SBS 2008/2011: Disabling Users / Wipe Lost Devices
When a user leaves an organisation, it is usually most convenient to leave the user account in the system for a short period rather than delete them immediately. This allows email redirection, provision of access to mailbox and calendar items to other people (and to archive the mailbox), and mitigate the need to reinstate the account should the decision be reversed shortly afterwards.
So the procedure to discontinue access to an ex-employee, in the first instance, is to disable the account.
However, this doesn't immediately discontinue access to the mailbox via Exchange ActiveSync (EAS) / Outlook Anywhere clients such as smartphones. To do this, open Exchange Management Console, browse to Recipient Configuration → Mailbox and right-click the mailbox. If the mailbox has been connected via EAS, there will be an option Manage Mobile Device. From there you can break the link using Remove Mobile Device Partnership. This leaves any mailbox data on the device, but prevents further syncing. Ideally the mailbox should be removed from the device, which must done from the device itself.
The option Perform A Remote Wipe To Clear Mobile Device Data wipes the entire device, so this is only suitable for a device which has been lost and the need to erase it outweighs the need for it to be tracked (via Apple's Find My iPhone for example).