APM Edge client logout when revoking user from AzureAD/MS Entra

In F5 APM , there's a feature called "Session Lifetime" that controls how long a user's session can be active. However, this feature is based on a defined time interval, not on changes in a user's status in AzureAD. This means that if a user is removed or revoked from AzureAD, their active session will not be immediately terminated but will continue until the session lifetime expires.

For the kind of real-time revocation you're looking for, the F5 APM would need the ability to query AzureAD in real-time to check the status of a user, which to the best of my knowledge, isn't a built-in feature.

However, you might be able to achieve something similar by implementing a custom solution involving AzureAD's API and F5 iRules or using a third-party identity management solution that supports real-time revocation.

As for the Edge Client, it has features for checking system parameters like antivirus status, but I'm not aware of it having a built-in feature for real-time checking of a user's status in AzureAD.