By default, this could be up to three hours however you can also force a manual sync. If Password Sync is being used instead of AD FS, we have to rely on the DirSync / AADSync synchronization cycle to occur in order for the account in Azure AD to be disabled. Since AD FS authenticates to Active Directory, a disabled, expired or locked out account in Active Directory will not allow a successful authentication. If we’re using AD FS, disabling the Active Directory account essentially disables the access to Office 365. Once deleted in Office 365, the mailbox is recoverable for 30 days and then it is gone unless we take some of the actions below. Disabling the account as opposed to immediately deleting it is important as a deletion of the account would be synchronized to Office 365 which in turn deletes the account in Azure AD along with the user’s mailbox. While most organizations will disable the account for a period of time before actually deleting the account, it’s recommended to establish a period of time for how long you will keep that disabled account around otherwise the number of disabled accounts can get out of control. Once notification is received that a user has left the organization, one of the first actions generally taken is to disable the user’s Active Directory account. When the user’s mailbox is in Exchange Online, there are additional considerations to watch out for. This process is usually initiated by a notification from HR or the user’s manager. Part 2 of this series covers how to handle the user’s OneDrive for Business data.īefore we talk about the data, we need to secure the data by removing the departed user’s access.
This article, part 1, will cover how to handle Exchange Online data or more specifically, the user’s mailbox. In this two part series, I will cover some of the ways to handle Office 365 data for users that have left your organization. There may be a licensing impact which can equate to costs and you are dependent upon another party (Microsoft) for handling the disposal of data. When using cloud services such as Office 365, there are additional aspects to consider which will make your process different than in an on-premises scenario.
Whether you call these user “separations”, “terminations” or “offboarding”, the impact to IT is the same: network access needs to be secured and the user’s data needs to be addressed. As a result of a decision made by either the employee or the employer, users will inevitably leave your organization.
0 kommentar(er)
