Identify Orphaned and Inactive OneDrive Accounts via Graph Usage Reports

OneDrive for Business storage grows silently. When employees leave, are disabled in Entra ID, or simply stop using OneDrive, their personal sites often remain in place — consuming licensed storage, holding potentially sensitive data, and creating retention and compliance risk.

This recipe identifies three categories of OneDrive accounts that need attention:

• Orphaned drives — the owner's Entra ID account is disabled or no longer exists in the directory (typical for ex-employees).
• Inactive drives — the owner is still active, but the OneDrive has had no file activity for 90+ days.
• Large drives — drives exceeding a configurable size threshold (e.g., 10 GB or 50 GB) that may warrant review regardless of activity.

Run this monthly or quarterly as part of routine tenant hygiene, or before a storage-tier purchase decision. It is especially valuable after bulk offboardings, M&A events, or license true-ups.

What you will produce

• A tenant-wide inventory of every OneDrive with owner UPN, display name, storage used, last activity date, and Entra ID account status.
• A prioritized list of orphaned/disabled-owner drives sorted by storage footprint — the highest-impact cleanup candidates.
• A list of inactive drives belonging to currently-active users who may need nudging or whose data may be archivable.
• A list of large drives (above your configurable threshold) for storage capacity review.
• A downloadable CSV report (OneDrive_Cleanup_Analysis.csv) you can share with stakeholders or feed into a follow-on transfer/deletion workflow.

Typical impact

In a 600-user tenant, expect to find 50–150 orphaned drives holding 100–500 GB of reclaimable storage — often enough to defer a storage add-on purchase.

Before you delete anything

• Usage report anonymization. By default, Microsoft 365 anonymizes user-level reports. You must disable the "Display concealed user, group, and site names in all reports" privacy setting in the M365 Admin Center for Owner Principal Name and Site URL to populate. Re-enable it after your analysis if policy requires.
• Reporting latency. Last Activity Date and Storage Used lag real activity by up to 48 hours. Do not act on same-day data.
• "Orphaned" is not "deletable." A disabled account may be on a legal hold, in a retention policy, or pending a manager-led data transfer. Always check eDiscovery holds and your organization's offboarding SOP before removing a OneDrive.
• Deleted-user grace period. When an Entra ID user is deleted, their OneDrive enters a retention period (default 30 days, configurable up to 3650). Surface these before the retention window closes so data owners can claim content.
• Data transfer first. For ex-employee drives with business content, reassign ownership to the manager via SharePoint Admin Center before any cleanup action. This preserves access for teams that need the files.
• Shared files break on deletion. If an orphaned OneDrive contains files shared with active users, deleting the drive breaks those links. Inventory external sharing before acting.
• Report permissions are sensitive. Reports.Read.All exposes usage data for every user. Scope app registrations tightly and rotate secrets regularly.