We are going to take advantage of Windows Security User Rights assignments to lock the user out of Windows Client device: (optional) Entra ID Governance License for Automation.
![microsoft synctoy user guide microsoft synctoy user guide](https://cdn.windowsreport.com/wp-content/uploads/2016/07/synctoy-download-768x307.jpg)
![microsoft synctoy user guide microsoft synctoy user guide](https://www.hardwarebuddy.in/wp-content/uploads/2021/11/Run-manual-backup-in-synctoy.jpg)
Depending on the protocol and application, a user can continue to access\modify data for an hour or more after their account was disabled. Requesting the user to travel onsite to the office so that they can be offboarded is impractical and not realistic.Īt the same time the nature of today’s authentication\authorization protocols does not allow for rapid offboarding of remote users. With the rise in remote work, it is not uncommon for employees or contractors to not only work remotely, but to work in a different geographical location as their company’s office. As soon as the decision was made to offboard an employee\contractor they would lose physical access to their equipment and to the facility, their account would be disabled, and typically a security personnel would also ensure they do not leave with any critical company assets in the process. In the past, quickly offboarding users while preserving data on the devices was fairly easy. This could be used for multi-user endpoints or in events where forensics may be necessary for the device.
![microsoft synctoy user guide microsoft synctoy user guide](http://www.pchell.com/images/synctoy1.jpg)
Using the method below you can rapidly offboard an employee/contractor while preserving device data, Entra ID join status, and Intune enrollment. I would like to talk about using Intune policies with Microsoft Entra ID Governance as part of the offboarding process.