How do you IMMEDIATELY revoke a user's access to Office 365 emails?

Hello Experts,

What's the most efecitve way to immediately disable an account on office 365?

Let me give you an example. One of our customers dismissed one of their employees recently. They required that this user lost access to their emails as soon as they left the building, otherwise there is the possibility of using the company emails maliciously. My actions were to change the 'settings' section in the user's 365 settings (through the management console) to blocked; convert the mailbox to a shared mailbox (the mails were still required by other employees) and the remove the 365 licence from the user..... I was informed by the client that the dismissed user was still sending & receiving emails from their phone about 2 hours after this.

I then deleted the user's account in the management console, only to find that the shared mailbox also disappeared! To return this, I am having to restore the user account, but by doing this I will no doubt restore the dismissed user's access!

We have had a similar experiance in the past where we simply changed the password on the account.... The customer informed us the user was still sending/receiving emails from their phone up to 8 hours after this, only then were they asked for the new password.

There must be a way to immediately revoke access to the office 365 environment, I was wondering if any of you guys have the right way to do this. Tearing my hair out at the moment..... Bring back exchange servers, all is forgiven!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

William FulksSystems Analyst & WebmasterCommented:
We had a similar issue with our Exchange server. It has something to do with the phone staying authenticated even after you change the password. Some kind of token thing. It will eventually expire after a couple of hours, but that does still allow people to send/receive.

With office 365, I know you can do some mobile device management. See if this helps:
If you are not using on-premise exchange then the following may provide a quick and dirty option (but the blog post quoted above is more robust if you have active sync properly setup and managed) :-

1. change the users password
2. use the new password to login to his/her account to microsoftonline in a browser
3. Go to
4.  If its also a Microsoft Account go to - as a precaution against a separate token being overloaded

This should sign the account out of all MS services and require cached tokens to be re-confirmed -  which should fail at the password.

NB: I've only proven this on my own, limited, setup; your mileage may vary

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.