The steps BRANDED IAM takes when an employee leaves — and why timing matters for protecting your business data.
When an employee leaves — whether voluntarily or involuntarily — their IT accounts and device access must be addressed promptly. A departing employee with active access represents a significant security and data risk. Ideally, these steps happen on or before their last day.
Submit an Offboarding Request
Submit a ticket under IT Support & Security → Employee Offboarding at least 24 hours before the employee's last day. Include:
- The employee's full name and email address.
- Their last day of employment.
- Whether any of their accounts or files should be transferred to another team member.
- Whether they have a company device to return.
What We Handle
- Microsoft 365 account: Sign out of all active sessions, reset the password, disable the account, and begin the license reclamation process.
- Email forwarding or access: If authorized, set up forwarding to another team member for a specified period.
- File transfer: Migrate OneDrive and email contents to a manager or shared folder before deactivating the account.
- Device remote wipe: If the employee had a company device that isn't being returned or a personal device with company data, we perform a remote wipe of business data.
- Application access: Remove the user from any third-party applications connected to their Microsoft 365 identity.
Do not wait until the day after someone leaves to start this process. The risk window is highest in the 24–72 hours after termination.