'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
How to secure your sensitive OneDrive files with a Personal Vault
I use Microsoft OneDrive to back up and sync my documents, photos, and other files across my different PCs and mobile devices.
See also
Though my OneDrive files should be safe and secure in the cloud and on my various devices, I'm still concerned that files with confidential or sensitive information may be exposed. For that reason, I use a feature in OneDrive called Personal Vault.
By including specific OneDrive folders or files in this vault, you can add an extra layer of authentication required to access this content.
By default, the vault remains locked until you need it. You unlock it with whatever method you use to protect your Microsoft account. After you unlock the vault, it automatically locks after a certain amount of time to again protect your files.
Also: How do I get OneDrive under control [Ask ZDNET]
Requirements
To take full advantage of the Personal Vault, you need a Microsoft 365 Family or Personal subscription. With either plan, you can add as many files to the vault as space allows. Without a Microsoft 365 plan, you can include only three files in your vault, which likely wouldn't do the trick for most people. Further, the Personal Vault is available only with the OneDrive personal app and not with OneDrive for Business. Otherwise, the vault works the same in Windows 10 and 11.
How to secure your sensitive OneDrive files with a Personal Vault
1. Protect your Microsoft account and OneDrive access
Before you activate the Personal Vault, you should protect your Microsoft account as well as OneDrive access with the right type of multi-factor authentication, such as an authenticator app or a physical security key. In this case, use the Microsoft Authenticator app, which you can set up to send a notification to your mobile device when you want to unlock your Personal Vault.
Turn on the Personal Vault.
Also: Multi-factor authentication: How to enable 2FA to step up your security
2. Right-click the OneDrive System Tray icon and select View online
For the next steps, I'll assume you're already using OneDrive to back up and sync key folders and files. Right-click the OneDrive System Tray icon and select the option for View online. Sign in to OneDrive with your Microsoft Account. Under My Files, double-click the folder for Personal Vault. You'll be asked to authenticate this access through the multi-factor authentication in place for your account. Approve the sign-in via the Microsoft Authenticator app on your mobile device.
Get ready to move folders and files to your Personal Vault.
3. Move the files you wish to protect
The next screen then prompts you to move the files you wish to protect into the Personal Vault. Consider the files that contain the most private or confidential information, such as financial or tax data and personal ID numbers. Click the Move from heading at the top.
Drill through the different folders in OneDrive and select the subfolders and files you want to move to the Personal Vault. Then click the heading for Move items. Continue this process until you've moved all the necessary items.
Select folders and files to move to your Personal Vault.
4. Wait for folders and files to sync to your local OneDrive storage
When done, you should see the folders and files you selected appear in the Personal Vault. Close the online site for OneDrive. Wait for the folders and files to sync to your local OneDrive storage.
View the folders and files moved to your Personal Vault.
5. Set the amount of time the Personal Vault will wait to automatically lock
After activating your Personal Vault, there's one setting you'll want to tweak. Right-click the OneDrive System Tray icon and select Settings. Select the Account tab and click the dropdown menu for Personal Vault. Here, you set the amount of time that the Personal Vault will wait to automatically lock after you've unlocked it and have stopped using it. I set mine for 20 minutes to be on the safe side, but you can choose a longer duration if you wish. Click OK.
Set the time to automatically lock your Personal Vault.
6. To access files in your Personal Vault, select Unlock Personal Vault
Now, let's say you need to access certain files in your Personal Vault. Right-click the OneDrive System Tray icon and select Unlock Personal Vault.
Unlock your Personal Vault.
7. Confirm access with your authentication method
The first time you do this, the Personal Vault has to configure a few settings. You're then prompted to confirm the access with your authentication method.
Confirm the authentication to unlock your Personal Vault.
Also: Two-factor authentication is a great idea. But not enough people are using it
8. When you're done, wait for the vault to lock automatically or select Lock Personal Vault
The Personal Vault folder pops up in File Explorer to display the folders and files inside so that you can now open and view them. When you're done, either wait for your vault to automatically lock itself again or right-click the OneDrive icon and select Lock Personal Vault to immediately lock it.
Lock your Personal Vault.
9. Move folders and files out of Personal Vault that no longer need extra security
Finally, you can move folders and files out of your Personal Vault if you feel they no longer need the extra security. Go to your online OneDrive storage. Open the Personal Vault. Select the folders or files you want to move. Select Move to at the top, choose the folder to which you want to move them, and then click the Move here button.
Remove folders and files from your Personal Vault.