When a former employee leaves your organization, their OneDrive for Business account should be accessible to HR or IT for a proper handover. Instead, you see an access denied error when trying to open the former employee’s OneDrive site. This happens because OneDrive retention policies, site permissions, and admin roles do not automatically grant access to the data after the user account is disabled or deleted. This article explains why the access denied error occurs and provides a step-by-step guide to recover the former employee’s OneDrive files so HR can complete the handover.
Key Takeaways: Recovering Former Employee OneDrive for HR Handover
- Microsoft 365 admin center > Users > Active users > Former employee name: Check whether the account is disabled or deleted — deleted accounts lose direct OneDrive access for everyone except global admins.
- Microsoft 365 admin center > Setup > Data migration > Access former employee’s OneDrive: This tool restores site collection admin rights to a designated user for 30 days.
- SharePoint admin center > More features > User profiles > Manage user profiles: Use this to set a new site collection admin on the former employee’s OneDrive if the admin center tool fails.
Why the Former Employee’s OneDrive Shows Access Denied
OneDrive for Business is a personal site collection tied to the user’s account in Microsoft 365. When a user leaves the organization, the IT team typically disables or deletes the user account. Disabling the account removes the user’s license and blocks sign-in, but the OneDrive site remains for a retention period. Deleting the account removes the user object from Azure Active Directory, which breaks the permission inheritance for anyone who was not explicitly granted access.
By default, only the site owner the former employee has full control over the OneDrive. Global admins and SharePoint admins do not automatically have access to every user’s OneDrive. Without explicit site collection admin delegation, any attempt to open the site URL will show an access denied message.
Microsoft 365 provides a 30-day grace period after a user account is deleted during which a global admin can restore access. After 93 days from account deletion, the OneDrive site is permanently deleted. For HR handovers, you must act within these retention windows.
Steps to Grant HR Access to a Former Employee’s OneDrive
Follow these steps in order. If the first method fails, proceed to the next one.
Method 1: Use the Access Former Employee’s OneDrive Tool in the Admin Center
- Sign in to the Microsoft 365 admin center
Go to admin.microsoft.com and sign in with a global admin account. - Navigate to Setup > Data migration
In the left navigation, select Setup, then scroll to Data migration and click View. - Click Access former employee’s OneDrive
Find the link labeled Access former employee’s OneDrive documents and click it. This opens a panel that lists former employees. - Enter the former employee’s name or email
Type the name or email address of the former employee. Select the correct user from the search results. - Choose a user to grant access
Enter the email address of the HR representative or IT staff who needs access. This person will become a site collection admin on the OneDrive. - Click Grant access
The system sends an email notification to the designated user with a link to the OneDrive. The access lasts for 30 days.
Method 2: Set a New Site Collection Admin via SharePoint Admin Center
Use this method if the admin center tool is unavailable or the former employee’s account was deleted more than 30 days ago but within 93 days.
- Sign in to the SharePoint admin center
Go to admin.microsoft.com/SharePoint and sign in with a global admin or SharePoint admin account. - Open More features > User profiles
In the left navigation, click More features. Under User profiles, click Open. - Click Manage user profiles
In the User profiles page, click Manage user profiles in the People section. - Find the former employee’s profile
In the search box, type the former employee’s name or email. Click Find. - Open the profile and set a new site collection admin
Click the user’s name. In the profile page, click Settings and then Set site collection administrator. Enter the email of the HR user and click OK. - Notify the HR user
Send the HR user the direct URL of the former employee’s OneDrive. The URL format is https://-my.sharepoint.com/personal/ . The HR user will now have site collection admin access._ _com
Method 3: Restore a Deleted OneDrive Site
If the OneDrive site was deleted within the last 93 days, you can restore it through the SharePoint admin center.
- Go to SharePoint admin center > Sites > Deleted sites
Click Sites in the left navigation, then select the Deleted sites tab. - Find the former employee’s OneDrive site
Look for a site with the title OneDrive and the former employee’s name. The URL contains -my.sharepoint.com. - Click Restore
Select the site and click Restore. The site becomes active again within minutes. - Grant access using Method 1 or 2
Once restored, use the Access former employee’s OneDrive tool or set a new site collection admin to give HR access.
If OneDrive Still Shows Access Denied After the Main Fix
The Former Employee’s Account Was Permanently Deleted
If the user account was deleted more than 93 days ago, the OneDrive site is permanently gone. No recovery method works. To prevent this in the future, set a retention policy in the Microsoft 365 compliance center that keeps OneDrive data for a longer period. Go to Compliance center > Information governance > Retention policies and create a policy for OneDrive content.
The HR User Still Gets Access Denied After Being Added as Site Collection Admin
The HR user must sign out of all Microsoft 365 services and sign back in. Browser caching can cause stale permissions. Clear the browser cache or use an InPrivate or Incognito window. If the issue persists, check whether the HR user’s account has a SharePoint license assigned. Without a license, the user cannot access any SharePoint or OneDrive site.
OneDrive URL Returns a 404 or Site Not Found Error
The former employee’s OneDrive site might have been renamed or moved. Verify the exact URL by going to Microsoft 365 admin center > Users > Active users, selecting the former employee, and looking under the OneDrive tab. The correct URL is listed there. If the user account is deleted, use the SharePoint admin center > Sites > Active sites and search for the user’s name.
| Item | Access Former Employee Tool | Manual Site Collection Admin |
|---|---|---|
| Admin role required | Global admin | Global admin or SharePoint admin |
| Works with deleted accounts | Yes, within 30 days of deletion | Yes, within 93 days of deletion |
| Access duration | 30 days, auto-revoked | Permanent until removed |
| User interface | Guided wizard in admin center | SharePoint admin center user profiles |
| Email notification to HR | Automatic | Manual |
You can now grant HR access to a former employee’s OneDrive using the Access former employee’s OneDrive tool or by manually setting a site collection admin. Next, verify that your organization has a retention policy for OneDrive data set to at least 93 days. As an advanced tip, use PowerShell with the SharePoint PnP module to bulk-grant site collection admin access to multiple former employee OneDrive sites at once by running the Set-PnPTenantSite -Url command.