How to Enable OneDrive for Business in Office 365 (w/Examples) + FAQs

You enable OneDrive for Business in Office 365 by assigning each user a license that includes the OneDrive service plan, waiting for their personal site to provision the first time they sign in to OneDrive.com, and then configuring tenant-wide sharing, sync, and retention controls inside the OneDrive admin center. The activation itself is almost always a licensing event, not a toggle, which is why many administrators think OneDrive is “broken” when the real issue is an unassigned service plan, a blocked sign-in, or a SharePoint Online provisioning lock.

OneDrive for Business sits on top of SharePoint Online, so every rule that governs SharePoint — including data residency, legal hold, eDiscovery, and retention under the Microsoft Purview compliance portal — also governs OneDrive. If you enable OneDrive without aligning it to federal frameworks such as HIPAA, FERPA, SOX, CMMC 2.0, ITAR, or FedRAMP, the consequence is not just a misconfigured drive — it is potential statutory liability for the organization and, in some cases, personal liability for the signing officer.

According to Microsoft’s published 2025 Work Trend Index, OneDrive now stores more than 4 exabytes of customer data across Microsoft 365 tenants, and 93% of Microsoft 365 commercial seats have at least one active OneDrive site, which is why getting the activation right on day one matters far more than it did five years ago.

Here is what you will learn in this guide:

• 🧭 How to turn on OneDrive across every Microsoft 365 plan, including Business, Enterprise, Education, Frontline, GCC, and GCC High.
• 🔐 How to align OneDrive with HIPAA, FERPA, SOX, CMMC 2.0, ITAR, and FedRAMP before the first file syncs.
• 🖱️ How to use the Microsoft 365 admin center GUI, PowerShell cmdlets, Group Policy, and Microsoft Intune to push OneDrive at scale.
• 🧪 How to validate activation with three named real-world scenarios, a 50-person law firm, a K-12 district, and a HIPAA-covered clinic.
• 🧱 How to avoid the seven activation mistakes that most often trigger help-desk tickets, compliance findings, and failed audits.

What OneDrive for Business Actually Is

OneDrive for Business is the per-user cloud storage layer of Microsoft 365, and it is technically a personal SharePoint Online site collection assigned to one user. Microsoft refers to this personal site as a “MySite,” and it lives under a URL that follows the pattern https://contoso-my.sharepoint.com/personal/user_contoso_com. Because it is a SharePoint site under the hood, OneDrive inherits SharePoint’s storage quotas, versioning, retention, and permission model.

The plain-English meaning is that OneDrive is not a separate product — it is a slice of SharePoint given to a single user, with a friendlier interface and a desktop sync client. The consequence of ignoring this is that administrators sometimes try to manage OneDrive without SharePoint Online permissions, which fails because the underlying site collection cannot be modified. A real example is Priya, a new IT manager at a 200-person logistics firm, who could not raise a user’s OneDrive quota until she was also made a SharePoint administrator in the Microsoft Entra role catalog. A common misconception is that OneDrive data is stored “in OneDrive” as a distinct service, when in fact every byte lives in the same Azure storage fabric that powers SharePoint Online.

Service plans that include OneDrive

Almost every commercial Microsoft 365 plan includes a OneDrive service plan, but the storage quota and feature set vary. Microsoft publishes the plan-level storage defaults on the OneDrive plan comparison page, and the service plan identifiers used in licensing are listed in the product names and service plan identifiers reference.

The consequence of assigning the wrong license is that a user may receive only 2 GB of storage on a Frontline F1 plan instead of the 1 TB that a knowledge worker on E3 expects. A real example is Marcus, a warehouse lead at a distribution company, who was given an F1 license and could not sync his safety training videos because the F1 OneDrive quota is capped well below 1 TB. A common misconception is that every “Microsoft 365” license includes 1 TB of OneDrive, when in reality Frontline, Kiosk, and some Education A1 tiers are much smaller.

OneDrive versus personal OneDrive

OneDrive for Business is the commercial service tied to a work or school Microsoft Entra ID, while OneDrive (consumer) is tied to a personal Microsoft account and billed through Microsoft 365 Personal or Family. The two services share a client but do not share storage, policies, or compliance commitments.

The consequence of mixing them is severe, because consumer OneDrive is not covered by the Microsoft Product Terms or the Data Protection Addendum that HIPAA, FERPA, and CMMC rely on. A real example is Dr. Chen, a dentist who saved patient X-rays to his personal OneDrive, which created a reportable HIPAA breach under 45 CFR 164.400-414. A common misconception is that the blue-cloud icon in the system tray means the same thing in both services; it does not.

Before You Enable OneDrive: Licensing and Prerequisites

Before turning OneDrive on, you need an active Microsoft 365 or Office 365 subscription, a verified domain in Microsoft Entra ID, and at least one user assigned the Global Administrator or SharePoint Administrator role. Without these, the OneDrive admin center will either refuse to load or display only a read-only view.

The plain-English explanation is that OneDrive cannot provision a personal site for a user who does not exist in the directory, and no one can change tenant settings without a privileged role. The consequence of skipping this step is a help-desk ticket storm on launch day, because every user who clicks the OneDrive tile sees “We can’t find your OneDrive” errors. A real example is Sofia, an office manager at a startup, who rolled out Microsoft 365 Business Standard on a Friday afternoon and spent the weekend manually assigning licenses because she had not bulk-assigned them in advance. A common misconception is that buying a subscription automatically licenses every user, when in fact licenses must be explicitly assigned through the Microsoft 365 admin center, group-based licensing, or PowerShell.

Verify the OneDrive service plan is enabled

Inside each license SKU is a list of service plans, and OneDrive (Plan 1) or OneDrive (Plan 2) must be toggled on for the user to get a site. You can verify this under Users > Active users > (select user) > Licenses and apps in the admin center, or with the Microsoft Graph PowerShell cmdlet Get-MgUserLicenseDetail.

The consequence of a disabled service plan is that the user has a Microsoft 365 license, can sign into Outlook, but still has no OneDrive site. A real example is James, a paralegal at a mid-size firm whose admin disabled the OneDrive service plan tenant-wide to “reduce risk,” which then prevented every attorney from using Microsoft Teams file sharing, because Teams chat files live in the sender’s OneDrive. A common misconception is that disabling OneDrive only affects the OneDrive app, when in fact it breaks Teams file attachments, Outlook cloud attachments, and Loop components.

Reserve and plan storage quotas

Default OneDrive storage in most commercial plans is 1 TB, which Microsoft documentation confirms can be raised to 5 TB per user by default and beyond 5 TB by opening a support case. The per-file upload limit is 250 GB, and Microsoft recommends keeping any single OneDrive under 300,000 synced items for performance reasons.

The consequence of ignoring these numbers is that a video production user can hit the 250 GB file ceiling on a single raw footage file, or a developer can slow the sync client to a crawl with hundreds of thousands of small files in a node_modules folder. A real example is Elena, a filmmaker whose 312 GB ProRes master refused to upload until she split it into 200 GB chunks. A common misconception is that the 1 TB quota is unlimited; it is not, and Microsoft removed the “unlimited” marketing claim years ago.

Step-by-Step: Enable OneDrive in the Microsoft 365 Admin Center

The GUI path is the fastest way to enable OneDrive for a small tenant. Sign in to admin.microsoft.com with a Global Administrator account, expand Users > Active users, select the user, click Licenses and apps, and confirm that both the Microsoft 365 base license and the OneDrive for Business service plan are checked.

The plain-English meaning is that you are telling the directory, “this human is allowed to consume this service.” The consequence of a missed checkbox is that provisioning never starts, so the user’s MySite is never created. A real example is Ahmed, a help-desk technician who assigned 400 E3 licenses in bulk but forgot to re-enable the OneDrive service plan that a previous admin had disabled in the group template, which required a second pass with group-based licensing. A common misconception is that provisioning is instant; in practice it can take anywhere from a few seconds to 24 hours for the MySite to appear the first time the user signs into OneDrive.com.

Step 1: Assign licenses in bulk

Click Users > Active users, select the checkbox at the top to select all, choose Manage product licenses, and apply the correct SKU. For tenants with more than 100 users, use group-based licensing in Microsoft Entra instead, because it scales and self-heals when users move between departments.

The consequence of manual assignment at scale is license drift, where some users end up with the wrong SKU after a reorg. A real example is Rachel, a systems analyst at a 1,200-person insurer who moved to group-based licensing after discovering 83 users had duplicate E1 and E3 assignments, costing the company over $30,000 per year. A common misconception is that group-based licensing is only for enterprises; it works on any plan that includes Microsoft Entra ID P1 or higher, including Microsoft 365 Business Premium.

Step 2: Trigger the first sign-in

Have the user sign in at office.com, click the app launcher, and choose OneDrive. This first click is what triggers SharePoint Online to provision the MySite, set quotas, and apply tenant defaults.

The consequence of skipping this is that the OneDrive site does not exist until someone logs in, which breaks downstream automation such as new-hire provisioning scripts that expect a site to already be there. A real example is Kofi, an HR director whose onboarding runbook copied a welcome document into every new hire’s OneDrive, which failed for two weeks on new hires who had not yet logged in. A common misconception is that administrators can create OneDrive sites in advance for all users; the Request-SPOPersonalSite cmdlet can pre-provision, but it still requires each user to have a valid license first.

Step 3: Confirm with Microsoft 365 admin center reports

Open Reports > Usage > OneDrive to see active and provisioned accounts. A provisioned account has a site, an active account has uploaded, shared, or synced within the reporting window of 7, 30, 90, or 180 days.

The consequence of not monitoring is silent under-adoption, where licenses are paid for but never used. A real example is Brianna, a CFO who discovered that 412 of 900 licensed staff had never opened OneDrive, which justified consolidating two departments onto a lower SKU. A common misconception is that Microsoft’s usage reports count seat assignment as adoption; they do not, which is why the “active” column is the metric auditors and CFOs care about.

Step-by-Step: Configure OneDrive in the OneDrive Admin Center

Once users are licensed, go to the OneDrive admin center to set tenant-wide behavior. The five main tabs are Sharing, Sync, Storage, Device access, and Compliance, and each controls a distinct risk surface.

The plain-English explanation is that these settings tell OneDrive how to behave for every user at once. The consequence of leaving defaults in place is that anonymous “Anyone” links are allowed, which is the top cause of external data exposure incidents in Microsoft 365. A real example is Hiroshi, a marketing director who shared a 2027 product roadmap with an “Anyone with the link” setting that a vendor forwarded to a competitor. A common misconception is that link-level passwords are required by default; they are not unless the admin turns on the secure external sharing recipient experience.

Sharing settings

Under Sharing, set the external sharing level to New and existing guests or stricter, require sign-in for external recipients, and limit link duration to 30 days or fewer. For regulated tenants, drop to Only people in your organization and whitelist domains.

The consequence of loose sharing is not just a data leak; it is a direct finding under HIPAA’s Security Rule, 45 CFR 164.312(a), which requires access controls. A real example is Dr. Patel, whose clinic failed a HIPAA audit because protected health information links had no expiration date. A common misconception is that the default “Anyone” setting is safe because links are long and random; search engine indexing and social-media forwarding routinely expose them.

Sync settings

Under Sync, check Allow syncing only on computers joined to specific domains and paste your Microsoft Entra tenant ID, and enable Block sync on unmanaged devices using a compliant device policy from Microsoft Intune. This prevents a user from syncing corporate files to a personal laptop.

The consequence of ignoring sync restrictions is that a departing employee can copy an entire OneDrive to a personal device and walk out with it before the offboarding script disables the account. A real example is Tomas, a sales engineer who synced 47 GB of customer lists to his home PC the day before resigning, triggering a trade-secret lawsuit under the federal Defend Trade Secrets Act. A common misconception is that Conditional Access blocks sync by default; it does not block the OneDrive sync client unless a specific policy targets it.

Storage and retention

Under Storage, raise the default quota, and under Compliance, configure retention so a deleted user’s OneDrive is preserved. The default retention for a deleted user’s OneDrive is 30 days, which can be extended up to 3,650 days.

The consequence of using the default is that a terminated employee’s files disappear before legal or HR can review them. A real example is Ms. Alvarez, an HR VP whose company lost key evidence in a wrongful-termination suit because the ex-employee’s OneDrive purged on day 31. A common misconception is that litigation hold automatically kicks in; it only applies if an eDiscovery hold is placed before deletion.

PowerShell, Group Policy, and Intune Deployment

For tenants with more than a hundred users, the GUI is too slow. SharePoint Online Management Shell and Microsoft Graph PowerShell give admins tenant-level control in seconds.

The plain-English meaning is that you are using code to do what the GUI would take hours to click through. The consequence of skipping automation is configuration drift, where settings diverge across tenants after manual changes. A real example is Wei, an MSP engineer managing 22 customer tenants, who used a single PowerShell module to standardize OneDrive sharing defaults across all of them in under an hour. A common misconception is that PowerShell is optional for small tenants; even 10-user tenants benefit from Set-SPOTenant because it is the only way to reach certain settings, such as OneDrive retention for deleted users.

Key PowerShell cmdlets

Use Connect-SPOService -Url https://contoso-admin.sharepoint.com to connect, then Set-SPOTenant -OneDriveStorageQuota 5242880 to set a default 5 TB quota in megabytes, and Set-SPOTenant -OrphanedPersonalSitesRetentionPeriod 3650 to keep deleted user OneDrives for 10 years. The Request-SPOPersonalSite cmdlet pre-provisions up to 200 users at a time.

The consequence of using the wrong unit is a 5 GB quota when you meant 5 TB, because the cmdlet uses megabytes. A real example is Lucas, a junior admin who typed 5120 and accidentally shrank every OneDrive to 5 GB overnight, deleting nothing but blocking all new uploads. A common misconception is that these cmdlets are reversible without data loss; quota changes are safe, but Remove-SPOSite -NoWait on a personal site is not.

Group Policy and the OneDrive ADMX template

Download the latest OneDrive ADMX template from the OneDrive sync client installation folder, copy the ADMX and ADML files into the central store, and configure Silently sign in users to OneDrive sync app with their Windows credentials and Use OneDrive Files On-Demand.

The consequence of skipping Group Policy is that users must manually log into OneDrive on every new PC, which kills adoption. A real example is Ingrid, a school district admin whose teachers refused to use OneDrive until silent sign-in was enabled through Group Policy, after which adoption jumped from 18% to 87% in a semester. A common misconception is that Group Policy is obsolete in cloud-only tenants; for hybrid-joined devices it is still the fastest deployment path.

Intune configuration profiles

In Microsoft Intune, create an Administrative Templates profile, and push the same OneDrive settings to cloud-only Microsoft Entra joined devices. Pair this with a compliance policy that blocks non-compliant devices from OneDrive sync.

The consequence of ignoring Intune is that BYOD Macs and personal Windows laptops can still sync corporate data without encryption. A real example is Nadia, a CISO at a fintech who used Intune to require FileVault and BitLocker before OneDrive sync would start, which satisfied her firm’s SOX 404 internal control requirement. A common misconception is that Intune and Group Policy conflict; they merge, with Intune winning on Microsoft Entra joined devices.

Compliance and Regulatory Considerations

OneDrive is covered by Microsoft’s Data Protection Addendum, which is the contractual vehicle that makes OneDrive HIPAA, FERPA, and FedRAMP-capable. But capable is not the same as compliant; the customer still has to configure the service correctly.

The plain-English meaning is that Microsoft gives you the tools, but you own the configuration. The consequence of ignoring this shared-responsibility model is that a customer can be found liable even when Microsoft meets its obligations. A real example is Dr. Okafor, whose practice was fined under HIPAA because his staff used “Anyone” links despite Microsoft offering restricted sharing. A common misconception is that signing a Business Associate Agreement with Microsoft is enough; it is necessary but not sufficient.

HIPAA and HITECH

Covered entities and business associates must sign Microsoft’s BAA, enable audit logging through Microsoft Purview Audit, and restrict external sharing for sites that hold PHI. The HHS Office for Civil Rights can levy civil monetary penalties up to $2,134,831 per violation category per year, adjusted annually for inflation.

FERPA for education tenants

K-12 and higher-education tenants must configure OneDrive so that student education records stay inside the school official exception under 34 CFR 99.31. The consequence of misconfigured sharing is a FERPA complaint to the U.S. Department of Education, which can result in loss of federal funding under 20 U.S.C. § 1232g.

SOX, CMMC 2.0, ITAR, and FedRAMP

Public companies rely on OneDrive audit logs and retention to meet SOX internal-control testing. Defense contractors handling Controlled Unclassified Information must use Microsoft 365 GCC High to meet CMMC 2.0 Level 2 and ITAR data-residency rules, and federal civilian agencies require FedRAMP High authorization, which GCC and GCC High provide.

Three Scenarios With Consequences

Each of the following scenarios shows how a specific OneDrive activation choice changes the outcome.

Scenario A: 50-person law firm on Business Premium

Scenario B: K-12 district rolling out OneDrive to 8,000 students

Scenario C: HIPAA-covered 30-provider clinic

Named Real-World Examples

Jordan, the IT director at a 75-employee architecture firm, enabled OneDrive on Business Premium, used PowerShell to push a 2 TB default quota, and cut his company’s Dropbox spend by $38,000 per year while satisfying client confidentiality clauses in AIA contracts.

Maria, a principal at a charter school in Texas, used A3 licensing to give every teacher 1 TB of OneDrive and used Intune for Education to block personal device sync, which kept the district’s FERPA posture intact during a state audit.

Ravi, a compliance officer at a medical device manufacturer subject to ITAR, migrated his engineering team to GCC High and used Set-SPOTenant -SharingCapability Disabled to lock down external sharing, which satisfied his export-control attorney and his prime contractor’s CMMC 2.0 Level 2 flow-down.

Mistakes to Avoid

1. Enabling OneDrive without signing the Microsoft Business Associate Agreement in healthcare tenants, which turns the first upload of PHI into a reportable breach.
2. Leaving external sharing at Anyone in tenants that hold attorney-client, student, or financial data, which creates anonymous, forwardable links that bypass identity controls.
3. Forgetting to set OrphanedPersonalSitesRetentionPeriod, which silently deletes a terminated employee’s OneDrive after 30 days and destroys evidence for litigation.
4. Assigning Frontline F1 or F3 to knowledge workers, which caps OneDrive storage far below 1 TB and causes sync failures on large files.
5. Using consumer OneDrive for business data, which voids every compliance commitment Microsoft makes under its commercial contracts.
6. Allowing OneDrive sync on unmanaged devices, which lets a departing employee walk out with a full copy of every synced folder.
7. Skipping Request-SPOPersonalSite pre-provisioning in large migrations, which breaks downstream onboarding automation that assumes a MySite already exists.
8. Ignoring the 250 GB single-file upload ceiling, which silently fails for video editors, AutoCAD users, and scientific researchers.
9. Disabling the OneDrive service plan tenant-wide to “reduce risk,” which also disables Teams chat file sharing and Outlook cloud attachments.
10. Not enabling Purview Audit (Premium) in regulated industries, which limits audit log retention to the default and can fail SOX 404 testing.

Do’s and Don’ts

Do’s:

• Do assign licenses through group-based licensing so new hires get OneDrive automatically, because manual assignment always drifts.
• Do pre-provision MySites with Request-SPOPersonalSite before large onboarding events, because the first-login provisioning can take up to 24 hours.
• Do restrict external sharing to New and existing guests at minimum, because anonymous links are the top cause of Microsoft 365 data exposure.
• Do enable retention for deleted user OneDrives for at least 365 days, because litigation holds often arrive after the default 30-day purge.
• Do deploy the OneDrive sync client through Intune or Group Policy with silent sign-in, because manual sign-in is the single biggest barrier to adoption.

Don’ts:

• Don’t rely on consumer OneDrive for any business data, because it is not covered by Microsoft’s commercial DPA.
• Don’t leave the default 30-day deletion retention, because key evidence can vanish before HR or legal reviews it.
• Don’t allow sync on unmanaged devices, because a personal laptop is an unencrypted data-exfiltration path.
• Don’t assign Frontline licenses to knowledge workers, because the storage and feature caps will cause real sync failures.
• Don’t disable the OneDrive service plan tenant-wide, because it breaks Teams file sharing and Outlook cloud attachments.

Pros and Cons

Pros:

• Built-in 1 TB to 5 TB per user storage at commercial tenant pricing, which beats most third-party cloud drives on a per-seat basis.
• Native integration with Teams, Outlook, SharePoint, and Loop, because every cloud attachment in the suite lands in OneDrive first.
• Compliance coverage for HIPAA, FERPA, SOX, CMMC, ITAR, and FedRAMP, which eliminates most single-purpose cloud storage vendors.
• Files On-Demand and Known Folder Move, which back up Desktop, Documents, and Pictures automatically for every signed-in user.
• Granular audit logs in Microsoft Purview, which satisfy SOX 404 and HIPAA audit-control testing.

Cons:

• 250 GB single-file upload ceiling, which blocks uncompressed video, large CAD assemblies, and some scientific data sets.
• 300,000-item sync ceiling per user, which slows developers and anyone with massive small-file libraries.
• Shared-responsibility compliance, which means Microsoft provides the certifications but the customer must still configure sharing, retention, and device compliance.
• Licensing complexity across Business, Enterprise, Frontline, Education, GCC, and GCC High tiers, which can cause costly misassignment.
• First-login provisioning delay of up to 24 hours, which breaks naive onboarding scripts that expect a MySite immediately after license assignment.

Forms, Cmdlets, and Step-by-Step Controls

Inside the Microsoft 365 admin center, the Users > Active users > Licenses and apps pane exposes every service plan toggle, including OneDrive (Plan 2), SharePoint (Plan 2), and Microsoft Entra ID P1. Every toggle flips a bit in the directory that the downstream service reads on each sign-in.

The plain-English meaning is that these toggles are fine-grained feature flags. The consequence of flipping the wrong one is that users lose access to adjacent services, because OneDrive depends on the SharePoint service plan being enabled. A real example is Carlos, a tenant admin who disabled SharePoint (Plan 2) thinking it would only turn off team sites, and instead broke every user’s OneDrive because OneDrive inherits SharePoint’s service plan. A common misconception is that you can disable SharePoint and keep OneDrive; you cannot.

The OneDrive admin center tabs

• Sharing controls external links, guest access, and domain allow-lists.
• Sync controls the desktop client, including known folder move, domain restrictions, and bandwidth limits.
• Storage controls default quota and retention for deleted users.
• Device access controls browser access from unmanaged networks.
• Compliance deep-links to Microsoft Purview for retention, DLP, and eDiscovery.

Key PowerShell one-liners

• Set-SPOTenant -SharingCapability ExternalUserSharingOnly restricts links to authenticated guests.
• Set-SPOTenant -OneDriveStorageQuota 5242880 sets default per-user OneDrive to 5 TB.
• Set-SPOTenant -OrphanedPersonalSitesRetentionPeriod 3650 keeps deleted user OneDrives for 10 years.
• Request-SPOPersonalSite -UserEmails (Get-Content users.txt) pre-provisions up to 200 users per request.
• Get-SPOSite -IncludePersonalSite $true -Limit All -Filter "Url -like '-my.sharepoint.com/personal/'" lists every OneDrive in the tenant.

Relevant Federal Guidance and Rulings

The Department of Health and Human Services has resolved multiple HIPAA enforcement actions that involved cloud-stored PHI, and the HHS enforcement highlights page summarizes current-year resolution agreements. These cases make clear that cloud storage without a BAA and proper configuration is treated as an impermissible disclosure.

The Federal Trade Commission’s Safeguards Rule, amended for non-banking financial institutions, requires encryption of customer information in transit and at rest, which OneDrive satisfies only when administrators enforce sync restrictions and sharing controls. The SEC’s Regulation S-P updates likewise require incident response and written policies that align with OneDrive audit logging.

FAQs

Is OneDrive for Business automatically enabled when I buy Microsoft 365?

No. Buying a subscription creates the tenant, but each user still needs a license with the OneDrive service plan enabled and must sign in once to provision their personal site.

Do I need a Business Associate Agreement with Microsoft for OneDrive to be HIPAA-compliant?

Yes. Microsoft offers a BAA under the Online Services Terms, and covered entities must accept it before storing PHI in OneDrive, or any upload becomes an impermissible disclosure.

Can I use consumer OneDrive for work files if I am careful?

No. Consumer OneDrive is not covered by the Microsoft Data Protection Addendum, so it cannot satisfy HIPAA, FERPA, SOX, CMMC, ITAR, or FedRAMP obligations.

Is 1 TB the maximum OneDrive storage per user?

No. The default on most commercial plans is 1 TB, but admins can raise it to 5 TB with a setting change and beyond 5 TB through a Microsoft support request.

Does disabling OneDrive disable Microsoft Teams file sharing?

Yes. Teams chat file attachments are stored in the sender’s OneDrive, so disabling the OneDrive service plan tenant-wide breaks chat file sharing and Outlook cloud attachments.

Can I pre-create OneDrive sites for users before they log in?

Yes. The Request-SPOPersonalSite PowerShell cmdlet provisions up to 200 users per call, as long as each user already has a license with the OneDrive service plan enabled.

Are deleted users’ OneDrive files kept forever?

No. The default retention is 30 days, after which the site is purged, though admins can extend this to 3,650 days with the OrphanedPersonalSitesRetentionPeriod tenant setting.

Does OneDrive meet CMMC 2.0 requirements for defense contractors?

Yes. Microsoft 365 GCC High provides the CMMC 2.0 Level 2 compliance posture that defense contractors handling Controlled Unclassified Information require under DFARS 252.204-7012.

Can students under 13 use OneDrive for school?

Yes. Under Microsoft’s education terms and the FERPA school-official exception, Microsoft 365 Education plans allow students under 13 to use OneDrive when the school contracts on their behalf.

Does enabling OneDrive by itself satisfy SOX internal controls?

No. SOX 404 requires documented controls, audit logging, and periodic testing, so OneDrive must be paired with Purview Audit, retention policies, and monitored access reviews.

Is there a file-size limit on OneDrive uploads?

Yes. The per-file upload limit is 250 GB, which applies equally to browser uploads, sync client transfers, and Microsoft Graph API uploads across all commercial plans.

Can I move files from Google Drive or Dropbox into OneDrive automatically?

Yes. Microsoft’s Migration Manager supports bulk ingestion from Google Drive, Dropbox, Box, and on-premises file shares into OneDrive with preserved metadata and permissions.