How to Protect Files in OneDrive Using 2FA with Personal Vault
Personal Vault in Microsoft OneDrive adds a second layer of encryption to files stored in the cloud. Here’s a look at using it to keep your most sensitive docs and photos extra secure.
Microsoft allows you to add an extra layer of security of your sensitive docs stored on OneDrive. The Personal Vault feature adds an extra layer of enhanced security for documents stored in OneDrive. On Windows 10 it syncs files to a BitLocker-encrypted section on your hard drive. The files are also encrypted while at-rest in OneDrive and in transit to your device.
You still need your regular login credentials to log in to OneDrive, but the personal vault folder requires strong authentication or the second step of verification to access it.
Using Personal Vault in Microsoft OneDrive
On the web, log into your OneDrive account and find the new “Personal Vault” folder and click on it. Then you’ll need to sign in to your Microsoft account and set up a second mode of verification. For the second step you can use your fingerprint, your face with Windows Hello, a PIN, or code sent via email or SMS. And on mobile, it can be unlocked using the Microsoft Authenticator app.
Using the Personal Vault folder is pretty straightforward. It works like any other folder you have in OneDrive. The difference is the second layer of security. When you open it, you’ll find a few prompts on using it including “Suggested files” where OneDrive gives you a list of files in OneDrive you might want to add to the vault. “Move files here” which allows you to simply drag and drop files into the vault. And “Scan your files” where you can use the OneDrive mobile app to directly scan docs into the vault.
You can lock your Personal Vault by clicking the Options icon at the upper-right corner and select Lock. There you can also go in and change some settings like changing the way you sign in to Personal Vault and even disable it.
Personal Vault in File Explorer on Windows 10
On your Windows 10 desktop, you will find the Personal Vault in the OneDrive folder in File Explorer.
To unlock it you’ll need the second form of authentication you set up before. Once unlocked you can use the files just like you normally would.
OneDrive Personal Vault on Mobile
On your iPhone or Android device, you will need to have the OneDrive app installed. Again, you will find your Personal Vault folder in OneDrive. Then using your phone, you can use your fingerprint reader or another method of second-factor authentication to unlock it and use your files. It’s also worth noting that it requires that you create a PIN in addition to your fingerprint.
Personal Vault Auto-lock
Note that your Personal Vault will lock automatically after 20 minutes of inactivity on your desktop and after three minutes on your phone by default. But you can change the auto-lock times through settings. You can also have it set to automatically lock on exit.
Conclusion
Overall this is a welcome extra layer of security for your files stored and synced via OneDrive. If you have been hesitant on storing sensitive files in the cloud, this is a long-overdue feature. Microsoft notes that all files stored in OneDrive and those in Personal Vault are “encrypted at-rest in the Microsoft cloud and in-transit to your device.” But to ensure further protection on mobile devices it’s highly recommended to turn on local encryption on iOS or Android. Altogether this will keep your data protected even if your laptop or phone gets lost, stolen, or someone gains access to it.
Steve Krause
September 12, 2019 at 1:24 pm
I’ve been checking my OneDrive daily. I’ve still not received an invite. What’s odd, however…. my daughter’s account (which is connected to my O365 account via Sharing) was invited??? Odd. Anyway – can’t wait for the Personal Vault invite.
-S
Bill De Lucia
September 14, 2019 at 9:22 am
I set up Personal Vault according to the directions. I the tried to put some files in it and was told that I had exceeded the 3 file limit and must purchase “Premium” in order to save more than 3 files. How do I remove it?