Microsoft OneDrive update raises security concerns for business data
Microsoft's new OneDrive feature synchronizes personal and business accounts, potentially bypassing security policies and risking data exposure.
Microsoft is introducing a new OneDrive feature that synchronizes data between personal and business accounts, raising significant security concerns. The feature, officially named "Prompt to Add Personal Account to OneDrive Sync," could allow users to bypass corporate security policies, potentially exposing sensitive business data.
How the Feature Works
The feature, set to roll out in June, detects personal accounts on business devices and prompts users to synchronize their files. Once accepted, files automatically sync to the business OneDrive environment without additional configuration. This means if a user logs into a personal Microsoft account on a work device, they’ll receive a notification to link the account by default.
"This default setting bypasses established security protocols, as it lacks inherent controls, logging mechanisms, and corporate policies governing synchronizing personal accounts on business devices," warns Paolo C, Senior Cybersecurity Strategic Advisor at BARE Cybersecurity.
Security Risks
- Unintentional Data Transfer: Users could accidentally sync business files to personal, unmanaged accounts.
- Malicious Activity: The feature could be exploited to exfiltrate sensitive corporate data.
- Lack of Controls: No built-in logging or policy enforcement to prevent misuse.
Mitigation Options for IT Admins
- DisableNewAccountDetection Policy: Suppresses notifications but allows manual account configuration.
- DisablePersonalSync Policy: Blocks all personal account syncing on company devices.
Related: Opening and saving files in OneDrive freezes macOS
This update highlights the ongoing tension between user convenience and corporate security, urging businesses to proactively address potential vulnerabilities.
Related News
Zscaler CAIO on securing AI agents and blending rule-based with generative models
Claudionor Coelho Jr, Chief AI Officer at Zscaler, discusses AI's rapid evolution, cybersecurity challenges, and combining rule-based reasoning with generative models for enterprise transformation.
Rubrik Launches AI Error Recovery Tool Agent Rewind
Rubrik introduces Agent Rewind, an AI-driven data recovery solution addressing risks of autonomous AI errors in enterprises, following its Predibase acquisition.
About the Author
Alex Thompson
AI Technology Editor
Senior technology editor specializing in AI and machine learning content creation for 8 years. Former technical editor at AI Magazine, now provides technical documentation and content strategy services for multiple AI companies. Excels at transforming complex AI technical concepts into accessible content.