GOVERNANCE · April 12, 2026 · 6 min read

OneDrive Cleanup Before Copilot: The Storage Audit Nobody Does

Before you enable Copilot, ask yourself one question: what is actually sitting in your OneDrive accounts right now?

Not what should be there. Not what your policies say should be there. What is actually there — the stale spreadsheets, the ex-employee drives, the files shared externally three years ago via an Anyone-link that was never revoked. Because the moment Copilot turns on, it indexes the entire reachable surface for every user. And OneDrive is a very large part of that surface.

The Hidden Cost of OneDrive Sprawl

Every Microsoft 365 tenant accumulates OneDrive debt. It happens slowly and silently. An employee leaves; their OneDrive enters a 30-day retention window, gets extended by IT, and then sits there indefinitely because deleting it feels risky and nobody has time to review 40 GB of files. Multiply that by every departure over three years and you have a meaningful percentage of your tenant’s storage consumed by content that nobody owns, nobody reviews, and nobody remembers exists.

The storage cost is real but manageable. The compliance cost is worse. Those departed-user drives may contain customer data, financial records, HR documents, or intellectual property. They are not governed by any active retention policy because the owning user no longer exists in the directory. They are not labelled because labels require a human to apply them. And they are fully indexable by Copilot.

Then there is the external sharing problem. OneDrive makes it trivially easy to share a file with Anyone-with-the-link. That is by design — it removes friction for collaboration. The problem is that these links accumulate over years. Nobody audits them. Nobody expires them. And when Copilot indexes a file that has an active Anyone-link, the effective permission surface for that file extends to every authenticated user in the tenant. Copilot does not distinguish between “intentionally shared broadly” and “someone clicked the wrong sharing option in 2023.”

5 Things to Check Before Enabling Copilot

A proper OneDrive cleanup audit should cover five categories. These are the same categories that MigrationFox’s OneDrive Cleanup Wizard detects automatically, but you can start by understanding what to look for:

1. Oversized accounts (>80% of 1 TB quota). These accounts are one large upload away from sync failures. They also tend to be the accounts with the most diverse content — and therefore the most Copilot exposure. Identify them, work with the owners to archive or offload old content, and get storage under control before Copilot starts indexing everything.
2. Stale content (12+ months with no file activity). If nobody has touched a OneDrive in over a year, the content is either archived-in-place (fine, but should be labelled) or abandoned (not fine). Either way, Copilot will index it and surface it in responses as if it were current. Flag stale accounts and decide: archive formally, delete, or transfer ownership.
3. External sharing exposure. Enumerate every OneDrive with active external sharing links. How many links? How old? Edit or view permission? Guest access or Anyone-link? The answers determine your risk profile. A OneDrive with 200 active Anyone-links from 2023 is a Copilot oversharing event waiting to happen.
4. Departed users (disabled accounts with active OneDrive). These are the highest-risk accounts in the tenant. The user is gone, the content persists, and nobody is responsible for it. Copilot will index these drives just like any other. Find every disabled account that still has a provisioned OneDrive, decide on retention, and either archive or delete.
5. Orphan content (no sign-in for 6+ months). The user account is technically active but the human behind it has not signed in for half a year. This is the early warning for the departed-user problem. These accounts are candidates for a conversation with HR: is this person still with the organization? If not, start the offboarding process before the OneDrive becomes fully orphaned.

How MigrationFox Automates This

Doing this manually is possible but painful. You need to pull OneDrive usage reports from the admin centre, cross-reference with Azure AD sign-in logs, enumerate sharing links per user via Graph, and then correlate everything in a spreadsheet. For a 500-user tenant, that is a full day of work. For a 5,000-user tenant, it is a project.

The OneDrive Cleanup Wizard in MigrationFox automates the entire process. Connect your Azure AD app registration with read-only Graph scopes, run the scan, and get a categorised results dashboard in minutes. Every account is tagged with its issue categories and severity. You can filter by category, sort by storage consumed, and export the findings for your cleanup project.

The scan is read-only by design. It reads OneDrive usage metadata and account status via Microsoft Graph — it never opens, reads, or modifies file content. The same credential you use for any MigrationFox governance scan works here. No new permissions required.

Start Before You Turn On Copilot

The best time to clean up OneDrive was before you bought Copilot licences. The second best time is right now, before you assign them. Every week that passes between licence purchase and cleanup is a week where Copilot could be indexing content that should not be in the search corpus.

Run the OneDrive Cleanup Wizard against your production tenant. It is free to try, takes minutes to scan, and gives you the categorised inventory you need to build a cleanup plan. No credit card, no commitment, no write access to your tenant.

Clean OneDrive before Copilot. Not after.