SOLVED

Password Protect Access to OneDrive for Business from PC

Copper Contributor

Only I use my laptop and I don't want to share docs with anyone else. I am using OneDrive for online secure data storage only. When I start my laptop OneDrive loads and is accessible from my laptop to anyone who can turn the laptop on.

Can I password protect access to OneDrive so that I have to login once a day to turn it on and can log out at the end of the day. That way if my laptop is stolen the and turned on OneDrive documents are not freely available to the thief.

10 Replies
This isn’t a feature of onedrive itself! Don’t you have different profiles on your computer with some sort of authentication in order to login?

I do but because there is just me accessing it I have just one profile and that requires a password on start up but I was hoping for a secondary password / login to OneDrive for additional security.

 

Any ideas?

I know they are working on password secure share links but the feature you want do not exist, I’m afraid! There is a uservoice about password protecting folders within onedrive here:

https://onedrive.uservoice.com/forums/913534-onedrive-security-policy-administration/suggestions/770...

It has quite a few votes already, but has the status of “thinking about it” since 2017 :)
Assuming your local account isn't tied into OneDrive, you are probably best to just use the Web version of OneDrive. Since the sync client requires you to set it up each time you log out. That would be my recommendation.

Otherwise as Adam says you have to have different profiles and implement things like bitlocker to prevent people from accessing your offline files if your device is stolen.

Thanks to all for help - Seems madness that I cant protect further my files on OneDrive

well I mean you can password protect your files but, the idea is your OneDrive is protected with your computer account etc. So basically you're doing it wrong there :P.
Do you password protect other folders on you computer?
This is how it has worked always! You login - then gain access to your files! In the mobile apps you can protect the app itself with a pin code or biometric! What scenario are you afraid of and see another authentication step necessary?

I am not tech savvy but here goes.

 

I password protect login to my laptop - so in theory no-one can login without my password. However I have been told that someone who knows what they are doing could probably bypass the login password and gain access to my laptop. If they did this by removing the hard disc or using some other device I felt that a secondary login to the online files which I will store on OneDrive would be useful as I don't plan to store these sensitive business files on the laptop hard drive - I plan to have them online only as I thought it would add extra security i.e If someone did somehow get the laptop booted by bypassing the login password they would then have to bypass a secondary password protected login to access my business files on OneDrive and hopefully by the time they get round to that I would realise the laptop is gone and delete the OneDrive files remotely.

Does any of that make sense???

Use bitlocker to protect anyone to access your files by gaining access without knowing your password
For online I guess you could setup multi factor authentication
best response confirmed by Stephen Rose (Microsoft)
Solution

In response to your hard drive being taken out and used externally. If you are using secure boot and Bitlocker drive encryption (standard in all Windows 8 and 10 hardware), your drive can not be read as the date is encrypted and tied to the device hardware. Unless your storing state secrets, the amount and time, effort and cost involved to gain access to your hard drive would not be worth it. The thief would be better off going after a Windows 7 laptop or Windows 10 running on W7 hardware. 

 

Our goal is to reduce the amount of times you need to log in to applications, hence single sign on. If you need to password protect a folder, there are many third part apps available but, additional encryption of a folder will cause the folder to synch more slowly and you will need the unencryption key to access and unlock the data.

 

I will pass your feedback onto the team. It's a feature we may look at for consumer (a password protected vault perhaps) but for business, there are always so many ways to additionally protect content with DRM, DLP, IRM, AIP and WIP as well as customer lockbox and hold your own encryption key, I don't feel this is a path we would pursue but I will pass it on.

 

Thanks for the comments,

-Stephen

1 best response

Accepted Solutions
best response confirmed by Stephen Rose (Microsoft)
Solution

In response to your hard drive being taken out and used externally. If you are using secure boot and Bitlocker drive encryption (standard in all Windows 8 and 10 hardware), your drive can not be read as the date is encrypted and tied to the device hardware. Unless your storing state secrets, the amount and time, effort and cost involved to gain access to your hard drive would not be worth it. The thief would be better off going after a Windows 7 laptop or Windows 10 running on W7 hardware. 

 

Our goal is to reduce the amount of times you need to log in to applications, hence single sign on. If you need to password protect a folder, there are many third part apps available but, additional encryption of a folder will cause the folder to synch more slowly and you will need the unencryption key to access and unlock the data.

 

I will pass your feedback onto the team. It's a feature we may look at for consumer (a password protected vault perhaps) but for business, there are always so many ways to additionally protect content with DRM, DLP, IRM, AIP and WIP as well as customer lockbox and hold your own encryption key, I don't feel this is a path we would pursue but I will pass it on.

 

Thanks for the comments,

-Stephen

View solution in original post