Blog/Security
SecurityAccess ControlOffboardingIT SecurityDubai

How to Manage Employee Access When Staff Leave Your Company: The Dubai IT Offboarding Checklist

SAS IT Team12 June 20267 min read

Why Ex-Employee Access Is a Critical Security Risk

Of all the insider threats we see in Dubai businesses, ex-employee access is the most common — and most preventable. A typical Dubai SME has:

  • Multiple SaaS apps with individual logins
  • VPN accounts
  • RFID access cards
  • Shared passwords the employee knew
  • Cloud storage with shared files

Without a proper offboarding process, a disgruntled or opportunistic ex-employee can access systems days, weeks, or months after their last day.

The Complete IT Offboarding Checklist

Run this checklist on the last day of employment — ideally before the employee's final hour:

Identity and Access:

  • [ ] Disable Active Directory account immediately on last day
  • [ ] Change all shared passwords the employee knew (WiFi, admin accounts, shared email)
  • [ ] Revoke MFA tokens (Microsoft Authenticator, FortiToken, Google Authenticator)
  • [ ] Remove from all Active Directory security groups

Email and Collaboration:

  • [ ] Redirect email to manager or neutral inbox for 30 days
  • [ ] Export mailbox if required for legal or business continuity
  • [ ] Remove from all distribution lists and Teams channels
  • [ ] Revoke Microsoft 365 sessions (Admin > Active Users > Sign Out All)
  • [ ] Remove from Slack, Google Workspace, or other collaboration tools

VPN and Remote Access:

  • [ ] Disable VPN account on final day
  • [ ] Remove FortiClient SSL VPN licence assignment
  • [ ] Revoke any site-to-site VPN client certificates

Physical Access:

  • [ ] Deactivate RFID card or fob immediately
  • [ ] Remove fingerprint or face recognition biometric profile
  • [ ] Collect building pass, key fobs, and physical keys
  • [ ] Revoke car park access if applicable

Cloud Services:

  • [ ] Remove access from CRM (Salesforce, HubSpot, Zoho)
  • [ ] Remove from accounting software (Xero, QuickBooks, SAP)
  • [ ] Revoke access from project management tools (Asana, Jira, Monday)
  • [ ] Remove from cloud storage (Dropbox, Box, OneDrive personal)

Device:

  • [ ] Recover company laptop and mobile devices
  • [ ] Remote-wipe if MDM enrolled device is not returned
  • [ ] Remove personal devices from MDM (Intune, Jamf)

Automation: How to Make This Faster

With Microsoft Entra ID (Azure AD), disabling one account can cascade to all Microsoft 365, Teams, SharePoint, and Azure resources automatically. This is the single highest-value IT investment for businesses with 20+ staff.

For third-party apps, use single sign-on (SSO) through Entra ID wherever possible — one account disable removes access everywhere.

Post-Offboarding Review (30 Days Later)

  • Run an access audit: search for the ex-employee email in all key systems
  • Check audit logs for any post-departure access attempts
  • Review any shared drives they had access to for unusual activity

SAS IT provides IT offboarding processes and identity management for Dubai businesses. Contact us | +971-526716178

*Related: Access Control System Dubai | Managed IT Services Dubai*

Tags

Access ControlOffboardingIT SecurityDubaiHow-To

SAS IT Services — Dubai

Need expert IT support?

Our certified engineers cover all of Dubai & UAE with same-day response and 24/7 support contracts.

+971-526716178WhatsAppFree Quote