Labels

How to block employee access to Office 365 data


"What do I do to protect data when an employee leaves the organization?" and "How do I block a former employees access to Office 365 after they leave?"
IMPORTANT: The steps in this article are for Office 365 Business Essentials, Office 365 Business Premium and Office 365 Enterprise.
A quick overview of the of the process looks like this:
  • Block employee access to Office 365 data.
  • (Optional) Get access to the data of the former employee.
  • (Optional) Send the former employee's email to another employee.
  • Delete the former employee's user account.
IMPORTANT: You need to be a member of the Office 365 global admin role to perform the steps in this topic. Make sure the user that performs these steps has the right permissions to complete these steps.
Block employee access to Office 365 data
The first thing you'll want to do is block the former employee from logging in and accessing Office 365 data. There are a few steps you'll want to take to make this happen.
  1. Sign in to Office 365 with your work or school account.
  2. Go to the Office 365 admin center.
  3. Go to Users > Active Users. Select the employee that you want to block, and then click EditEdit.
  4. Click the Settings tab, and under Set sign-in status, select Blocked, and then Save.
NOTE: If you block a user from having sign-in access to Office 365, it might take as long as 24 hours to take effect on all that user’s devices and clients. Also, make sure that you remove or disable the user from your on-premises Blackberry Enterprise Service. You should also disable any Blackberry devices for the user. Refer to the Blackberry Business Cloud Services Administration Guide if you need specific steps on how to disable the user.
Stop access to Exchange Online
If you have Exchange Online as part of your Office 365 subscription, you need to log in to the Exchange admin center to follow these steps to block your former employee from accessing their email.
  1. Sign in to Office 365 with your work or school account.
  2. Go to the Office 365 admin center.
  3. In the lower-left navigation pane, expand Admin and select Exchange.

  1. In the Exchange admin center, navigate to Recipients > Mailboxes.
  2. Select the user, and on the user properties page, under Mobile Devices, select or click Disable Exchange ActiveSync and Disable OWA for Devices, and Disable email connectivity.
  3. Under Email Connectivity, select Disable.
Wipe and block the former employee's mobile device
If your former employee had a company phone, you can use the Exchange Admin Center to wipe and block that device so that all company data is removed from the device and so that device can no longer connect to Office 365
  1. Sign in to Office 365 with your work or school account.
  2. Go to the Office 365 admin center.
  3. In the lower-left navigation pane, expand Admin and select Exchange.

  1. In the Exchange admin center, navigate to Recipients > Mailboxes.
  2. Select the user, and under Mobile Devices, choose View details.
  3. On the Mobile Device Details page, under Mobile devices, select the mobile device, select Wipe Data, and then select Block.
  4. Select Save.
Get access to the data of the former employee
The next thing you'll want to do is preserve the email and business documents or files created by the former employee, and make them available to your new employee or others in your organization. Learn more about individual document storage in What is OneDrive for Business.
To gain access to a former employee’s OneDrive for Business documents, you can sign in to Office 365 as that user (which can require first changing that user’s password), then move those files to an easily accessible location. Or, you can take over the former employee’s OneDrive for Business, and move the files yourself. The following steps explain this approach.
To gain access to a former employee's email, you'll want to export the user's Outlook email information to a .pst file and then import it into another employee's Outlook inbox.
Part 1 – Get access to the former employee’s OneDrive for Business documents
  1. Sign in to Office 365 with your work or school account.
  2. Go to the Office 365 admin center.
  3. In the lower-left navigation, expand Admin, and select SharePoint.

  1. Choose user profiles.
  2. Choose Manage User Profiles.
  3. Search for the former employee’s name (use their alias or full name).
  4. Select the drop-down menu beside their name, and choose Manage site collection owners.

  1. In the Site Collection Administrators field, add your name, the administrator’s name (see the example below), or the future employee’s name (if known).

  1. Scroll down, and select OK.
Part 2 – Copy the former employee’s OneDrive for Business documents to a shared location
  1. With the former employee’s name selected under Manage User Profiles, select the drop-down menu again, and select Manage Personal Site.

NOTE: This is a shortcut to the OneDrive for Business site. Alternatively, you can enter: https://<company_name>-my.sharepoint.com/personal/<employee>_<company name>_onmicrosoft_com.
  1. Select Documents in the left navigation.

  1. You should see your former employee’s OneDrive for Business documents.

  1. From here, copy them to your own OneDrive for Business or a common location, like your team site.
There are a few ways to copy files in Office 365. See Video: Set up document storage and sharing in Office 365 orSync OneDrive for Business files locally, and then upload those files to your OneDrive for Business or your team site.
Part 3 - Get access to the Outlook information of the former employee
To save the email messages, calendar, tasks, and contacts of the former employee, export the information to an Outlook Data File (.pst).
  1. Click File > Open & Export > Import/Export.

  1. Click Export to a file, and then click Next.

  1. Click Outlook Data File (.pst), and then click Next.
  2. Select the account you want to export by clicking the name or email address, such as Mailbox – Anne Weileror anne@contoso.com. If you want to export everything in your account, including mail, calendar, contacts, tasks, and notes, make sure the Include subfolders check box is selected.
NOTE:  You can export one account at a time. If you want to export multiple accounts, after one account is exported, repeat these steps.

  1. Click Next.
  2. Click Browse to select where to save the Outlook Data File (.pst). Type a file name, and then click OK to continue.
NOTE:  If you’ve used export before, the previous folder location and file name appear. Type a different file name before clicking OK.
  1. If you are exporting to an existing Outlook Data File (.pst), under Options, specify what to do when exporting items that already exist in the file.
  2. Click Finish.
Outlook begins the export immediately unless a new Outlook Data File (.pst) is created or a password-protected file is used.
  1. If you’re creating an Outlook Data File (.pst), an optional password can help protect the file. When the Create Outlook Data File dialog box appears, type the password in the Password and Verify Password boxes, and then click OK. In the Outlook Data File Password dialog box, type the password, and then click OK.
  2. If you’re exporting to an existing Outlook Data File (.pst) that is password protected, in the Outlook Data File Password dialog box, type the password, and then click OK.
Check out Export or backup email, contacts, and calendar to an Outlook .pst file for the steps for Outlook 2010.
Part 4 - Give access of former employee's email to another user
To give access of the email messages, calendar, tasks, and contacts of the former employee to another employee, import the information to another employee's Outlook inbox.
  1. Click File > Open & Export > Import/Export.
This starts the Import and Export Wizard.
  1. Choose Import from another program or file, and then click Next.

  1. Choose Outlook Data File (.pst), and click Next.
  2. Browse to the .pst file you want to import.
  3. Under Options, choose how you want to deal with duplicates
  4. Click Next.
  5. If a password was assigned to the Outlook Data File (.pst), enter the password, and then click OK.
  6. Set the options for importing items. The default settings usually don’t need to be changed.
  7. Click Finish.
 
Send the former employee's new email to another employee
These steps are optional, but you can send any new email to the former employee's email address to another person by adding the former employee's email address to a secondary employee. By doing this, any new emails sent to the former employee's email address will be sent to the employee you specify.
  1. Sign in to Office 365 with your work or school account.
  2. Go to the Office 365 admin center.
  3. Go to Admin > Users > Active users.
  4. On the Active users page, select the check box next to the user, click Edit Edit, and then click the email addresses tab.
  5. On the Manage email addresses tab, in the text box under Add more email address, type the first part of the new email alias. If you added your own domain to Office 365, you can choose the domain for the new email alias by using the drop-down list.
  6. Next to the email alias you want to add, click Add.
  7. When you're done, click Save.
Remove license from employee
The next step, you'll want to take is to remove the Office 365 license from your former employee. When you remove the license, all that user's data is held for 30 days. After 30 days, all the user's data (except for documents stored on SharePoint Online) is deleted from Office 365 and can't be recovered. If you reassign a license to the user within 30 days, the user's mailbox and data will be saved. Once you remove the license from this user, their license becomes available for another user.
NOTE: All additional email addresses that go with this user are also deleted. If you need someone to receive emails, assign the email address to another user.
NOTE: The user's Lync Online Contacts list may also be deleted. If you restore the Exchange Online license within 30 days, the Contacts list will be restored as well. For more information, see Removing a user’s license for Exchange Online may also remove their Lync Online Contacts list.
  1. Sign in to Office 365 with your work or school account.
  2. Go to the Office 365 admin center.
  3. Select Users > Active Users.
  4. Check the box for your former employee.
  5. Click Edit Edit

  1. Select Licenses.

  1. Under Assign licenses, clear the box for the former employee to remove the license.
  2. Click Save.
Delete the former employee's user account
After you've saved and accessed all the former employee's user data, you can delete the former employee's account.
  1. Sign in to Office 365 with your work or school account.
  2. Go to the Office 365 admin center.
  3. Go to Users > Active Users.
  4. Choose the names of the users that you want to delete, and then select DELETE Delete.
  5. In the confirmation box, select Yes.
When you delete a user, the user becomes inactive. However, for approximately 30 days after you have deleted the user, you can restore the user.
 
Reference –
https://support.office.com/en-us/article/Remove-a-former-employee-from-Office-365-44d96212-4d90-4027-9aa9-a95eddb367d1?ui=en-US&rs=en-US&ad=US
https://www.cloudsupport.help/hc/en-us/articles/218958227-How-to-block-employee-access-to-Office-365-data
 
Labels:

Comments

Post a Comment

Popular Posts