Protecting and Preserving Users OneDrive Data

What is data retention in OneDrive & why should it be turned on?

When an employee leaves your company, often they have files on their computer or in their OneDrive which would be useful for others taking on the role. Files they may have been collaborating on with others in your company or external guests that someone taking over their role would need access to.

Take Adele as an example. She works in your organisation, but has decided to leave to pursue a career overseas. When she leaves, she dutifully turns in her computer and her colleague Sam (who is taking over her role) is given access to her emails to help him going forward.

But what about her files? Well, the files on her computer are exported and provided to Aaron…except  Adele stored most of her files in her OneDrive account so what was sent to Sam from her computer was not useful.

Fortunately, your IT manager had OneDrive data retention turned on for your company, so when Adele’s 365 account was deleted, Helpdesk was able to give Aaron access to her OneDrive files.
OneDrive data retention is about managing data after someone leaves the business and making sure any documents the leaving user had can be accessed by someone else in the business. By default OneDrive data is deleted 30 days after their account is disabled, making it even more important you protect it

Turning it on ensures that at least the user’s manager has access to the OneDrive files, and enables an admin to set a backup in the case where a user does not have a manager in 365.

How does it work?

Back to Adele, who is leaving the business. Adele’s colleague Aaron will be taking over her role and will need access to Adele’s OneDrive files.

1. When Adele is deleted from 365 admin or Active Directory, Aaron can be given access to Adele’s OneDrive files.

2. The deletion is synchronized to SharePoint

3. The OneDrive clean up job runs, and the Adele’s OneDrive account is marked for deletion.

4. Aaron, and Adele’s manager Mary are notified that Adele’s account will be deleted. By default, Aaron and Mary would have 30 days to access the data before it is deleted, but that can be changed.

a. If Adele didn’t have a manager in AD, OneDrive retention can be configured to give a back-up person access to the files. The backup person would be the same for all users leaving.

5. 7 days before the retention period ends, an email reminder is sent to Aaron and Mary.

6. After retention period, the OneDrive documents are moved to the site collection recycle bin
The documents can be retrieved, but it requires PowerShell commands (Read More

How do I turn it on?

You will need a SharePoint admin account to change the OneDrive retention settings

1. Navigate to the More Features section of the SharePoint admin centre
Under the User Profiles section, click the open button.

3. Under the My Site Settings heading, click Setup My Sites

4. In the My Site Cleanup section and tick the ‘Enable access delegation section’ and select a secondary owner
Click OK at the bottom of the page.

How do I change the retention time?

You will need a SharePoint admin account to change the OneDrive retention settings

1. Sign into the OneDrive admin centre

2. Select storage on the left side of the page

3. Update the ‘Days to retain files in OneDrive after a user account is marked for deletion’ field.

4. Click Save

This will take effect for the next user accounts which are deleted, or for any which are in the process of being deleted.

There you have it, turning on data retention in a nutshell.