How to Stop Ex-Employees Accessing Business Files in Microsoft 365 Securely

One of the greatest security risks to any organisation is unauthorised access by former staff. Whether intentional or accidental, ex-employees retaining access to your Microsoft 365 environment can lead to potential data breaches, intellectual property loss, and compliance violations. With the rise of hybrid work and cloud-based collaboration, it’s more important than ever to ensure that your offboarding process includes robust steps for deprovisioning access. In today’s guide, we’ll explore how to stop ex-employees accessing business files in Microsoft 365 securely and methodically.

Why Secure Offboarding Matters

When employees leave your organisation, their digital footprint remains unless explicitly cleared. This includes email accounts, OneDrive documents, SharePoint access, Teams conversations, and more. Simply disabling a user’s account isn’t always enough — especially in companies that sync identities from on-prem Active Directory or where devices and mobile access were enabled.

Implementing an intentional offboarding protocol not only protects your corporate data but helps ensure regulatory compliance — particularly under frameworks like GDPR or ISO 27001.

Step-by-Step Guide: How to Stop Ex-Employees Accessing Business Files

1. Disable the Microsoft 365 User Account Immediately

Begin by disabling or blocking sign-in for the user’s Microsoft 365 account. This can be done via the Microsoft 365 admin center:

• Go to Users > Active Users

• Locate the user and select their profile

• Choose Block Sign-in

This action prevents further logins to email, Teams, OneDrive, and other M365 services.

2. Revoke Active Sessions and Access Tokens

Even after blocking sign-in, existing sessions may persist on mobile devices or desktop apps. Use the Microsoft Entra (Azure AD) portal to remove persistent sessions:

• Navigate to Microsoft Entra Admin Center > Users

• Select the user and open their profile

• Click Sign-in Logs > Revoke Sessions

3. Convert the User’s Mailbox to a Shared Mailbox

To preserve important company communications, convert the user’s Exchange mailbox into a shared mailbox. This ensures colleagues can still access past emails when needed.

• Go to Exchange Admin Center > Recipients > Mailboxes

• Select the user and choose Convert to shared mailbox

Reassign appropriate permissions to relevant team members.

4. Transfer Ownership of OneDrive Files

Microsoft 365 retains a user’s OneDrive contents for 30 days by default after account deletion. Before deleting the account:

• Go to Microsoft 365 Admin Center > Users

• Choose the employee and scroll to the OneDrive section

• Choose to transfer ownership to a manager or another employee

5. Remove Group, SharePoint, and Teams Access

Users may still have access to files or conversations via Microsoft Teams, SharePoint sites, and Microsoft 365 Groups. Ensure the user is removed from all relevant memberships:

• In Microsoft Teams Admin Center, remove users from teams

• In SharePoint Admin Center, audit site permissions and revoke where needed

• In Microsoft 365 Groups, verify all mail-enabled distribution groups

6. Remote Wipe Company Devices and Apps

Use Microsoft Intune to wipe or retire devices enrolled in endpoint management, ensuring business data is erased from laptops, phones, and tablets:

• Navigate to Intune Admin Center > Devices

• Select the relevant endpoints used by the user

• Choose Wipe or Retire depending on ownership

For unmanaged mobile devices, leverage the app-level wipe provided by Microsoft 365 App Protection Policies.

7. Monitor for Suspicious Activity Post-Offboarding

Use Microsoft 365 Defender to set up alerts or review audit logs that might indicate continued access attempts by the user. Key areas to monitor include:

• Failed login attempts

• Unusual file access patterns

• Anonymous or external sharing events

8. Automate Offboarding with Microsoft 365 Tools

To minimise human error and improve consistency, consider automating your offboarding processes:

• Use Power Automate to trigger deprovisioning sequences

• Apply Group-Based Licensing and Dynamic Groups to auto-remove access

• Use Access Reviews in Microsoft Entra to regularly audit user permissions

What About External Collaborators or Contractors?

Sometimes, it’s not just full-time employees but partners or freelancers with M365 access. For these users:

• Use Guest Access Management in Microsoft Entra

• Set expiration policies for guest accounts

• Review their file sharing and Teams/channel memberships regularly

Developing a Secure Offboarding SOP (Standard Operating Procedure)

Your IT department should maintain a consistent offboarding playbook that includes:

• Checklists for each system the user had access to

• Automated provisioning/deprovisioning scripts

• Record-keeping steps for auditing purposes

• Review dates for departing users' resources

Reliance on memory or ad-hoc communication can lead to missed access points and increased risk.

Final Thoughts

Knowing how to stop ex-employees accessing business files in Microsoft 365 is essential in today’s digitally connected workplace. A secure, repeatable offboarding process protects your data, your business reputation, and your compliance posture. With Microsoft 365's suite of security tools — including Microsoft Entra, Intune, Defender, and Power Automate — your organisation can take a proactive role in managing user lifecycle security.

Need help designing and implementing a seamless offboarding process?

👉 Book a free consultation to learn how Circuit Minds can help you.