Deprovisioning options for office 365

Deactivating or deprovisioning an Office 365 user occurs when they are unassigned in Okta or their Okta account is deactivated. If the appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. is reassigned in Okta, the user can be reassigned. Enhanced deprovisioning only works with provisioned Office 365 instances and provides a more granular offboarding workflow.

Enable deprovisioning

  1. Go to Office 365 > Provisioning.
  2. Enable Deactivate Users.

    Microsoft Office 365 user status on deactivation drop-down menu appears.

  3. From the drop-down menu, choose an appropriate option (see below).

    For Block sign-in and remove licenses after grace period only, License removal grace period (days) appears. enter the grace period.

  4. Click Save.

Deprovisioning status options

The options under the Microsoft Office 365 user status on deactivation menu allow for granular deactivation and deprovisioning of end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control..

We recommend you to include a 3-day grace period for any action that deletes users. This can reduce the necessity to restore deleted users and their data in Office 365.

Warning

Once Microsoft has irrecoverably removed data, it cannot be recovered.

 

Block sign-in

Blocks the Office 365 end user from signing in, but retains license and user data on the user account.

 

Block sign-in and remove licenses

  • Blocks the Office 365 end user from signing in and immediately removes any licenses assigned to them.
  • This also triggers the deletion of stored data from the user’s personal folders within other Office 365 apps (e.g., OneDrive, Sharepoint, etc.).
  • After 30 days, this data is irrecoverable.

 

Block sign-in and remove licenses after grace period

  • Blocks the Office 365 end user from signing in and waits for a specified number of days before removing the end-user licenses.
  • The grace period allows admins time to temporarily retain the user data and licensing to backup information or allow others to gain access and review the account.
  • Once the grace period expires, data stored in personal folders within other Office 365 apps (e.g., OneDrive, Sharepoint, etc.) goes through the Microsoft deletion process.
  • After 30 days, this data is irrecoverable.
  • If the user is reassigned to Office 365 before the grace period expires, the licenses are not removed and the user is restored back to their original state.

 

Related topics

Provision users to Office 365

Provisioning and Deprovisioning

Top