With the “Personal Vault” in OneDrive, users can provide special protection for data they store in the cloud. Stricter security rules apply to access to the vault. This is a simple way for users to increase data security for their cloud data.
OneDrive personal vault in practice
The personal vault is a protected data area in OneDrive where users can store sensitive data. Even though the data is specially protected, it can still be accessed anywhere. The same files can be stored in the personal vault as otherwise in OneDrive. The files that are not allowed can be found on the page “Invalid file and file types in OneDrive, OneDrive for Business and SharePoint”.
Users can relatively easily save data directly to the personal vault, or move it afterward. This generally works like saving or moving files to other folders. Those who do not want to use the data vault can deactivate it in the options. To do this, the settings of OneDrive are called up in the web browser and then the menu item “Personal vault”.
Here, the function and the corresponding icon can be removed with “Deactivate” at “Deactivate personal vault”. If files are stored in the vault, the files will be irretrievably deleted when deactivated.
Two-step authentication is required to access folders. In addition, the folder is automatically locked again after a few minutes. The time until locking depends on the client used. When accessing via smartphones and tablets with the OneDrive client, access is automatically locked after 3 minutes; when accessing via the web browser, access is only locked after 20 minutes.
Limitations of the personal vault
The personal vault has some restrictions. In the free version, only three files may be stored in the vault. If you want to store more data in the vault, you have to go for Office 365 Home or Personal and take out a subscription here. There is currently no vault in OneDrive for Business.
Files stored in the personal vault cannot be integrated into a search engine, nor can they be shared with other users. To share files in the vault with other users, the file must be moved from the vault to another folder.
Files in the personal vault can be edited on a PC or on the web. If editing is to be done on a smartphone, the file must first be moved from the vault. However, the files will also appear in the list of recently edited files. This must be taken into account when using them on public computers.
Accessing the data vault
So, when accessing the data vault via the web browser, users must authenticate again to be allowed access. To access the vault, Microsoft recommends Firefox, Chrome, or Edge. Normally, other browsers work as well. The corresponding incognito mode can also be used.
First, the user logs in to OneDrive, and then a second authentication has to be performed to access the vault. OneDrive displays options for this. Here, either the code can be sent via email to an alternative email address or an SMS to a phone number can be used. It is also possible to use the authentication app for Microsoft accounts.
After that, the contents of the vault are opened. Those who have installed the OneDrive client in Windows can also access the vault. For this purpose, a shortcut is displayed in the OneDrive client, via which access is possible. However, a new authentication has to take place here as well, just like with web access. Therefore, the OneDrive client also displays the options for the second login here.
Via the context menu of the OneDrive client, the option “Unlock personal vault” is displayed. By selecting the option, the user has to log in again with the second authentication method. The same way can be used to lock the vault again.
In addition to web access and access via the OneDrive client in Windows, the personal vault can also be used in the OneDrive apps for iOS and Android. Further authentication options are available here, for example, Face ID or Touch ID.
Once the folder is unlocked, the contained files can be accessed. However, the files cannot be integrated into the Windows search.
Managing deleted files from the vault
If files are deleted from the vault, OneDrive moves them to the recycle bin. However, the files are not displayed in the Trash. Only when the vault is unlocked does OneDrive also show the deleted files from the vault in the recycle bin.
Configure data vault
The configuration for the data vault is done via the web interface of OneDrive. Here, the menu item “Personal vault” is available in the settings. As with accessing the data in the vault, a re-authentication must also be carried out when adjusting the options.
After authentication, the settings of the safe can be called up with “Manage”. The main thing that can be controlled here is which e-mail address or telephone number should be used for verification. Options can be added and removed here.