While it is not the most positive topic to discuss, the hard truth of any organization is that employees leave. Entrepreneurs, managers, and even leaders in non-profit groups must prepare for this eventuality. Whenever an employee leaves, the right thing to do is to wish them well–but also have a plan for what happens to their corporate online user accounts. If your IT department knows the steps to quickly lock and close these former employee's accounts, then you reduce your risk of potential damage a disgruntled employee could do to your company's digital assets on their way out.
Microsoft built several features into their Office 365 cloud-based productivity suite that gives IT professionals a clear advantage in managing a former user's account. Here are just some of the things you can do in Office 365 to ensure a minimal impact to your organization when an employee leaves:
Block your former employee's Office 365 account
When an employee leaves, the first thing you want to do is block their Office 365 account. This is crucial for maintaining the security of your organization and gives you time to handle the rest of the recommended tasks.
To block an Office 365 account for the employee who is leaving, go to the Office 365 admin center, under Users, choose Block . Click the name of the former user in your organization, and then choose Select.
Reset your former employee's Office 365 password
Next, you should reset the password on their Office 365 account. This is crucial for maintaining the security of your organization. Resetting a former employee's password means you can still access their Microsoft Outlook mailbox but your former employee cannot access critical business information stored in your company's OneDrive For Business and SharePoint folders.
To reset the Office 365 account password for the employee who is leaving, again go to the Office 365 admin center, and under Users, choose Reset a password. Click the name of the former user in your organization, and then choose Select. You may either create the new password yourself or randomly generate a new secure password for this account. Once you have settled on a new password for the former employee's account, click the Reset button.
Gain full access to their mailbox for archival purposes
Unless you have unlimited licenses and choose just to keep the account active for an employee who has left the organization, you will probably want to remove the user and assign their licenses to another worker. Depending on the industry regulations and laws governing how you store your corporate data, it is good to have a way to export and store your former employees' mailboxes—even if it is for a limited time. However, to export a user's Office 365 mailbox you first need to gain full access to the employee's mailbox. This has to be done in PowerShell by running a specific command enabling "firstname.lastname@example.org" full access to the mailbox of "email@example.com" by typing:
Add-MailboxPermission -identity firstname.lastname@example.org
-user email@example.com -AccessRights FullAccess
In the aforementioned PowerShell command, you must replace the two @example.com login names with the domain used by your organization. If you are new to PowerShell, then there are some very good reasons why you should learn how to use it.
Once you have gained full access to your former employee's mailbox, you can download the user's personal folders as ".pst" files. These files can be archived and read using Microsoft Outlook on any PC.
Forward a former employee's email to another account
Your former employee will likely continue to receive email at the address you assigned them in your organization. If you do not wish to alert people outside the company that the employee is no longer at your company, then use the ability to forward their email to another person, maybe their former manager, so they can handle any enquiries.
We prefer this to configuring an Auto-Responder reply, formerly called the "Out Of Office Assistant", which is really designed to send "out of office" replies when an employee is on vacation or out sick. While you could send an Auto-Responder reply to any emails sent to the departing employee's email address with a message saying, in effect, "this person is no longer with our organization so please send all inquiries to their replacement" we recommend just forwarding their email. That results in the external person (customer or supplier) being immediately connected with whom they should be talking to rather than putting the onus on them to send another communication to the person who they should now be interacting with.
If you still want to configure an auto reply then you can do this within the Office 365 Admin Center in the same area where you set the forwarding options as outlined above. This is also useful even for an employee who is just out temporarily but forgot to set an Out of Office message. Now an admin in the organization can do this on their behalf rather than realizing emails are going to a (temporarily) unavailable employee without directing the sender to somebody else.
Remotely wipe corporate accounts on employee's personal devices
It's rare for companies to provide mobile phones to employees due to the rise of bring your own device (BYOD) policies and the prevalence of mobile device management software. Because Office 365 email is built on cloud-based Microsoft Azure technology, it is relatively easy for employers to selectively wipe just the corporate data off a former employee's device(s) which can be done without physical access to your former employee's device.
This is where Microsoft's Enterprise, Mobility + Security (EMS) suite comes in. Using EMS, an Office 365 admin can very quickly remotely remove corporate data from any managed device which has been admitted to the corporate environment. You can make it a requirement that any device (mobile phone, tablet, home computer) that they want to use to access corporate information can have that corporate data removed without touching any of their other information (personal files, photos, etc). This is a huge bonus for remote working while also protecting corporate assets. EMS is available as an add-on license to your current Office 365 subscription and policies can be set so that all new users get added to the correct groups so that corporate data can be removed should they leave the organization.
Choose Amaxra to help you keep your investment in Office 365 secure
No matter how a team member leaves the organization, it's important for you to protect your company's data. For companies invested in Office 365 and the Microsoft cloud ecosystem, Amaxra is the clear choice. We have extensive experience setting up and securing Office 365, ongoing cybersecurity training for your employees, and other protections to make sure your company stays safe. In fact, Amaxra runs our own business using all of these capabilities.
Contact me at firstname.lastname@example.org or call 425 708 8841 if you have any questions or comments on this blog.