Mar 24 2023 06:24 AM
Dear all,
I apologize in advance if I am posting my question in the wrong place.
Every year we have external people coming to our campus who need to access specific school resources just for a few months. We have created several accounts for them with policy restrictions and we are happy with this solution.
We were wondering if there is a way to automate the deletion of all their data (mainly OneDrive files/Outlook emails) at the end of their stay here in order to keep those accounts clean for the upcoming persons. We don't want to do this task manually.
Is it quicker to delete the accounts and re-create them every year?
Many thanks in advance for any help
Francesco
Mar 24 2023 06:32 AM
@fstorer I recommend you use the identity governance by create a creating an access review for those users in a yearly time frame and you can use the lifecycle workflows to onboard and offboard the users
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
Mar 24 2023 06:51 AM
@eliekarkafy thank you for your quick reply.
Unfortunately that solution is not feasible at the moment for us because we don't have an Azure AD Premium P2 or E5 license.
Francesco
Mar 24 2023 06:58 AM
Mar 24 2023 07:23 AM
@eliekarkafy that's exactly my question. We can delete all the accounts and set them up again for the next academic year, but we were wondering if we can keep them with all their settings and wipe/remove ONLY the OneDrive/Outlook data. Again, probably deleting and recreating them is the quickest solution...
Mar 24 2023 07:36 AM
@fstorer you can keep the accounts in the portal and just remove the licenses from them. by removing the license, the user will not have any mailbox in outlook or one drive.
if you want to delete the users from the portal , here a powershell script that you can user that read the users from the CVS file.
#Import the AzureAD module
Import-Module AzureAD
#Set the path of the CSV file containing the list of users to delete
$csvFilePath = "C:\Path\To\Users.csv"
#Get the credentials of an Azure AD administrator account with the necessary permissions to delete users
$adminCreds = Get-Credential -Message "Enter the credentials of an Azure AD administrator with the necessary permissions"
#Connect to Azure AD using the administrator credentials
Connect-AzureAD -Credential $adminCreds
#Read the CSV file and loop through each row
Import-Csv $csvFilePath | ForEach-Object {
#Get the user to delete based on their email address
$user = Get-AzureADUser -Filter "Mail eq '$($_.Email)'"
#Check if the user exists
if ($user) {
#Delete the user
Remove-AzureADUser -ObjectId $user.ObjectId -Force
#Output a message indicating that the user has been deleted
Write-Output "User '$($_.Email)' has been deleted from Azure AD"
}
else {
#Output a message indicating that the user could not be found
Write-Output "User '$($_.Email)' could not be found in Azure AD"
}
}
#Disconnect from Azure AD
Disconnect-AzureAD
Mar 24 2023 07:55 AM
@eliekarkafy if I remove the licenses from those accounts and then re-assign them later, will all the previous data in those accounts be accessible again? Or everything is wiped when you remove a Microsoft license?
Mar 24 2023 08:02 AM
Mar 24 2023 08:11 AM
@eliekarkafy thanks, I found the page with the information I needed.
I see that
- Files saved in OneDrive for Business aren't deleted unless the user is deleted from the Microsoft 365 admin center or is removed through Active Directory synchronization. For more information, see OneDrive retention and deletion.
So I guess the only solution is still deleting the accounts and then recreating them.
Mar 24 2023 08:14 AM
SolutionMar 24 2023 08:14 AM
Solution