How to log off remote session for any user in using sentinel query ? or is there any Powershell command to log off remote session ?
Powershell Log Off Remote Session
I did try few of the recent answers from here but nothing is working
Asked
Active
Viewed 121 times
1 Answers
0
You can't do this from a query (KQL), you would need to run a playbook in Microsoft Sentinel to do this. There is a sample playbook here that will Block a user, you could try to modify it to log the user out assuming the service you want to log them out of allows for REST API calls to perform the logout.
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Block-AADUserOrAdmin
Ken W - Zero Networks
- 3,533
- 1
- 13
- 18