Microsoft OneDrive Update is a Risk to Business

Microsoft is Rolling Out a New OneDrive Feature that Syncs Data from Personal Accounts with Business Accounts

The feature, officially called “Prompt to Add Personal Account to OneDrive Sync,” allows users to bypass traditional security policies.

While designed to streamline file access, this update has raised significant security concerns as it could result in business data being easily transferred out of corporate environments and ending up in the wrong hands.

What is Happening?

Microsoft will enable the feature in June. It detects personal accounts on business devices. Users will then receive a notification to synchronise their OneDrive files. When users accept the notification, their files will automatically start synchronising alongside their business OneDrive environment without additional configuration.

This means that if a user logs in with a personal Microsoft account on a business device, they will receive a notification to link the account by default.

The user is responsible for giving permission, however, accepting the notification may seem convenient or easy if they are unaware of the risk.

Security Risk with Automatic Sync of OneDrive

Security experts warn that this feature poses a significant risk to the transfer of sensitive business data to personal, unmanaged environments.

Once synced it will enable users to easily copy files from their business OneDrive to their personal account and vice versa. The automatic syncing feature lacks inherent controls and logging mechanisms, making it difficult to monitor or restrict data transfers between personal and corporate accounts.

Consequently, it creates a substantial risk of sensitive corporate data being unintentionally or maliciously transferred to personal, unmanaged OneDrive account.

Limit Your Risk

We’re strongly advising that clients implement preventative policies before the rollout to avoid these risks. The following actions can be taking to mitigate the risks associated with this new feature:

• DisableNewAccountDetection: This policy suppresses the prompt for users to add their personal accounts while allowing them to manually configure their accounts if required.

• DisablePersonalSync: This policy completely prevents users from syncing their personal OneDrive accounts on corporate devices.

• Use Intune Settings: If using Microsoft Intune, administrators can enable the setting to prevent users from syncing personal OneDrive accounts, which may also help block the prompt.

• Registry Changes: It’s recommended to set specific registry keys on client devices to disable the OneDrive personal prompt.

How Can Technical Drive Help?

Technical Drive can proactively implement these measures to prevent the OneDrive Sync from occurring and help to protect data and maintain compliance. This will need to be implemented before update takes place in mid-June.

If you’d like Technical Drive to implement these actions for your organisation, please contact us asap. For information speak to your Account Manager.

Call Us on 01527 880088

Get in Touch Online