News

Microsoft Adds 'Personal Vault' Security for Consumer OneDrive Storage

• By Kurt Mackie
• October 04, 2019

Microsoft announced last week that its OneDrive cloud-based storage service for consumers now has a new security feature called "Personal Vault" that's available worldwide.

Personal Vault essentially is a "protected area in OneDrive" that's designed for storing more sensitive files. It's notable for requiring two-factor authentication to verify user identities before permitting file access. Microsoft first introduced Personal Vault back in June. It took two years to build the feature, which was first rolled out to limited markets in Australia, Canada and New Zealand in July, according Ryan Hoge, a principal group program manager for OneDrive Mobile, in a Monday Microsoft "Intrazone" talk.

OneDrive consumer users might use Personal Vault to store files after scanning IDs, tax documents or budgets, or it can be used to store photos, according to Paul Diamond, a product marketing manager for OneDrive, in the Monday talk. OneDrive's "scan and shoot" capability for capturing photos of documents will work with Personal Vault.

Diamond said he typically gets questions about whether Personal Vault was added because the rest of OneDrive is insecure. "The answer is, 'No,'" he said. Microsoft already includes a number of security features in OneDrive, including ransomware detection and recovery, suspicious login monitoring, file encryption at rest and transit, mass file deletion notification, virus scanning on download for known threats and version history for all file types. OneDrive also has password-protected sharing links, as well as expired sharing links, Diamond added.

OneDrive users will know that they have access to Personal Vault because it'll show up as a gray vault-like icon in a OneDrive application.

Storage limits using Personal Vault are based on consumer OneDrive subscription types. For instance, Office 365 Personal or Office 365 Home subscribers don't have any Personal Vault file storage limits beyond their general subscription storage limits. Users of Microsoft's free consumer OneDrive plan with 5GB of storage or its "standalone" 100GB OneDrive plan are limited to storing "up to three files in Personal Vault."

A two-factor authentication scheme, beyond a password, is required to gain access to Personal Vault. The second factor to enable authentication might include providing a person's "fingerprint, face, PIN, or a code sent to you via email or SMS," Microsoft's announcement clarified.

Personal Vault also can verify user identities via the Microsoft Authenticator App, according to Diamond. He added that "we ask browsers not to cache information" when browsers are used to access Personal Vault. Hoge said that Personal Vault will work with various biometric access authentication methods on mobile devices, too.

For Windows 10 PCs, Personal Vault uses BitLocker encryption, which is Microsoft's drive encryption technology. Personal Vault restricts file sharing by default and will automatically lock document access after a period of inactivity. Users can set that inactivity interval, if wanted.

Personal Vault is available in OneDrive applications for Android 6.0 or higher devices, as well as iOS 11.3 or higher devices. It's also available with OneDrive on the PC or the OneDrive.com service accessed through a browser.