As a result of a decision made by either the employee or the employer, users will inevitably leave your organization. Whether you call these user “separations”, “terminations” or “offboarding”, the impact to IT is the same: network access needs to be secured and the user’s data needs to be addressed.
When using cloud services such as Office 365, there are additional aspects to consider which will make your process different than in an on-premises scenario. There may be a licensing impact which can equate to costs and you are dependent upon another party (Microsoft) for handling the disposal of data.
In this two part series, I will cover some of the ways to handle Office 365 data for users that have left your organization. Part 1 of this series covered how to handle the user’s mailbox in Exchange Online. This article, part 2, will cover how to handle the user’s OneDrive for Business data.
As in the previous article, if the Active Directory account is left or only disabled as opposed to deleted, nothing happens. However, if the Active Directory account is deleted or removed from the DirSync scope, then the timer begins on the OneDrive data removal.
Part of this process involves some up-front preparation. Notification regarding data removal in OneDrive for Business is dependent upon the user’s “Manager” attribute being populated in Active Directory. If that value is not populated on the deleted user account, then there is a failover to the SharePoint Online “Secondary Owner” assuming it has been assigned. You can populate the “Secondary Owner” by opening the SharePoint Online Admin Center by going to “User Profiles” and then “Setup My Sites”. From here, you will see an option to assign the “Secondary Owner” in the section “My Site Cleanup”.
If the user’s manager cannot be determined, the assigned “Secondary Admin” will receive the notifications that the manager would have received.
Unleash the Potential of Power Platform With a Center of Excellence
Business innovation often comes from within. Discover how to empower innovation from non-traditional developers with the Microsoft Power Platform.
When a OneDrive for Business user is deleted, the “My Site Clean Up timer job” will eventually run. At that time, the SharePoint Online profile is marked for deletion and an email notification will be sent to the user’s manager or the secondary admin stating that access has been granted to the manager / secondary admin and that the site will be deleted after 30 days.
A second email is sent with 3 days left stating the same and then at the conclusion of the 30 days, the data is deleted.
What To Do With The Data
This is where there really aren’t a lot of great options just yet… So the manager or secondary admin has access to the OneDrive for Business data but moving it out of the deleted user’s profile is not real easy. You can access the OneDrive for Business site via the URL in the notification email but the browser really doesn’t let you do much with more than one file at a time. You can click the “Sync” link to configure the sync client for that site and then you have access to the files via Explorer and can copy them where you please. Alternatively, there are some third-party migration tools that can then be used to migrate the data. I think asking the user’s manager to preserve the data and move it with the access they’ve been granted is asking a bit much in many cases, hopefully we see some improvements here in the future.
- You should configure the “Secondary Owner” in SharePoint Online (go do it now!)
- Preservation of data a task delegated to the departed user’s admin by default
Did you find this article helpful?
Leave a comment below or follow me on Twitter (@JoePalarchio) for additional posts and information on Office 365.
Looking to do some more reading on Office 365?
Catch up on my past articles here: Joe Palarchio.