AAD replication, users, killing sessions

%3CLINGO-SUB%20id%3D%22lingo-sub-1350297%22%20slang%3D%22en-US%22%3EAAD%20replication%2C%20users%2C%20killing%20sessions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1350297%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3EI%20have%20a%20few%20questions%20regarding%20users%20in%20AAD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.)%20When%20an%20Azure%20user%20is%20%3CI%3Edisabled%3C%2FI%3E%2C%20is%20it%20possible%20to%20make%20sure%20all%20active%20sessions%20are%20also%20blocked%2Fkilled%3F%3C%2FP%3E%3CP%3E2.)%20When%20a%20user%E2%80%99s%20password%20is%20changed%20in%20AD%2C%20the%20change%20is%20replicated%20very%20fast%20in%20Azure%20(approx..%205%20minutes).%20Any%20other%20change%20may%20last%20up%20to%203%20hours.%20When%20an%20AD%20user%20is%20%3CSTRONG%3E%3CI%3Edisabled%3C%2FI%3E%3C%2FSTRONG%3E%2C%20the%20change%20is%20only%20propagated%20to%20Azure%20at%20the%20slow%20pace%20of%20any%20normal%20change%20%E2%80%93%20not%20the%205%20minutes.%20Could%20that%20kind%20of%20change%20be%20traced%20and%20Azure%20synced%20faster%20(5%20minutes%E2%80%A6)%3F%20What%20would%20you%20otherwise%20suggest%20to%20block%20a%20user%20without%20changing%20his%20password%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20regards%2C%3C%2FP%3E%3CP%3EDino%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1350297%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%20Cloud%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EProtection%20%26amp%3B%20Recovery%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20%26amp%3B%20Compliance%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Contributor

Hi all,

I have a few questions regarding users in AAD.

 

1.) When an Azure user is disabled, is it possible to make sure all active sessions are also blocked/killed?

2.) When a user’s password is changed in AD, the change is replicated very fast in Azure (approx.. 5 minutes). Any other change may last up to 3 hours. When an AD user is disabled, the change is only propagated to Azure at the slow pace of any normal change – not the 5 minutes. Could that kind of change be traced and Azure synced faster (5 minutes…)? What would you otherwise suggest to block a user without changing his password?

 

Kind regards,

Dino

0 Replies