OneDrive's place in the platform
OneDrive is a personal workspace. It is the right place for drafts, individual notes, work in progress that hasn't been shared, and content tied to one person rather than a team. It is not a corporate repository, even when content has been shared with colleagues. The moment work needs to be team-owned, durable, or governed, it belongs in SharePoint or Teams.
This positioning matters because OneDrive's defaults make it easy for users to drift in the wrong direction. Sharing a OneDrive folder with five colleagues feels equivalent to creating a SharePoint site, but it isn't — when the OneDrive owner leaves the organization, everything they shared becomes inaccessible by default. The platform punishes the misuse quietly, often years after the misuse happened.
What belongs in OneDrive
- Drafts and personal working copies before they're ready to share.
- Reference materials and notes useful to one person, not the team.
- Files received from outside the organization (email attachments, downloads) before they're filed.
- Personal productivity content (templates, snippets, scratch work).
- Temporary content that will be moved to SharePoint or a Team within days.
What does not belong:
- Project files, departmental records, or content owned by more than one person.
- Business-critical artefacts the organization needs to find without that user's help.
- Long-running collaboration. If two people will edit it next month, it's not OneDrive material.
- Anything the organization needs to retain past the user's tenure.
If the work belongs to a business area or a project, it shouldn't live in OneDrive. Sharing doesn't make content team-owned — it just makes it harder to govern when the owner leaves.
Keeping OneDrive in its lane
The hardest part of OneDrive strategy isn't deciding what it's for. It's keeping it from quietly becoming the place users dump everything because they don't know where else to put it. Three approaches solve this in practice — pick the one that fits your organization's appetite for control versus user freedom.
Approach 1 — Generic retention plus a manual "keep" override
A generic retention policy disposes OneDrive content 2 years after last modified. Users who genuinely need to keep content longer manually apply a "Keep Longer" label (commonly 10 years) to the specific files or folders that need it.
- Pros. Solves storage growth and stale-content discoverability at the same time. Active content stays untouched (it's modified within the 2-year window). Users have a clear escape valve for content they need to retain.
- Cons. Users have to remember to apply the label. Content that should have been in SharePoint can still live in OneDrive — generic retention alone doesn't force the move.
- When to choose. Organizations with strong user behaviour and a real focus on disposition. Especially fits regulated environments where deliberate retention decisions are the cultural norm.
Approach 2 — Cap OneDrive storage size
Reduce the OneDrive quota well below the default 1 TB — typical caps are 25 GB, 50 GB, or 100 GB. Once users hit the cap, they can't add more content until they delete, archive, or move material to SharePoint.
- Pros. Forces users to leverage SharePoint for business content. The constraint is the governance — users who feel the limit naturally start asking where their team's content actually belongs.
- Cons. Help-desk pressure when users hit the cap, especially early in the rollout. Some legitimate personal-content scenarios (image-heavy work, video drafts) need an exception process.
- When to choose. Organizations that want OneDrive used the way it's defined — personal workspace only. The most common choice across the client base.
Approach 3 — Default quota plus monitoring and outreach
Leave the default 1 TB quota in place. Monitor OneDrive usage through Microsoft 365 admin centre reports and reach out to users who have accumulated unusually large amounts of data. The intervention is human, not policy-driven.
- Pros. No hard limits to hit; users with legitimate need aren't blocked. Conversations with heavy users surface real governance issues — "what's actually in your OneDrive?" leads to "this should be in SharePoint."
- Cons. Requires sustained operational effort. Without follow-through, large OneDrive footprints just accumulate. Outreach is harder at scale.
- When to choose. Organizations where individual context matters more than uniform limits — research-heavy environments, professional services firms, or any setting where personal content volumes legitimately vary.
Kybera Impact's Insights module surfaces OneDrive volumes, sharing patterns, and stale-content trends across the tenant — so the outreach in approach 3 isn't a manual report-gathering exercise. The Compliance module manages tenant-wide retention scopes including OneDrive — the generic 2-year disposal and any "Keep Longer" override label used in approach 1.
All three approaches are achievable on stock Microsoft 365. The quota cap is set in the SharePoint admin centre. Retention policies are configured in Purview. Usage monitoring lives in the Microsoft 365 admin centre's reports. The work is in maintaining coverage as users come and go and in building a steady outreach cadence — none of which is hard, but none of which happens on its own.
Departure handover
When an employee leaves, their OneDrive contains the only copy of work that should have been in SharePoint, plus personal content that should be removed. Without an explicit handover process, both ends fail: business content is lost (or recovered manually under pressure), and personal content lingers indefinitely.
| Step | Owner | Timing |
|---|---|---|
| Designate manager for OneDrive access on departure | HR + manager | At separation paperwork |
| Manager granted read access to former employee's OneDrive | IT (automated) | Day of departure |
| Review and extract business content; route to appropriate SharePoint/Team | Manager (with guidance) | Within the access window |
| Confirm extraction complete; flag content for retention or release | Manager | End of access window |
| OneDrive disposed per retention-on-leave policy | IT (automated) | After access window expires |
Common retention-on-leave windows are 30 days, 60 days, 90 days, or 1 year. Shorter windows reduce storage and risk; longer windows give managers more time to recover content. Most organizations land at 90 days for general staff, with longer windows for senior or specialized roles where content recovery is more complex.
Retention-on-leave policy
Microsoft 365 supports a tenant-level policy that preserves a former employee's OneDrive for a defined period after their account is disabled. After the period ends, OneDrive content is permanently disposed unless an explicit hold is in place.
- Hold for litigation or investigation. Active legal holds suspend automatic disposition until released.
- Manual extension. Manager or Information Manager can extend the access window for specific cases.
- Records preservation. Content the manager identifies as records-grade is moved to the appropriate Record Centre before the window expires.
- Disposition. After the window, the OneDrive is removed. The user account itself follows the org's identity lifecycle policy.
Known Folder Move (KFM)
Known Folder Move redirects the user's Desktop, Documents, and Pictures folders to OneDrive. This is one of the most consequential OneDrive decisions because it changes where "the user's files" live by default — from local disk to OneDrive.
| KFM enabled | KFM disabled | |
|---|---|---|
| User experience | Files in Documents/Desktop sync to OneDrive automatically. Available across devices. | Files stay local. Users must explicitly save to OneDrive. |
| Pros | Backup and continuity for free. Loss of a device doesn't lose work. Reduces "my files were on my old laptop." | Predictable behaviour for users who don't trust cloud-by-default. Less storage pressure on OneDrive. |
| Cons | Can flood OneDrive with content that wasn't meant for cloud (downloads, junk). Can hit quota faster — especially under approach 2. Creates retention questions for content that was implicitly local-only. | Users lose work when devices fail. No automatic continuity. Higher help-desk load for laptop replacements. |
| Best for | Most modern organizations. Aligns with the cloud-first posture. | Highly regulated environments where local-only content is required. |
Enable KFM by default for most organizations. If your OneDrive strategy uses approach 2 (capped storage), pair KFM with end-user education so users understand what flows into OneDrive automatically and don't blow through their cap on Desktop screenshots.
Sharing patterns
- Default to internal sharing. Anonymous links should be off by default for OneDrive. External sharing should require named recipients.
- Expiration on shares. Shared links should expire after a defined period. Renewable for active collaboration.
- Audit shared content. Reporting should surface widely-shared OneDrive content — particularly content shared externally or via Anyone links.
- Sensitivity labels. Confidential content in OneDrive should be labelled. Manual labels are realistic; auto-labelling for OneDrive is a later-phase capability.
Discussion questions
• Which of the three approaches fits our culture — generic retention with a manual override, a hard storage cap, or default quota with monitoring and outreach?
• If we cap storage, what cap fits — 25 GB, 50 GB, 100 GB? What's our exception process?
• If we use generic retention, what's the disposition window — 2 years, longer, shorter? What "keep longer" labels do we expose to users?
• If we monitor and reach out, who runs the outreach, and at what cadence?
• What's our retention-on-leave window — 30, 60, 90 days, or longer?
• Who gets manager access to a departing employee's OneDrive, and for how long?
• Have we enabled Known Folder Move? If not, why not?
• What's our default external sharing posture for OneDrive — internal-only, named recipients, or anyone links?
• Are we actively educating users on what belongs in OneDrive vs SharePoint?