How to secure your sensitive OneDrive files with a Personal Vault
I use Microsoft OneDrive to back up and sync my documents, photos, and other files across my different PCs and mobile devices.Â
Though my OneDrive files should be safe and secure in the cloud and on my various devices, I’m still concerned that files with confidential or sensitive information may be exposed. For that reason, I use a feature in OneDrive called Personal Vault.
By including specific OneDrive folders or files in this vault, you can add an extra layer of authentication required to access this content.Â
By default, the vault remains locked until you need it. You unlock it with whatever method you use to protect your Microsoft account. After you unlock the vault, it automatically locks after a certain amount of time to again protect your files.
Also: How do I get OneDrive under control [Ask ZDNET]
Requirements
To take full advantage of the Personal Vault, you need a Microsoft 365 Family or Personal subscription. With either plan, you can add as many files to the vault as space allows. Without a Microsoft 365 plan, you can include only three files in your vault, which likely wouldn’t do the trick for most people. Further, the Personal Vault is available only with the OneDrive personal app and not with OneDrive for Business. Otherwise, the vault works the same in Windows 10 and 11.
How to secure your sensitive OneDrive files with a Personal Vault
Before you activate the Personal Vault, you should protect your Microsoft account as well as OneDrive access with the right type of multi-factor authentication, such as an authenticator app or a physical security key. In this case, use the Microsoft Authenticator app, which you can set up to send a notification to your mobile device when you want to unlock your Personal Vault.
Turn on the Personal Vault. Screenshot by Lance Whitney/ZDNET
Also: Multi-factor authentication: How to enable 2FA to step up your security
For the next steps, I’ll assume you’re already using OneDrive to back up and sync key folders and files. Right-click the OneDrive System Tray icon and select the option for View online. Sign in to OneDrive with your Microsoft Account. Under My Files, double-click the folder for Personal Vault. You’ll be asked to authenticate this access through the multi-factor authentication in place for your account. Approve the sign-in via the Microsoft Authenticator app on your mobile device.
Get ready to move folders and files to your Personal Vault. Screenshot by Lance Whitney/ZDNET
The next screen then prompts you to move the files you wish to protect into the Personal Vault. Consider the files that contain the most private or confidential information, such as financial or tax data and personal ID numbers. Click the Move from heading at the top.
Drill through the different folders in OneDrive and select the subfolders and files you want to move to the Personal Vault. Then click the heading for Move items. Continue this process until you’ve moved all the necessary items.
Select folders and files to move to your Personal Vault. Screenshot by Lance Whitney
When done, you should see the folders and files you selected appear in the Personal Vault. Close the online site for OneDrive. Wait for the folders and files to sync to your local OneDrive storage.
View the folders and files moved to your Personal Vault. Screenshot by Lance Whitney/ZDNET
After activating your Personal Vault, there’s one setting you’ll want to tweak. Right-click the OneDrive System Tray icon and select Settings. Select the Account tab and click the dropdown menu for Personal Vault. Here, you set the amount of time that the Personal Vault will wait to automatically lock after you’ve unlocked it and have stopped using it. I set mine for 20 minutes to be on the safe side, but you can choose a longer duration if you wish. Click OK.
Set the time to automatically lock your Personal Vault. Screenshot by Lance Whitney/ZDNET
Now, let’s say you need to access certain files in your Personal Vault. Right-click the OneDrive System Tray icon and select Unlock Personal Vault.
Unlock your Personal Vault. Screenshot by Lance Whitney/ZDNET
The first time you do this, the Personal Vault has to configure a few settings. You’re then prompted to confirm the access with your authentication method.
Confirm the authentication to unlock your Personal Vault. Screenshot by Lance Whitney/ZDNET
Also: Two-factor authentication is a great idea. But not enough people are using it
The Personal Vault folder pops up in File Explorer to display the folders and files inside so that you can now open and view them. When you’re done, either wait for your vault to automatically lock itself again or right-click the OneDrive icon and select Lock Personal Vault to immediately lock it.
Lock your Personal Vault. Screenshot by Lance Whitney/ZDNET
Finally, you can move folders and files out of your Personal Vault if you feel they no longer need the extra security. Go to your online OneDrive storage. Open the Personal Vault. Select the folders or files you want to move. Select Move to at the top, choose the folder to which you want to move them, and then click the Move here button.
Remove folders and files from your Personal Vault. Screenshot by Lance Whitney/ZDNET
