User Account Offboarding Procedure

This admin procedure will provide background on the suggested offboarding steps that should be taken on an inactive account.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

 

Procedure Scope: Administrators

Required Group Membership: Admin.UserAccount

 

Offboarding User Accounts

  1. Navigate to Users – Azure Active Directory, locate the user you wish to offboard.
  2. Locate Revoke Sessions to begin the offboarding process, this will revoke all sessions the user is currently initiated in and will require a reauthentication for all open requests. You will be prompted to verify if you want to proceed, select Yes.
  3. Next, locate the Account Status block under My Feed, select Edit. This will initiate the account disablement process which will restrict the use of the account for authentication attempts.
  4. You will be redirected to a new page that will show the account status, uncheck the box for Account Enabled and select Save.
  5. The next step is to disable all enrolled Intune devices, locate the Devices section of the user profile. Select all devices associated with the account and select Disable. A prompt will display asking for verification of the process, select Ok. Disablement is a temporary hold on the devices until the Device Offboarding process can be fulfilled.
  6. Following device disablement, we will want to require that the user re-register for MFA which will be walled due to the account being disabled. Locate the Authentication Methods section of the user account. Select Require re-register multifactor authentication, this will initiate the process and a notification will display that the operation was either successful or failed.

You're Finished!

You should have successfully restricted all necessary avenues that can be initiated by the account for accessing organizational data, this process is necessary in reducing the exposure that an inactive account introduces to your environment. For any other problems or questions, reach out to us!