Security
Offboarding a departing employee without breaking access
Offboarding is a security task as much as a support task. The goal is to cut access promptly while preserving data and access others still need.
Disable, do not delete, first
- Disable the account rather than deleting it, so data and audit history remain
- Reset the password and end active sessions so the credential cannot be reused
- Remove multi factor methods tied to a personal device
Preserve and redirect
- Convert the mailbox so a manager can still reach incoming mail, or set a forward
- Reassign ownership of shared files and any service accounts the person held
- Reclaim the Microsoft 365 license once data is preserved
Close the loop
Remove the user from security groups and distribution lists, and note the date and who approved the offboarding. A clean trail protects everyone if a question comes up later.