Disabling an account is not enough. Forwarding rules, shared mailboxes, delegations and OAuth tokens outlive the departure, beyond what the Microsoft directory shows. We flush them out and hand you a dated record. Without ever copying your data.
You do not choose the timing: the departure sets the date. What stays open afterwards does not surface on its own.
A forwarding rule, a delegation or an OAuth token keep working after the account is disabled. Nobody sees them without going to look.
Dispute, competition, sensitive data: in a tense departure, knowing and being able to show that everything is cut off changes everything.
Cyber-insurance questionnaires and supply-chain obligations ask for a process to revoke leavers' access. Here, you have the proof.
The Microsoft directory shows the account. The rest lives elsewhere: that is where we look.
Messages still leaving to an external address, even with the account closed.
Mailboxes the leaver still had access to, and the rights to send on their behalf (Send-As).
Calendar and mailbox delegations left open to other accounts.
Private channels and teams where the former member still appears.
Files shared by link, still open after their departure.
Third-party apps they had authorized, whose token is not revoked.
All of this lives behind the Exchange, Teams and Purview admin APIs, not in the directory. That is why a quick look at the account is not enough.
The measurement runs in your browser, on your tenant. We never see your emails or your files, only settings.
Collection runs in your browser, on your Microsoft 365. No data is copied to our servers.
We read settings, we change nothing. Least-privilege authorization, revocable at any time.
Every read we make appears in your own Microsoft audit logs. Trust is verified, not promised.
The result is a dated record to keep and to present. It is not legal advice: it is a factual, verifiable piece on the state of your access.
Le périmètre réglementaire applicable à votre organisation, à titre indicatif. Chaque référence renvoie à sa source officielle.
Autorité de protection des données : DPC (Data Protection Commission) · https://www.dataprotection.ie/
Autorité cybersécurité : NCSC-IE (National Cyber Security Centre (Ireland)) · https://www.ncsc.gov.ie/
Transposition NIS2 nationale
Contenu indicatif, pas un avis juridique. Relecture juriste local obligatoire.