Removing Microsoft 365 Users While Preserving Data

• Organizations should have a consistent process for removing Microsoft 365 user accounts.
• Administrators should secure access to organizational data and services and preserve and protect data.
• Workflows related to the removed user account should be redirected to avoid business disruptions.
• After important data has been preserved, the Microsoft 365 license associated with the user account should be properly recycled for reassignment.

When a user holding a Microsoft 365 license leaves an organization, the organization should ensure that the user can no longer access company resources and that data is protected from exfiltration or loss.

After a user’s access to data and services is blocked, the organization must decide when to remove the assigned Microsoft 365 license. (In this article, “license” refers to a user’s Microsoft 365 license, which is sometimes known as an Office 365 account, and “account” is an Azure Active Directory [AAD] account.) Some of the steps in preserving data are not consistent across Microsoft 365 services, and many of the steps should be performed in a specific order.