Articles in this section

See more

How to remove a user in Microsoft 365 Admin

Avatar
Angus
  • Updated
Follow

Question

An employee has retired or is no longer working at our company. How do we delete his account and stop paying for his licence?

We pay IT Solver for the Microsoft 365 subscription so I thought to ask you.

 

Answer

See below instructions to offboard a user with Microsoft 365 for Business. 

If you prefer IT Solver do the offboarding, send the request to support@itsolver.net with answers to the following:

  1. User converted to a shared mailbox?
  2. If yes, who should have access?
  3. Forward email to specific mailbox?
  4. Give <name of another employee> access to OneDrive files for 30 days?

 

Step 1 - Prevent a former employee from logging in and block access to Microsoft 365 services

If you need to immediately prevent a user's sign-in access, you should reset their password. In this step, force a sign out of the user from Microsoft 365.

Note

You need to be a global administrator to initiate sign-out for other administrators. For non administrator users, you can use a User Administrator or a Helpdesk Administrator user to perform this action. Learn more about the Admin Roles

  1. In the admin center, go to the Users > Active users page.
  2. Select the box next to the user's name, and then select Reset password.
  3. Enter a new password, and then select Reset. (Don't send it to them.)
  4. Select the user's name to go to their properties pane, and on the Account tab, select Sign out of all sessions.

Within an hour - or after they leave the current Microsoft 365 page they are on - they're prompted to sign in again. An access token is good for an hour, so the timeline depends on how much time is left on that token, and whether they navigate out of their current webpage.

 

Important

If the user is in Outlook on the web, just clicking around in their mailbox, they may not be kicked out immediately. As soon as they select a different tile, such as OneDrive, or refresh their browser, the sign-out

 

Step 2 - Save the contents of a former employee's mailbox

 

In this step, place a Litigation Hold or In-place Hold on the user or export their Outlook data to a .pst file.
 

Alternatively: skip this step, and at step 4 do Convert to Shared Mailbox.

 

Place hold or export user's data to a .pst file

Once you've blocked a user from being able to log into your organization you can save the contents of their mailbox. There are two ways you can save the contents of the former employee's mailbox.

  1. Place a Litigation Hold or In-Place Hold on the mailbox before the deleting the user account. This is much more complicated than the second option but worth doing if: your Enterprise plan includes archiving and legal hold, litigation is a possibility, and you have a technically strong IT department.
    After you convert the mailbox to an "inactive mailbox," administrators, compliance officers, or records managers can use In-Place eDiscovery tools in Exchange Online to access and search the contents.
    Inactive mailboxes can't receive email and aren't displayed in your organization's shared address book or other lists.
    To learn how to place a hold on a mailbox, see Manage inactive mailboxes in Exchange Online.
    OR
  2. Add the former employee's email address to your version of Outlook on Desktop, and then export the data to a .pst file. You can import the data to another email account as needed. Check out Step 4 - Give another employee access to OneDrive and Outlook data.

 

 

Step 3 - Wipe and block a former employee's mobile device

Feedback

If your former employee had an organization phone, you can use the Exchange admin center to wipe and block that device so that all organization data is removed from the device and it can no longer connect to Office 365. If your organization uses Basic Mobility and Security to manage mobile devices, you can wipe and block those devices using Basic Mobility and Security.

Wipe mobile device using the Exchange admin center

  1. Go to the Exchange admin center > Recipients > Mailboxes.
  2. Select the user, and under Mobile Devices, select View details.
  3. On the Mobile Device Details page, under Mobile devices, select the mobile device, select Wipe DataWipe Device., and then select Block.
  4. Select Save.

 

Step 4 - Convert to a shared mailbox or forward a former employee's email to another employee

In this step, you assign the former employee's email address to another employee, or convert the user's mailbox to a shared mailbox. 

Convert former employee's mailbox to a shared mailbox

When you convert a user's mailbox to a shared mailbox, all of the existing email and calendar are retained. Only now it's in a shared mailbox where several people will be able to access it instead of one person. You can convert a shared mailbox back to a user (private) mailbox at a later date if you want.

  • Creating a shared mailbox is the less expensive way to go because you won't have to pay for a license as long as the mailbox is smaller than 50 GB. If it is over 50 GB, you'll need to assign a license to it.
  • If you convert the mailbox to a shared mailbox, all the old email will be available, too. This can take up a lot of space.
  • If you set up email forwarding, only new emails sent to the former employee will be sent to the current employee.

Follow these steps to convert the user's mailbox to a shared mailbox.

Forward a former employee's email to another employee

Important

If you're setting up email forwarding or a shared mailbox, in the end, don't delete the former employee's account. The account needs to be there to anchor the email forwarding or shared mailbox.

Shared mailboxes do not can have forwarding

  1. In the admin center, go to the Users > Active users page.
  2. Select the name of the employee that you want to block, and then select the Mail tab.
  3. Under Email Forwarding, select Manage email forwarding.
  4. Turn on Forward all email sent to this mailbox. In the Forwarding address box, type the email address of the current employee who's going to get the email.
  5. Select Save.
  6. Remember, don't delete the former employee's account.

Cancel Outlook meetings

Make sure to cancel all meetings that the former user had on their calendar. This lets people remove the meetings created by the former user.

If the person had meetings that booked equipment or rooms, they won't be available to be booked until those meetings are canceled. Read Delete an appointment or a meeting for the steps.

 

 

Step 5 - Give another employee access to OneDrive

When an employee leaves your organization, you'll want to access their OneDrive and Outlook data, back it up, and choose whether to give it to another employee.

Access a former user's OneDrive documents

If you remove a user's license but don't delete the account, you can give yourself access to the content in the user's OneDrive. If you delete the user's account, you have 30 days by default to access the former user's OneDrive data. Learn how to set the OneDrive retention for deleted users. If you don't restore a user account within this time, their OneDrive content is deleted.

To preserve a former user's OneDrive files, first give yourself access to their OneDrive, and then move the files you want to keep.

  1. In the admin center, go to the Users > Active users page.
  2. Select a user.
  3. On the user properties page, select OneDrive. Under Get access to files, select Create link to files.
  4. Select the link to open the file location. Download the files to your computer, or select Move to or Copy to to move or copy them to your own OneDrive or to a shared library.

Note

You can move or copy up to 500 MB of files and folders at a time.
When you move or copy documents that have version history, only the latest version is moved.

You can also grant access to another user to access a former employee's OneDrive.

  1. Sign in to the admin center as a global admin or SharePoint admin.
    If you get a message that you don't have permission to access the admin center, then you don't have administrator permissions in your organization.
  2. In the left pane, select Admin centers > SharePoint. (You might need to select Show all to see the list of admin centers.)
  3. If the classic SharePoint admin center appears, select Open it now at the top of the page to open the SharePoint admin center.
  4. In the left pane, select More features.
  5. Under User profiles, select Open.
  6. Under People, select Manage User Profiles.
  7. Enter the former employee's name and select Find.
  8. Right-click the user, and then choose Manage site collection owners.
  9. Add the user to Site collection administrators and select OK.
  10. The user will now be able to access the former employee's OneDrive using the OneDrive URL.

 

Revoke admin access to a user's OneDrive

You can give yourself access to the content in a user's OneDrive, but you may want to remove your access when you no longer need it.

  1. Sign in to the admin center as a global admin or SharePoint admin.
    If you get a message that you don't have permission to access the admin center, then you don't have administrator permissions in your organization.
  2. In the left pane, select Admin centers > SharePoint. (You might need to select Show all to see the list of admin centers.)
  3. If the classic SharePoint admin center appears, select Open it now at the top of the page to open the SharePoint admin center.
  4. In the left pane, select More features.
  5. Under User profiles, select Open.
  6. Under People, select Manage User Profiles.
  7. Enter the user's name and select Find.
  8. Right-click the user, and then choose Manage site collection owners.
  9. Remove the person who no longer needs access to the user's data, and then select OK.

 

Step 6 - Unassign the Microsoft 365 license from a former employee

If you don't want to pay for a license after someone leaves your organization, you need to remove their Microsoft 365 license and then delete it from your subscription. You can assign a license to another user if you don't delete it.

If the mailbox needs to be accessed by authorized people who have been granted eDiscovery permissions for compliance or legal reasons, it must be assigned an Exchange Online Plan 2 license (or an Exchange Online Plan 1 license with an Exchange Online Archiving add-on license) so that a hold can be applied to the mailbox before it's deleted. After the user account is deleted, any Exchange Online license associated with the user account will be available to assign to a new user.

When you remove the license, all that user's data is held for 30 days. You can access the data, or restore the account if the user comes back. After 30 days, all the user's data (except for documents stored on SharePoint Online) is permanently deleted from Microsoft 365 and can't be recovered.

  1. In the admin center, go to the Users > Active users page.
  2. Select the name of the employee that you want to block, and then select the Licenses and Apps tab.
  3. Clear the check boxes for the license(s) you want to remove, and then select Save changes.

 

To reduce the number of licenses you're paying for until you hire another person, do the following steps:

  1. Send an email to support@itsolver.net requesting the removal of the licence and quantities unassigned.
  2. IT Solver will advise once it's done.
  3. View your IT Solver billing dashboard: https://billing.stripe.com/p/login/aEUbJz5c11DgcTK4gg

From your IT Solver billing dashboard you can view your subscription, update payment methods, billing information and view invoice history.  We are working toward offering subscription quantity changes in the dashboard. 

 

When you add another person to your business, you'll be prompted to buy a license at the same time, contact support@itsolver.net or for urgent response (07) 3123 6000

 

How the deleted employee account affects Skype for Business

This only applies to organisations using Skype for Business or Microsoft Teams as their phone system.

When you remove a user's license from Office 365, the PSTN calling number associated with the user will be released. You can assign it to another user.

If the user belongs to a queue group, they will no longer be a viable target of the call queue agents. So, we recommend also removing the user from the groups associated with the call queue.

Set up call forwarding to people in your organization

This only applies to organisations using Microsoft Teams as their phone system.

If you need to set up call forwarding for the terminated employee's phone number, the call forwarding setting under calling policies can set up forwarding where incoming calls can be forwarded to other users or can ring another person at the same time. For more information, see Calling policies in Microsoft Teams.

 

 

Step 7 - Delete a former employee's user account

After you've saved and accessed all the former employee's user data, you can delete the former employee's account.

Important

Don't delete the account if you've set up email forwarding or converted it to a shared mailbox. Both need the account to anchor the forwarding or shared mailbox.

  1. In the admin center, go to the Users > Active users page.
  2. Select the name of the employee that you want to delete.
  3. Under the user's name, select Delete user. Choose the options you want for this user, and then select Delete user. If you've already given another user access to this user's email and OneDrive, you don't have to do it again here.

When you delete a user, the account becomes inactive for approximately 30 days. You've until then to restore the account before it's permanently deleted.

Watch: Delete a former employee's user account

https://www.microsoft.com/en-us/videoplayer/embed/RE1FOfR?postJsllMsg=true

 

If you found this video helpful, check out the complete training series for small businesses and those new to Microsoft 365.

 

Related articles

Comments

0 comments

Article is closed for comments.