Block a Former Employee's Access to Office 365 Data

Blocking an account can take up to 24 hours to take effect. If you need to immediately prevent a user's sign-in access, you should reset their password and then initiate a one-time event that will sign them out of Office 365 sessions.

If you're not using the new Microsoft 365 admin center, you can turn it on by selecting the Try the new admin center toggle located at the top of the Home page.

  1. In the admin center, go to the Users > Active users page.

  2. Select the name of the employee that you want to block, and under the user's name, select the symbol for Block this user.

  3. Select Block the user from signing in, and then select Save.

Reset their password and then initiate a one-time event that will sign them out of Office 365 sessions

  1. In the admin center, go to the Users > Active users page.

  2. Select the box next to the user's name, and then select Reset password.

  3. Enter a new password, and then select Reset. (Don't send it to them.)

  4. Select the user's name to go to their properties pane, and on the OneDrive tab, select Initiate sign-out.

Within an hour - or after they leave the current Office 365 page they are on - they will be prompted to sign in again. (The refresh token is good for an hour, so the timeline depends on how much time is left on their token and whether they navigate out of their current webpage.)

CAVEAT: If the user is in Outlook on the web, just clicking around in their mailbox, they may not be kicked out immediately. As soon as they select a different tile such as OneDrive, or refresh their browser, the sign out is initiated.

 

Source: https://docs.microsoft.com/en-us/office365/admin/add-users/remove-former-employee?view=o365-worldwide#sign-out-now