Starting July 2026, Microsoft will enforce a lifecycle for unlicensed OneDrive accounts across every M365 tenant. When a licence is removed or a user is deleted, a countdown begins that ends with permanent deletion after a year. The policy covers OneDrive for Business and SharePoint‑linked storage, forcing admins to act before data vanishes. Existing compliance tools can surface orphaned accounts and automate remediation.

Day 1 marks the start of the timer; at day 60 the account switches to read‑only, preventing edits. By day 93 access is blocked, though eDiscovery and legal holds remain searchable. Organizations often strip licences to cut costs, but the read‑only stage still allows auditors to query files. Administrators can halt the process at any stage by reassigning a licence or enabling pay‑as‑you‑go billing, which restores normal behaviour.

The hard‑delete timeline overrides retention policies and GDPR holds unless billing is reinstated, meaning personal‑data requests may become impossible after the read‑only phase. Compliance teams must update retention schedules to reflect the new rule. Companies with lingering unlicensed accounts should audit now, migrate critical files, or adjust retention rules. Failure to intervene results in irreversible loss after 12 months, ending any eDiscovery window.