Picture this scenario:
You have a poor performing employee at your company, let's call him Joe. Joe receives company email on his personal phone and due to his poor performance, he has been fired. You as the System Administrator did everything correctly, disabling his account and then disabling ActiveSync, MAPI, and OWA access to his mailbox. You even delete the mobile devices from Joe's mailbox.
Now, it is a month later and your new, just installed security threat management solution shows an excessive number of failed logins on your Exchange server. The report's Username field reads "Unknown, Joe, Servername$". Wait a minute, why is Joe still trying to access the Exchange server? Is he trying to hack us? Does he want to do something malicious? The most likely answer is that he simply forgot to delete his ex-company's email profile from his phone.
So, the question is, how do you prevent Joe's phone from trying to access your Exchange server with his user account and causing the execs to panic thinking Joe is trying to hack the company?