When a former employee’s OneDrive access is requested for a department transfer, the approval request might go to the wrong person. Instead of the new manager, the request could land with the previous manager who no longer oversees that user. This happens because the approver is determined by the user’s manager attribute in Microsoft Entra ID, which may not be updated promptly after a department change. This article explains why the wrong approver is assigned, how to fix the manager field, and what settings to review to prevent future misrouting.
Key Takeaways: Fixing OneDrive Access Approver for Transferred Employees
- Microsoft Entra ID > Users > Manager: The manager attribute controls who receives the approval request for former employee OneDrive access.
- Microsoft 365 admin center > User management > Active users: Update the manager field here to route requests to the correct department manager.
- OneDrive admin center > Access management > Request access: Review and reassign pending approval requests after updating the manager attribute.
Why the Wrong Approver Receives OneDrive Access Requests for Transferred Employees
When an employee transfers departments, their Microsoft 365 user account retains the old manager attribute unless it is manually updated. The OneDrive access request feature uses this manager attribute to determine who receives the approval notification. If the manager attribute still points to the previous department head, that person will get the request instead of the current manager.
The approval workflow for former employee OneDrive access is part of the Microsoft 365 retention and eDiscovery tools. When an admin or delegated user requests access to a former employee’s OneDrive files, the system checks the user’s manager property and sends the approval email to that person. No automatic sync occurs between HR systems and the manager field after a department transfer, so the field must be updated manually or via a script.
How the Manager Attribute Is Populated
The manager attribute can be set in three ways: manually in the Microsoft 365 admin center, through Microsoft Entra ID user properties, or via directory synchronization from an on-premises Active Directory. If your organization uses Azure AD Connect or Microsoft Entra Cloud Sync, the manager field is synced from the on-premises attribute. In that case, the fix must start in the local Active Directory, not in the cloud.
What Happens When the Wrong Approver Is Selected
The wrong approver might approve or deny the request without proper context. They may not know the transferred employee’s current role or the files needed. This can delay access to critical business data or grant access to the wrong person. In some cases, the request sits unopened because the old manager no longer monitors that mailbox, causing a compliance risk.
Steps to Update the Manager Attribute and Resolve the Wrong Approver Issue
Follow these steps to correct the manager attribute and reassign pending access requests. Perform these steps in the order shown.
- Identify the transferred employee’s current manager
Confirm the correct department manager by checking your HR system or organizational chart. Do not proceed until you have the manager’s full name and email address. - Update the manager attribute in Microsoft 365 admin center
Go to the Microsoft 365 admin center > User management > Active users. Select the transferred employee’s account. On the Account tab, scroll to Manager and click Edit. Enter the new manager’s name and select them from the directory. Click Save. - If using directory synchronization, update the on-premises manager attribute
If your organization syncs users from on-premises Active Directory, open Active Directory Users and Computers. Locate the user object, right-click it, and select Properties. Go to the Organization tab and update the Manager field. Run a sync cycle or wait for the next scheduled sync to apply the change to Microsoft 365. - Verify the manager update in Microsoft Entra ID
Open the Microsoft Entra admin center > Users > select the transferred employee. Under Properties, check the Manager field. It should now display the correct manager. If it does not, check the sync status or manually update it from the Entra admin center. - Reassign pending OneDrive access requests
Go to the OneDrive admin center > Access management > Request access. Locate any pending requests for this user. Select the request and click Reassign. Enter the new manager’s email address. This sends a fresh approval email to the correct person. - Notify the new manager about the pending request
Send a brief email to the new manager informing them that a OneDrive access request is waiting in their inbox. Include the former employee’s name and the deadline for approval if one exists.
If OneDrive Access Requests Still Go to the Wrong Approver
OneDrive access request is sent to a group mailbox instead of a manager
If your tenant uses a shared mailbox or distribution group as the default approver, the manager attribute is not used. In that case, the approval goes to the group. To change this, go to the OneDrive admin center > Sharing > Access management. Under Approval settings, select User’s manager instead of Custom approver.
The manager attribute is correct but the request still goes to the wrong person
This can happen if the request was created before the manager attribute was updated. The approval email was already sent to the old manager. In this case, cancel the original request and create a new one. Go to OneDrive admin center > Access management > Request access, select the request, and click Cancel. Then create a new access request for the same user. The new request will use the updated manager attribute.
Department transfers happen frequently and manual updates are missed
Consider automating the manager attribute update using Microsoft Graph API or a PowerShell script. Use the Update-MgUser cmdlet in the Microsoft Graph PowerShell SDK to set the manager property when an HR system triggers a transfer event. Alternatively, use Microsoft Entra ID Governance’s Lifecycle Workflows to automatically update the manager attribute when a user’s department changes.
| Item | Manual Update | Automated Update |
|---|---|---|
| Update method | Microsoft 365 admin center or Active Directory Users and Computers | Microsoft Graph API, PowerShell, or Lifecycle Workflows |
| Time to apply | Immediate after sync | Depends on trigger frequency |
| Risk of human error | High | Low |
| Approval request routing | Correct after manual update | Correct after next sync |
Now you can identify why OneDrive access requests go to the wrong approver after a department transfer and correct the manager attribute in Microsoft 365 admin center or on-premises Active Directory. Next, review your OneDrive admin center access management settings to ensure the approval method is set to User’s manager rather than a custom approver. For frequent transfers, set up a Lifecycle Workflow that updates the manager attribute automatically when the department field changes.