Freethought

Have a Question?

If you have any question you can ask below or enter what you are looking for!

Offboarding a Leaver Safely (Microsoft 365)

23 Apr, 2026 Microsoft


What to do when someone leaves your business

Why This Matters

When someone leaves your company, it is critical to handle their Microsoft 365 account properly. A forgotten account is a security risk and could also mean you are paying for a licence nobody is using.

This guide walks you through the key steps in the right order.

Step-by-Step Offboarding Process

Step 1: Block sign-in immediately

  • Go to admin.microsoft.com, then Users > Active users.
  • Find the leaver and click on their name.
  • Click Block sign-in (or the block icon). This stops them from accessing their account right away.
  • This is the most important first step, especially if the departure was not on good terms.

Step 2: Reset their password

  • Even though sign-in is blocked, reset their password as well for an extra layer of security.
  • This ensures any saved sessions or cached credentials are invalidated.

Step 3: Set up email forwarding

  • If other people need to receive emails sent to the leaver, set up mail forwarding.
  • In the admin centre, click on the user, then go to the Mail tab.
  • Click Manage email forwarding and enter the email address of the person who should receive their mail.
  • You can also choose to keep a copy in the original mailbox.

Step 4: Set an out-of-office reply

  • It is good practice to set an automatic reply on the leaver’s mailbox letting people know they have moved on and who to contact instead.
  • See our separate guide on setting out-of-office on behalf of someone else.

Step 5: Transfer or back up their files

  • The leaver’s OneDrive files will be kept for 30 days after the account is deleted, but it is much safer to transfer them before that.
  • You can grant another user access to the leaver’s OneDrive through the admin centre.
  • Go to the user’s profile, click OneDrive, then click Create link to files to get access.
  • Copy anything important to a shared location like a SharePoint document library.

Step 6: Remove from groups and shared resources

  • Remove the leaver from any Microsoft 365 groups, Teams channels, and shared mailboxes.
  • This keeps things tidy and prevents confusion.

Step 7: Remove the licence and delete the account

  • Once you have secured everything, remove the licence from the user so it can be reassigned.
  • After 30 days you can permanently delete the account, or delete it sooner if you are confident everything has been saved.
  • Deleted accounts can be restored within 30 days if you change your mind.

Related Articles

Recovering Deleted Emails, Files, and Accounts (Microsoft 365)

Resetting a User’s Password (Microsoft 365)

Microsoft 365 Security Basics