When an employee leaves your organization, IT or HR often needs to transfer that person’s OneDrive files to a manager or delegate. The Microsoft 365 admin center provides a dedicated workflow to grant access to a former employee’s OneDrive. However, this process can fail when the access request or delegation assignment goes to the wrong approver. Instead of reaching the correct HR manager or IT admin, the request may go to an unintended recipient, causing delays in the handover. This article explains why the workflow sometimes routes incorrectly and provides step-by-step fixes to ensure the right person receives the access approval request.
Key Takeaways: Redirect OneDrive access requests to the correct HR approver
- Microsoft 365 admin center > Users > Active users > Select user > OneDrive tab: Grants access to a former employee’s OneDrive to a specific delegate or manager.
- SharePoint admin center > Access requests > Pending requests: Lists all pending access requests and allows you to reassign them to the correct approver.
- Azure AD > Users > User settings > External collaboration settings: Controls who can approve external access requests, which can override the intended internal approver.
Why OneDrive Access Requests Go to the Wrong Approver
The OneDrive for Business access delegation feature uses the former employee’s manager attribute from Azure Active Directory as the default approver. When you grant access to a former employee’s OneDrive, Microsoft 365 sends an approval request to the person listed as the manager for that user. If the manager field is missing, outdated, or points to an unintended person, the request goes to the wrong approver.
Additionally, the SharePoint admin center has its own access request settings that can override the default manager-based routing. If an organization has configured access request settings to send all requests to a specific email address or group, the delegation workflow may bypass the manager entirely. Finally, external collaboration settings in Azure AD can cause requests to route to external users or guest approvers if the former employee’s account has guest permissions or if sharing policies are misconfigured.
How the Default Approver Is Determined
The default approver for a former employee’s OneDrive access is the user listed in the Manager field of that employee’s Azure AD profile. This field is typically populated during employee onboarding via HR systems or manual updates. If the manager field is empty, the system falls back to the site collection administrator of the OneDrive site, which is usually the employee themselves or a SharePoint admin. In that scenario, no approval request is sent, and the delegate may receive immediate access without oversight.
When SharePoint Access Request Settings Override the Manager
SharePoint Online allows tenant-wide and site-level access request settings. If a SharePoint admin has configured access requests to be sent to a specific email address or group, the OneDrive delegation workflow may send the approval request to that address instead of the manager. This is a common cause of misrouting in organizations that centralize access requests through a shared mailbox or IT support queue.
Steps to Redirect OneDrive Access Requests to the Correct HR Approver
Follow these steps in order to ensure the former employee’s OneDrive access request reaches the intended HR manager or IT delegate.
Method 1: Update the Manager Field in Azure Active Directory
- Sign in to the Azure portal
Go to portal.azure.com and sign in with a Global Administrator or User Administrator account. - Navigate to Azure Active Directory
Select Azure Active Directory in the left menu, then choose Users. - Find the former employee
Search for the departing employee’s user account and click their name to open the profile. - Edit the Manager field
Select Properties from the left menu, then scroll to the Job info section. Click Edit, then in the Manager field, type the name of the correct HR manager or IT delegate who should approve access. Click Save. - Wait for replication
Allow up to 15 minutes for the change to replicate across Microsoft 365 services before retrying the access grant.
Method 2: Grant Access via the OneDrive Tab in Admin Center
- Open Microsoft 365 admin center
Go to admin.microsoft.com and sign in with a Global Administrator account. - Go to Users > Active users
Select the former employee’s account from the list. - Open the OneDrive tab
Click the OneDrive tab in the user profile pane. - Set access for the delegate
Under Access to files, click Create link to files. In the panel, choose a duration and enter the email address of the correct HR manager or IT delegate. Click Create link. - Send the link directly
Copy the generated link and send it to the delegate via email. This method bypasses the approval workflow entirely and grants immediate access.
Method 3: Change SharePoint Access Request Settings
- Open SharePoint admin center
Go to admin.microsoft.com/SharePoint and sign in with a SharePoint Administrator account. - Navigate to Access policies
In the left menu, select Policies, then choose Access control. Click Access requests. - Configure access request email
Under Send access requests to the following email address, clear the field if it contains a shared mailbox or group that is not the intended approver. Leave it blank to revert to the default manager-based routing. - Save the changes
Click Save at the bottom of the page.
If OneDrive Access Still Goes to the Wrong Approver
The manager field is empty but the request still goes somewhere
When the manager field is empty, the system checks the SharePoint access request settings at the tenant level. If a tenant-wide email address is configured, the request will go there. Clear the access request email as described in Method 3 to force the system to send no request, allowing the delegate to receive access without approval.
The request goes to the former employee themselves
This happens when the former employee is listed as the site collection administrator for their own OneDrive. To fix this, go to the SharePoint admin center, select Sites > Active sites, find the former employee’s OneDrive site, and change the primary site collection administrator to the HR manager or IT delegate. Then retry the access grant.
External users receive the approval request
If the former employee’s account has guest permissions or if sharing policies allow external users, the request may go to an external email address. Check Azure AD > External Identities > External collaboration settings. Ensure that Guest invite settings is set to Only users assigned to specific admin roles can invite guests to prevent unauthorized routing.
Manager-Based Routing vs SharePoint Access Request Email: Key Differences
| Item | Manager-Based Routing | SharePoint Access Request Email |
|---|---|---|
| Approver source | Azure AD Manager attribute of the former employee | Email address configured in SharePoint admin center > Access requests |
| Where to configure | Azure AD > Users > User profile > Manager field | SharePoint admin center > Policies > Access control > Access requests |
| Fallback behavior | If empty, no request is sent unless overridden | If empty, no request is sent even if manager field is populated |
| Override priority | Lower — SharePoint email setting takes precedence | Higher — overrides manager-based routing when configured |
The manager-based routing method is the default for OneDrive delegation. However, if a SharePoint access request email address is configured at the tenant level, that email address will receive the request instead of the manager. To ensure the correct approver receives the request, either populate the manager field and clear the SharePoint access request email, or use the direct link method in the OneDrive tab to bypass the approval workflow entirely.
By updating the manager field in Azure AD, clearing the SharePoint access request email, or using the direct link method, you can now ensure that the former employee’s OneDrive access request reaches the correct HR manager or IT delegate. Next, review your organization’s offboarding checklist to include a step that verifies the manager field is current for all departing employees. As an advanced tip, consider using PowerShell with the Set-AzureADUser cmdlet to batch-update manager attributes for multiple departing users at once, reducing manual errors during high-volume offboarding periods.