So, You’re About to Fire Someone – What IT Steps Should You Follow to Prevent Sabotage?

Global Reach, Local Support

Empowering SMBs through IT & Comms Solutions Excellence…

Let’s face it — letting someone go is rarely easy. But when it comes to protecting your business, the offboarding process isn't just about collecting laptops and ID badges. It's about making sure that the person leaving doesn’t take sensitive data with them, or worse — try to sabotage systems on their way out.

Its critical you quietly and efficiently shut down access before that termination meeting takes place. Here’s a clear checklist of steps to follow when firing an employee — especially if there's any risk they might act out or try to harm the company.

🔐 1. Block Access Before the Meeting

Timing is critical. If you wait until after the meeting, the person could have several minutes (or more) to:

Delete important files
Forward emails externally
Export client data
Tamper with systems

Best practice: disable access 30 minutes before the meeting to give Microsoft time to revoke active sessions and kill active logins – or ensure the meeting lasts at least 30 minutes, and disable access at the start.

⚙️ 2. Revoke Microsoft 365 / Azure Access

If you’re using Microsoft 365 and Azure AD, take these steps:

✅ Revoke Sign-In Sessions
This instantly invalidates access tokens across apps like Outlook, Teams, SharePoint, etc.

✅ Block Sign-In
This prevents the user from logging in again on any device.

✅ Reset Their Password (Optional)
If you want to be extra safe, reset the user’s password immediately. This prevents any saved credentials or third-party apps from sneaking back in.

There is often a delay, so again, ensure you allow at least 30 minutes!

💾 3. Secure Their Data

Before deleting the account, be sure to:

Export their mailbox or delegate access to a manager
Transfer ownership of their OneDrive files
Review any shared documents or folders
Archive important Teams conversations if needed

Microsoft 365 provides tools to help with this — just make sure it’s handled before full account deletion.

❌ 4. Kill Access to External Tools

Think beyond Microsoft:

Revoke VPN credentials
Remove from Zoom, or any third-party systems
Change shared passwords (especially if stored in tools like LastPass, Bitwarden, etc.)
Audit any API keys or integrations they had access to

🚯 5. Set Up a “Kill Switch” in Advance

You can pre-create a Conditional Access policy in Microsoft 365 that instantly blocks access for users tagged as “Offboarded” or added to a specific group. This way, you’re not scrambling when the time comes — just toggle the switch and go.

🧷 6. Backups: Your Final Fail-Safe

Even with the best plans, mistakes can happen. Maybe someone forgets to revoke access in time, or the user deletes files from synced folders before they’re fully locked out.

That’s why having a robust, independent backup solution in place is essential — not just for terminations, but as part of everyday business continuity. Before any offboarding begins, make sure all email, OneDrive, SharePoint, and other company data is securely backed up.

This gives you peace of mind that, even in a worst-case scenario, you can restore what matters most — from deleted inboxes to entire document libraries.

A backup isn’t just good hygiene — during employee exits, it’s your last line of defense.

Final Thought

Firing someone is never fun — but being unprepared is worse. By following a secure, well-timed offboarding process, you protect your company’s data, reputation, and systems.

If you don’t have a documented process yet, now’s the time to build one — and if you need help putting safeguards in place (like Conditional Access, backup policies, or device control), we’re here to help.