When a legal or compliance team needs to access a former employee’s OneDrive for Business files during an eDiscovery or litigation hold review, the most common error is an access denied message. This happens because the former employee’s Microsoft 365 account is disabled or deleted, which removes all direct permissions to their OneDrive site. Microsoft 365 does not allow direct login to a disabled account, and even global admins cannot open the former employee’s OneDrive by simply clicking a link. This article explains the root cause of the access denied error and provides the exact steps to grant access for legal review using the Microsoft 365 admin center, Microsoft Purview eDiscovery, and PowerShell.
Key Takeaways: Accessing a Former Employee’s OneDrive for Legal Review
- Microsoft 365 admin center > Users > Active users > select user > OneDrive tab: Use this path to grant an admin or legal reviewer direct access to the former employee’s OneDrive files.
- Microsoft Purview > eDiscovery > Content search: Search across all mailboxes and OneDrive sites for specific keywords or date ranges without needing direct site access.
- SharePoint Online Management Shell cmdlet Set-SPOUser -IsSiteCollectionAdmin: PowerShell command to add a legal reviewer as a site collection admin on the former employee’s OneDrive.
Why Access Denied Appears for a Former Employee’s OneDrive
When an employee leaves an organization, the IT team typically disables or deletes the user’s Microsoft 365 account. This action automatically removes the user’s license and revokes all permissions, including access to their OneDrive site. The OneDrive site itself remains in the SharePoint Online backend for 30 days after account deletion (or longer with a retention policy), but no one has permission to view its contents by default.
Even global administrators cannot open a former employee’s OneDrive directly from a browser link. The access denied message appears because the requesting user’s account is not listed in the site’s permission settings. The SharePoint Online site for a former employee’s OneDrive is a separate site collection that requires explicit permission assignment. Microsoft 365 does not provide any automatic fallback access for disabled accounts.
Retention Policies and Litigation Hold Effects
If the organization has a retention policy or litigation hold applied to the former employee’s OneDrive, the site and its files are preserved even after the account is deleted. The access denied error still occurs because retention does not grant any user permissions. The site exists but remains locked to all users until an administrator explicitly adds a reviewer as a site collection admin or uses eDiscovery tools to search the content.
Steps to Grant Access to a Former Employee’s OneDrive for Legal Review
Use one of the following methods to grant access. The Microsoft 365 admin center method is the fastest for individual cases. Use eDiscovery for larger investigations with multiple custodians.
Method 1: Grant Access via Microsoft 365 Admin Center
- Sign in to the Microsoft 365 admin center
Go to https://admin.microsoft.com and sign in with a Global Administrator account. - Navigate to the former employee’s user account
In the left navigation, select Users then Active users. If the account is deleted, click Deleted users and restore the account first. Restoring the account reactivates the OneDrive site for 30 days. - Open the OneDrive tab
Click the user’s display name, then select the OneDrive tab in the user details pane. - Click Create link to files
Under the OneDrive section, click Create link to files. This generates a direct URL to the OneDrive site. - Grant access to a specific user
Click Grant access next to the generated link. Enter the email address of the legal reviewer or compliance officer. Select the permission level: Can view or Can edit. Click Grant access. - Notify the reviewer
The reviewer will receive an email with the link. They can now open the former employee’s OneDrive and browse or download files as needed.
Method 2: Use Microsoft Purview eDiscovery for Content Search
- Open Microsoft Purview compliance portal
Go to https://compliance.microsoft.com and sign in with a Global Administrator or eDiscovery Manager role. - Create a new eDiscovery case
In the left navigation, select eDiscovery then Standard cases. Click Create a case, enter a name and description, then click Save. - Add custodians
Open the case, select Custodians, then click Add custodian. Search for the former employee’s name or email. Select the user and click Next. On the settings page, ensure OneDrive for Business is checked under data sources. Click Next and then Submit. - Create a content search
In the case, select Searches then click New search. Enter search keywords or leave blank to return all files. Under locations, select Choose specific locations and add the former employee’s OneDrive URL. Click Search. - Review and export results
After the search completes, click the search name to view results. Select Export results to download a copy of the files for legal review. This method does not require granting direct site access.
Method 3: Use PowerShell to Add a Site Collection Admin
- Install SharePoint Online Management Shell
Open Windows PowerShell as administrator. RunInstall-Module -Name Microsoft.Online.SharePoint.PowerShelland confirm the installation. - Connect to SharePoint Online
RunConnect-SPOService -Url https://yourtenant-admin.sharepoint.com. Replaceyourtenantwith your tenant name. Sign in with a Global Administrator account. - Get the OneDrive site URL
RunGet-SPOSite -IncludePersonalSite $true -Limit all | Where-Object {$_.Owner -eq "formeremployee@domain.com"} | Select-Object Url. Replace the email address with the former employee’s email. Note the URL returned. - Add the legal reviewer as a site collection admin
RunSet-SPOUser -Site. Replace-LoginName reviewer@domain.com -IsSiteCollectionAdmin $true reviewer@domain.comwith the reviewer’s email. - Verify access
The reviewer can now open the OneDrive URL in a browser and access all files. To remove access later, run the same command with-IsSiteCollectionAdmin $false.
If Access Denied Still Appears After Granting Permission
The former employee’s OneDrive site is still being provisioned
When you restore a deleted user account, the OneDrive site may take up to 24 hours to become accessible. During this time, any access attempt shows access denied. Wait 24 hours and try again. If the site remains inaccessible, check the SharePoint admin center for a site collection with the former employee’s name. If the site does not appear, it may have been permanently deleted after the 30-day retention period.
The reviewer’s account does not have the correct license
Accessing a OneDrive site requires the reviewer to have a SharePoint Online license assigned. If the reviewer sees access denied after being added as a site collection admin, verify that the reviewer’s Microsoft 365 account has a license that includes SharePoint Online. Assign a license in the Microsoft 365 admin center under Users > Active users > select reviewer > Licenses and apps.
The OneDrive site was deleted and not recoverable
If the former employee’s account was deleted more than 30 days ago and no retention policy was applied, the OneDrive site is permanently deleted. In this case, the only option is to restore from a backup if the organization uses a third-party backup service. Microsoft 365 does not provide a native recovery method for permanently deleted OneDrive sites.
Admin Center Grant Access vs eDiscovery Content Search: Key Differences
| Item | Admin Center Grant Access | eDiscovery Content Search |
|---|---|---|
| Purpose | Give a user direct access to browse the OneDrive site | Search and export files without granting site access |
| Permissions required | Global Administrator | Global Administrator or eDiscovery Manager |
| User sees full site structure | Yes | No, only search results |
| Can modify files | Yes if granted edit permission | No, export is read-only |
| Best for | Single former employee, quick access needed | Multiple custodians, legal hold, or compliance investigation |
When the access denied error appears for a former employee’s OneDrive, the root cause is always missing permissions. Use the admin center to grant direct access for a single reviewer, or use eDiscovery for a broader search without giving site access. PowerShell provides a more permanent method for adding site collection admins. Always verify the reviewer has a SharePoint license and that the OneDrive site still exists in the tenant.