Mar 23 2023 01:28 AM
Hi All,
What are the best practices or the general consensus on what happens to an ex staff members AAD/AD account and device within Azure and Intune.
At present we only disable ex staff and leave the disabled account in Azure/AD (Hybrid environment) and leave the device in Intune...Only after 180 days is the device removed from AAD of non activity.
My colleague is of the option, just leave the device and disabled user in AAD for record keeping as it does no harm leaving them there.
Now I think, we should be doing the following:
Wiping the device via Intune (this will remove it from AAD and Intune)
Disable user from AAD/AD, remove from all groups and then once done, delete the user (I appreciate there might be broken links in SharePoint etc, but with a disabled user the same issue)
So, from a compliance and security prospective what are the best practices for dealing with ex staff and their devices?
I know every company has different ideas
Regards
Rachel
Mar 23 2023 02:10 AM
Mar 23 2023 02:12 PM