Best practice steps to blocking and archiving users in Azure AD and Exchange hybrid environment (Azure AD Housekeeping)

If I put it in different way, How to do Housekeeping of unused or unwanted/stale user accounts on Azure AD and Exchange hybrid environment, you may have existing process in place for the accounts in Active Directory, Just needs to understand and consider couple of important steps related to Azure AD and Azure AD connect(AADC)

Also Read: How to Block user access to Azure portal

If the user leaves the organization, you have to block the access and keep the data as per the company retention policy (some don’t need the data)

Also Read: How to Force Active Directory Sync through Azure AD Connect to Office 365/Azure with console and Powershell Commands

Leavers account Housekeeping Best Practices for Office 365 Azure AD

Disable AD Account which will block the users Office 365 sign in access
Move user account to the OU Which is not Synchronized to Azure AD, Which will delete the Users Azure Account
Wait for the Synchronization to complete
Check User status on Azure Admin Portal

If you want the Keep the users Azure account for some time they don’t move the user account to Non-Synchronized OU which will prevent the Azure account deletion

Also Read: Office 365 DirSync Error: Unable to update this object because of missing attributes

Additional Steps for Local Active Directory and User Data

Backup Users home directory and other data
If require remove all access groups, remove user Certificate from Published Certs

Also Read: Active Directory On-premises User name did not match with their Office365 User name

Change the Users password if you want to terminate/block the access immediately and also Remove the mailbox which will apply to the user’s current session also

Also Read: Difference between DirSync, Azure AD Sync and Azure AD Connect

Also Read: Can we Replace on-premise Domain Controller with Cloud-based Active Directory

Other Microsoft Cloud Services and more about Cloud Computing