When a former employee leaves your organization, their OneDrive files must be transferred or deleted. Microsoft 365 includes a data governance feature that sends an approval request to a designated approver before cleanup proceeds. However, many administrators report that the approval request goes to the wrong person — often a manager who no longer supervises the user, a generic mailbox, or even the former employee themselves. This problem typically occurs because the approval routing logic in the Microsoft 365 admin center pulls the wrong manager attribute from Azure Active Directory, especially for contractors whose manager field is outdated or blank. This article explains the exact cause of the misrouted approval, provides a step-by-step fix to redirect requests to the correct approver, and covers related failure patterns such as stuck approvals and missing delegation options.
Key Takeaways: Redirect former employee OneDrive approval requests to the correct person
- Microsoft 365 admin center > Organization > Data lifecycle management > Microsoft 365 > Retentions: Controls which admin or manager receives approval requests for former employee OneDrive cleanup
- Azure AD > Users > Manager attribute: The exact field the approval system reads to determine the approver — must be updated for every contractor
- PowerShell Set-AzureADUserManager cmdlet: Bulk-updates the Manager attribute for multiple contractors to fix routing in one operation
Why the Approval Request Goes to the Wrong Approver
The former employee data cleanup workflow in Microsoft 365 relies on the Manager attribute stored in Azure Active Directory for each user. When you initiate a cleanup action — such as transferring OneDrive files or deleting the user account — the system looks up the user’s Manager field. It then sends the approval request to that manager’s email address. If the Manager attribute points to the wrong person, is empty, or references a user who no longer exists in the tenant, the request either goes to an incorrect person or is never delivered.
For contractors, this problem is especially common. Many organizations do not maintain the Manager attribute for temporary workers. The field may be left blank, set to a now-departed supervisor, or populated with a generic mailbox like hr@contoso.com. The Microsoft 365 approval system does not validate the manager’s active status before sending the request. It simply reads the attribute and sends the email. If the manager is inactive, the request bounces or sits undelivered.
A second cause involves the Data lifecycle management retention policies. If a retention policy defines a specific reviewer or approver group, that group overrides the user-level Manager attribute for that policy. However, if the policy is configured incorrectly — pointing to a distribution group that does not exist or a user who has left — the request again goes to the wrong place.
Steps to Fix the Wrong Approver for Contractor Cleanup
Follow these steps to identify the current Manager attribute, correct it, and verify that future approval requests go to the right person.
- Check the current Manager attribute in Azure AD
Sign in to the Azure portal at portal.azure.com. Navigate to Azure Active Directory > Users. Search for the contractor user. Open their profile and click Manager in the left menu. Note the name listed. If the field is blank or shows an incorrect person, proceed to step 2. - Update the Manager attribute for one user
In the same profile page, click Change manager. Search for the correct manager from your directory. Select the correct user and click Select. Click Save at the top of the pane. The change takes effect immediately. Allow up to one hour for the approval system to cache the updated value. - Bulk-update the Manager attribute using PowerShell
If you have multiple contractors with wrong managers, use the Microsoft Graph PowerShell module. Open PowerShell as administrator and runConnect-MgGraph -Scopes "User.ReadWrite.All", "Directory.ReadWrite.All". Then run the following script, replacing the CSV file path with your own list:$users = Import-Csv "C:\contractors.csv" foreach ($user in $users) { Update-MgUser -UserId $user.UserPrincipalName ` -ManagerId $user.ManagerObjectId }The CSV must have columns UserPrincipalName and ManagerObjectId. You can find the ManagerObjectId by running
Get-MgUser -UserId manager@domain.com | Select-Object Id. - Verify the Data lifecycle management retention policy approver
Go to the Microsoft 365 admin center at admin.microsoft.com. Navigate to Organization > Data lifecycle management > Microsoft 365 > Retentions. Find the retention policy that applies to former employees. Click the policy name, then click Edit policy. Under Reviewers, ensure the correct user or group is listed. If a group is listed, verify that group still exists and contains active members. - Test the fix with a simulated cleanup
To confirm the approval request now goes to the correct person, create a test user who mirrors the contractor. Assign the same Manager attribute you just corrected. Initiate a former employee cleanup action from the Microsoft 365 admin center > Users > Deleted users. Choose Transfer OneDrive files. Observe the email that the approval request generates. It should arrive in the correct manager’s inbox within 15 minutes.
If OneDrive Cleanup Still Goes to the Wrong Approver
The Manager attribute is correct but the request still goes to a different person
This scenario usually means a retention policy or supervisory review policy overrides the user-level Manager attribute. Check all retention policies in the Microsoft 365 admin center under Data lifecycle management. If any policy has a static reviewer list, remove the incorrect reviewer and add the correct one. Also check Communication compliance policies in the Microsoft Purview compliance portal. A supervisory review policy can redirect approval emails to a separate reviewer group.
The approval request is sent to the former employee themselves
This occurs when the former employee’s Manager attribute points to their own user object. This can happen if the attribute was never set or was set to the user by mistake. Fix the Manager attribute as described in step 2 above. If the user is already deleted, you must restore the user, correct the Manager attribute, then delete the user again. To restore a deleted user, go to Azure AD > Users > Deleted users, select the user, and click Restore.
The approval request never arrives and the OneDrive cleanup is stuck
If the Manager attribute points to a user who no longer exists in the tenant, the email is sent to a non-existent mailbox. The cleanup process waits indefinitely for a response. To fix this, update the Manager attribute to an active user. If you cannot identify the correct manager, assign the attribute to a shared mailbox that your IT team monitors. After updating the attribute, go to the Microsoft 365 admin center > Users > Deleted users, select the former employee, and click Retry cleanup.
Manager Attribute vs Retention Policy Reviewer: Key Differences
| Item | Manager Attribute (Azure AD) | Retention Policy Reviewer (M365 admin center) |
|---|---|---|
| Description | User-level field that defines the direct supervisor | Policy-level setting that defines who reviews cleanup actions |
| Where configured | Azure Active Directory > Users > user profile > Manager | Admin center > Organization > Data lifecycle management > Retentions > edit policy > Reviewers |
| Scope | Single user | All users covered by the retention policy |
| Override behavior | Default routing target if no policy reviewer is set | Overrides the Manager attribute for all users under that policy |
| Best practice for contractors | Always set to the contracting company’s point of contact or IT manager | Set to a dedicated IT approval group for all contractor cleanup requests |
The approval routing for former employee OneDrive cleanup depends on two separate systems. The Manager attribute in Azure AD serves as the default target. Retention policy reviewers override that default. Both must be correct for the approval to reach the intended person.
After correcting the Manager attribute and verifying the retention policy reviewer, you can reliably route cleanup approval requests to the correct approver. Run a test cleanup on a test contractor account to confirm the email arrives in the right inbox. For long-term management, create a dedicated Azure AD security group named ContractorCleanupApprovers and set that group as the reviewer in your retention policy. This approach ensures that even if individual managers change, the approval group remains stable.