Hi. I'm having some fun with the new capabilities of Azure AD login which works just great! no sarcasm
This solves me a great issue I had so far with private Laptops that I want to enable them access to certain organization stuff + manage their users.
as part of my tests I created a new user, joined the BYOD device to my Azure Ad and logged in with that account.
seems to work very good!
but now I came to the scenario when a user leaves the organization. so what I did was blocked the login capability with PowerShell
now the user is truly disabled. I cannot login to any Microsoft Online service (Saying - the account is blocked) BUT, surprisingly I can still login to the Windows 10 machine with that account.
it's definitely not a replication issue because when I change my password in Azure AD it changes immediately when I try to login on the device.
I'm online, so it's not a local cache issue...
So... did I do something wrong? used the wrong command? or Microsoft haven't thought about this option?
I know I can go and block all the devices but it's not the same thing...
anyway - any suggestions?
Tamir Levy