Microsoft 365: Read This Before Offboarding Users!

How do you properly offboard users from Office 365 (O365)?

Our most recent software guide details essential offboarding actions and best practices for O365, within hybrid Azure AD and cloud-only environments, to reduce help desk tickets and operational costs, while maintaining a healthy security estate.

Important Considerations

  • Data retention: ensures your intellectual property is properly maintained, so the appropriate users and administrators are provisioned with needed data access.
  • Adequate licensing: ensures you can implement automated methods of data retention to economize and optimize your time.
  • Sync status: differentiates synced vs. in-cloud user offboarding procedures as denoted in the Microsoft 365 Admin Center.

Synced from on-prem AD status
Synced from on-prem AD status

Cloud-only Identity status
Cloud-only Identity status

Offboarding Active Directory (AD) Synced Users

After disabling an on-prem AD user account, await the automated Azure AD sync process or run the Azure AD sync PowerShell cmdlets. Make sure to verify the replication of the disabled user status, then initiate a sign out of all existing O365 sessions.

graf 2020 08 21c

If you are using Intune MDM (Mobile Device Management) or MEM (Microsoft Endpoint Manager), carefully remove company data from BYOD (Bring Your Own Device) devices or factory reset your device following data backup.

Prior to license removal, assess the disabled user’s OneDrive for Business to determine data retention options; then convert their individual mailbox to a “Shared Mailbox.” Next, configure email forwarding from the Exchange Admin Center (EAC) or Microsoft 365 Admin Center to offset prior forwarding rules set by the offboarded user.

If in the Microsoft Admin Center, activate “Automatic replies” to inform senders of the pending mailbox deprecation and alternate email address they can use for future communications. Furthermore, since the user mailbox has been converted to a shared mailbox, you can safely remove licenses from the user account and, ultimately, delete said account.

For complete instructions on how to offboard Active Directory synced users, click here.

Offboarding In-Cloud Users

First, sign out of all existing O365 sessions, then block further sign-ins to the user account.

graf 2020 08 21a 2

graf 2020 08 21b 2

Afterward, the offboarding process for in-cloud users is identical to that of AD synced users (see above section). For detailed, step-by-step instructions, please click here.

Trusted Tech Team is an accredited Microsoft CSP Direct Bill Partner, carrying multiple Solutions Partner designations and the now-legacy Microsoft Gold Partner competency. Based in Irvine, California, we report trends affecting IT pros everywhere.

If your organization uses Microsoft 365 or Azure, you may be eligible to receive a complimentary savings report from a Trusted Tech Team Licensing Engineer. Click here to schedule a consultation with our team now to learn how much you can save today.

Subscribe to the Trusted Tech Team Blog

Get the latest posts delivered right to your inbox

Trusted Tech Team

Trusted Tech Team

Your source for all things tech

Read More