Microsoft 365 Offboarding Best Practices I Follow in 2025
How to offboard an employee in Microsoft 365 is a question that bothers many IT administrators. I recently performed offboarding of a few employees, so I know exactly what to do.
Follow this simple guide I have prepared for you, and ensure that your former employees have a smooth exit from your organization.
How to Offboard an Employee in Microsoft 365: Step-by-Step
Here is a list of things you are expected to do
- Step 1. Log out & Lock out User
- Step 2. Archive & Secure Mailbox Data
- Step 3. Wipe & Block Mobile Devices
- Step 4. Forward or Convert Mailbox
- Step 5. Remove & Reassign License
- Step 6. Purge Former User
Now that we have the list with us, let’s perform each step one by one.
Step 1. Begin Microsoft 365 Offboarding Best Practices by Ending Sessions
Part 1: Log Out a Former Employee:
- M365 Admin Center > Users > Active Users.
- Highlight User > click on Reset Password.
- Type a new password > Reset.
- Choose “Automatically create new password“.
- Select Reset password > Print (Optional) > Close.
- Select user again > Switch to Account section > click Sign out of all sessions.
User sessions don’t end immediately. To bypass this limitation, use PowerShell:
Import-Module Microsoft.Graph.Users.Actions Revoke-MgUserSignInSession -UserId $formerUserId
Part 2.1: Lock Out Access from M365 Services:
- M365 Admin Center > Users > Active Users.
- Highlight User > click Block sign-in.
- Then, click “Block this user from signing in” > Save changes.
Part 2.2: Disable Exchange Online:
- Open EAC > Recipients > Mailboxes.
- Choose User > open Email apps & mobile devices > Manage email apps settings.
- Toggle off switches for:
- Outlook Desktop
- Exchange Web Services
- Mobile
- IMAP/POP3
- Outlook Web
- Save.
Step 2. Backup Former Employee’s Entire Mailbox Data
This is perhaps the most important phase of the entire employee offboarding process in Office 365. That’s why we highlight it in our Microsoft 365 offboarding best practices list. That being said, IT administrators should not risk conducting a manual backup.
It is both slow and confusing to set up; instead, they can use the SysTools Office 365 Backup and Restore tool to quickly make a safe copy of the former user.
The tool has the facility to not only backup mailboxes but also calendar, contacts, and even documents present in the user’s OneDrive.
This does not use the user’s password, so even when you force log out all active sessions and update the password, you can still backup.
Once you secure the data, move on to the next step.
Step 3. Use the Exchange Admin Center (EAC) to Clear an Employee’s Mobile
Many employees use M365 services from their mobile devices. So it is an admin’s responsibility to wipe out the data from those endpoints as well. This is done to prevent leaks and unauthorised access. Here are the steps:
- Log in to EAC > Recipients > Mailboxes.
- Select user > Email apps & mobile devices > Manage mobile devices.
- Under Mobile devices, pick mobile device > Wipe company data > Block access > Save.
An alternative to this is that the employee surrenders their device before leaving.
Step 4. How to Offboard an Employee in O365 While Maintaining Mail Flow?
Sometimes, due to industry complications, the admins can’t delete all employee data on the day of the offboarding. Which also means they have to keep the email flowing as well. But how?
The trick is to convert the regular user account into a shared mailbox.
Here is what you have to do:
EAC > Recipients > Mailboxes. Select the user > Convert to shared mailbox > Confirm.
You may use PowerShell:
Set-Mailbox -Identity "[email protected]" -Type Shared
Remember, sharemailboxes can only hold up to 50 GB of mail. If the current data volume exceeds this limit IT admin can forward the former employee’s email to another employee who is still part of the organization.
- In M365 Admin Center > Expand Users > Active users.
- Select the employee and go to the Mail tab.
- Below Email Forwarding, click on Manage email forwarding.
- Turn on Forward all emails sent to this mailbox.
- Enter the email address to which the mail will be forwarded.
- Save.
Don’t delete the original account, as it will stop the mail flow.
Step 5. Make Another Employee Incharge of the OneDrive and Outlook Data
Thanks to the restoration option present in our automated solution, you can achieve this phase of the offboarding operation quite easily.
Step 6. Remove the Microsoft 365 Subscription License from an Offboarded Employee
- In the admin center, find Billing > Your products page.
- Select the subscription type that the offboarded employee had.
- In the subscription page > Remove licenses.
- In the Remove licenses pane > subtract as many licenses as you are offboarding.
- Once done, hit Save.
(For example, if originally you have 30 licenses in total and you offboard 5 people, then the new license count should be 30 – 5 = 25 licenses)
Step 7. Delete a former employee’s user account
- M365 Admin Center > Users > Active users.
- Select the employee.
- Under the user’s name, click Delete user.
You may want to remove deleted users’ Office 365 accounts permanently yourself, as the account does not delete instantly. There is a 30-day cooldown period during which the account becomes inactive; you can restore the account during this period once the cooldown hits zero, the account is permanently deleted.
Conclusion
In this blog, I shared my secret Microsoft 365 offboarding best practices that I use to formalize the exit of an employee leaving my organization.
You can follow the standard Office 365 employee offboarding process or modify it to suit your needs. This is because these rules are not set in stone, and an offer can be adapted to fit
One of the key steps is to prepare a backup of the employee data, which can be done easily with the help of the automated solution we have described earlier.