When a mobile worker clicks the upload button on a OneDrive for Business web page, the browser may redirect to a different tenant’s sign-in page instead of the expected corporate tenant. This typically occurs because the browser caches authentication tokens from a previous session on a different Microsoft 365 tenant. This guide explains why the tenant mismatch happens and provides step-by-step fixes to force the correct tenant sign-in for web uploads.
Key Takeaways: Fixing Wrong Tenant Redirect on OneDrive Web Upload
- Browser cache and cookies for login.microsoftonline.com: Clearing these forces a fresh sign-in prompt and resolves tenant mismatch.
- Ctrl+Shift+Del in Chrome or Edge: Opens the clear browsing data panel where you can delete cached images and cookies for a specific time range.
- Tenant-specific URL with tenant ID: Use
https://to bypass the generic portal.azure.com redirect.-my.sharepoint.com
Why OneDrive Web Upload Redirects to the Wrong Tenant
OneDrive for Business uses Azure Active Directory to authenticate users. When a mobile worker accesses OneDrive through a web browser, the browser stores authentication tokens and session cookies from the Microsoft identity platform. If the worker previously signed into a different tenant, such as a client’s tenant or a personal Microsoft account, those cached tokens persist. The browser then presents those tokens during the next sign-in attempt, causing Azure AD to redirect the user to the tenant associated with the cached token instead of the corporate tenant.
This problem is especially common for contractors, consultants, and employees who manage multiple Microsoft 365 tenants. The browser does not distinguish between tenants automatically. The cached token takes priority over the URL the user typed. As a result, the upload page loads with the wrong tenant’s sign-in screen, and the user cannot upload files to the intended OneDrive location.
Steps to Force OneDrive Web Upload to the Correct Tenant
Follow these steps in order. Each method targets a different layer of the authentication cache. Start with the simplest method.
Method 1: Clear Browser Cache and Cookies for the Microsoft Login Domain
- Open the clear browsing data panel
In Google Chrome or Microsoft Edge, press Ctrl+Shift+Del on Windows. The Clear browsing data dialog appears. - Select the time range
Set the Time range to All time. This removes all cached data, not just recent data. - Check the required data types
Check Cookies and other site data. Also check Cached images and files. These two items hold the tenant-specific tokens. - Limit to the Microsoft login domain
Click Advanced or the Site settings link in the dialog. In the search box, type login.microsoftonline.com. Click the trash icon next to each entry to delete only data for that domain. This preserves other site data. - Close all browser windows
Close every tab and window. Open a new browser window. Navigate to https://portal.office.com. Sign in with your corporate tenant credentials.
Method 2: Use a Tenant-Specific OneDrive URL
- Get your tenant name
Open the Microsoft 365 admin center. Go to Settings > Org settings > Organization profile. Copy the tenant name from the Tenant ID field. It looks like contoso.onmicrosoft.com. - Build the tenant-specific URL
Replace contoso with your tenant name. The URL format is https://contoso-my.sharepoint.com. This URL bypasses the generic portal.azure.com redirect. - Bookmark the URL
Add the tenant-specific URL to your browser bookmarks. Use this bookmark every time you need to upload files to OneDrive. This avoids the tenant selection prompt.
Method 3: Use InPrivate or Incognito Mode with Explicit Tenant
- Open an InPrivate window
In Microsoft Edge, press Ctrl+Shift+N. In Google Chrome, press Ctrl+Shift+N. - Navigate to the tenant-specific URL
Type the tenant-specific URL from Method 2 into the address bar. The browser has no cached tokens, so it prompts you to sign in. - Enter your corporate credentials
Sign in with your work or school account. The browser now loads the correct OneDrive tenant. Upload your files.
If OneDrive Still Opens the Wrong Tenant After Clearing Cache
OneDrive Web Upload Redirects to a Personal Microsoft Account
If the redirect goes to a personal OneDrive account, the browser may have cached tokens from login.live.com. Clear cookies and site data for login.live.com using the same method as Method 1. Then close all browser windows and sign in again using the tenant-specific URL.
Mobile Worker Uses a Shared Device
On a shared device, other users may have left cached tokens for their tenants. The best fix is to use InPrivate mode every time. Alternatively, configure the device to automatically clear browsing data on exit. In Chrome, go to Settings > Privacy and security > Cookies and other site data. Turn on Clear cookies and site data when you close all windows.
Microsoft 365 Admin: Tenant Restriction Policy Is Set Incorrectly
If the issue affects multiple users, the tenant restriction policy in Azure AD may allow sign-ins from external tenants. The admin can enforce a tenant restriction using the Tenant Restrictions policy in Azure AD. This policy forces the browser to only accept tokens from your corporate tenant. Go to Azure AD > Manage > Tenant restrictions. Set the Restrict-Access-Context header to your tenant ID. Apply the policy to all users.
OneDrive Web Upload Methods: Direct URL vs Generic Portal
| Item | Direct Tenant URL | Generic Portal URL |
|---|---|---|
| Description | Uses your tenant-specific SharePoint My Site URL | Uses the generic office.com or portal.office.com sign-in page |
| URL format | https://contoso-my.sharepoint.com | https://portal.office.com or https://www.office.com |
| Token caching behavior | Minimal redirects; token is tied to your tenant | Redirects through multiple Microsoft authentication endpoints |
| Best for | Mobile workers who frequently switch tenants | Users who stay within one tenant |
| Requires bookmark | Yes, to avoid typing the full URL each time | No, but may prompt for tenant selection |
Using the direct tenant URL eliminates the tenant redirect problem because the browser never contacts the generic portal endpoints. Mobile workers should bookmark this URL and use it as their primary OneDrive web entry point.
You can now force the correct tenant for OneDrive web uploads by clearing the browser cache for the Microsoft login domain or by using a tenant-specific URL. For frequent tenant switching, bookmark your tenant-specific OneDrive URL. As an advanced tip, ask your Microsoft 365 admin to enable Azure AD tenant restrictions to prevent the browser from accepting tokens from external tenants entirely.