Skip to main content
< All Articles

How to properly deactivate a user in Office 365 and SharePoint

Posted on October 24, 2018
Microsoft 365

People come and go. It is an inevitable reality, and as you hire employees, I am sure you also deal with employees leaving the organization for one reason or another. But how do you deal with this in the context of Office 365? What would be the proper way to deactivate a user in Office 365 and SharePoint?

Below is a list of options available to you. Depending on the circumstances and your internal policies, you might choose one over the other. Let me first explain all the options, and you decide which one is right in your situation.

Option 1: Remove Office 365/SharePoint License

How to remove a license from a user

  1. App Launcher > Admin Link Accesssomeoneonedrive1 1
  2. Users > Active Users
    Accesssomeoneonedrive2
  3. Next, check the box next to the user whose license you would like to remove, then click Edit next to Product Licenses deactivate a user in Office 365 and SharePoint
  4. Switch all the licenses off and click Save Deactivateuseroffice3652

What happens when you remove a license from a user

It might be misleading, but when you remove an Office license from users, it does not mean they lose access to all the content. For example, in SharePoint, an unlicensed user will lose access to Delve and Teams and Office 365 Groups, but still will be able to access own OneDrive and SharePoint sites that user has access to already.

Deactivateuseroffice3655

Example of an App Launcher when the user has no Office 365 license

Option 2: Block sign-in

How to block sign-in

  1. Follow the same previous 3 steps from Option 1 to access a user account in Office 365. When you check the box next to user’s name, click the Block sign-in box deactivate a user in Office 365 and SharePoint
  2. On the next screen, choose Block the user from signing in option and click Save Deactivateuseroffice3654

What happens when you block sign-in for a user

This option is the closest to deleting a user without actually doing so. Essentially the user won’t be able to use any of the Office 365 services. That means no SharePoint, no OneDrive, no Email or other Office 365 services. The user can also still have valid licenses assigned, but as long as the block is on, he or she will not be able to access any Office 365 services at all.

Deactivateuseroffice3656

Example of a message displayed to the user who has been blocked from sign-in

Option 3: Reset Password

Another technique you can employ that is similar in terms of effort and impact is a change of password. This not only prevents the user to access the account like with the block above but also allows you to access user’s account if need be.

How to reset password

  1. Follow the same previous three steps from Option 1 to access a user account in Office 365. When you check the box next to user’s name, click the Reset Password box deactivate a user in Office 365 and SharePoint
  2. On the next screen, choose whether you want to auto-generate a password or want to create one yourself. Then uncheck the Make this user change their password when they first sign in since obviously, they will not be signing in. Click Reset button Deactivateuseroffice3658
  3. On the next screen, don’t make a stupid mistake of accidentally emailing the user their new password. Just exit out of the screen Deactivateuseroffice3659

What happens when you reset user’s password

  1. When the user tries to log in, they will get below error message Deactivateuseroffice36510
  2. It may seem like they can reset their own password by clicking reset it now above, however, unless you specifically configured and allowed users to reset their own passwords in Azure AD, they won’t be able to do it and will get an error message like the one below Deactivateuseroffice36511
  3. To read more about Azure AD password reset option, click here

Option 4: Delete a user

How to delete a user

  1. Follow the same previous three steps from Option 1 to access a user account in Office 365. When you check the box next to user’s name, click the Delete User box deactivate a user in Office 365 and SharePoint
  2. On the next screen, hit the Delete button Deactivateuseroffice36513
  3. On the next screen, you will get a confirmation that the user has been deleted

What happens when you delete a user

A lot of things happen! This is by far the most extreme measure.

  1. When the user tries to log in, they will get below error message Deactivateuseroffice36514
  2. User’s personal assets like OneDrive and Outlook mailbox will all be gone as well
  3. The user will be gone from Delve, and other employees will not be able to share sites with or send emails to this user anymore – essentially their name will be gone completely. This is an image of an error message one gets when clicking on a user in Delve who just was deleted Deactivateuseroffice36515

Deleted users are kept in the system for 30 days. They can be fully restored along with their email and OneDrive from the Deleted Users section under Users in Office 365 Admin Center. Deactivateuseroffice36516

About Me

I’m Greg Zelfond, a U.S. based SharePoint consultant, and I provide affordable out-of-the-box SharePoint consulting, training, and configuration assistance to small and medium-sized businesses all over the world.

Need help?