User Account Offboarding Procedure

This admin procedure will provide background on the suggested offboarding steps that should be taken on an inactive account.

Procedure Scope: Administrators

Required Group Membership: Admin.UserAccount

Offboarding User Accounts

1. Navigate to Users – Azure Active Directory, locate the user you wish to offboard.
   
2. Locate Revoke Sessions to begin the offboarding process, this will revoke all sessions the user is currently initiated in and will require a reauthentication for all open requests. You will be prompted to verify if you want to proceed, select Yes.
   
3. Next, locate the Account Status block under My Feed, select Edit. This will initiate the account disablement process which will restrict the use of the account for authentication attempts.
   
4. You will be redirected to a new page that will show the account status, uncheck the box for Account Enabled and select Save.
   
5. The next step is to disable all enrolled Intune devices, locate the Devices section of the user profile. Select all devices associated with the account and select Disable. A prompt will display asking for verification of the process, select Ok. Disablement is a temporary hold on the devices until the Device Offboarding process can be fulfilled.
   
6. Following device disablement, we will want to require that the user re-register for MFA which will be walled due to the account being disabled. Locate the Authentication Methods section of the user account. Select Require re-register multifactor authentication, this will initiate the process and a notification will display that the operation was either successful or failed.
   

You're Finished!