Question

An employee has retired or is no longer working at our company. How do we delete his account and stop paying for his licence?

We pay IT Solver for the Microsoft 365 subscription so I thought to ask you.

 

Answer

If you would like IT Solver to do this offboarding and your business is covered by a Support Plan, send the request to support@itsolver.net with this information:

1. When do you want us to action this request?
2. User converted to a shared mailbox? If yes, who should have access?
3. Forward email to specific mailbox?
4. Autoreply message advising emailed forwarded and staff are no longer at the business? 
5. Give someone access to OneDrive files for 30 days? If yes, who?

Otherwise, see below instructions to offboard a user with Microsoft 365 for Business. 

Simple method to offboard user in Microsoft 365

1. In the Microsoft 365 admin center > Active users, select the user, note the licence they're using.
2. Delete User. Check boxes as desired to remove licence, aliases and the last two boxes allow you to
   - give another user access to their OneDrive files for 30 days after the user is deleted
   - give another user access to user's email. If you do this it will ask you about changing the display name, creating an automatic reply (for internal and/or external) and delete aliases.
3. Email IT Solver (support@itsolver.net) asking to reduce the licence noted in step 1.

Example screenshot of user deletion:

 

Detailed Steps for Fine-Grained Control

For organizations requiring comprehensive control over the offboarding process, the following steps provide an in-depth guide to ensure compliance, data retention, and adherence to internal policies.

Step 1 - Block Access

Reset the user's password to block immediate access.
In this step, force a sign out of the user from Microsoft 365.

Note

You need to be a global administrator to initiate sign-out for other administrators. For non administrator users, you can use a User Administrator or a Helpdesk Administrator user to perform this action. Learn more about the Admin Roles

1. In the admin center, go to the Users > Active users page.
2. Select the box next to the user's name, and then select Reset password.
3. Enter a new password, and then select Reset. (Don't send it to them.)
4. Select the user's name to go to their properties pane, and on the Account tab, select Sign out of all sessions.

Within an hour - or after they leave the current Microsoft 365 page they are on - they're prompted to sign in again. An access token is good for an hour, so the timeline depends on how much time is left on that token, and whether they navigate out of their current webpage.

 

Important

If the user is in Outlook on the web, just clicking around in their mailbox, they may not be kicked out immediately. As soon as they select a different tile, such as OneDrive, or refresh their browser, the sign-out

 

Step 2 - Save Data

Place a Litigation Hold or export their Outlook data to a .pst file.

Alternatively: skip this step, and at step 4, Convert to Shared Mailbox.

 

Place hold or export user's data to a .pst file

Once you've blocked a user from being able to log into your organization you can save the contents of their mailbox. There are two ways you can save the contents of the former employee's mailbox.

1. Place a Litigation Hold or In-Place Hold on the mailbox before the deleting the user account. This is much more complicated than the second option but worth doing if: your Enterprise plan includes archiving and legal hold, litigation is a possibility, and you have a technically strong IT department.
   After you convert the mailbox to an "inactive mailbox," administrators, compliance officers, or records managers can use In-Place eDiscovery tools in Exchange Online to access and search the contents.
   Inactive mailboxes can't receive email and aren't displayed in your organization's shared address book or other lists.
   To learn how to place a hold on a mailbox, see Manage inactive mailboxes in Exchange Online.
   OR
2. Add the former employee's email address to your version of Outlook on Desktop, and then export the data to a .pst file. You can import the data to another email account as needed. Check out Step 4 - Give another employee access to OneDrive and Outlook data.

Step 3 - Wipe Mobile Device

Use the Exchange admin center to wipe and block the device.

Wipe mobile device using the Exchange admin center

1. Go to the Exchange admin center > Recipients > Mailboxes.
2. Select the user, and under Mobile Devices, select View details.
3. On the Mobile Device Details page, under Mobile devices, select the mobile device, select Wipe Data, and then select Block.
4. Select Save.

Step 4 - Convert to a shared mailbox and Email Forwarding

Set up email forwarding and/or convert to a shared mailbox.

Convert former employee's mailbox to a shared mailbox

When you convert a user's mailbox to a shared mailbox, all of the existing email and calendar are retained. Only now it's in a shared mailbox where several people will be able to access it instead of one person. You can convert a shared mailbox back to a user (private) mailbox at a later date if you want.

• Creating a shared mailbox is the less expensive way to go because you won't have to pay for a license as long as the mailbox is smaller than 50 GB. If it is over 50 GB, you'll need to assign a license to it.
• If you convert the mailbox to a shared mailbox, all the old email will be available, too. This can take up a lot of space.
• If you set up email forwarding, only new emails sent to the former employee will be sent to the current employee.

Follow these steps to convert the user's mailbox to a shared mailbox.

Forward a former employee's email to another employee

Important

If you're setting up email forwarding or a shared mailbox, in the end, don't delete the former employee's account. The account needs to be there to anchor the email forwarding or shared mailbox.

Shared mailboxes do not can have forwarding

1. In the admin center, go to the Users > Active users page.
2. Select the name of the employee that you want to block, and then select the Mail tab.
3. Under Email Forwarding, select Manage email forwarding.
4. Turn on Forward all email sent to this mailbox. In the Forwarding address box, type the email address of the current employee who's going to get the email.
5. Select Save.
6. Remember, don't delete the former employee's account.

Cancel Outlook meetings

Make sure to cancel all meetings that the former user had on their calendar. This lets people remove the meetings created by the former user.

If the person had meetings that booked equipment or rooms, they won't be available to be booked until those meetings are canceled. Read Delete an appointment or a meeting for the steps.

 

Step 5 - OneDrive Access

Give another employee access to the former user's OneDrive files.

Access a former user's OneDrive documents

If you remove a user's license but don't delete the account, you can give yourself access to the content in the user's OneDrive. If you delete the user's account, you have 30 days by default to access the former user's OneDrive data. Learn how to set the OneDrive retention for deleted users. If you don't restore a user account within this time, their OneDrive content is deleted.

To preserve a former user's OneDrive files, first give yourself access to their OneDrive, and then move the files you want to keep.

1. In the admin center, go to the Users > Active users page.
2. Select a user.
3. On the user properties page, select OneDrive. Under Get access to files, select Create link to files.
4. Select the link to open the file location. Download the files to your computer, or select Move to or Copy to to move or copy them to your own OneDrive or to a shared library.

Note

You can move or copy up to 500 MB of files and folders at a time.
When you move or copy documents that have version history, only the latest version is moved.

You can also grant access to another user to access a former employee's OneDrive.

1. Sign in to the admin center as a global admin or SharePoint admin.
   If you get a message that you don't have permission to access the admin center, then you don't have administrator permissions in your organization.
2. In the left pane, select Admin centers > SharePoint. (You might need to select Show all to see the list of admin centers.)
3. If the classic SharePoint admin center appears, select Open it now at the top of the page to open the SharePoint admin center.
4. In the left pane, select More features.
5. Under User profiles, select Open.
6. Under People, select Manage User Profiles.
7. Enter the former employee's name and select Find.
8. Right-click the user, and then choose Manage site collection owners.
9. Add the user to Site collection administrators and select OK.
10. The user will now be able to access the former employee's OneDrive using the OneDrive URL.

 

Revoke admin access to a user's OneDrive

You can give yourself access to the content in a user's OneDrive, but you may want to remove your access when you no longer need it.

1. Sign in to the admin center as a global admin or SharePoint admin.
   If you get a message that you don't have permission to access the admin center, then you don't have administrator permissions in your organization.
2. In the left pane, select Admin centers > SharePoint. (You might need to select Show all to see the list of admin centers.)
3. If the classic SharePoint admin center appears, select Open it now at the top of the page to open the SharePoint admin center.
4. In the left pane, select More features.
5. Under User profiles, select Open.
6. Under People, select Manage User Profiles.
7. Enter the user's name and select Find.
8. Right-click the user, and then choose Manage site collection owners.
9. Remove the person who no longer needs access to the user's data, and then select OK.

 

Step 6 - Unassign License

Go to Active users, select the user, uncheck their licenses, and save.

To reduce the number of licenses you're paying for with IT Solver:

1. Send an email to support@itsolver.net requesting the removal of the licence and quantities unassigned.
2. IT Solver will advise once it's done.
3. See the change in your IT Solver billing dashboard: https://billing.stripe.com/p/login/aEUbJz5c11DgcTK4gg

From your IT Solver billing dashboard you can view your subscription, update payment methods, billing information and view invoice history.  We are working toward offering subscription quantity changes in the dashboard. 

When you add another person to your business, you'll be prompted to buy a license at the same time, contact support@itsolver.net, start a chat or for an urgent response call (07) 3123 6000.

 

How the deleted employee account affects Microsoft Teams Phone System

This only applies to organisations using Skype for Business or Microsoft Teams as their phone system.

When you remove a user's license from Office 365, the PSTN calling number associated with the user will be released. You can assign it to another user.

If the user belongs to a queue group, they will no longer be a viable target of the call queue agents. So, we recommend also removing the user from the groups associated with the call queue.

Set up call forwarding to people in your organization

This only applies to organisations using Microsoft Teams as their phone system.

If you need to set up call forwarding for the terminated employee's phone number, the call forwarding setting under calling policies can set up forwarding where incoming calls can be forwarded to other users or can ring another person at the same time. For more information, see Calling policies in Microsoft Teams.

 

Step 7 - Delete a former employee's user account

Delete the user account, unless you've set up email forwarding or a shared mailbox.

Important

Don't delete the account if you've set up email forwarding or converted it to a shared mailbox. Both need the account to anchor the forwarding or shared mailbox.

1. In the admin center, go to the Users > Active users page.
2. Select the name of the employee that you want to delete.
3. Under the user's name, select Delete user. Choose the options you want for this user, and then select Delete user. If you've already given another user access to this user's email and OneDrive, you don't have to do it again here.

When you delete a user, the account becomes inactive for approximately 30 days. You've until then to restore the account before it's permanently deleted.