Deprovisioning options for Office 365

Deactivating or deprovisioning an Office 365 user occurs when they are unassigned in Okta or their Okta account is deactivated. If the appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. is reassigned in Okta, the user can be reassigned. Enhanced deprovisioning only works with provisioned Office 365 instances and provides a more granular offboarding workflow.

Enable deprovisioning

  1. Go to Office 365 > ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications..
  2. Enable Deactivate Users.

    Microsoft Office 365 user status on deactivation drop-down menu appears.

  3. From the drop-down menu, choose an appropriate option (see below).

    For Block sign-in and remove licenses after grace period only, License removal grace period (days) appears. enter the grace period.

  4. Click Save.

Deprovisioning status options

The options under the Microsoft Office 365 user status on deactivation menu allow for granular deactivation and deprovisioning of end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using apps to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control..

We recommend you to include a 3-day grace period for any action that deletes users. This can reduce the necessity to restore deleted users and their data in Office 365.

Info

Caution

Once Microsoft has irrecoverably removed data, it cannot be recovered.

 

Option What it does

Block sign-in

  • Blocks the Office 365 end user from signing in, but retains license and user data on the user account.

Block sign-in and remove licenses

  • Blocks the Office 365 end user from signing in and immediately removes any licenses assigned to them.
  • This also triggers the deletion of stored data from the user’s personal folders within other Office 365 apps (e.g., OneDrive, Sharepoint, etc.).
  • After 30 days, this data is irrecoverable.

Block sign-in and remove licenses after grace period

  • Blocks the Office 365 end user from signing in and waits for a specified number of days before removing the end-user licenses.
  • The grace period allows admins time to temporarily retain the user data and licensing to backup information or allow others to gain access and review the account.
  • Once the grace period expires, data stored in personal folders within other Office 365 apps (e.g., OneDrive, Sharepoint, etc.) goes through the Microsoft deletion process.
  • After 30 days, this data is irrecoverable.
  • If the user is reassigned to Office 365 before the grace period expires, the licenses are not removed and the user is restored back to their original state.

This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, please contact Okta Support.

Block sign-in, remove licenses, and delete user

  • Blocks the Office 365 end users from signing in and immediately removes any licenses assigned to them as well as delete their Office 365 account.
  • This also triggers the deletion of stored data from the user’s personal folders within other Office 365 apps (e.g., OneDrive, Sharepoint, etc.).
  • After 30 days, this data is irrecoverable.

Block sign-in, remove licenses, and delete user after grace period

  • Blocks the Office 365 end user from signing in and waits for a specified number of days before removing the end-user licenses and deleting their Office 365 accounts.
  • The grace period allows admins time to temporarily retain the user data, licensing, and the account to backup information or allow others to gain access and review the account.
  • Once the grace period expires, data stored in personal folders within other Office 365 apps (e.g., OneDrive, Sharepoint, etc.) goes through the Microsoft deletion process and the user's Office 365 account is deleted.
  • After 30 days, the data and the account are irrecoverable.
  • If the user is reassigned to Office 365 before the grace period expires, the licenses are not removed and the user is restored back to their original state.

 

Related topics

Provision users to Office 365

Provisioning and Deprovisioning

Top