(Updated) OneDrive: Retention enforcement for unlicensed OneDrive accounts

🚨 The Signal: Microsoft will automatically enforce retention policies for unlicensed OneDrive accounts, making them read-only after 60 days, archived after 93 days, and permanently deleted after 12 months of non-payment. This reduces unmanaged data sprawl.

The Impact

Organizations with unlicensed OneDrive accounts face data loss risk if not managed, affecting data owners and eDiscovery teams.

• Data Owners: Risk of losing access to files if accounts are not relicensed.
• Admins: Need to identify and manage unlicensed accounts to prevent data deletion.
• eDiscovery Teams: Content remains available for legal holds during archiving, but is eventually deleted.
• Compliance Officers: Improved data disposal reduces long-term data retention risks.

The Action

1. Identify unlicensed OneDrive accounts using PowerShell or the Microsoft 365 admin center.
2. Reassign a license to critical unlicensed accounts to restore full functionality.
3. Initiate a manual backup or transfer data from unlicensed accounts if a license will not be reassigned.
4. Place a legal hold on relevant unlicensed accounts to preserve data for eDiscovery purposes.
5. Communicate the new retention policy to relevant stakeholders, including data owners and legal teams.

Impact: medium · Workload: OneDrive · Essential Eight: Regular Backups · ISM: ISM-1511, ISM-1515, ISM-1705, ISM-1706, ISM-1707, ISM-1708, ISM-1810, ISM-1811, ISM-1812, ISM-1813, ISM-1814