Deleted from the Microsoft 365 admin center but still appears in SharePoint

Remove people from the UserInfo list

Scenario 1: Someone is deleted from the Microsoft 365 admin center but still appears in SharePoint.

When a user or guest browses to a SharePoint site, their user information is cached in the UserInfo list. When the user or guest is deleted, their related UserInfo information is not removed. Their profile still appears, which may cause confusion when people view the people picker.

Scenario 2: A mismatched PUID.

This issue most frequently occurs when a user is deleted and the account is then re-created with the same user name. The account in the Microsoft 365 admin center or Active Directory (in directory synchronization scenarios) is deleted and re-created with the same user principal name (UPN). The new account is created by using a different PUID value. When the user tries to access a site collection or their OneDrive, the user has an incorrect PUID. A second scenario involves directory synchronization with an Active Directory organizational unit (OU). If users have already signed in to SharePoint, and then are moved to a different OU and resynced with SharePoint, they may experience this problem.

Remove people from the UserInfo list

The preceding steps removed access to Microsoft 365 and SharePoint. However, the user or guest still appears in people searches and in the SharePoint Online Management Shell when you use the Get-SPOUser cmdlet. To completely remove people from SharePoint, you must remove them from the UserInfo list. There are two ways to do this:

Note

This option is available only if the user previously browsed to the site collection. They won't be listed if they were granted access but never visited the site

1. Browse to the site and edit the URL by adding the following string to the end of it: /_layouts/15/people.aspx?MembershipGroupId=0

   For example, the full URL will resemble the following: https://fabrikam.sharepoint.com/_layouts/15/people.aspx/membershipGroupId=0

2. Select the person from the list, and then on the Actions menu, select Delete Users from Site Collection.

Using the SharePoint Online Management Shell

1. Download the latest SharePoint Online Management Shell.

2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting started with SharePoint Online Management Shell.

3. Run the following command:

   PowerShell

   Remove-SPOUser -Site https://fabrikam.sharepoint.com -LoginName jondoe_fabrikam.com#EXT#@fabrikam.onmicrosoft.com
   

    Note

   Replace the _jondoe_fabrikam.com#EXT#@fabrikam.onmicrosoft.com_ placeholder with the person in question.

Clear browser history

SharePoint uses browser caching in several scenarios, including in the people picker. Even when a user is fully removed, he or she may still remain in the browser cache. Clearing the browser history resolves this issue. For info about doing this in Edge,

Restore Soft Deleted MailBox To Shared Mail Box

Restore Soft Deleted MailBox To Shared Mail Box

Connect PowerShell to Exchange Online using below command:

 

$LiveCred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection

Import-PSSession $Session

 

Then checked the old user in Soft Delete

Get-Mailbox –SoftDeletedMailbox  //Check the deleted user details

Get-mailbox –SoftDeletedMailbox –Identity “Name of the mailbox” | fl *guid*

Copy the GUID (not Exchange GUID) in a notepad (1)

Get-mailbox –Identity “Email address of the new user” | fl *guid*

Copy the GUID (2)

 

Following command will copy the old mailbox’s email to the new mailbox.

New-MailboxRestoreRequest -SourceMailbox "GUID (1)" -TargetMailbox "GUID (2)" -TargetRootFolder "Old Mailbox" –AllowLegacyDNMismatch

 

Since user had Archive enabled we restored the archive mailbox seperately

We ran the below commands to get the ArchiveGuid

Get-Mailbox -Identity user@domain.com -SoftDeletedMailbox |fl " ArchiveGuid"

Get-Mailbox -Identity user@domain.com |fl "ArchiveGuid"

 

New-MailboxRestoreRequest -SourceMailbox "GUID (1)" -TargetMailbox "GUID (2)" -TargetRootFolder "Old Mailbox" –AllowLegacyDNMismatch

Whitelist Email Address in O365

Whitelist Email Address in O365

How to Whitelist Email Address in Office 365

1. Open the Exchange Admin Center.
2. Click on Protection.
3. Click on Spam Filter.
4. Double click on Default.
5. Click on Allow Lists.
6. Under Allow Lists, click the + to add a new email address.
7. In the window that pops up, add the address you’d like to let through.
8. Click Save.
9. Click Save again.

That’s it! Now email from that address will be delivered to your organization’s inboxes, not marked as junk.

More Detailed Instructions for Whitelisting Emails

1. Sign into Office 365: Go to https://portal.office.com and sign in.
2. Click on Admin from your list of apps.
   
3. In the left-hand column, click on the Admin Center icon, then click Exchange to open the Exchange Admin Center.
   
4. Click on Protection from the left-hand menu.
   
5. Click on Spam Filter.
   
6. Double-click on Default.
   
7. In the pop-up window, click on Allow Lists.
   
8. Under Allowed Sender or Allowed Domain, click the + to add a new email address. Be careful about allowing whole domains, as entering popular domains here like gmail.com can allow bad actors to bypass filtering.
9. In the window that pops up, add the address you’d like to let through.
   
10. Click OK.
11. Click Save.

That’s it! Now email from that address will be delivered to your organization’s inboxes, not marked as junk.

How to fix a compromised (hacked) Microsoft Office 365 account

Verify that the users machine is not compromised

Make sure the user has anti-malware software installed, running and that it's up-to-date. If you do not have malware software installed, you can download a free solution from the Microsoft Protection Center. You can also use the Malicious Software Removal Tool to scan your computer for malware. In cases where these recommendations are not enough, you should follow the Advanced Troubleshooting steps.

Remediation Steps:

• Reset password (this secures the account and kills active sessions).
• Remove mailbox delegates.
• Disable mail forwarding rules to external domains.
• Remove global mail forwarding property on mailbox.
• Enable Multi-Factor Authentication (MFA) on the user's account.
• Set password complexity on the account to be high.
• Enable mailbox auditing.
• Produce Audit Log for the admin to review.

Resolution Steps: 

Issue – O365 user unable to send emails due to “Potentially Compromised Account’ Error.

Resolution: 

1. Login to O365 Admin Portal
2. Go to “Exchange”  in Admin Centers
3. Now go to  “Protection”
4. In Protection Page Search for the Restricted User
5. In the End There is “Actions” Section Click on Unblock – This will allow user to send out emails