Dealing with terminated employees in Office 365

Want to save this blog for later? Download it now.

So an employee is leaving your company. It happens all the time, no big deal. But what do we do about their Office 365 account? This guide aims to answer that question. We’ll go through the following steps:

• Change the Users Password
• Remotely Wipe their Mobile Device
• Give yourself access to the Users Mailbox and Archive
• Export the Mailbox to PST for Archiving
• Delete the Employee’s mailbox
• Assign the Employee’s Email Address to Another Person
• Set up an Auto-Responder/Out-Of-Office for the Employee
• Free up or Remove the Office 365 Licence

Many of our Office 365 reports can be used to determine if the employee was a member of particular distribution groups or have a mobile device assigned to them.

Change the Users Password

When a user leaves, the first thing you want to do is reset the password on their account. Resetting their password means you can still access their mailbox but prevents them from accessing business information once they have left.

Remotely Wipe their Mobile Device

If the employee has been terminated under less favorable circumstances, you may need to remotely wipe the users mobile phone to prevent them from accessing corporate information.
This needs to be done before you delete their account:

• Log in to Office 365 as an Administrator and open the Exchange Control Panel
• In the Exchange Control Panel, in the Select what to manage field, select Another User.
• In the Select Mailbox dialog box, select the employee’s account, and then click OK. At the top of the page you should see which mailbox you are administering.
• Select Phone > Mobile Phones.
• Select the device that you want to wipe, and then click Wipe Device.
• Double check that you’re wiping the correct user and click OK to the “Are you sure” window.
• After the remote device wipe is complete, you can remove it from the mobile phones list.

Read more: 

Give yourself access to the Users Mailbox and Archive

Before you can export the users mailbox, you need to give your account full access to the employee’s mailbox. This has to be done in Powershell.

First, connect to Office 365 using Powershell.

Then, you need to run the following command. This example gives you@domain.com full access to the mailbox of employee@domain.com. Obviously you need to replace these two login names with those of your own company.
Add-MailboxPermission -identity employee@domain.com -user you@domain.com -AccessRights FullAccess


Export the Mailbox to PST for Archiving

Many industries and companies are required to keep employee records for a period of many years. There is no easy way to do this in Office 365 and this frustrates many people. If you want to delete the user account eventually, you’ll need to export the mailbox to a PST file and store it somewhere safe.

If you use an Enterprise version of Office 365 you can now keep the mailbox on Office 365 indefinitely.

Otherwise, you need to export the mailbox to a PST file.

Remember: PST files are notoriously unstable. So once you have a working PST file, you should back it up immediately. If you need to work on a users PST file later, do so on a copy not the original file. If the PST copy becomes corrupt you can always make another one.

To export the mailbox using Outlook

First you need to set up a new Outlook profile and connect to the employee’s mailbox on your PC.

Then, export the mailbox to a PST file. Don’t forget to also export the Archive Mailbox if the user has one.

Alternatively, you can use a PST export tool.

Make sure you test the PST file works properly before you delete the source mailbox!

Delete the Employee’s mailbox

This is how you delete a user in Office 365:

1. Log into the Office 365 Portal as an Administrator
2. In the header, click Admin.
3. On the Admin page, in the left pane, under Management, click Users.
4. On the Users page, select the check box next to the user or users that you want to delete, and then click Delete.
5. In the Delete confirmation message, click Yes.

Assign the Employee’s Email Address to Another Person

Once you’ve deleted the employee’s user account, you can assign their email address to another person to make sure you don’t miss any important emails. This is relatively easy, and this TechNet blog describes it much better than I ever could.

Set up an Auto-Responder/Out-Of-Office for the Employee

This is an alternative to assigning the users email address to another person. You can create an Auto-Responder, or Out Of Office message, that replies to any emails sent to the departing employee’s email address with a custom message.

The way I do this is with a Shared Mailbox. You are not charged by Microsoft for Shared Mailboxes.

Firstly, Create a Shared Mailbox with the name “Ex Employees” or something similar and give yourself permission to it. This guide explains how.

Now you need to create an Out Of Office message for the Shared Mailbox:

1. Log into Outlook Web Access for Office 365
2. Click your name at the top right of the screen and select Open other mailbox
3. Type the name of the Shared Mailbox you created and click Open
4. Click the Options button in the top right of the OWA window and select Set up automatic replies
5. Type in the message you want people to receive when they email a person who has left the company. Make sure you paste the message into both boxes, and check the Send replies to all external senders option.
6. Click Save

The last thing to do is add the email address for the employee to this new autoresponder mailbox. This is an easy step, and is explained here.

If you make the auto responder email a generic message, you can use this same mailbox for all future employees that leave the company. Simply add their email address to this existing mailbox.

Note: As this is effectively an Out Of Office message, each person who email’s this mailbox will only receive the auto responder message once.

Free up or Remove the Office 365 Licence

Once you’ve deleted a user, their licence becomes free for another user to user. You will still be charged for this licence until you remove it from your subscription. This is done in the Office 365 Administrator Portal.

1. On the Admin page, in the left pane, under Subscriptions, click Manage.
2. On the Billing and subscription management page, click a subscription name.
3. On the Subscription details page, click Change Quantity next to Licence count.
4. Follow the steps in the wizard.

If you found this blog post useful, and want to refer to it again, why not download it as a PDF?

Related Posts

These other blog posts may be of interest to you:

• Office 365 Administrator Account Best Practises – Ensure your Office 365 account is secured
• Finding Inactive Users in Office 365 – Users that have not logged on for a certain period of time.
• Office 365 Anti-Spam and Anti-Virus Settings – Understand how to deal with Spam and Malware in Office 365

Learn more about our Office 365 reporting software.