Microsoft’s New OneDrive Sync Feature Raises Major Red Flags for IT—Here’s What to Do About It

Microsoft is introducing a new OneDrive feature this month called “Prompt to Add Personal Account to OneDrive Sync,” which automatically detects personal Microsoft accounts on business devices and prompts users to sync them alongside their corporate accounts. While aimed at enhancing file access convenience, this change has sparked significant security concerns among IT professionals, according to a recent article in Cyber Security News.

The primary issue is that this feature is enabled by default, allowing users to sync personal OneDrive accounts without additional configuration. This setup could lead to sensitive corporate data being transferred to personal, unmanaged environments, bypassing established security protocols, logging mechanisms, and corporate policies.

To mitigate these risks, Cyber Security News recommends the following two options:

1. Disable New Account Detection Policy: Suppresses the prompt but still allows manual configuration of personal accounts.
2. Disable Personal Sync Policy: Completely prevents users from syncing personal OneDrive accounts on corporate devices.

Security experts strongly recommend implementing the DisablePersonalSync policy to prevent potential data exfiltration and compliance issues. Organizations should promptly review and adjust their OneDrive management practices and policies to safeguard corporate data.

For more detailed information, refer to the full article: OneDrive New Feature Allows Default Sync of Personal & Corporate Accounts.  If you have concerns about this new feature, please contact us: [email protected].