When you change a user’s OneDrive storage quota in the Microsoft 365 admin center, the new limit often does not appear in third-party security review tools or audit reports. This issue occurs because security review platforms cache user data from Azure Active Directory, and OneDrive quota changes are not immediately synchronized to that directory. This guide explains the root cause of the delay and provides the exact steps to force a sync so that storage quotas reflect correctly in security reviews.
Key Takeaways: Fixing OneDrive Storage Quota Update Delays for Security Reviews
- Microsoft 365 admin center > Users > Active users > OneDrive tab: Manually triggers a sync of quota changes to Azure AD for the selected user.
- Azure AD > Users > user profile > OneDrive: Verify the updated quota appears in the directory after the manual sync.
- PowerShell Set-SPOSite cmdlet: Use the -StorageQuotaWarningLevel parameter to force an immediate update for multiple users at once.
Why OneDrive Storage Quotas Do Not Sync to Security Review Tools
Security review platforms such as Varonis, SailPoint, or Microsoft Purview compliance portal pull user data from Azure Active Directory. When you change a OneDrive storage quota in the SharePoint admin center or via the OneDrive admin panel, the update is written to SharePoint Online but not immediately replicated to Azure AD. Azure AD refreshes its OneDrive quota attribute only during the next directory sync cycle, which can take up to 24 hours. Until that sync occurs, security review tools see the old quota value and flag the account as non-compliant.
The Role of Azure AD Directory Sync
Azure AD stores a user’s OneDrive StorageQuota and StorageQuotaWarningLevel attributes. These attributes are updated by a background process that polls SharePoint Online periodically. The default polling interval is between 2 and 24 hours. No user-facing setting reduces this interval. Security review tools that query Azure AD via Microsoft Graph API receive the cached value until the next poll completes.
Why Manual Sync Fails in Some Tenants
Some tenants have custom Azure AD application permissions or Conditional Access policies that block the sync service from reading SharePoint data. In those environments, the quota never updates in Azure AD unless an administrator triggers a manual sync through the admin center. The manual sync forces an immediate one-time poll for the selected user.
Steps to Force OneDrive Storage Quotas to Update for Security Reviews
Use the following methods to push the updated quota to Azure AD immediately. Perform Method 1 first for individual users. Use Method 2 when you need to update multiple users at once.
Method 1: Manual Sync via Microsoft 365 Admin Center
- Sign in to the Microsoft 365 admin center
Go tohttps://admin.microsoft.comand sign in with a Global Admin or SharePoint Admin account. - Navigate to Active Users
Select Users in the left navigation, then click Active users. - Open the user’s OneDrive tab
Click the user whose quota you changed. In the user details panel, select the OneDrive tab. You see the current quota value and a Sync button. - Click Sync
Click the Sync button. A confirmation dialog appears. Click Sync again. The system immediately polls SharePoint Online and updates the Azure AD attributes for that user. - Verify the update in Azure AD
Openhttps://portal.azure.com, go to Azure Active Directory > Users, select the same user, and check the OneDrive section. The quota should now match the value you set in the SharePoint admin center.
Method 2: Force Sync Using PowerShell
- Install and connect to SharePoint Online PowerShell
Open Windows PowerShell as an administrator. RunInstall-Module -Name Microsoft.Online.SharePoint.PowerShellif not installed. Then runConnect-SPOService -Url https://[tenant]-admin.sharepoint.comand sign in with a SharePoint Admin account. - Set the storage quota with warning level
Run the following cmdlet for each user:Set-SPOSite -Identity https://[tenant]-my.sharepoint.com/personal/[user]_[tenant]_com -StorageQuotaWarningLevel [value]
Replace[value]with the warning level in MB. This cmdlet writes the quota change directly to SharePoint Online and triggers an immediate sync to Azure AD for that site. - Verify the sync
RunGet-SPOSite -Identity https://[tenant]-my.sharepoint.com/personal/[user]_[tenant]_com | Select StorageQuota, StorageQuotaWarningLevelto confirm the values are set. Then check Azure AD as described in Method 1 step 5.
If OneDrive Quota Still Does Not Update in Security Reviews
Security review tool caches data for more than 24 hours
Some third-party tools cache user attributes for 48 to 72 hours. After forcing the sync in Azure AD, wait 48 hours before filing a support ticket with the tool vendor. You can also ask the tool administrator to manually refresh the user data from Azure AD.
Azure AD application permissions block the sync
If the manual sync button is grayed out or does not change the Azure AD value, a Conditional Access policy may block the sync service. Go to Azure AD > Conditional Access > Policies and review any policy that targets the Office 365 SharePoint Online app. Temporarily exclude the Microsoft Office 365 Sync Service service principal from the policy, then repeat Method 1. Re-enable the policy after the sync completes.
Quota change was made using the wrong admin center
If you changed the quota in the SharePoint admin center under Active sites rather than in the OneDrive admin panel, the sync may not trigger. Always change quotas using Microsoft 365 admin center > Users > Active users > user > OneDrive tab or via the Set-SPOSite cmdlet. Changes made in the SharePoint admin center’s site collection list do not sync to Azure AD automatically.
| Item | Microsoft 365 Admin Center Manual Sync | PowerShell Set-SPOSite Cmdlet |
|---|---|---|
| Scope | Single user per click | Single user or multiple users in a loop |
| Time to complete | 2 minutes per user | 30 seconds per user after connection |
| Requires admin role | Global Admin or SharePoint Admin | SharePoint Admin |
| Triggers immediate Azure AD sync | Yes | Yes |
| Works with Conditional Access block | No | No |
You can now force OneDrive storage quota changes to appear in security review tools within minutes instead of waiting up to 24 hours. Use the manual sync button in the Microsoft 365 admin center for individual users, or the PowerShell cmdlet for bulk updates. For tenants with Conditional Access restrictions, temporarily exclude the sync service before attempting the manual sync. After the quota updates, verify the change in Azure AD before confirming compliance with your security review team.