Azure & Deprovision

We are running in a hybrid mode with Azure and when a user object is deprovisioned in Active Roles it takes 30-45 minutes for that change to sync to Azure. The problem is that terminated user would have access to Office 365 resources during that period of time. How are people handling revoking access tokens in Azure during terminations? I know there is a command that i can run via powershell from ARS server (Revoke-AzureADSignedInUserAllRefreshToken) however our ARS server lives on premise and we require MFA to authenticate to our azure tenant so i dont know how to run the command from ARS server because of the MFA requirement. How are others handling this situation?

Parents Reply Children
No Data