What is a Soft Deleted User in Microsoft 365?

A Soft Deleted User in Microsoft 365 refers to a user account that has been removed from the tenant but is still recoverable within a specified retention period. This state allows admins to restore the account if it was deleted accidentally or if the user needs to regain access to the organization’s services.

Key Characteristics of Soft Deleted Users

1. Retention Period:
   Soft deleted users remain in the Azure Active Directory (AAD) recycle bin for up to 30 days by default. During this time, they can be restored without data loss.
2. Recoverable State::
   While soft deleted, the user account is inaccessible to the user, but its data and configuration remain intact and recoverable.
3. Permanent Deletion:
   After the retention period ends, the account is permanently deleted, and recovery is no longer possible.

How to Identify Soft Deleted Users

Soft deleted users can be found using the Microsoft Entra Admin Center or using Graph PowerShell.

Get-MgDirectoryDeletedItemAsUser

How to Handle Soft Deleted Users

• Restore the Account: Use the Restore-MgDirectoryDeletedItem cmdlet to reinstate the account:

Restore-MgDirectoryDeletedItem -DirectoryObjectId c71e4a5f-e379-4389-8f6e-af9057860fa1

• Permanently Delete: If the account is no longer needed, use the Remove-MgDeletedUser cmdlet:

Remove-MgDirectoryDeletedItem -DirectoryObjectId $directoryObjectId

Why Do Soft Deleted Users Matter?

1. Accidental Deletion Protection: Prevent data loss caused by inadvertent deletions.
2. Grace Period for Decisions: Allow time to review and confirm account removal.
3. Compliance: Ensure proper handling of user data before permanent deletion.

Understanding soft deleted users is critical for effective account lifecycle management and ensuring data security. Stay proactive and review your tenant regularly!

Explore More

• How to Restore and Permanently Delete Users Using Graph PowerShell