We’re announcing that we will be deploying a breaking change to the invalidateRefreshTokens action in the Microsoft Graph beta endpoint starting in March. We expect the breaking change to be fully deployed by the end of March. The following are the updates:

• The invalidateAllRefreshTokens service action is renamed to revokeSignInSessions
• The refreshTokensValidFromDateTime property on the user resource is renamed to signInSessionsValidFromDateTime

This will affect existing applications that are calling invalidateAllRefreshTokens.  

Current behavior 

Request 

POST https://graph.microsoft.com/beta/users/{id}/invalidateAllRefreshTokens 

Response 

HTTP/1.1 204 No Content 

New behavior  

Request 

POST https://graph.microsoft.com/beta/users/{id}/revokeSignInSessions 

Response  

HTTP/1.1 204 No Content 

Call to action 

If your app has a dependency on invalidateAllRefreshTokens, update your apps as needed to handle this scenario. We welcome your feedback on UserVoice and if you have further questions reach out to us on StackOverflow.

-The Microsoft Identity Platform Team