Removing Office 365 Users

• Organizations should have a consistent process for removing or deleting Office 365 user accounts.
• Administrators should secure access to organizational data and services and preserve and protect data.
• Workflows related to the removed user account should be redirected to avoid business disruptions.
• The Office 365 license associated with the user account should be properly recycled for reassignment.

When an Office 365 user leaves an organization, the organization should have processes to ensure that the organization protects its data from leakage or loss. Such a process could include the following:

• Cutting off the user’s access to organizational data and services
• Preserving and reassigning data associated with the user’s Office 365 account
• Ensuring that workflows involving the user are redirected
• Properly releasing the user’s Office 365 account license for reuse.

After a user’s access to data and services is blocked, the organization must decide when to remove the assigned Office 365 license. (In this article, license refers to a user’s Office 365 license, which is sometimes known as an Office 365 account, and account is an Azure Active Directory [AAD] account.) Some of the steps in preserving data are not consistent across Office 365 services, and many of the steps should be performed in a specific order.