Changing the e-mail there sends a prompt for confirmation to the new one, but does not remove the old one immediately.
The deactivate account button may have been right, but it’s not clearly labeled whether that enforces a password reset via e-mail.
I still wasn’t able to find a kill all sessions button and for password change via impersonate in theory works, but it is really messy especially when users have their account set to a language that the admin/moderator doesn’t speak.