User offboarding is a crucial step in user lifecycle management. It is perhaps even the most important one from a legal and compliance perspective. The goal of user offboarding is to safeguard security and prevent unauthorized access to an organization’s data, once an employee leaves.
Why is user offboarding so important? With our partner Addhucate, we discussed this topic and shared some actionable insights into how to safely manage user offboarding in the context of M365. You can also watch the recording of the webinar in German.
This article summarizes the key points from the webinar and gives step-by-step instructions on how to execute secure and efficient user offboarding.
Why is user offboarding crucial?
In the many offboarding scenarios that can arise, employee offboarding can often becomes a labour-intensive task, taking up considerable resources from the IT teams. Regardless of the conditions of how and why an employee moves on, it is crucial to treat the event as a security and access task.
The offboarding process for an organization using Microsoft services involves revoking a user’s (former employee) access to all Microsoft 365 applications and services. Access is blocked to prevent the former employee from logging into the applications and services again. This includes access to Teams, SharePoint, OneDrive and any other application the user adopted over time.
Steps to ensure safe user offboarding
In general, there are four criteria that should be considered when it comes to offboarding users from Microsoft 365 applications. They are: licenses, storage space, sensitive data, and monitoring company/staff structures.
Step 1: Licenses
Licenses are almost often forgotten once a user is onboarded, but this is an important consideration throughout the complete employment lifecycle, especially from a cost and efficiency perspective. Are the licenses fully used, or can they be downgraded or reassigned if inappropriate for their needs? In the context of offboarding, you must first get an overview of your licenses and decide to reassign to another user, or completely cancel them to avoid paying the license fee for an orphaned license.
Step 2: Storage
When an employee leaves a company and is not properly offboarded from their Microsoft 365 tools, they can leave orphaned resources behind. On Teams, this would mean teams with members who have long since left the company. This also holds true for SharePoint sites, files, M365 groups, OneDrives, and flows and apps across M365.
These orphaned resources in turn can consume unnecessary storage space. You’d be surprised how quickly things can add up if not checked regularly. So, it is all about storage consumption and doing SharePoint side checks to see if there are unused documents and pages that you might be able to delete and optimize storage space.
Once you have an overview of your M365 storage, you can also archive the data you no longer need.
Step 3: Sensitive data
Be aware of your employee’s sensitive data and have an archiving and deletion plan in place well in advance. Sensitive employee data such as their bank account number, home address and sick notes are stored and never deleted for legal reasons. A user offboarding process must take into account sensitive data, thereby avoiding a complete erasure and retain important information when needed.
Step 4: Manage access
Usually, there are several different parties and departments directly involved or have a stake in an offboarding process. HR, IT, Procurement and such are some examples, making it a complicated process, considering there is hardly any overview. The employee may have been using many different programs and sometimes you don’t even know what they are in detail and what access the employee had.
Therefore, it is important to closely monitor your company and employee structures and react immediately upon changes and manage access to avoid security issues.
How can Rencore Governance help in secure user offboarding
With Rencore Governance, our customers can define their own Offboarding Policies. This allows them to easily discover things that may have been overlooked, such as removing licenses for disabled users and monitoring for orphaned resources.
Whenever Rencore Governance detects that an offboarding task has been missed, a defined person can be automatically notified. Actions to resolve the violation can also be triggered manually and through automations. Actions such as deactivating and assigning all resources of a deactivated user to a corresponding manager can also be done. Furthermore, you can see in advance which other employees are still on the team and need to be assigned to a new manager.
When offboarding users, there are a lot of people involved at any given time. To keep them all in the loop, Rencore Governance allows users to generate regular reports on offboarding issues and automatically share them with everyone involved.
Of course, every company has its own processes and to-dos when it comes to user offboarding. With Rencore Governance, new policies can be created at any time based on the company’s internal guidelines.
Conclusion
Rencore Governance is not merely a user offboarding automation tool. User offboarding is one of our many use cases in the cloud collaboration space. With Rencore Governance and the offboarding dashboard overview, you get an instant overview of any outstanding offboarding tasks. By continuously monitoring your tenant using pre-built Policies, offboarding can happen in a matter of minutes.