A very useful blog article about killing active sessions to a compromised Office 365 account:

https://blogs.technet.microsoft.com/cloudyhappypeople/2017/10/05/killing-sessions-to-a-compromised-office-365-account/