Hi Jeff,
For security reasons, it's indeed recommended when a users click on "Sign out" to not only end the session of the Mendix application, but also the session of the SSO provider. I doubt how useful it actually is when the Microsoft account is linked to the Windows user, though.
To Sign out at Microsoft Azure, you should redirect the user to the following URL after ending the Mendix session: https://login.microsoftonline.com/common/oauth2/v2.0/logout
A page will be served such that the user can choose which account to sign out from.
In the OIDC module, this can be achieved by invoking the nanoflow "ACT_Logout", this will use the configured end_session_endpoint in your OIDC configuration. This is most of the times configured correctly, as it is automaticall imported from the "Automatic configuration URL", https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration.
Good luck!
Kind regards,
Johan
I think it's documented how to do this:
https://docs.mendix.com/appstore/modules/oidc/#logging-out