When an employee leaves a business, the focus is on the HR process and operational handovers. HR ensures the final payroll is calculated, whilst department heads reassign ongoing projects. However, the most significant liabilities left behind during an employee departure are often entirely digital.
Inadequate IT offboarding processes cost UK businesses thousands of pounds in ghost software spend and expose organisations to severe security vulnerabilities. For businesses, handling an IT leaver is a race against time to secure corporate data, save on licensing costs, and reclaim expensive physical hardware.
At Bridgeall, through our Managed IT Support service, we manage leaver processes for a number of customers. These are our top tips for managing them effectively in your business.
Wasted Ghost Licences
The most immediate financial consequence of a disorganised IT leaver process is software licensing waste. Modern cloud environments run primarily on Software-as-a-Service (SaaS) models. When an employee departs, their subscription fees do not automatically stop just because they have stopped logging in.
The Microsoft 365 Trap
Within a standard Microsoft 365 deployment, a mid-tier suite licence represents a recurring monthly cost. If an IT department fails to unassign that licence after an employee leaves, the business continues to pay for a completely empty seat.
Compounding this issue is the introduction of premium additions like Microsoft 365 Copilot, alongside impending commercial price adjustments taking effect across the industry. Allowing multiple ghost accounts to persist for months across a hybrid workforce silently erodes your operational profitability. If you have 500 employees and a churn of 10% you could have 50 unused licences that you are paying for, which starts to add up.
Shadow IT and Forgotten Subscriptions
The problem extends far beyond your primary productivity suite. Modern departments frequently register for niche, platform-specific software to manage tasks, design assets, or schedule marketing pipelines.
If these accounts were created independently of your central Single Sign-On (SSO) infrastructure, IT may not even know they exist. A single departing employee could leave behind three or four active, automated card payments for platforms the business no longer utilises.
For IT teams, carrying out regular audits and checking in with different departments to maintain a register of all software used across the business, along with the owner or administrator for each application. This should be kept up to date and then used as a reference document when that person leaves.
Orphaned Accounts and Data Leakage
Whilst licensing waste affects the balance sheet, a failure to properly revoke system access can devastate a company’s security posture.
An orphaned account is an active user profile that remains accessible after the employee has legally left the firm. These accounts provide a seamless back door for data exfiltration and external cyber threats.
- Persistent Login Sessions: Simply changing a password is often insufficient. If an IT administrator does not explicitly revoke active tokens and sessions, an ex-employee can remain authenticated into cloud applications on their personal devices for days or weeks.
- Intellectual Property Theft: The period immediately surrounding a departure is a high-risk window for corporate data loss. Without strict, immediate block controls, a disgruntled or competing leaver has the opportunity to download client databases, proprietary code, or financial records.
- Shared Account Vulnerabilities: If a team relies on shared credentials for a specific portal or utility pipeline, a departing staff member carries those passwords out the door with them. Failing to cycle these passwords immediately invalidates your entire corporate access boundary.
An IT Checklist for Leavers
To mitigate these operational threats, businesses require a standardised IT offboarding checklist that bridges the gap between HR notification and technical execution. The following framework outlines the essential steps your internal IT team should execute the moment an employee departure is confirmed.
1.Identity Isolation and Session Termination
In Microsoft 365 and Entra ID, block sign-in and trigger a full session revocation to invalidate all active refresh tokens on laptops, tablets, and mobile devices.
2.Password Reset and Multi-Factor Authentication (MFA) Purge
Change the account password to a complex, randomly generated value known only to the IT administration team. Remove all registered MFA methods, including authenticator app seeds, FIDO2 hardware keys, and verified personal mobile numbers, ensuring the ex-employee cannot use self-service recovery channels.
3.Data Preservation and Shared Mailbox Conversion
Convert the departing user’s mailbox into a shared mailbox to retain historic communications without consuming a paid seat. Delegate access to the relevant line manager and apply a retention hold on their OneDrive files, ensuring critical business documents are transferred to a centralised repository within the standard 30-day deletion window.
4.SaaS and Shadow IT Audit
Audit external cloud applications not tied directly to your primary SSO provider. Manually terminate standalone accounts on external portals, review any automated workflows or Power Automate flows owned by the user, and reassign ownership to a corporate service account to prevent critical automated business processes from failing.
- Reclaiming Licences and Optimising Spend
Unassign all premium and core suite licenses from the user account. Bank these licenses to reduce your net monthly software spend or reallocate them directly to an incoming hire’s onboarding profile.
6.Hardware Recovery and Endpoint Management
Collect all corporate physical assets, including laptops, mobile phones, security badges, and peripheral equipment against your company asset register.
Issue a cryptographic remote wipe command to corporate data partitions on any bring-your-own-device (BYOD) endpoints used by the employee.
Creating a Resilient Offboarding Strategy
A secure offboarding approach relies entirely on clear communication channels between your HR department and your IT team. When an organisation treats employee offboarding as a critical technical workflow rather than an administrative afterthought, it safeguards its corporate data boundaries and prevents unnecessary software expenditures.
If your business lacks the internal capacity to monitor shadow IT, handle complex identity lifecycles, or optimise your cloud licensing costs during periods of organisational change, partnering with an experienced managed IT support partner can provide the visibility and automated workflows required to protect your digital infrastructure. Learn more about our Managed IT Support service here.



