OneDrive Personal Vault is a coming additional part of OneDrive storage that adds more security for important files synchronized with cloud storage.
We’ll describe Personal Vault as we know it from Microsoft’s description. There are many unanswered questions about Personal Vault that will have to wait until it’s live and available for review.
Personal Vault does NOT appear to be the fully encrypted online storage that customers have been asking for. Files saved on Microsoft’s servers are still accessible by the company or government agencies. Full online encryption saves users files with a strong encryption key known only to the customer.
When and who gets it?
Personal Vault will be available to all OneDrive users, including Office 365 customers with the included 1TB quota.
It will be released first to Her Majesty’s former colonies in Australia, New Zealand and Canada with the rest of the world getting it before the end of 2019.
What is Personal Vault?
It’s a reserved storage space within an existing OneDrive quota. Files saved in the Personal Vault space need second verification before you can access them on a computer or device.
At the moment, OneDrive files on a computer or device are protected by whatever security you have on the device. Password login, fingerprint, facial identification plus maybe Bitlocker drive protection.
Personal Vault files get all that security PLUS either:
- What Microsoft describes as a ‘strong authentication method’
- another verification like a PIN, code sent to you via email/SMS or the Microsoft Authentication app (similar to two-factor authentication). On devices with Windows Hello use your fingerprint or face.
On Windows 10 PCs, Personal Vault files are saved to a BitLocker-encrypted area of the local hard drive.
The idea is that Personal Vault files are more secure on your computer/device even if someone get the hardware and manages to access the drive.
Any files can be saved to the Personal Vault including pictures, videos and scanned documents via the OneDrive app .
Office 365 customers could put everything (or almost everything) into the Personal Vault, up to the limit of their online storage. Though that’s probably too much hassle for most files. Personal Vault seems intended for more important and private documents.
Personal Vault files can’t be left open on your device. After a period of inactivity (configurable) the Personal Vault will be locked up again and you’ll need to reauthenticate to gain access.
Open Personal Vault files will be saved and closed automatically if the inactivity time is reached.
It will be very interesting to see how auto-closing of files works in practice with Office for Windows or Mac especially.
OneDrive for Mac?
Speaking of OneDrive for Mac, the Personal Vault announcement didn’t say a word about Macintosh computers.
Apple iPhone and iPad appear to support Personal Vault via the OneDrive app.