OneDrive for Business former employee OneDrive access goes to the wrong approver for legal review: Fix Guide

When a former employee leaves your organization, IT or legal teams often need to access that user’s OneDrive to collect files for e-discovery or legal review. In many Microsoft 365 tenants, the access request for a former employee’s OneDrive is routed to the wrong approver, such as the former employee themselves or an unrelated manager. This happens because OneDrive’s default delegation settings assign site collection administration based on the user’s manager field in Azure AD, and that manager may no longer be valid or may not be the correct legal contact. This article explains why the approval route goes wrong and provides a step-by-step fix to redirect access requests to the correct legal reviewer.

You will learn how to identify the current site collection admin for a former employee’s OneDrive, how to change the delegated approver, and how to prevent the same issue for future departures. The fix involves updating the user’s manager attribute in Azure AD, modifying OneDrive site permissions via SharePoint Admin Center, and configuring a tenant-wide policy for legal hold access. By following these steps, you can ensure that legal review requests land with the right person every time.

Why OneDrive Access Requests Go to the Wrong Approver

When a user leaves your organization, their OneDrive site remains active for 30 days by default. During this period, any request to access that OneDrive is sent to the site collection administrator. OneDrive automatically sets the site collection admin to the user’s manager as defined in Azure Active Directory. If the manager attribute is blank, outdated, or points to a person who is no longer with the company, the access request email is delivered to the wrong person or bounces entirely.

The technical root cause is that OneDrive inherits the site collection admin assignment from the user object’s manager field at the time the site is created or when the user is disabled. Microsoft 365 does not automatically update this delegation when the manager changes or leaves. Additionally, legal review requests often require a specific person or group, such as a compliance officer or e-discovery manager, but the default delegation logic does not allow for custom approvers without manual intervention.

Another contributing factor is that the OneDrive access request feature uses SharePoint site permissions, not Azure AD roles. Even if you assign a global admin or compliance admin role to the correct person, that role does not automatically become the site collection admin for each former employee’s OneDrive. You must explicitly update the site-level permissions to redirect the approval flow.

Steps to Redirect Former Employee OneDrive Access to the Correct Legal Reviewer

The following steps will change the site collection admin for a former employee’s OneDrive and configure the approval routing to your legal team.

1. Identify the former employee’s OneDrive URL
   Go to the Microsoft 365 admin center at admin.microsoft.com. Select Users > Active users. Find the former employee, click their name, and then select the OneDrive tab. Copy the OneDrive URL shown under Get access to files. The URL format is https://yourtenant-my.sharepoint.com/personal/username_domain_com.
2. Open SharePoint Admin Center and locate the site
   Go to admin.microsoft.com > Admin centers > SharePoint. In the left navigation, select Sites > Active sites. Paste the former employee’s OneDrive URL into the search box and press Enter. Click the site name to open the details panel.
3. Change the primary site collection admin
   In the details panel, scroll to Site collection administrators. Click Edit. Remove the current admin if it is incorrect. Add the email address of the legal reviewer or a shared mailbox used by the legal team. Click Save. This change takes effect immediately and all future access requests will be sent to the new admin.
4. Update the Azure AD manager attribute for future departures
   Go to admin.microsoft.com > Users > Active users. Select the former employee, then click Manage under the Manager field. Set the manager to the correct legal reviewer or a generic legal mailbox. Click Save. This ensures that if the OneDrive site is ever recreated or restored, the correct manager will become the site collection admin automatically.
5. Configure email forwarding for access request notifications
   In the Microsoft 365 admin center, select the former employee, then go to the Mail tab. Click Manage email forwarding. Enable forwarding and enter the legal team’s email address. Check the box to keep a copy of forwarded messages. Click Save. This forwards any access request notification emails that were originally sent to the former employee’s mailbox to the legal reviewer.
6. Test the access request flow
   Sign in as a different user who does not have access to the former employee’s OneDrive. Open the OneDrive URL in a browser. You should see a message saying you need permission. Click Request access. The legal reviewer should receive an email notification within a few minutes. Confirm the email arrives in the correct mailbox and that the reviewer can approve or deny the request.

If OneDrive Access Still Goes to the Wrong Approver After the Fix

The legal reviewer does not receive the access request email

Check the SharePoint site collection admin settings again. The change may not have saved if you did not click the Save button in the details panel. Also verify that the legal reviewer’s email address is correct and that they have a valid Microsoft 365 license. If the reviewer is an external user, they cannot be a site collection admin. Use a licensed internal user or a shared mailbox with a license instead.

The access request goes to the former employee’s manager instead of the legal team

This happens when the OneDrive site still has the original site collection admin from the manager attribute. Repeat the steps to change the site collection admin in SharePoint Admin Center. You must remove the old admin and add the new one. Simply updating the manager attribute in Azure AD does not retroactively change the site collection admin for existing OneDrive sites.

Access requests are not sent at all

OneDrive access requests are disabled by default for some tenants. Go to SharePoint Admin Center > Settings > Access requests. Ensure that Allow access requests is set to On. You can also set a default access request email address for all sites under this setting. If you enable this, all access requests for any OneDrive site will go to the specified email, overriding the site collection admin setting.

Manual Site Collection Admin Change vs Azure AD Manager Update: Key Differences

Item	Manual Site Collection Admin Change	Azure AD Manager Update
Scope	Affects only the selected former employee’s OneDrive site	Affects the user object and can influence future site creation or restoration
Immediate effect	Yes, access requests are redirected within minutes	No, existing OneDrive sites are not updated automatically
Requires SharePoint Admin permissions	Yes, you need SharePoint Administrator or Global Administrator role	No, you only need User Administrator role to update the manager field
Best for	Fixing a specific former employee’s OneDrive access approval	Setting up correct delegation for all future departures
Limitation	Must be repeated for each former employee individually	Does not change existing site permissions

You can now route OneDrive access requests for former employees to the correct legal reviewer by updating the site collection admin in SharePoint Admin Center and optionally configuring the Azure AD manager attribute for future cases. Next, consider setting up a Microsoft 365 retention policy or legal hold on former employees’ OneDrive sites to preserve data automatically. An advanced tip is to use the Microsoft Graph API to batch-update site collection admins for all former employees in your tenant, saving time when handling multiple departures at once.