HR manager and IT staff reviewing offboarding checklist
Business Strategy

A Checklist for Better Digital Offboarding of Employees

PN
Peter Nelson
· · 4 min read

When an employee leaves, securing their digital access is critical. Follow this offboarding checklist to ensure data security, revoke access, and smoothly transition responsibilities.

Employee departures — voluntary or otherwise — create a predictable and preventable security risk. The period between an employee deciding to leave and their access being revoked is a window of elevated insider threat. And the period after departure where access has not been fully revoked is an ongoing vulnerability.

A structured digital offboarding process closes both windows. Here is the checklist.

Day of Departure: Immediate Actions

These should happen on the employee’s last day, ideally coordinated between HR and IT in advance.

Access Revocation

  • Disable Microsoft 365 / Azure AD account (disables access to all M365 services simultaneously)
  • Revoke active sessions (sign out all active devices via Entra ID)
  • Revoke MFA devices registered to the account
  • Remove from all distribution groups and shared mailboxes
  • Change passwords on any shared accounts the employee had access to
  • Revoke access to third-party SaaS applications (check your app inventory)
  • Revoke VPN access
  • Disable any building access system integrations

Device Recovery

  • Collect all company-owned devices (laptop, phone, tablet, USB drives, tokens)
  • If device cannot be recovered immediately, initiate remote wipe
  • Check whether company data exists on personal devices (BYOD policy implications)

Communication Continuity

  • Configure email auto-reply pointing to the appropriate contact
  • Set up email forwarding to manager or replacement (for an agreed, limited period)
  • Transfer ownership of any Teams channels, SharePoint sites, or Planner tasks
  • Update email signatures and contact directories

Within 48 Hours: Data and Handover

Data Preservation and Review

  • Export mailbox content if there is a business need to retain communications
  • Review OneDrive for business-critical files that need to be transferred to shared storage
  • Check for files stored on local device (recovered laptop) that are not in OneDrive
  • Review any files shared externally that the employee owned — revoke or transfer ownership
  • Audit recent download activity (in Microsoft Purview or SharePoint audit logs) for signs of data exfiltration

Knowledge Transfer

  • Identify critical processes, passwords (to shared systems), and ongoing projects the employee managed
  • Transfer ownership of password manager entries for shared accounts
  • Update any documentation or runbooks the employee maintained

Within One Week: System Cleanup

Licensing and Cost

  • Release Microsoft 365 licence (can reassign or remove — check if it should be retained for legal hold)
  • Review and remove SaaS application seats/licences
  • Remove from any subscription services tied to their account

Active Directory and Identity

  • Remove from all security groups
  • Remove admin roles (if they had any)
  • Retain the account in a disabled state for at least 90 days (in case of legal or compliance need to recover emails)
  • After retention period: delete account and reassign or release licence

Operational

  • Update any processes or documentation that referenced their role
  • Remove from website, LinkedIn company page, and any public-facing directories
  • Update out-of-office and routing for any phone extensions

The Risk You Are Mitigating

Research consistently shows that a significant percentage of data breaches involve current or former employees. The most common scenarios:

  • Accidental: Former employee’s credentials still active, used in a phishing attack months after departure
  • Negligent: Employee downloads client data to personal device before leaving, creates compliance exposure
  • Malicious: Disgruntled employee downloads confidential data or sabotages systems before or after departure

Most of these scenarios are prevented by executing the first 48 hours of this checklist reliably and immediately.

Automating Offboarding

Manual checklists work until they are forgotten under time pressure. The most reliable offboarding processes are automated:

  • HR system triggers IT workflow on departure notification
  • Entra ID account is automatically disabled at the departure time recorded in HR
  • RMM tool initiates device check-in or remote wipe workflow
  • Licence release is triggered automatically

Microsoft 365 with Entra ID and Microsoft Intune can automate most of this process. CX IT Services configures automated offboarding workflows for Melbourne businesses as part of our managed IT service. Contact us to discuss how to close the offboarding gap in your organisation.

Related Articles

Free Right Fit Call

Want to Talk Through What This Means for Your Business?

Book a free 15-minute Right Fit Call. No obligation - just a straight conversation about your IT situation.

  • No lock-in contracts - ever
  • Valued at $250 - completely free
  • 4.5-star Google rated
  • Answer in 60 seconds or less

Book Your Free Right Fit Call

Takes about 2 minutes. We'll confirm if we're the right fit - or point you in the right direction.

Step 1 of 8 13%

Takes about 2 minutes · No obligation

4.5★ Google Rated
Valued at $250 - Free
No Lock-In Contracts