OneDrive Security: Three Points of Attention to Better Control Your Data

In a context where collaborative tools have become indispensable, OneDrive, the individual storage service of the Microsoft 365 suite, stands out for its real-time synchronisation capabilities, its automatic saving (versioning) and its multi-device accessibility. OneDrive makes it easy not only to be productive, but also to collaborate.

However, managing data stored and shared on OneDrive is crucial for businesses, particularly in terms of privacy, compliance and information security. Understanding how it works is essential to manage access over time, prevent sharing and configuration errors, and effectively manage storage, which can quickly become problematic.

This article focuses on three points of attention for better control of data on OneDrive: share and access management, sensitive file sharing, and storage quotas.

On the program:

Managing shares and access on OneDrive
Sharing sensitive files on OneDrive
OneDrive storage quotas

Managing shares and access on OneDrive

Managing sharing and access on OneDrive involves controlling who can see and modify files and folders stored on the platform. This includes setting permissions for internal and external users, as well as monitoring sharing activities.

Uncontrolled sharing can lead to several risks, including:

Data leaks: Sensitive information may be accidentally shared with unauthorised persons.
Unauthorised access: Unauthorised users may access confidential files.
Oversharing: Files may be shared excessively, increasing the risk of leaks.
Too open access: Too broad permissions can allow users to modify or delete important files.

Managing OneDrive sharing in Outlook

Outlook, especially when used in an enterprise environment with Microsoft 365, is tightly integrated with OneDrive. Microsoft encourages the use of OneDrive for storing and sharing files because it offers several advantages: Outlook has size limits for attachments. If the attachment exceeds a certain size (usually 25 MB), Outlook may automatically offer to upload the file to OneDrive and share a link rather than attaching it directly to the email. Outlook or your organisation's settings may be configured to use OneDrive by default for attachments. The same behaviour is found in Teams with files uploaded to private conversations or Teams meeting recordings:

Files shared in private or group chats are stored in the sender's OneDrive for Business.

Files shared in team channels are stored in the team's SharePoint document library.

Meeting recordings are stored in OneDrive for Business or SharePoint, depending on the meeting type (private chat or team channel).
Administrators can adjust these settings according to the needs of the organisation

Sharing sensitive files on OneDrive

A sensitive file is a document containing confidential or business-critical information, such as salaries, financial results, or any other data that, if disclosed, could cause damage to the organisation.

Microsoft allows you to categorise your files in OneDrive with security labels via Microsoft Purview Information Protection, according to the nomenclature defined by your company. These labels may include:

C1 - Public: Information accessible to all.

C2 - Internal: Information reserved for company employees.

C3 - Confidential: Highly sensitive information requiring strict protection.

Extensive shares become particularly problematic when they involve files labelled confidential. For example, it is crucial to regularly check external and internal sharing settings. An uncontrolled sharing link (anonymous or company-wide link) for these documents can lead to the overexposure of sensitive information.

There are OneDrive policies to limit certain use cases, such as controlling content synchronisation (with Entra ID) or restricting a user's OneDrive access (security group).

OneDrive is used as personal storage. It is not uncommon to find personal files such as photos or videos there.

It is therefore essential to empower and involve OneDrive owners so that they manage who can access their data, and to be vigilant about the consumption of this space. Rigorous management of access and sharing over time makes it possible to clean and delete obsolete, unnecessary, overly permissive sharing links and limit risks.

MyDataSecurity: the dashboard to easily manage OneDrive sharing and access

MyDataSecurity is a personal dashboard to highlight potential oversharing or security risks, represented by the red dot of the points of attention for OneDrive data owners.

Screenshot of the MyDataSecurity platform with the different points of attention

OneDrive points of attention

In order to raise awareness for the data owner of the various risks (non-compliance, security, confidentiality), MyDataSecurity relies on points of attention. This allows you to highlight a configuration or permission set on a potentially risky file (or folder) in your OneDrive. It is represented by both a red dot and a red label.

We find the points of attention: on anonymous sharing links or corporate sharing links on sharing sensitive files on sharing your Outlook attachments and others.

Methods of deleting shares

OneDrive offers management options for deleting shares, which can sometimes make the process a little more complex. MyDataSecurity is designed with maximum simplicity in mind; with the ability to remove current access rights, it is possible to:

Either delete all sharing links from the focus point. We centralise all files and folders affected by the points of attention in one view. In three clicks, the user can remove all of these risks from their OneDrive. Simple, fast, efficient.
Or delete with greater precision using the search bar. A quick search allows you to list all the files concerned by sharing type (anonymous, business, sensitive, etc.). It is possible to delete shares file by file.

OneDrive storage quotas

A storage quota is a limit set on the amount of data a user or organisation can store in OneDrive. These quotas are essential to efficiently manage storage space and avoid saturation. Storage quotas in OneDrive are set by organisation admins, and can be adjusted based on specific user or team needs. Quota management includes monitoring storage space usage and enforcing limits to prevent overload.

Storage quota saturation can lead to several risks, including loss of important data if available space is exhausted. Additionally, storage costs can increase significantly if additional steps are not taken to proactively manage space. Ineffective management of storage quotas can also affect productivity and collaboration within the organisation.

Optimising storage on Microsoft 365 by reducing the volume of unused data and improving data lifecycle management is crucial. This frees up space, reduces costs and ensures quick and easy access to the information you need. To address these challenges, our MyDataManagement solution optimises data storage on Microsoft 365. It offers a personal dashboard that makes it easy to clean up unused, obsolete and bulky data. Additionally, it allows administrators to launch mass remediation actions, thus ensuring efficient and proactive management of storage space.

By empowering data owners, adopting security measures, and using the right tools, users can get the most out of OneDrive while protecting your data. Ensure your digital work environment remains secure and productive, enabling effective collaboration without compromising the confidentiality and integrity of your information.

MyDataManagement : the new solution to reduce your obsoletes and inactives files on Microsoft 365