A question we often get is, “What should I do to secure data when an employee leaves the organization?”
Here’s a quick overview.
This article explains how to block access to Office 365 and the steps you should take to secure your data. We’ll explain each step in its own article.
|Step||Why do this|
|1. Save the contents of the user’s mailbox||This is useful for the person who is going to take over the employee’s work, or in case of litigation.|
|2. Forward the user’s email to another employee or convert to a shared mailbox||This lets you keep the former employee’s email address active. If you have customers or partners still sending email to the former employee’s address, this gets them to the person taking over the work.|
|3. Wipe and block the user’s mobile device||Removes your business data from the phone or tablet3..|
|4. Block user access to Office 365 data and email||It prevents the person from accessing their old Office 365 mailbox and data. Tip: When you block a user’s access, you’re still paying for their license. You have to delete the license from your subscription to stop paying for it (step 7).|
|5. Move the employee’s OneDrive content||If you only remove a user’s license but don’t delete the account, the content in the user’s OneDrive will remain accessible to you even after 30 days.|
Before you delete the account, you should move the content of their OneDrive to another location that’s easy for you to access. After you delete an employee’s account, the content in their OneDrive is retained for 30 days. During that 30 days, however, you can restore the user’s account, and gain access to their OneDrive content. If you restore the user’s account, the OneDrive content will remain accessible to you even after 30 days.
|6. What if the person used their personal computer to access OneDrive and SharePoint?||If they used a personal computer instead of a company-issued computer to download files from OneDrive and SharePoint, there’s no way for you to wipe those files they stored.|
They will continue to have access to any files that were synced to their computer.
|7. Remove and delete the user’s Office 365 license||When you remove a license, you can assign it to someone else. Or, you can delete the license so you don’t pay for it until you hire another person.|
When you remove or delete a license, the user’s old email, contacts, and calendar are retained for 30 days, then permanently deleted. If you remove or delete a license but don’t delete the account, the content in the user’s OneDrive will remain accessible to you even after 30 days.
|8. Delete the former employee’s user account||This removes the account from your Office 365 admin center. Keeps things clean.|