Executive summary
- Leaving an employee’s account active after they depart is the digital equivalent of letting your ex keep their house key.
- With modern tools like Microsoft Intune, you can wipe corporate data from a personal phone without touching the user’s private photos.
- Converting a leaver’s email to a Shared Mailbox ensures you keep their client history without paying for a license you don’t use.
Introduction
Let’s talk about something nobody really enjoys talking about.
Staff leave. It’s inevitable – whether that’s a resignation, a retirement, or something more out of the blue. And, as anyone who’s been in business for more than five minutes knows, relationships don’t always last forever.
Sometimes, the exit is planned. Sometimes it isn’t.
The HR side of things is usually handled with a lot of paperwork and a polite exit interview. The IT side, on the other hand, is often a bit of a disaster.
A staff member leaves on a Friday, but their account sits active for weeks because “we might need to check their emails”. Or, worse, they leave with company data still sitting on their personal iPhone because nobody knew how to remove it.
So, let’s talk about how to handle a business breakup with dignity – and security.
It’s not you, it’s me
The moment a staff member walks out of the door for the final time, your priority shifts from empowerment to containment.
It sounds harsh, but you have to treat that account as a security risk. If a disgruntled employee still has access to your CRM or your file server on the weekend after they’ve been let go, the damage they could do is massive.
That might sound malicious, but really it’s about data hygiene. If you leave an account active, it becomes a “zombie” account. It’s a valid login that nobody is monitoring. If a hacker guesses the password, they can log in, look around, and launch attacks, and nobody will notice because, well, Dave doesn’t work here anymore, so why would we check Dave’s logs?
Here’s your three-step plan for a clean break.
Step 1: Securing the digital house keys
When a relationship ends, the first thing you do is ask for the key back. In the digital world, that means blocking sign-in.
This needs to happen the minute they finish their final shift. It’s not enough to just tell them not to log in. You need to initiate a sign-out of all active sessions.
In Microsoft 365, there’s a specific button for this. It forces every device – laptop, tablet, phone, etc. – to ask for the password again. Since you’ve already changed the password or blocked the account, they can’t get back in. It’s immediate, and it’s effective.
Step 2: Solving the BYOD dilemma
Here’s where things usually get messy.
In 2026, most of your staff probably have work email on their personal phones. They might have Teams installed on their iPad. This is great for productivity, but it’s a bit of a nightmare for offboarding.
The old fear was that if you asked IT to wipe the phone, you would delete everything. The employee would lose their holiday photos, their contacts, and their high scores on Candy Crush. Naturally, this led to arguments and refusal to hand over devices.
But Microsoft has solved this.
If you’re using Mobile Application Management (MAM) policies via Microsoft Intune, we can perform what’s known as a selective wipe.
This is a piece of magic that tells the phone: “Delete all the data associated with the Outlook app and the Teams app, but leave the rest of the phone alone”.
It means you can be 100% sure that your client list isn’t walking out the door in someone’s pocket, and the ex-employee can be 100% sure their personal life stays personal. It’s a win-win.
Step 3: Keep the memories, not the cost
One of the biggest reasons businesses leave old accounts active is fear of losing history.
“We can’t delete Sarah’s account,” you say. “She was the main contact for our biggest client. If we delete her, we lose all those emails.”
That is true. But keeping a full license active for a ghost user is a waste of money.
The solution is the Shared Mailbox.
Before you delete the account, you convert Sarah’s mailbox into a Shared Mailbox. This is a special type of account in Microsoft 365 that doesn’t require a license (up to 50GB). It preserves all the old emails and calendar appointments perfectly.
You can then give your Sales Manager permission to access that shared mailbox. They can look up old threads, reply to incoming mail, and ensure nothing falls through the cracks. Once you’ve done that, you can remove the paid license from Sarah’s old account and give it to her replacement.
You keep the data, but you stop paying the bill.
Let us handle the heartache
Offboarding shouldn’t be a drama.
If you’re worried that your leavers process is a bit ad-hoc, or if you’re paying for a bunch of licenses for people who left in 2024, we can help you tidy it up.
We can set up automated workflows that handle the blocking, wiping, and converting for you, so you never have to worry about where your data is going.
Speak to your Get Support Customer Success Manager or call our friendly team on 01865 594 000. We’ll help you make a clean break.