When an employee leaves your organization, an IT team must quickly decide what they will do with the former employee’s various accounts.
Immediately removing their access from cloud accounts like Google or Microsoft is the gut reaction for many IT professionals protecting their company data from a former employee.
However, this step can still cause businesses to unintentionally-- and unexpectedly -- lose business-critical data.
These are the most secure seven steps you can take before deleting a Microsoft 365 user to protect your business data.
Steps to Take Before Deleting or Removing a User
1. Save the Contents of the Former User’s Mailbox
When removing a user, it’s vital to save the data and contents of their Microsoft 365 mailbox as a safeguard if you need to refer back to it, take on the old user’s duties, or require documentation for litigation purposes.
There are three ways to accomplish this task.
- Add the old user’s email address to your version of Outlook and then export the data to a .pst file. Once you do this, you can import the data to another email account, if needed. Learn how to do this here.
- You can also place a “Litigation Hold” or “In-Place Hold” on the old user’s mailbox before deleting the account. Please note this method is more complicated. However, you should consider this if your Enterprise plan includes archiving and legal hold or if there will be possible litigation.
- You can also use a third-party service like Backupify to secure your data from insider threats and accidental deletion as you deprovision the former employee’s license.
Once you convert a mailbox to be inactive, authorized IT or company individuals can use In-Place eDiscovery tools in Exchange Online to access and search contents. Inactive mailboxes won't receive email and won't be visible in your company's address book or other lists. Learn how to place a hold on a mailbox here.
2. Forward the Old User’s Mailbox to Another One, or Create a Shared Mailbox
Setting up a forwarding system allows you to keep the old user’s email account active, which is important if they continue to receive potentially important mail from clients or coworkers.
By forwarding mail, your company can triage any needs, take over tasks, and create a smooth transition plan that eventually allows you to close the old user's account. It’s also important to note that setting up a shared mailbox is cheaper than adding a new license as long as data doesn’t surpass 50GB.
How to set up forwarding:
- Go to the admin center. Go to the Users>Active page.
- Select the user that you want to remove, and then click on the “Mail” tab.
- Under the Mail tab, you will see “Email Forwarding.” Hit “Manage Email Forwarding.”
- Next, turn on “forward all emails sent to this mailbox.” Enter the email address where the mail will be forwarded. Select “Save.”
- Do NOT delete the former user’s account. That old account is what anchors the email forwarding or shared mailbox.
3. Block the Former User and Wipe Clean Any Company-owned Devices Used by the Old User
Suppose the former user utilizes any company-owned devices, such as a smartphone, laptop, or tablet. In that case, you need to wipe them clean and block the user so they can no longer access your organization's data.
(Note: when you block a user, it can take up to 24 hours to go into effect.)
How to wipe a device:
- Go to the Exchange admin center.
- Once in the admin center, go to Recipients > Mailboxes.
- Select the old user. Go to “Mobile Devices” and select “View details.”
- Under the Mobile Device Details page, select the mobile device, select “Wipe Data” or “Wipe Device,” and then select “Block.”
- Push “Save.”
4. Block the Old User’s Access to Your Company’s Microsoft 365 Account
By blocking a former employee from your Microsoft 365 account, you can keep the old user from having continued access to your company’s account. Blocking users is especially important for disgruntled former employees, who have the motive to delete, manipulate, or corrupt your company data.
How to block a former user:
- Go to admin center > Users > Active users.
- Select the name of the old user you want to block. Under their name, select the “Block” symbol.
- Select “Block the user from signing in.”
- Be sure to save.
5. Move the Old User’s Onedrive Content
By moving the old user's OneDrive content, you can still access it once the user's account is deleted and closed. Take note that even if you remove an old user’s license but don’t delete their account, you’ll still have access to the content in their OneDrive even after 30 days.
- Go to the admin center. Then go to Users > Active users page.
- Select the old user.
- On the right side of the page, select “OneDrive.” Under “Get access to files,” select “Create a link to files.”
- Select the link to open the file location. You can download the files to your computer or select “Move to” or “Copy to” to move or copy them to your own OneDrive or a shared library.
Unfortunately, if the user was accessing OneDrive via their personal computer or device, there is no way to wipe their stored files.
6. Remove and Delete the Microsoft 365 License from a Former or Old User
Your next step is to remove and delete the Microsoft license from the former user. A benefit of Microsoft 365 is that you can assign it to someone else when you remove a license and not have to purchase another one. If you don't plan on transferring the license to a new user, you can delete it and reduce your cost.
When removing or deleting a license, there are a few things to note. The old user’s email, contact, and calendar will be available for 30 days. Then, they will be permanently deleted.
Many businesses opt to protect their data with a third-party backup service to maintain control over their business data during this process. A third-party backup service can protect data from being deleted by former employees and guard against Microsoft 365 app outages and glitches that can occur while removing a user from your account.
7. Delete the Former User’s Account
Entirely removing the old user’s account clears up your admin center, but do not take this step until you have sufficiently backed up and downloaded all desired data from the old user’s account.
If you’ve set up a forwarding system or shared inbox, don’t delete the account. When you delete a former user, the account will be inactive for 30 days-- after that, the account will be permanently deleted. To read more about deleting a user and their account, click here.
How to delete an account:
- Go to the admin center, and then to Users > Active users page
- Select the name of the user you want to delete
- Under the user’s name, select the symbol for “Delete user” and select the options that best suit your need
- Hit “Delete user”
Protect Your Data With Backupify
Removing former employees from your Microsoft 365 account isn’t the only reason to consider a third-party data backup system. Backupify is also useful for organizations:
Want to learn more? Request a free demo and see how Backupify can work for you.