Skip to main content

SOP: Employee Offboarding – Mailbox Management and Archiving

Robert Nettles
Updated

Purpose:

To ensure a consistent and secure process for managing mailboxes and system access of former employees, preserving access for managers when necessary, and archiving data in accordance with company retention policies.

Process Overview:

This SOP outlines the step-by-step workflow to handle user account and mailbox offboarding when an employee leaves the organization, beginning with account security measures and ending with archival.

Procedure Steps:

  1. Initial Security Actions
    • Immediately change the user's password.
    • Revoke all active sign-in sessions via Microsoft 365 admin center or PowerShell.
    • Disconnect any active VMware VM sessions associated with the user.
    • Remove the user from all security groups, distribution groups, and Microsoft 365 groups before proceeding further. This ensures no further access to company systems.
  2. Convert Mailbox to Shared Mailbox
    • Convert the user’s mailbox to a shared mailbox in Microsoft 365.
    • Shared mailboxes do not consume a license.
  3. Assign Access to Manager (If Needed)
    • If access is required, grant Full Access permissions to the employee’s manager or designated team member.
    • Verify access by having the manager open the mailbox via Outlook or Outlook Web.
  4. Remove from Groups and Hide from Address Book
    • Ensure the user has been removed from all group memberships (if not already done).
    • Hide the mailbox from the Global Address List (GAL).
  5. Add Automatic Reply
    • Set up an automatic reply (Out of Office) for the shared mailbox.
    Hello,
    Thank you for your email. Please note that [employee] no longer works with Seamon Whiteside. For assistance, please contact [manager] at [manager]@seamonwhiteside.com.

    Best regards,
    Seamon Whiteside
  6. Remove/Disable the Active Directory Account
    • Delete the user’s on-premises Active Directory (AD) account.
    • Allow the change to sync to Microsoft 365 via Azure AD Connect.
    • This will delete the corresponding Microsoft 365 account as well (soft delete).
  7. Restore the Microsoft 365 Account and Remove Immutable ID
    • Go to the Microsoft 365 admin center and restore the soft-deleted cloud account.
    • (Microsoft has deprecated this step)After restoring, run the following PowerShell command to clear the Immutable ID:
    Set-AzureADUser -ObjectId "user@seamonwhiteside.com" -ImmutableId $null
  8. Retain the Cloud Account (Soft Delete Avoidance)
    • The restored cloud account and shared mailbox remain for 6 months to allow access and ensure compliance.
  9. After 6 Months – Archive the Mailbox
    • Perform a Microsoft Purview Content Search on the shared mailbox.
    • Export the mailbox contents to a .PST file.
    • Store the PST in archive storage using the format:
    [LastName]_[FirstName]_Mailbox_Archive_[YYYYMM].pst

Archive Storage Requirements:

  • Store archived PSTs in a secure, access-controlled location.
  • Follow internal retention policies for archived data.

Notes:

  • Inform managers when access is removed after the 6-month retention period.
  • Review any legal hold or compliance retention policies before deleting or archiving content.

Related articles

Comments

0 comments

Article is closed for comments.