Block the user from signing in to MC Office 365 accountĪfter you reset the password, make sure the former employee won’t be able to reset it themselves in the future and block them from signing in to your Office 365 account.ġ.
Optionally, you can send a new password to your admin’s email or any other emails 2. From now on, an ex-employee won’t be able to access corporate account and dataĥ. Generate a new password automatically or create it yourself and reset the password. Select a user and click Reset a password (a key icon)Ĥ. Log in to Office 365 Admin’s account and go to the Admin centerģ. Resetting a password takes effect immediately, and that’s why it’s the first course of action.ġ.
In the 24-hour time window, an employee potentially can hard-delete or download confidential information. You need to reset the password instead of just blocking the user sign-in because the latter can take up to 24 hours. What is the first thing to do in Office 365 when an employee leaves your company? The first step is cutting off their access to corporate data by changing the password.
How to manage an account and data belonging to Office 365 user leaving your company? Here are the best practices you may find beneficial: Office 365 Terminated Employee: 8 Best Practices for Offboarding
Remove the Microsoft Office 365 license and reassign or delete it Disconnect mobile devices from the corporate data Set up email forwarding, or create a shared mailbox Block the user from signing in to MC Office 365 account Office 365 Terminated Employee: 8 Best Practices for Offboarding.To prevent your device from being Azure AD registered, clear Allow my organization to manage my device, select No, sign in to this app only, and then select OK. This registers your device in Azure AD while adding your account to Workplace Join.
By default, the Allow my organization to manage the devices checkbox is selected. Prevent Workplace Join on your deviceĪfter Office successfully authenticates and activates, the Stay signed in to all your apps dialog pops up. The next time an application tries to sign in, users will be asked to add the account again. After this operation, all applications in the current logon session will lose SSO state, and the device will be unenrolled from management tools (MDM) and unregistered from the cloud. This tool removes all SSO accounts in the current Windows logon session. To clear all WAM accounts associated with Office on the device, download and run the signoutofwamaccounts.ps1 script with elevated privileges. In scenarios where all stored credentials (such as domain/tenant migration) must be cleared, clear the additional WAM locations. Open a command prompt as an administrator. Here's how to find out if a device is DJ, AADJ, HAADJ, or WPJ: These configurations use Web Account Management (WAM), which stores credentials in different locations. In a managed environment, more locations store credentials.ĭevices are considered managed if they're Azure AD Joined (AADJ), Hybrid Azure AD Joined (HAADJ), or Workplace Joined (WPJ). The above steps reset the Office activation for unmanaged devices (Domain Joined aka DJ). Clear Office credentials and activation state for managed devices Simply download and run the script with elevated privileges. The four steps above can be automated using OLicenseCleanup.vbs. HKEY_USERS\The user's SID\Software\Microsoft\Office\16.0\Common\Identity.HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity.%localappdata%\Microsoft\Office\Licenses (Microsoft 365 Apps for enterprise version 1909 or later).