Logging out of O365 and Microsoft Office accounts via Script

TheMacGuys
New Contributor III

I'm looking for a way to run a script to log any active users out of 0365 or Microsoft Office apps without removing the license from the Office apps.

 

Log out Office, O365, OneDrive.

 

Use case: A classroom that has many teachers using one computer. I want to run clean up on restart of that Mac to make sure it is ready for a new day and not logged into any specific accounts.

12 REPLIES 12

sdagley
Esteemed Contributor II

@TheMacGuys I don't think that's possible with O365 licensed apps because the license is based on the user being logged in to an O365 account (unlike the old perpetual Office licenses).

TheMacGuys
New Contributor III

Shoot, what about nuking preference files or something? Our users will all have the same license so that won't matter as much as just logging out the users.

sdagley
Esteemed Contributor II

I'd suggest looking at the various options available at https://office-reset.com/macadmins/ if you haven't already.

TheMacGuys
New Contributor III

Looks promising. I'll look it over. Thanks

 

AJPinto
Honored Contributor II

There is a Mac Admins tool that can remove office licenses. However, I am not sure how well it will work in your scenario. Apple and Microsoft both really don't want people using shared accounts.

macadmins.software/tools/

Unlicense/Unlicense at master · pbowden-msft/Unlicense · GitHub

talkingmoose
Moderator
Moderator

I’m going to “me too” the fine folks who’ve already given advice.

Office has no scripted way to log out. While you could nuke the licenses files from the computers, that’s not going to remove the computer associated in the online account. That’s going to be additional cleanup you’d need to do.

A lab situation is ideal for a volume license, which doesn’t require a login. The license is associated to the computer not the user. I think it’s more expensive, but that’s Microsoft’s licensing model.

TheMacGuys
New Contributor III

I'm well aware of how to remove a license, thanks for the links and such. 

I'm looking for a way to be sure those users are logged out, either the web browsers or the local app. The license is the same for all the users.

 

Currently, I can log them out and back in on the same system without any issues and without having to remove any licenses. I also found a script from Microsoft to log out of OneDrive, also not related to any licenses.

 We are side-tracking on the licensing a bit. (-: But I appreciate the ideas.

 

SCCM
Contributor III

Couldn't you setup the machine to use a different profiles for each user rather than the same one for all? These are teachers and should be trusted with their own standard account? They can reset their profile to what they like and the profiles wont be a issue if they only log into them.

TheMacGuys
New Contributor III

You mean a profile in the web browser vs. the computer login in correct? in our case, they can't log in and out to switch users. I've never used browser profiles, will they hold all those settings? And can they be easily migrated to a new system when we update or move them?

SCCM
Contributor III

I meant logging in with their own local profile or temp account. I have seen people use a policy in jamf to create a temp account, and log out the current logged in account. The user would then log in with the temp account, which has a logout policy enabled to delete the profile on logout (this can be done via a policy / jamf script too, if you have the options disabled via a config profile. You could also set a policies set to delete / create  profiles at certain times. it would mean changing how your teachers log in if that was a option. None of these accounts are created with admin rights, so it would depend on what your doing on them as well. 

TheMacGuys
New Contributor III

These teachers all log into the same account and that is how the school wants it. )-: or it would be simple right. (-: So one user account on the Mac. They are using a volume license for the local apps from Tech Soup - so we don't want them logging in and out of the apps if possible just the web interface. Should they log in and out of the apps we'd want to be able to fix it...

 

with that said do you mean we can create profiles in Office/)365 so they could  swtich users in Office while remaining logged in to one user account on the mac? How seamless is that? I've never exploured anything there...

 

Thanks again for all the help kicking this around.

piotrr
Contributor III

I sign their sessions out from Office 365 admin instead... That way it doesn't matter what their computer thinks, they aren't logged on. 

 

Active users - Microsoft 365 admin center

piotrr_0-1697461026884.png