When you delete a user account in Microsoft 365, It’s not permanently removed straight away, it first moves into deleted users (recycle bin) which is also called as soft-delete. Microsoft gives you 30 days to restore the account and any associated data before it’s permanently deleted.
If you want to delete the user account permanently from recycle bin earlier than 30 days, which is also known as hard-delete. You won’t have this option from Microsoft 365 admin center, but you can use Entra admin center to hard-delete user accounts. Another alternative is to use Microsoft graph PowerShell commands.
Contents
Deleted Users List on Microsoft 365 admin center
Go to Microsoft 365 admin center > Users > Deleted users to list all deleted users.
Export Deleted Users from Microsoft 365 admin center
Go to Microsoft 365 admin center > Users > Deleted users. Click on Export deleted users to a CSV file.
Permanently Delete Users using Entra admin center
Go to Entra admin center > Users > Deleted users > Deleted users. Select the users you want to remove permanently and click Delete permanently.
Please note that once you delete users permanently, they cannot be restored, even by Microsoft.
Get the List of Deleted Users from Microsoft 365 [Graph]
# Install Microsoft Graph module
Install-Module Microsoft.Graph -Scope CurrentUser# Import Microsoft Graph module
Import-Module Microsoft.Graph# Connect to Microsoft Graph with required permissions
Connect-MgGraph -Scopes "User.Read.All"# Get the list of Deleted Users
Get-MgDirectoryDeletedItemAsUser
Remove One Microsoft 365 Deleted User Permanently [Graph]
Using Get-MgDirectoryDeletedItemAsUser cmdlet, we got the list of Deleted users in Microsoft 365. Now, if you want to delete a specific user from deleted users list, you can use Remove-MgDirectoryDeletedItem cmdlet. Please note, once you delete a user object permanently, it cannot be restored.
Remove-MgDirectoryDeletedItem cmdlet is included in Microsoft.Graph.Identity.DirectoryManagement graph powershell module. If you have already imported Microsoft.graph powershell module then there is no requirement to import Microsoft.Graph.Identity.DirectoryManagement module separately. For removing a user account from M365, you will require User.ReadWrite.All graph permission.
Connect to Graph using User.ReadWrite.All
Connect-MgGraph -Scopes "User.ReadWrite.All" -NoWelcomeGet the list of deleted users Including DirectoryObjectId
Get-MgDirectoryDeletedItemAsUserDelete a specific deleted user object
Remove-MgDirectoryDeletedItem -DirectoryObjectId 2ba20d9c-6784-4cc4-bdb3-a4a7ef8c2ac1Confirm if the user is Permanently deleted
Get-MgDirectoryDeletedItemAsUser
Remove All Microsoft 365 Deleted Users Permanently [Graph]
You can remove all deleted users at once using below PowerShell command. We will still use Remove-MgDirectoryDeletedItem cmdlet for this task.
Remove all M365 Deleted users permanently
Get-MgDirectoryDeletedItemAsUser -All | ForEach-Object { Remove-MgDirectoryDeletedItem -DirectoryObjectId $_.Id -Confirm:$false }Confirm if all users are permanently removed
Get-MgDirectoryDeletedItemAsUser
Confirm if all deleted users are removed from Microsoft 365 admin center. Click on Refresh once, you will not find any user on this page, as we have force removed all deleted users permanently.
