OneDrive Personal Vault is available to Microsoft 365 users across the globe. It’s an extra security level for your most important and private files. Here’s how to setup, use it and work with Office documents in the Vault folder.
OneDrive Personal Vault is a more secure extension to standard OneDrive. It’s now available to all Microsoft 365 customers.
We’ll look at what Personal Vault is, how to use it and tricks to bypass some limitations. Crucially how secure the Personal Vault really is.
What is OneDrive Personal Vault?
Microsoft describes Personal Vault as a ‘protected area’ with a ‘new layer of security’ within the OneDrive.
Personal Vault is part of OneDrive and can be as large or small as you like within your overall OneDrive quota (1TB for Office 365 customers). In theory, Personal Vault could take up your entire 1TB.
Files in the Personal Vault need an extra login or security code to access. It’s two-factor authentication for part of OneDrive.
If you have two-factor authentication for your Microsoft account (and you really, really should) then Personal Vault is a simple extension of that.
If someone managed to access your OneDrive files (ie your Microsoft account) they’d still need another time-limited code to get into the Personal Vault files.
It’s intended for especially personal or confidential files like photos of your passport, birth certificate, tax records etc and other stuff you’d like to keep away from others.
Personal Vault can be synced to a Windows 10 computer, just like any other OneDrive folders. The Personal Vault folder gets extra protection, being saved in a special encrypted store using Bitlocker technology. That means if someone steals the computer, they still can’t access Personal Vault files.
We strongly suggest using Bitlocker with hard drives on Windows laptops and tablets. It protects the entire drive (not just Personal Vault) if the computer it stolen. Windows 10 for Microsoft Office users has a chapter all about setting up and using Bitlocker.
If the Personal Vault is synced to other devices (Mac, iPhone, iPad, Android) you must rely on the protections available on those devices.
Who gets OneDrive Personal Vault?
Everyone with a OneDrive account now has Personal Vault.
- Microsoft 365 customers (with 1TB quota as part of their paid plan) can put as many files as they like into the Vault folder.
- Free OneDrive users (with 100GB limit) can only save 3 files in the Vault. But there are ways around the three file limit.
Setup Personal Vault
Personal Vault has been enabled for all eligible OneDrive users but there’s a little setup necessary. The setup can be done either online or in Windows 10. It’s probably easier to setup in the web browser.
Go to https://onedrive.live.com/ and you’ll see it there among the folders.
Click on the Personal Vault folder
Then confirm your login. If you have two-factor authentication setup for your Microsoft account, just use the authentication app.
And you’re ready to go:
Personal Vault will close automatically if there’s no activity for a little while. Microsoft says the timeout is 20 minutes but was noticeably less than that in some of our tests. Whenever you access the Vault folder, confirmation is necessary.
View suggested file types
The suggested files types link is really a checklist of documents you could put in the Personal Vault.
Of course, that list is just suggestions. You can save any type or size in the Vault.
The Personal Vault has a different moving option. Instead of the usual ‘Move to…’ option it’s ‘Move from’ to bring files from other folders into the Vault folder.
Otherwise Personal Vault files have the same options as other OneDrive files.
Setup in Windows 10
In Windows 10, go to the OneDrive app, More menu and choose ‘Unlock Personal Vault’.
If you don’t see Personal Vault options, make sure your OneDrive app is up to date.
Then wait while the specially encrypted Vault container is setup. It should not take long.
Once setup is finished, Personal Vault may appear in the Explorer’s OneDrive folder list but as a shortcut to the special container.
Click on the shortcut to open the container. Files can be managed just like any other folder.
The usual OneDrive status icons apply.
By default, the files are NOT saved on the computer (the cloud icon).
To store on the computer, right-click and choose ‘Always keep on this device’ (the green icons).
Keep all Personal Vault files on the computer
Unlike other OneDrive folders, you can’t mark the Personal Vault root folder to be saved on the device. That’s because the Vault is a separate container from the rest of OneDrive on the computer.
Any files or sub-folders in the root folder have to be tagged ‘Always keep on this device’ separately.
However, Vault sub-folders can be marked ‘Always keep on this device’ with the usual right-click option.
To keep all files copied to your computer without syncing each one, don’t put files in the root folder. Instead only have sub-folders.
Mark the sub-folders as ‘Always keep on this device’. Any files in those sub-folders will be synced automatically (the solid green icon).
Unlocking Personal Vault
If you leave a Personal Vault window open but unattended, it will eventually be closed. There’s a warning in the Windows notification area.
Eventually the Vault is locked. Any Explorer window switches to the OneDrive main folder.
To reopen the Vault folder, go back to the OneDrive app, More menu and choose ‘Unlock Personal Vault’. The status appears on the OneDrive app menu from the taskbar.
Working with an open document
Open and edit Office documents directly from the Personal Vault.
If you leave the document open for too long the Vault will automatically close and the document can’t be saved to that folder.
The OneDrive app shows the problem in the taskbar menu. Unlock the Personal Vault so Word/Excel/PowerPoint can save the document.
About Personal Vault
The Personal Vault is a reasonable idea and fairly well implemented but might give people a false sense of security.
It might be tempting to put a lot of files in the Vault but the extra authentication and automatic logout mean that it’s best for files for longer term ‘just in case’ storage.
It’s a good idea to have personal files saved online where they are available anytime and anywhere. Travellers should always have passport, birth certification, insurance and other documents available for emergencies.
Save in the Vault the sort of personal/family/business documents you’d traditionally put in a safe or locked cabinet.
Personal Vault does nothing to protect files from viewing by government agencies (with or without a warrant), some Microsoft employees and Microsoft itself. While these intrusions are unlikely, they are possible. The Vault isn’t complete security.
There are other ways
Instead of the Personal Vault, consider alternatives like password protected documents and other secure containers. These tricks are secure from almost any intrusion including corporate and government efforts.
Personal Vault files are subject to Microsoft’s usual conditions and the law which allows access to any cloud stored files.
Our book Beating Bots, Spies and Cock-ups shows how to encrypt files and secure them from any unwanted access on cloud storage or sending across the Internet.