SOLVED
Home

Azure CloudShell Permissions

%3CLINGO-SUB%20id%3D%22lingo-sub-532980%22%20slang%3D%22en-US%22%3EAzure%20CloudShell%20Permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-532980%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20a%20standard%20powershell%20session%2C%20importing%20the%20azuread%20module%2C%20connecting%20and%20executing%20the%26nbsp%3BRevoke-AzureADUserAllRefreshToken%20command%20is%20no%20problem%2C%20however%20when%20running%20this%20command%20from%20the%20Azure%20CloudShell%20i%20get%20this%20error.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERevoke-AzureADUserAllRefreshToken%20%3A%20Error%20occurred%20while%20executing%20RevokeUserAllRefreshTokens%3CBR%20%2F%3ECode%3A%20Authorization_RequestDenied%3CBR%20%2F%3EMessage%3A%20Access%20to%20invalidate%20refresh%20tokens%20operation%20is%20denied.%3CBR%20%2F%3EDateTimeStamp%3A%20Mon%2C%2006%20May%202019%2001%3A23%3A07%20GMT%3CBR%20%2F%3EHttpStatusCode%3A%20Forbidden%3CBR%20%2F%3EHttpStatusDescription%3A%20Forbidden%3CBR%20%2F%3EHttpResponseStatus%3A%20Completed%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-532980%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAutomation%20%26amp%3B%20Control%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20%26amp%3B%20Compliance%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-533078%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20CloudShell%20Permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-533078%22%20slang%3D%22en-US%22%3ESolution%3A%20I%20assumed%20that%20when%20starting%20the%20Shell%2C%20it%20had%20already%20connected%20and%20authenticated%20me%20to%20AzureAD.%20I%20was%20wrong.%20This%20is%20solved%20by%20first%20running%20command%20Connect-AzureAD%2C%20then%20you%20may%20successfully%20run%20the%20Revoke-AzureADUserAllRefreshToken%20command.%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

Hi

 

In a standard powershell session, importing the azuread module, connecting and executing the Revoke-AzureADUserAllRefreshToken command is no problem, however when running this command from the Azure CloudShell i get this error.

 

Revoke-AzureADUserAllRefreshToken : Error occurred while executing RevokeUserAllRefreshTokens
Code: Authorization_RequestDenied
Message: Access to invalidate refresh tokens operation is denied.
DateTimeStamp: Mon, 06 May 2019 01:23:07 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed

1 Reply
Solution
Solution: I assumed that when starting the Shell, it had already connected and authenticated me to AzureAD. I was wrong. This is solved by first running command Connect-AzureAD, then you may successfully run the Revoke-AzureADUserAllRefreshToken command.
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies