Best Practices - When someone leaves your organization - What do you do?

Frequent Contributor

Hey all - 


Just looking to get some insight from some others on how you  handle this situation --We are running with all of our mailboxes in the cloud - in hybrid mode - with ADFS  and AADConnect.


When someone leaves your organization - what do you do?  Assume that someone needs access to this users email historically, that same person needs access to any new mail that comes in for that person for a period of time while the transition occurs.  Also - for security, the user that left needs to be revoked access to prevent any access to email post employment.


There seems to be a chain of events that should / could occur - user account gets disabled, either the mailbox gets delegated to the person that needs access.  At some point, all of the valuable information from the mailbox should be moved somewhere else and the mailbox be deleted?  Possibly an alias is created for the person that needs access?  


How do you handle this?





4 Replies



All depends on where in the world you are located. Within the EU or EØS area, where the GDPR regulation starts on 25th of may 2018 - you will have to delete the mailbox as this is considered personal data.


We do already enforce this policy.



Leif Kruse

We are located entirely in the US.  

Below is a good blog post (it's old but it still applies most part)

Office 365 – How to Handle Departed Users (Part 1 of 2)


Hope it helps



Here is the official recommended sequence of events as they stand for managing former employees  - Remove a former employee from Office 365.