How do you properly offboard users from Office 365 (O365)?
Our most recent software guide details essential offboarding actions and best practices for O365, within hybrid Azure AD and cloud-only environments, to reduce help desk tickets and operational costs, while maintaining a healthy security estate.
- Data retention: ensures your intellectual property is properly maintained, so the appropriate users and administrators are provisioned with needed data access.
- Adequate licensing: ensures you can implement automated methods of data retention to economize and optimize your time.
- Sync status: differentiates synced vs. in-cloud user offboarding procedures as denoted in the Microsoft 365 Admin Center.
Offboarding Active Directory (AD) Synced Users
After disabling an on-prem AD user account, await the automated Azure AD sync process or run the Azure AD sync PowerShell cmdlets. Make sure to verify the replication of the disabled user status, then initiate a sign out of all existing O365 sessions.
If you are using Intune MDM (Mobile Device Management) or MEM (Microsoft Endpoint Manager), carefully remove company data from BYOD (Bring Your Own Device) devices or factory reset your device following data backup.
Prior to license removal, assess the disabled user’s OneDrive for Business to determine data retention options; then convert their individual mailbox to a “Shared Mailbox.” Next, configure email forwarding from the Exchange Admin Center (EAC) or Microsoft 365 Admin Center to offset prior forwarding rules set by the offboarded user.
If in the Microsoft Admin Center, activate “Automatic replies” to inform senders of the pending mailbox deprecation and alternate email address they can use for future communications. Furthermore, since the user mailbox has been converted to a shared mailbox, you can safely remove licenses from the user account and, ultimately, delete said account.
For complete instructions on how to offboard Active Directory synced users, click here.
Offboarding In-Cloud Users
First, sign out of all existing O365 sessions, then block further sign-ins to the user account.
Afterward, the offboarding process for in-cloud users is identical to that of AD synced users (see above section). For detailed, step-by-step instructions, please click here.
Trusted Tech Team is an accredited Microsoft CSP Direct Bill Partner, carrying multiple Solutions Partner designations and the now-legacy Microsoft Gold Partner competency. Based in Irvine, California, we report trends affecting IT pros everywhere.
If your organization uses Microsoft 365 or Azure, you may be eligible to receive a complimentary savings report from a Trusted Tech Team Licensing Engineer. Click here to schedule a consultation with our team now to learn how much you can save today.
Subscribe to the Trusted Tech Team Blog
Get the latest posts delivered right to your inbox