I have an employee who's leaving, and we need to completely disable their access to the work laptop they're using remotely. They log in with their Office 365 credentials, and although our IT department suggests I can click 'Block Sign In' in the Office 365 admin center, I'm concerned that this won't prevent them from using the laptop entirely if they've already logged in. My idea is to block their access and change their password, but I still worry they'll be able to use it afterward. I'm looking for a method to ensure they cannot access the laptop at all after a certain point. Any advice on how to handle this?
4 Answers
If you really need to make sure the laptop is locked out immediately, the only foolproof way is to get physical access to the device. It’s generally tricky to manage remote work laptops without physical intervention. Still, using tools like Absolute Software could help, as you can lock or even brick the device if it connects to the internet.
First, you should revoke their sessions, and change their Azure Active Directory password. Then, disable their AAD account. If you have any remote management tools, like Intune, you can send a reboot or shutdown command from there. This way, once they log out, they won't be able to get back in after you’ve made the changes.
Disabling the account and revoking sessions is the best approach. Just keep in mind that cached logins might allow them access until the device reaches out to Microsoft Entra again. Once that happens, they won’t be able to log back in.
Unfortunately, it sounds like you've got a bit of a challenge without physical access. Since you're not using local Active Directory, your best bet is to follow the IT guidelines. Changing the login credentials and blocking access should work, but you might want to ensure there's a way to manage the laptop remotely.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures