1.) When an Azure user is disabled, is it possible to make sure all active sessions are also blocked/killed?
2.) When a user’s password is changed in AD, the change is replicated very fast in Azure (approx.. 5 minutes). Any other change may last up to 3 hours. When an AD user is disabled, the change is only propagated to Azure at the slow pace of any normal change – not the 5 minutes. Could that kind of change be traced and Azure synced faster (5 minutes…)? What would you otherwise suggest to block a user without changing his password?