Microsoft restricts OneDrive loophole

For the recent past, companies have been taking advantage of an unintended aspect of OneDrive’s policy to maintain user data from inactive accounts. Now, Microsoft is restricting this OneDrive loophole, with the change taking effect a week from now.

Until recently, if an employee left the company, a company could choose to cancel their OneDrive license without ill effects. An unlicensed account on OneDrive would still retain existing data. The data on said OneDrive account would be frozen but remain accessible even with the account inactive. This is, of course, suboptimal from Microsoft’s point of view. Besides losing a potential revenue stream, Microsoft has also decided this is a security and compliance risk.

The new alteration to Microsoft’s policy is going to close this loophole and restrict access to data held in inactive, unlicensed accounts. Data from unlicensed Microsoft OneDrive accounts will be archived after 93 days beginning this month. In a further 93 days, it will be permanently deleted.

Retention policies or legal holds on data from unlicensed accounts will cause the data to be archived rather than permanently deleted; however, organizations will be charged $0.60/GB to regain access and a $0.05/GB monthly fee from that point on, effectively restarting the license on the account.

Archiving data in a third-party system prevents issues

As in many previous cases, the current alterations Microsoft is making would be mitigated if companies treated their business data with the care it demands; rather than hoping that unlicensed accounts remain accessible for an indeterminate amount of time, it is preferable to make use of a dedicated archiving system with purpose-designed retention features.

This is especially relevant in the case of more complex requirements, like the legal holds mentioned above. Identifying relevant data is significantly easier with archiving systems designed for this, as is setting relevant retention periods.

With Microsoft’s new policy coming into effect, we can expect increased movement of organizations and data to long-term storage solutions as said organizations scramble to first retrieve their data and then to secure it in a more cost-effective manner.


by Matúš Koronthály