based on lifetime.
For more read How to use Continuous Access Evaluation enabled APIs in your applications.
If you would like to revoke all sessions for the user, you can use Revoke Sessions feature in Entra portal which revoke the access, and it requires the user to re-sign in from all devices and issue a new access token.
Entra ID refresh tokens can be revoked by a user using the AzureAD PowerShell Revoke-AzureADSignedInUserAllRefreshToken cmdlet or by an admin using the Revoke-AzureADUserAllRefreshToken cmdlet.
Reference: Revoke user access in Microsoft Entra ID
Hope this helps. Do let us know if you any further queries by responding in the comments section.