When a former employee’s OneDrive access request goes to the wrong approver during a department transfer, the approval workflow stalls and the new manager cannot gain access to critical files. This occurs because the default delegation logic in Microsoft 365 assigns the approval request to the user’s original manager listed in Azure Active Directory or on-premises Active Directory, not the new manager after the transfer. This article explains why the approval route breaks after a department change and provides step-by-step fixes to reroute the request to the correct approver.
Key Takeaways: Fixing Wrong Approver for Former Employee OneDrive Access
- Admin center > Users > Active users > Manager field: The manager attribute in Azure AD determines who receives the OneDrive access approval request; update it first after a department transfer.
- Microsoft 365 admin center > Settings > Org settings > OneDrive > Notify approvers: Configures which users receive access requests for former employees’ OneDrive, overriding the default manager logic.
- PowerShell cmdlet Set-SPOTenant -NotifyOwnersWhenInvitationsAccepted: Controls tenant-wide notification behavior for OneDrive access requests and can redirect approvals to a global admin or security group.
Why the OneDrive Access Approval Goes to the Wrong Person After a Department Transfer
When a user leaves the organization, Microsoft 365 retains their OneDrive for Business site for 30 days by default. During this period, managers or delegated administrators can request access to the former employee’s files. The approval request is sent to the user listed as the Manager in Azure Active Directory. If the former employee’s department transfer was processed in the HR system but the Manager attribute was not updated in Azure AD, the request goes to the old manager.
OneDrive uses a delegation model that relies on the manager attribute synced from on-premises Active Directory or set directly in Azure AD. When a department transfer occurs, the HR system updates the user’s department and title, but the manager assignment often remains unchanged until an IT administrator manually updates it. The approval request for OneDrive access is sent via email to the manager listed in the user’s profile. If that manager has also left the company or is no longer relevant, the request goes to an invalid or wrong inbox.
Additionally, the OneDrive access request feature in the SharePoint admin center has a setting called Notify approvers. By default, this setting sends notifications to the user’s manager. If the manager attribute is outdated, the notification never reaches the correct approver. The request remains pending until an admin intervenes or the 30-day retention period expires, causing data loss risk.
Steps to Redirect OneDrive Access Requests to the Correct Approver
- Update the Manager Attribute in Azure Active Directory
Sign in to the Microsoft 365 admin center at admin.microsoft.com. Go to Users > Active users. Select the former employee’s account. In the right panel, click the Manager tab. Click Edit, then search for the new manager’s name and select them. Click Save. This change updates the manager attribute in Azure AD, which is the source of truth for OneDrive approval routing. - Verify the Manager Change in Azure AD
Open the Azure Active Directory admin center at entra.microsoft.com. Go to Users > All users. Select the former employee’s user account. Under the Manager section, confirm the new manager is listed. If the change did not propagate, force a sync from your on-premises Active Directory if you use hybrid identity, or wait up to 30 minutes for Azure AD replication. - Configure OneDrive Access Request Notifications in SharePoint Admin Center
In the SharePoint admin center at admin.microsoft.com/SharePoint, go to Policies > Access control. Under OneDrive access requests, click Notify approvers. Select Specific people and enter the email addresses of the correct approvers, such as the new manager or a shared mailbox. Click Save. This overrides the default manager-based routing for all future access requests. - Use PowerShell to Set Tenant-Level Approval Routing
Open SharePoint Online Management Shell as an administrator. RunConnect-SPOService -Url https://[tenant]-admin.sharepoint.com. Then runSet-SPOTenant -NotifyOwnersWhenInvitationsAccepted $trueto enable notifications. To redirect all requests to a security group, runSet-SPOTenant -RequireAcceptingAccountMatchInvitedAccount $true. This ensures only the specified group can approve access. - Force a Retry of Pending Access Requests
If there is a pending access request from before the manager change, the new manager may not see it. Go to the former employee’s OneDrive site directly using the URL patternhttps://[tenant]-my.sharepoint.com/personal/[user]_[domain]_com. Navigate to Site settings > Site permissions > Access requests and invitations. Resend the pending request to the updated manager by clicking Resend invitation.
If OneDrive Still Routes to the Wrong Approver After Fixes
OneDrive access request goes to a deleted user
If the former employee’s old manager has been deleted from Azure AD, the approval request may go to an invalid email address. To fix this, restore the deleted manager account in the Azure AD admin center > Users > Deleted users. Alternatively, follow Step 3 above to configure Specific people in the SharePoint admin center to bypass the manager attribute entirely.
OneDrive access request goes to a user in a different department
This happens when the manager attribute was not updated after a department transfer. Use the Microsoft Graph PowerShell module to bulk-update manager attributes for multiple transferred users. Run Get-MgUser -Filter "Department eq 'OldDept'" | Update-MgUser -ManagerId 'NewManagerID'. This script updates all users in the old department to report to the correct manager.
OneDrive access request notification never arrives
The notification email may be blocked by spam filters or the former employee’s OneDrive site may have been deleted. Check the Exchange admin center > Mail flow > Message trace to see if the notification was sent. If the site is deleted, you cannot request access. Restore the OneDrive site within 93 days from the SharePoint admin center > Deleted sites.
Manager Attribute vs Specific People Notification: Key Differences
| Item | Manager Attribute (Default) | Specific People (Custom) |
|---|---|---|
| Configuration location | Azure AD user profile > Manager field | SharePoint admin center > Access control > Notify approvers |
| Update requirement | Must be updated manually for each transferred user | Set once at tenant level; applies to all future requests |
| Approver assignment | Dynamic based on user’s manager attribute | Static list of email addresses or security group |
| Best for | Small organizations with infrequent transfers | Large organizations with frequent department changes |
The manager attribute method requires updating each user’s profile after every transfer. The specific people method bypasses the manager attribute entirely and sends all access requests to a designated team, such as IT support or a shared mailbox. For organizations with frequent department transfers, the specific people method reduces administrative overhead and prevents requests from going to the wrong approver.
After updating the manager attribute or configuring specific approvers, you can verify the change by submitting a test access request from a secondary account to the former employee’s OneDrive. The notification should now reach the correct approver within minutes. For ongoing management, consider creating a PowerShell script that runs daily to audit manager attributes for all users who have changed departments in the HR system. This proactive approach prevents approval delays and ensures data continuity during department transfers.