The confusion is normal
If you have a Microsoft 365 subscription, you already have OneDrive and SharePoint. You might also have files in Teams, in Outlook attachments, on a shared drive, and on people's desktops. That situation is common, and it causes real problems: duplicated files, unclear permissions, staff who cannot find what they need, and data sitting in places no one has thought to secure.
The first step to fixing it is understanding what OneDrive and SharePoint are actually for, because they are designed for different things — and most businesses are using them interchangeably.
OneDrive is for personal work files
OneDrive for Business is your individual cloud storage. Think of it as the cloud equivalent of your personal documents folder. Every user in your Microsoft 365 tenant gets their own OneDrive space, and by default, only they can see what is in it.
Good uses for OneDrive:
- Drafts and work-in-progress. Documents you are still working on before they are ready to share with the team.
- Personal notes and reference material. Training documents, meeting notes, things only you need regular access to.
- Temporary files. Downloads, exports, things you need for a specific task and will tidy up later.
OneDrive syncs to your device so you can work offline, and it keeps version history so you can roll back if something goes wrong. But the key point is that it belongs to one person. If that person leaves the business, their OneDrive goes with their account — and if no one has planned for that, the files can be lost.
SharePoint is for shared business files
SharePoint is where files that belong to the business — not to any individual — should live. It is designed for team collaboration, department-level document storage, and anything that more than one person needs to access.
Good uses for SharePoint:
- Team project files. Proposals, project plans, deliverables — anything a group of people needs to work on together.
- Company policies and templates. HR documents, contracts, branded templates, health and safety files. Things the whole organisation needs access to.
- Department document libraries. Finance, sales, operations — each with their own space, their own permissions, and their own structure.
- Client or supplier folders. Shared spaces where external parties can access specific files without seeing anything else.
SharePoint files persist regardless of who joins or leaves the team. The files belong to the site, not to any one user. That distinction matters — it is one of the most common reasons businesses lose files when staff leave.
What about Teams?
Every time you create a Team in Microsoft Teams, a SharePoint site is created behind it automatically. Files shared in a Teams channel are stored in that SharePoint site. Most people do not realise this, which is why they end up with dozens of SharePoint sites they never set up deliberately — one for every Team anyone has ever created.
This is not a problem in itself. But it becomes one if no one is managing which Teams exist, what their purpose is, or what files are sitting in them. Over time, you end up with abandoned Teams containing important files that no one can easily find.
If more than one person needs a file, it belongs in SharePoint. If it is just yours, it belongs in OneDrive. That single rule prevents most of the mess.
The permission mistakes that cause real problems
File storage is only half the picture. Permissions — who can see, edit, or share each file — are where things go wrong most often. Here are the patterns we see regularly:
- Everyone can edit everything. The default SharePoint permission setup is often too open. If every user has edit access to every document library, there is no meaningful access control.
- Sharing links that never expire. Someone shares a file with an external contact via a link. That link stays active indefinitely unless someone revokes it. Months later, a former supplier can still access your pricing documents.
- No folder structure, so permissions are applied per file. Without a logical folder structure, people end up setting permissions individually on files, which is nearly impossible to manage at scale.
- Former employees still appearing in shared access lists. If offboarding does not include a review of shared files and permissions, ex-staff can retain access long after they have left.
The fix is not complicated, but it does require someone to set up the structure properly from the start — and to review it periodically.
How to organise it properly
You do not need a complicated plan. The basics are straightforward:
- Create SharePoint sites for each major area of the business. Finance, HR, operations, sales, client delivery — whatever makes sense for how your teams work. Each site has its own document library and its own permissions.
- Set permissions at the site and library level, not per file. Use SharePoint groups to manage access. When someone joins or leaves a department, you update the group — you do not have to touch every file individually.
- Use OneDrive for personal drafts only. Make it a habit: if a file needs to be shared, it moves to the right SharePoint site. OneDrive is for work-in-progress, not for anything the business depends on.
- Set sharing link policies. In the Microsoft 365 admin centre, you can control whether users can share files externally, whether links expire after a set period, and whether anonymous access is allowed. Review these settings — the defaults are often more permissive than you would expect.
- Review and clean up old Teams. Archive or delete Teams that are no longer active. Move any important files to the appropriate SharePoint site first. This prevents the sprawl of abandoned Teams sites cluttering your environment.
Version history is your safety net
Both OneDrive and SharePoint keep version history by default — typically the last 500 versions of every file. This means if someone accidentally deletes content, overwrites a document, or a file becomes corrupted, you can restore a previous version without needing a backup.
This is not a replacement for a proper backup strategy. Version history protects against user error and accidental changes. It does not protect against a tenant-wide compromise, a ransomware attack that encrypts files across your environment, or an admin accidentally deleting a SharePoint site. For that, you need a third-party backup solution that takes independent copies of your Microsoft 365 data.
What happens when someone leaves
This is where the OneDrive vs SharePoint distinction becomes critical. When you delete a user's Microsoft 365 account, their OneDrive is retained for a set period (30 days by default, extendable to 10 years via policy). After that, it is permanently deleted.
If important business files are sitting in a leaver's OneDrive, you have a narrow window to recover them. If those same files had been in SharePoint, they would still be exactly where they were — unaffected by the user's departure. This is one of the strongest practical reasons to enforce the "shared files go to SharePoint" rule.
Getting it right does not take long
Most businesses can get their SharePoint and OneDrive structure into good shape in a few hours of focused work. It is not a major project — it is a one-time setup with occasional reviews. The payoff is staff who can find what they need, files that are properly secured, and no unpleasant surprises when someone leaves.
If your Microsoft 365 file storage has grown organically and no one has ever sat down to organise it, that is normal. It is also fixable. The sooner you sort it out, the fewer files end up in places no one thought to look.