Sign-out from Office 365 and Azure when working with multiple tenants
I did wrote small blog post last year around the problem on “Clearing authentication cookie when developing with multiple Office 365 tenants”. Challenge is that in certain scenarios you get “locked” on specific tenant and you might have challenges on signing out. This is common problem for developers who are using multiple tenants or multiple Azure subscriptions. Since I’ve evolved the script slightly what I used personally for this, though that would share that out for your usage as well.
You can absolutely mitigate the issue by using multiple browsers and/or in-private sessions in the browser. This does not however work properly when you use Visual Studio, since you can’t really force Visual Studio to start browsers in certain mode. You might also have a situation where you intentionally want to login to specific tenant to avoid signing page shown for example when you do demos of your apps.
Here’s the classic visual indication of the issue at browser.
Like mentioned in the previous version of the blog post as well, there’s nice Microsoft Knowledge Base article which explains the options to resolve the issue. You do probably though want to have an automated way to do this as easy as possible where scripting will help. After I released the previous version, I noticed that in some scenarios with ADFS and Multi-Auth settings, the previous version of the script was not sufficient.
Updated script
Key change what I had to do with the script was to update that to automatically hit the specific URLs explained in the KB article. This was needed due some authentication changes, which could be though also only relevant for Microsoft employees, but now harm sharing the latest version – right? This means that the script is looking as follows now and has been working without any issues.
# DELETE Office365 cookies
([system.environment]::GetFolderPath('Cookies')) | Get-ChildItem -recurse | Select-String -pattern "microsoftonline" | group path | ForEach-Object { Remove-Item $_.name }
([system.environment]::GetFolderPath('Cookies')) | Get-ChildItem -recurse | Select-String -pattern "sharepoint.com" | group path | ForEach-Object { Remove-Item $_.name }
([system.environment]::GetFolderPath('Cookies')) | Get-ChildItem -recurse | Select-String -pattern "microsoft" | group path | ForEach-Object { Remove-Item $_.name }
# Low cookies
([system.environment]::GetFolderPath('Cookies')) + "\low" | Get-ChildItem -recurse | Select-String -pattern "microsoftonline" | group path | ForEach-Object { Remove-Item $_.name }
([system.environment]::GetFolderPath('Cookies')) + "\low" | Get-ChildItem -recurse | Select-String -pattern "sharepoint.com" | group path | ForEach-Object { Remove-Item $_.name }
([system.environment]::GetFolderPath('Cookies')) + "\low" | Get-ChildItem -recurse | Select-String -pattern "microsoft" | group path | ForEach-Object { Remove-Item $_.name }
# Sign out from Office 365 services
$ie = new-object -com "InternetExplorer.Application"
$ie.navigate("https://login.microsoftonline.com/logout.srf")
$ie2 = new-object -com "InternetExplorer.Application"
$ie2.navigate("https://login.live.com/logout.srf")
# Wait a sec and close the IE browsers
Start-Sleep -s 3
Get-Process iexplore | Foreach-Object { $_.CloseMainWindow() }
Video explanation of the challenge and how to resolve it
Here’s a quick video (6 minutes) showing the challenge and also how to configure the script for easy usage. I’m personally using Windows 10 currently and this also worked also reliably in Windows 8.1.
You can download zip file with the PowerShell script and structure like shown in the video from my OneDrive.