How to Secure Your Sensitive OneDrive Files with a Personal Vault

iStockphoto/Getty Images

I use Microsoft OneDrive to back up and sync my documents, photos, and other files across my various PCs and mobile devices.

Although my OneDrive files need to be safe in the cloud and across my various devices, I’m still worried that files with confidential or sensitive information may be exposed. For this reason, I use a feature of OneDrive called Personal Vault.

By including specific OneDrive folders or files in this vault, you can add an additional layer of authentication required to access this content.

By default, the safe stays locked until you need it. You unlock it with the method you use to protect your Microsoft account. After unlocking the vault, it will automatically lock after a while to protect your files again.

Also: How to control OneDrive [Ask ZDNET]

Terms

To take full advantage of the Personal Vault, you need a Microsoft 365 Family or Personal subscription. With either plan, you can add as many files to the vault as space allows. Without a Microsoft 365 plan, you can only include three files in your vault, which probably wouldn’t do for most people. Also, Personal Vault is only available with the OneDrive personal app and not with OneDrive for Business. Otherwise, the vault works the same on Windows 10 and 11.

How to Secure Your Sensitive OneDrive Files with a Personal Vault

Before enabling Personal Vault, you must protect your Microsoft account as well as access to OneDrive with the right type of multi-factor authentication, such as an authenticator app or one physical security key. In this case, use the Microsoft Authenticator appwhich you can configure to send a notification to your mobile device when you want to unlock your personal safe.

Microsoft approves connection request pop-up

Enable Personal Vault.

Screenshot by Lance Whitney/ZDNET

Also: Multi-factor authentication: how to activate 2FA to strengthen your security

For the following steps, I assume you are already using OneDrive to back up and sync key folders and files. Right-click on the OneDrive system tray icon and select the option to See online. Sign in to OneDrive with your Microsoft account. Under My Files, double-click the Personal Vault folder. You will be asked to authenticate this access via the multi-factor authentication in place for your account. Approve the sign-in through the Microsoft Authenticator app on your mobile device.

My Files section of Personal Vault.

Get ready to move folders and files to your personal vault.

Screenshot by Lance Whitney/ZDNET

The next screen then prompts you to move the files you want to protect into the Personal Vault. Consider files that contain the most private or confidential information, such as financial or tax data and personal identification numbers. Click it Switch from heading upwards.

Browse through the different folders in OneDrive and select the subfolders and files you want to move to the Personal Vault. Then click on the title of Move items. Continue this process until you have moved all necessary items.

Move items to Personal Vault

Select the folders and files to move to your personal vault.

Screenshot of Lance Whitney

When done, you should see the folders and files you selected appear in the Personal Vault. Close the live site for OneDrive. Wait for folders and files to sync to your local OneDrive storage.

Folders and files in Personal Vault.

View folders and files moved to your personal vault.

Screenshot by Lance Whitney/ZDNET

After enabling your Personal Vault, there is one setting you will want to change. Right-click the OneDrive system tray icon and select Settings. Select the Account tab and click on the Personal Vault drop-down menu. Here you set how long Personal Vault will wait to auto-lock after you unlock it and stop using it. I set mine to 20 minutes to be sure, but you can go longer if you want. Click OK.

Duration options to automatically lock Personal Vault

Set the time to automatically lock your personal safe.

Screenshot by Lance Whitney/ZDNET

Now suppose you need to access some files in your personal vault. Right-click the OneDrive system tray icon and select Unlock Personal Vault.

Option to unlock your personal safe

Unlock your personal safe.

Screenshot by Lance Whitney/ZDNET

The first time you do this, the Personal Vault needs to configure a few settings. You are then prompted to confirm access with your authentication method.

Authentication login request to unlock Personal Vault.

Confirm authentication to unlock your Personal Vault.

Screenshot by Lance Whitney/ZDNET

Also: Two-factor authentication is a great idea. But not enough people use it

The Personal Vault folder appears in File Explorer to show the folders and files inside so you can now open and view them. When you’re done, wait for your vault to relock automatically, or right-click the OneDrive icon and select Lock personal safe to lock it immediately.

Option to lock your personal safe

Lock your personal safe.

Screenshot by Lance Whitney/ZDNET

Finally, you can move folders and files out of your Personal Vault if you think they no longer need the extra security. Go to your OneDrive online storage. Open the personal safe. Select the folders or files you want to move. Select To move to at the top, choose the folder you want to move them to, then click the move here button.

Move here option to move folders and files.

Delete folders and files from your Personal Vault.

Screenshot by Lance Whitney/ZDNET