Udostępnij za pośrednictwem


Sign-out from Office 365 and Azure when working with multiple tenants

I did wrote small blog post last year around the problem on “Clearing authentication cookie when developing with multiple Office 365 tenants”. Challenge is that in certain scenarios you get “locked” on specific tenant and you might have challenges on signing out. This is common problem for developers who are using multiple tenants or multiple Azure subscriptions. Since I’ve evolved the script slightly what I used personally for this, though that would share that out for your usage as well.

You can absolutely mitigate the issue by using multiple browsers and/or in-private sessions in the browser. This does not however work properly when you use Visual Studio, since you can’t really force Visual Studio to start browsers in certain mode. You might also have a situation where you intentionally want to login to specific tenant to avoid signing page shown for example when you do demos of your apps.

Here’s the classic visual indication of the issue at browser.

image

Like mentioned in the previous version of the blog post as well, there’s nice Microsoft Knowledge Base article which explains the options to resolve the issue. You do probably though want to have an automated way to do this as easy as possible where scripting will help. After I released the previous version, I noticed that in some scenarios with ADFS and Multi-Auth settings, the previous version of the script was not sufficient.

Updated script

Key change what I had to do with the script was to update that to automatically hit the specific URLs explained in the KB article. This was needed due some authentication changes, which could be though also only relevant for Microsoft employees, but now harm sharing the latest version – right? This means that the script is looking as follows now and has been working without any issues.

  
 # DELETE Office365 cookies
 ([system.environment]::GetFolderPath('Cookies')) | Get-ChildItem -recurse | Select-String -pattern "microsoftonline" | group path | ForEach-Object { Remove-Item $_.name }
 ([system.environment]::GetFolderPath('Cookies')) | Get-ChildItem -recurse | Select-String -pattern "sharepoint.com" | group path | ForEach-Object { Remove-Item $_.name }
 ([system.environment]::GetFolderPath('Cookies')) | Get-ChildItem -recurse | Select-String -pattern "microsoft" | group path | ForEach-Object { Remove-Item $_.name }
  
 # Low cookies
 ([system.environment]::GetFolderPath('Cookies')) + "\low" | Get-ChildItem -recurse | Select-String -pattern "microsoftonline" | group path | ForEach-Object { Remove-Item $_.name }
 ([system.environment]::GetFolderPath('Cookies')) + "\low" | Get-ChildItem -recurse | Select-String -pattern "sharepoint.com" | group path | ForEach-Object { Remove-Item $_.name }
 ([system.environment]::GetFolderPath('Cookies')) + "\low" | Get-ChildItem -recurse | Select-String -pattern "microsoft" | group path | ForEach-Object { Remove-Item $_.name }
  
 # Sign out from Office 365 services
 $ie = new-object -com "InternetExplorer.Application"
 $ie.navigate("https://login.microsoftonline.com/logout.srf")
  
 $ie2 = new-object -com "InternetExplorer.Application"
 $ie2.navigate("https://login.live.com/logout.srf")
  
 # Wait a sec and close the IE browsers
 Start-Sleep -s 3
 Get-Process iexplore | Foreach-Object { $_.CloseMainWindow() }

Video explanation of the challenge and how to resolve it

Here’s a quick video (6 minutes) showing the challenge and also how to configure the script for easy usage. I’m personally using Windows 10 currently and this also worked also reliably in Windows 8.1.

You can download zip file with the PowerShell script and structure like shown in the video from my OneDrive.

Comments

  • Anonymous
    August 27, 2015
    Great to see the use of the taskbar shortcut here - I use them myself alot. I would have just 2 small additions - just to stop them popping up - as it irritates me having popups $ie.Visible = $false $ie2.Visible = $false

  • Anonymous
    August 27, 2015
    Thx Ryan, good point on those small improvements. I could not though make them work completely in Win10 and was still getting popups, but will have a look closer on that.

  • Anonymous
    August 28, 2015
    I've just got the same in Windows 10 - Seems like its an issue with the Win10 bundled version of IE 11 as it works fine on Win7 & 2012R2

  • Anonymous
    August 28, 2015
    Thx Ryan for coming back. Will need to have a look on the options in Win10. Good to know that you can repro what I'm seeing.

  • Anonymous
    August 29, 2015
    Another cool trick is to use multiple profiles in Chrome to keep open any number of tenants at the same time. It works in the same way of InPrivate, but provides a way to quickly switch between them and personalize some things (zoom, save passwords, and so on). As Vesa pointed, this solution doesn't help to solve VS problems either.

  • Anonymous
    November 09, 2015
    Well, I do much simple, I just do open yournewtenantname.sharepoint.com/.../signout.aspx and it does the job for me including sign out from the federated AD on the customer side.

  • Anonymous
    November 09, 2015
    The comment has been removed