How to Use OneDrive’s “Personal Vault” to Secure Your Files
Microsoft’s OneDrive cloud storage service now includes a “Personal Vault” for your sensitive files. These files are encrypted and protected with additional two-factor verification, even when they’re synced to your Windows 10 PC.
OneDrive’s Personal Vault became available worldwide on September 30, 2019. It works on Windows 10, Android, iPhone, iPad, and the web.
What Is the “Personal Vault” in OneDrive?
The Personal Vault is an extra-secure storage area for your files in OneDrive. For example, if you’re going to store sensitive financial documents or copies of your passport in OneDrive, you’ll probably want to put them in your Personal Vault to extra security.
Your Personal Vault requires extra authentication before you can access any files inside it. Every time you access them, you’ll have to provide a two-factor authentication code, a PIN, fingerprint authentication, or facial authentication. On Windows 10, you can use Windows Hello to authenticate. They’ll automatically lock after twenty minutes of inactivity, forcing you to authenticate again before accessing them. If you access them via the OneDrive website, they won’t be cached by your browser.
The Personal Vault encrypts the files inside it. On Windows 10, the Personal Vault stores these files on a BitLocker-encrypted area of your hard drive. This works even if you have Windows 10 Home and aren’t using BitLocker for anything else. Microsoft says your files are also encrypted at rest on Microsoft’s servers.
Files stored in the Personal Vault can’t be shared with anyone. Even if you share a file and then move it into the Personal Vault, sharing will be disabled for that file. This gives you peace of mind: You can’t accidentally share a sensitive file as long as it’s stored in here.
With the OneDrive app on your phone, you can scan documents and take photos directly from the Personal Vault, storing them in the secure location without placing them elsewhere on your phone first.