In situations involving compromised user accounts simply disabling an account is often not sufficient to mitigate the threat especially if the account is actively being using to send SPAM/Phishing email or to download data. There are two supported ways of revoking an active user’s session in Office 365.
The first option is found in the Office 365 Admin Center under Home > Active Users. Select a user and expand the OneDrive Settings section for that user. Select “Initiate” to perform a one-time sign-out for that user that revokes active sessions across Office 365 services including Exchange Online.
The second option to force logout on an active user session in Office 365 to use Revoke-SPOUserSession cmdlet from the SharePoint Online PowerShell Module. This method is helpful for automating security incident response flows or when there is a need to revoke multiple users’ sessions.
