Deprovisioning best practices series #2: Standardized disable and delete policies

Deprovisioning best practices series #2: Standardized disable and delete policies

Improper off-boarding practices put organizations at the risk of losing critical data.  For example, a former employee whose access permissions were not revoked could tamper with or even steal critical data causing confidentiality breaches. It can also lead to compliance violations and can be quite expensive to fix. According to a report by IBM, the cost of a data breach in 2021 is US$ 4.24 million, a 10% increase from US$ 3.86 million from 2019. It's high time that organizations shifted their priorities to hygienic cyber security practices, and establishing secure and standardized user on-boarding and off-boarding processes is a prudent step towards that.  


Automated off-boarding with ADManager Plus

ADManager Plus' automated deprovisioning feature coupled with its customizable delete policy can help you automatically deprovision user accounts and ensure their access privileges are also revoked at the earliest. The following steps will guide you through the process.


1. Set up the delete policy


1. Navigate to Admin tab > Custom Settings > Delete/Disable Policy

2. Select the domain you wish to enforce the delete policy in and then select the Delete Policy tab.

3. Select  actions like delete homefolders and mailboxes, revoke Microsoft 365 licenses, etc., that must be automatically triggered when a user account is deleted.

4. Click Save.


2. Configure automated deprovisioning of user accounts


1. Navigate to Automation tab > Automation > Create New Automation and configure the following settings.

2. Automation policy Name and Description - Enter a suitable name and description for the automation process.

3. Automation Category - Choose User Management.

4. Domain - Choose the domain and OUs where the task should be run in.

5. Automation Task/Policy - From the 'Automation policy' list, select the 'user deprovisioning' policy.

6. Location of CSV - Choose the location of your CSV file which contains the list of users to be deprovisioned.

7. Implement Business Workflow - Enable this option if you wish that the user deletion be carried out after approval. This option will automatically create a 'delete user' request; once it is approved by the appropriate technician or user mentioned in the workflow, the user account will be deleted from AD.

8. Select the Execution time and Frequency at which you want the automated user deprovisioning to be done.

9. Enable the Notification option if you wish to notify the technician every time the automation gets executed.

10.  Click Save.


If you had missed the previous article in this series on making the most of reports for efficient off-boarding, you can read it here!


Tune in next week to know how to automate stale account cleanup in your organization with ADManager Plus, in a few clicks!



Team ADManager Plus

      New to ADSelfService Plus?