Killing an Active Office 365 Session

There is one key administrative feature that seems to be missing from Microsoft Office 365 – the “kill switch” that disables an Office 365 account and kills all active sessions (browser, ActiveSync, etc.).  Without official guidance from Microsoft, there has been speculation from Office 365 Admins on the best approach for disabling access to an Office 365 account in the event of a breach or security issue.

We wanted to share a best practice for killing active Office 365 sessions that we learned through our contacts at Microsoft and feedback from the UC Davis Office 365 email list.

  1. Change the password on the mailbox
  2. Remove the mailbox using the “Remove-Mailbox” command
    • For example:
      Remove-Mailbox -Identity "John Rodman"
  3. Wait 15 minutes
  4. Restore the mailbox

Restoring the mailbox is an important step in this process, since the mailbox will be automatically deleted if you do not restore it within 30 days.