When an employee walks out the door, their access to your business systems shouldn’t follow them. Yet many organizations treat offboarding as an HR formality rather than a security event. Businesses running Microsoft 365 and Google Workspace solutions face a particularly real risk here—both platforms hold email, files, shared drives, calendars, and app integrations that remain fully accessible until someone actively shuts them down. A structured offboarding process protects your data, your clients, and your reputation.
Why Offboarding Is a Security Issue, Not Just an HR Task
Most data breaches don’t come from anonymous hackers. They come from former employees—sometimes deliberately, sometimes through neglect—accessing systems they should no longer reach. An account left active for even a few days after someone leaves creates a window of exposure.
The problem compounds in collaborative platforms like Microsoft 365 and Google Workspace, where a single user account connects to email, OneDrive or Drive, Teams or Chat, shared documents, and third-party app integrations. One account means many potential entry points.
Coordination between HR and IT is the first critical fix. HR knows when someone is leaving. IT controls the access. Without a clear handoff process and a defined timeline, things fall through the cracks.
Step 1: Revoke Access Promptly
The moment an employee’s last day is confirmed, that date should trigger an IT action item. On their final day—or immediately after departure—disable the account before taking any other steps. This suspends active login without permanently deleting data you may still need.
In Microsoft 365, disabling a user blocks sign-in while preserving mailbox and file access for administrators. Google Workspace offers the same capability through admin account suspension. Neither requires you to delete anything prematurely.
Step 2: Reset Passwords and Remove MFA
Even after suspending an account, reset the password and remove any MFA methods the employee enrolled. This closes off any recovery paths they might still have access to—especially important if they used a personal phone for authentication.
Also audit any shared accounts the employee had access to and rotate those credentials immediately.
Step 3: Recover Company Devices
Laptops, phones, and tablets used for work should be returned and wiped before being reassigned or decommissioned. For remote employees, ship return kits promptly. Don’t allow personal devices that accessed company data to remain unaddressed—check mobile device management (MDM) records and remotely wipe corporate data where applicable.
Step 4: Transfer Email and File Ownership
An employee’s inbox and files often contain critical business information. Before disabling access, assign ownership of their mailbox and shared files to their manager or a designated team member.
In Microsoft 365, you can convert a mailbox to a shared mailbox so colleagues can access it without using a license. In Google Workspace, use the data transfer feature to move Drive files and calendar data to another user. Set up email forwarding if ongoing communication continuity is needed.
Step 5: Audit Shared Drives and Permissions
Check for files the departing employee owned in shared drives, team folders, or collaborative workspaces. Orphaned files with no active owner can become invisible to the rest of the team—or remain accessible to the former employee if sharing links weren’t revoked.
Review permissions on any sensitive folders they had access to, and confirm that external sharing links tied to their account are disabled.
Step 6: Document Everything
Keep a record of every action taken during offboarding—what was disabled, when, what was transferred, and who approved it. This documentation matters if questions arise later about data access, missing files, or security incidents.
A simple checklist assigned to IT and HR during every offboarding cycle is enough to ensure consistency.
Step 7: Monitor Post-Departure Activity
After offboarding is complete, watch for unusual access attempts tied to the former employee’s account or credentials. Both Microsoft 365 and Google Workspace provide admin audit logs that surface login attempts, file access, and application activity. A brief monitoring window of 30 days is a reasonable baseline.
Secure Offboarding Is Repeatable, Not Optional
Employee departures happen regularly. The organizations that handle them well aren’t improvising each time—they’re following a process. Build a clear offboarding checklist, align HR and IT on timelines, and treat every departure as the security event it is. That discipline protects your business long after the exit interview is over.
