Learn how to make specific folders and files on OneDrive more secure by using Personal Vault.
If you use OneDrive to store and sync your files online, you may be concerned about the security and privacy of your files, both on your devices and in the cloud. To give your files an extra layer of protection, Microsoft now offers a Personal Vault for OneDrive users. Through the OneDrive Personal Vault, you can secure any OneDrive files you choose with two-step verification. When you need to view those files, you authenticate the access through password, PIN, fingerprint recognition, facial recognition, or a one-time code emailed to you.
You select which files you want to put into the Personal Vault, so you can protect only your most sensitive and private files if you wish. The files are automatically locked after 20 minutes of inactivity, after which time you’ll need to authenticate them again to access them. The feature automatically disables sharing of any files you secure this way so they’re not accessible by other people. You can use your Personal Vault on your computer as well as on your mobile devices. The vault protects any OneDrive files of your choosing on your computers and devices as well as in your online storage space.
The main downside with the Personal Vault is that it’s available only for the consumer and Office 365 versions of OneDrive, not OneDrive for Business. But if you use the consumer flavor of OneDrive to store and sync your files, the vault is a useful security tool. Here’s how it works.
SEE: End user data backup policy (TechRepublic Premium)
Assuming you’re already using OneDrive to store and sync specific folders and files, right-click on the OneDrive icon in the Windows System Tray. In the section for Meet Your Personal Vault, click the button to Get Started (Figure A).
The next screen lists some of the features of the Personal Vault. Click Next. The next screen asks for your permission to continue. Click Allow. You’re then asked to sign into your Microsoft Account to unlock your Personal Vault. File Explorer opens to a new folder within OneDrive called Personal Vault (Figure B).
Move any OneDrive folders or individual files that you want to secure to the Personal Vault folder. When you’re done, you can close File Explorer. The files in the Personal Vault automatically lock after 20 minutes of inactivity. If you want to secure the vault immediately, click on the OneDrive icon in the System Tray and click the button to Lock Personal Vault (Figure C).
To unlock your Personal Vault on a computer with OneDrive, open the folder through File Manager or right-click on the OneDrive System Tray icon and select the option to Unlock Personal Vault (Figure D).
You’re then prompted to use whatever authentication method you’ve already set up for your Microsoft Account, whether that’s a password or an authentication app on your phone, such as Microsoft Authenticator. Alternatively, you can opt to receive a one-time code via text or email. After you authenticate the access, you can then open and view the folders and files in the vault (Figure E).
To access your vault from an iPhone, iPad, or Android device, you’ll need to use the OneDrive app. The first time you try this, the app prompts you to create a Personal Vault PIN, but you don’t have to use the PIN; instead, you can elect to use your fingerprint or facial recognition, assuming your device supports one or the other. The next time you try to access the vault on your mobile device, it will prompt you to scan your fingerprint or face for authentication. From the OneDrive app, you can also lock the Personal Vault after you’re finished working with your protected files (Figure F).
Tricks for working with the files in the Personal Vault
You can’t open a protected file directly from within an application on your computer. For example, if you’ve moved all your Excel spreadsheets to the vault and you launch Excel and try to open the Personal Vault folder to get to your spreadsheets, you’ll simply receive an error message. You must first unlock the vault through the OneDrive icon and then you can open the vault folder and any protected files inside using the default applications.
Also, you can’t open PDFs from the vault even when it’s unlocked if Adobe Reader is set to open in Protected Mode at startup—if you try, you’ll receive an error message that you can’t access the file. To work around this issue, open Adobe Reader, click the Edit menu, and then select Preferences. In the Preferences window, click on the setting for Security (Enhanced). Uncheck the box to Enable Protected Mode At Startup. Close Adobe Reader and you’ll now be able to open PDFs in your vault after unlocking it.