Microsoft’s OneDrive cloud storage service now includes a “Personal Vault” for your sensitive files. These files are encrypted and protected with additional two-factor verification, even when they’re synced to your Windows 10 PC.
OneDrive’s Personal Vault became available worldwide on September 30, 2019. It works on Windows 10, Android, iPhone, iPad, and the web.
What Is the “Personal Vault” in OneDrive?
The Personal Vault is an extra-secure storage area for your files in OneDrive. For example, if you’re going to store sensitive financial documents or copies of your passport in OneDrive, you’ll probably want to put them in your Personal Vault to extra security.
Your Personal Vault requires extra authentication before you can access any files inside it. Every time you access them, you’ll have to provide a two-factor authentication code, a PIN, fingerprint authentication, or facial authentication. On Windows 10, you can use Windows Hello to authenticate. They’ll automatically lock after twenty minutes of inactivity, forcing you to authenticate again before accessing them. If you access them via the OneDrive website, they won’t be cached by your browser.
The Personal Vault encrypts the files inside it. On Windows 10, the Personal Vault stores these files on a BitLocker-encrypted area of your hard drive. This works even if you have Windows 10 Home and aren’t using BitLocker for anything else. Microsoft says your files are also encrypted at rest on Microsoft’s servers.
Files stored in the Personal Vault can’t be shared with anyone. Even if you share a file and then move it into the Personal Vault, sharing will be disabled for that file. This gives you peace of mind: You can’t accidentally share a sensitive file as long as it’s stored in here.
With the OneDrive app on your phone, you can scan documents and take photos directly from the Personal Vault, storing them in the secure location without placing them elsewhere on your phone first.
Other big cloud storage services—Dropbox, Google Drive, and Apple iCloud Drive—don’t yet offer a similar feature.
Works Best With Office 365
Before you get started, it’s worth noting that the free version of OneDrive and the 100GB plan restrict you to a maximum of three files in your Personal Vault. You could add multiple files to an archive (like a ZIP file) and store the archive as a single file in your vault, but you are limited to three files.
With a paid Office 365 Personal or Office 365 Home plan, you get the ability to store as many files as you want in your Personal Vault—up to your OneDrive storage limit, which will likely be 1TB or more.
At $10 per month for Office 365 Home, a plan six people can share, Microsoft’s Office 365 plans are a great deal if you want Microsoft Office—or just some inexpensive cloud storage. $10 per month gives up to six people each 1TB of storage and access to Office 365 apps.
What Platforms Does It Support?
The Personal Vault works in OneDrive on Windows 10, Android, iPhone, iPad, and on the web at onedrive.live.com.
It isn’t available in OneDrive for macOS, Windows 7, Windows 8.1, Windows Phone, Xbox, HoloLens, Surface Hub, or Windows 10 S. Consult Microsoft’s OneDrive feature comparison for more details.
The Personal Vault is also only available in OneDrive Personal. It’s not available in OneDrive Business.
How to Use the Personal Vault
To use the Personal Vault, just open your OneDrive folder and click or tap the “Personal Vault” folder. You can do this on a Windows 10 PC via the website or by using a smartphone app—whatever you prefer.
For example, on Windows 10, you can just open File Explorer, click “OneDrive” in the sidebar, and double-click “Personal Vault.”
The first time you open it, OneDrive will require User Account Control authorization to enable the Personal Vault—likely because of the BitLocker features it uses. Click through the short setup wizard to set things up.
Place whatever files you want to secure into your Personal Vault.
Your vault will stay unlocked until you’re inactive for twenty minutes. You can also lock it immediately by right-clicking inside the Personal Vault folder and selecting “Lock Personal Vault.”
When you try to access the Personal Vault while it’s locked, you’ll be prompted for additional authentication.
For example, if you’ve set up two-factor authentication for your Microsoft account, you’ll be prompted for an authentication code. It works just as it would if you were signing into your Microsoft account from a new device for the first time.
You’ll find the Personal Vault in the main folder of your OneDrive account on every supported platform, from Windows 10 to the website to smartphone apps. Just open it to unlock it and access the files inside.
Should You Use OneDrive’s Personal Vault?
The Personal Vault is a welcome feature that’s available on most modern platforms—Mac excluded. If it supports the devices you use, it’s a more secure way to store sensitive files than just dumping them in your regular OneDrive folder.
It’s also nice that the Personal Vault encrypts files on your Windows 10 system, too. We think Microsoft should offer full-disk BitLocker encryption to everyone on Windows 10, but this is better than nothing.
If you’re already squeamish about storing sensitive files in OneDrive, you may want to pause before dumping them all in the Personal Vault. Another solution—like storing confidential documents alongside your website login details in your password manager’s vault—may be more secure. They’ll be encrypted with your password manager’s master password.
For example, Microsoft’s documentation notes that “Personal Vault on Windows 10 doesn’t protect the names and hashes of the files in your Personal Vault when the Vault is locked.” If you want maximum privacy for your files, you’re probably better off using another solution. Microsoft does promise it’s “committed to extending protection to these attributes in a future update,” but this is the kind of problem you won’t have with more mature file-encryption solutions.
Overall, however, the Personal vault is a great feature. More cloud storage services should offer additional protection for sensitive files like this. It’s just a shame people who aren’t paying for Office 365 are limited to three files.