OneDrive is natively integrated into Windows, and it only makes sense the data is encrypted and secure. While Encryption makes sure the files are not accessible if the device is lost, Security offers account-level protection, which makes breach difficult and recovery easy for the owner of the account. In this post, we look at the ways to encrypt and secure OneDrive Files.
Topics discussed in this post:
- Encrypt OneDrive Files
- Enable encryption on your mobile devices
- Microsoft 365 Advanced Protection
- Protect files in Personal Vault
- Password-protected links
- Ransomware detection & recovery
- Data Encryption in OneDrive for Business
- Encrypting OneDrive files for security
- Secure OneDrive Account
- Create a strong password
- Use two-factor verification
- Add security info to your Microsoft account
How to Encrypt OneDrive Files
There are two ways to encrypt OneDrive Files. Frist is the native method that can be done through the phone, and the second is to use the Microsoft 365 Advanced Protection.
1] Enable encryption on your mobile devices
Both iOS and Android offer device encryption. If you search it in your settings, you should be able to find it. Once done, the phone can be opened only through the fingerprint, PIN, or Pattern.
2] Microsoft 365 Advanced Protection
1] Protect files in Personal Vault
Personal Vault is a secure area in OneDrive which is password protected. It can be used to safeguard any file which you add here. The best part of this feature is that it will automatically lock if it is not used for a period of time. You can also add an unlimited number of files in Personal Vault. I would suggest that if you have too much sensitive data, always use this feature.
2] Password-protected links
One of the biggest issues with hearing files using a link is that anybody with a link can be accessed. If you cannot add an account to the file you want to share, the right way to share a file will be using a password. The option is available under Link settings, where you can also add the expiry date for the shared file. Both of these methods are the right way to share files.
3] Ransomware detection & recovery
If your PC gets infected file include those on OneDrive, Microsoft office 365 will notify you about it. It will make sure the files on the cloud can be recovered once you confirm that the files are infected. Since OneDrive offers versioning, it is possible to restore the files easily. However, make sure that the malware or ransomware is not available anymore on the PC.
4] Data Encryption in OneDrive for Business & Sharepoint
Here you get two additional security—in-transit and at-rest encryption side of data security. When at rest, the account gets BitLocker disk-level encryption and per-file encryption of customer content. While the former locks the drive, the latter adds a unique encryption key to each file.
Since the files are stored in the cloud, it doesn’t matter where it is, any reconstruction file, when the requested process has to go through three physical storage components—the blob store, the Content Database, and the Key Store. With all three, the data will be useless. Read more about it here.
Read: Tips to secure a OneDrive account.
5] Encrypting OneDrive files for security
There are many third-party programs available to encrypt entire hard drives or on a file-to-file basis. The Windows Club has a list of some of the best free file encryption software. You can use these programs to encrypt the entire OneDrive folders on your local computer so that when they are uploaded, they are encrypted – or you can encrypt only the ones containing sensitive information. You may also use Windows default BitLocker or NTFS encryption to encrypt the files.
2] How to Secure OneDrive Account
There are three ways to secure OneDrive Account. It will make sure the account is difficult to hack, and with additional information, you can recover if there is a breach.
1] Create a strong password
It goes without saying that not just a OneDrive account, but any account should have a strong password. There are strong password generators within the browser that you can use with your account.
2] Enable two-factor verification
Similar to a strong password, it is important to enabling two-factor authentication. Every time you log in, you will have to authenticate it using a code generated by secure apps such as Microsoft Authenticator and Google Authenticator.
3] Add security info to your Microsoft account
Make sure you have included enough information in your account, including recovery email id and phone number. This will help you get back the account if it is hacked or forgotten the password.
OneDrive Personal and OneDrive for Business both offer security features to files and accounts. It is important that we also enable certain features that have to be enabled by the end-user, such as 2FA, Personal Vault, and more. Those using OneDrive for business already have a secure environment but make sure the PC and account are protected.
This post has been updated in July 2021.