Verified Microsoft 365 offboarding · Zero Knowledge

An employee has left. Prove their access is truly cut off.

Disabling an account is not enough. Forwarding rules, shared mailboxes, delegations and OAuth tokens outlive the departure, beyond what the Microsoft directory shows. We flush them out and hand you a dated record. Without ever copying your data.

Never any write to your tenant No data copied Verifiable in your Microsoft logs
audit.syaga.fr/proof-of-leaving
Former employee
j.martin@yourcompany.com
Account disabled
Forwarding rule to an external addressActive
Delegation on a shared mailboxActive
OAuth token not revoked (third-party app)Open
Access to a private Teams channelOpen
Account disabled
!4 residual accesses found
Why now

The departure is a dated event. So is the proof.

You do not choose the timing: the departure sets the date. What stays open afterwards does not surface on its own.

1

A disabled account is not cut-off access

A forwarding rule, a delegation or an OAuth token keep working after the account is disabled. Nobody sees them without going to look.

2

A contentious departure is a risk

Dispute, competition, sensitive data: in a tense departure, knowing and being able to show that everything is cut off changes everything.

3

Your insurer and NIS2 require it

Cyber-insurance questionnaires and supply-chain obligations ask for a process to revoke leavers' access. Here, you have the proof.

What we check

The access that outlives the departure

The Microsoft directory shows the account. The rest lives elsewhere: that is where we look.

Forwarding rules and redirects

Messages still leaving to an external address, even with the account closed.

Shared mailboxes and send-as

Mailboxes the leaver still had access to, and the rights to send on their behalf (Send-As).

Delegations and proxies

Calendar and mailbox delegations left open to other accounts.

Private Teams channels

Private channels and teams where the former member still appears.

SharePoint and OneDrive sharing links

Files shared by link, still open after their departure.

OAuth consents

Third-party apps they had authorized, whose token is not revoked.

All of this lives behind the Exchange, Teams and Purview admin APIs, not in the directory. That is why a quick look at the account is not enough.

Why it is trustworthy

You entrust us with nothing. And you can verify it.

The measurement runs in your browser, on your tenant. We never see your emails or your files, only settings.

Measured in your tenant

Collection runs in your browser, on your Microsoft 365. No data is copied to our servers.

Never any write

We read settings, we change nothing. Least-privilege authorization, revocable at any time.

Verifiable, not declared

Every read we make appears in your own Microsoft audit logs. Trust is verified, not promised.

The result is a dated record to keep and to present. It is not legal advice: it is a factual, verifiable piece on the state of your access.

Ready

A departure to verify?

Pay per use, no subscription. You discover your exposure before you decide.
Cadre réglementaire

Les textes qui vous concernent

Le périmètre réglementaire applicable à votre organisation, à titre indicatif. Chaque référence renvoie à sa source officielle.

Réglementation européenne applicable

Spécificités nationales · Irlande

Autorité de protection des données : DPC (Data Protection Commission) · https://www.dataprotection.ie/

Autorité cybersécurité : NCSC-IE (National Cyber Security Centre (Ireland)) · https://www.ncsc.gov.ie/

Transposition NIS2 nationale

Contenu indicatif, pas un avis juridique. Relecture juriste local obligatoire.