Skip to main content

How to properly deactivate a user in Office 365 and SharePoint

People come and go. It is an inevitable reality, and as you hire employees, I am sure you also deal with employees leaving the organization for one reason or another. But how do you deal with this in the context of Office 365? What would be the proper way to deactivate a user in Office 365 and SharePoint?

Below is a list of options available to you. Depending on the circumstances and your internal policies, you might choose one over the other. Let me first explain all the options, and you decide which one is right in your situation.

Option 1: Remove Office 365/SharePoint License

How to remove a license from a user

  1. App Launcher > Admin Link
  2. Users > Active Users
  3. Next, check the box next to the user whose license you would like to remove, then click Edit next to Product Licensesdeactivate a user in Office 365 and SharePoint
  4. Switch all the licenses off and click Save

What happens when you remove a license from a user

It might be misleading, but when you remove an Office license from users, it does not mean they lose access to all the content. For example, in SharePoint, an unlicensed user will lose access to Delve and Teams and Office 365 Groups, but still will be able to access own OneDrive and SharePoint sites that user has access to already.

Example of an App Launcher when the user has no Office 365 license

Option 2: Block sign-in

How to block sign-in

  1. Follow the same previous 3 steps from Option 1 to access a user account in Office 365. When you check the box next to user’s name, click the Block sign-in boxdeactivate a user in Office 365 and SharePoint
  2. On the next screen, choose Block the user from signing in option and click Save

What happens when you block sign-in for a user

This option is the closest to deleting a user without actually doing so. Essentially the user won’t be able to use any of the Office 365 services. That means no SharePoint, no OneDrive, no Email or other Office 365 services. The user can also still have valid licenses assigned, but as long as the block is on, he or she will not be able to access any Office 365 services at all.

Example of a message displayed to the user who has been blocked from sign-in

Option 3: Reset Password

Another technique you can employ that is similar in terms of effort and impact is a change of password. This not only prevents the user to access the account like with the block above but also allows you to access user’s account if need be.

How to reset password

  1. Follow the same previous three steps from Option 1 to access a user account in Office 365. When you check the box next to user’s name, click the Reset Password boxdeactivate a user in Office 365 and SharePoint
  2. On the next screen, choose whether you want to auto-generate a password or want to create one yourself. Then uncheck the Make this user change their password when they first sign in since obviously, they will not be signing in. Click Reset button
  3. On the next screen, don’t make a stupid mistake of accidentally emailing the user their new password. Just exit out of the screen

What happens when you reset user’s password

  1. When the user tries to log in, they will get below error message
  2. It may seem like they can reset their own password by clicking reset it now above, however, unless you specifically configured and allowed users to reset their own passwords in Azure AD, they won’t be able to do it and will get an error message like the one below
  3. To read more about Azure AD password reset option, click here

Option 4: Delete a user

How to delete a user

  1. Follow the same previous three steps from Option 1 to access a user account in Office 365. When you check the box next to user’s name, click the Delete User boxdeactivate a user in Office 365 and SharePoint
  2. On the next screen, hit the Delete button
  3. On the next screen, you will get a confirmation that the user has been deleted

What happens when you delete a user

A lot of things happen! This is by far the most extreme measure.

  1. When the user tries to log in, they will get below error message
  2. User’s personal assets like OneDrive and Outlook mailbox will all be gone as well
  3. The user will be gone from Delve, and other employees will not be able to share sites with or send emails to this user anymore – essentially their name will be gone completely. This is an image of an error message one gets when clicking on a user in Delve who just was deleted

Deleted users are kept in the system for 30 days. They can be fully restored along with their email and OneDrive from the Deleted Users section under Users in Office 365 Admin Center.

You may also like

How to access someone else’s OneDrive account

July 25th, 2018

You may also like

Getting started with Office 365 – SharePoint Administrator Checklist

July 4th, 2018

You may also like

What are users searching for in your SharePoint Intranet?

April 9th, 2018

Need SharePoint Help?

Hourly consulting, training and configuration services are available

Learn More