Microsoft is rolling out a new OneDrive feature called “Prompt to Add Personal Account to OneDrive Sync” that encourages users to synchronize their personal OneDrive accounts alongside their work accounts on the same device.
Why This Is a Problem
This capability creates several security vulnerabilities:
- Work files may end up in personal accounts and shared beyond organizational boundaries
- Compromised personal accounts could introduce threats to work environments
- No audit trail exists for data transferred to personal accounts, making it impossible to track lost or stolen information
Industry Response
The technology industry raised significant concerns about this feature’s security implications. Following industry pushback, Microsoft delayed the rollout by one month to allow security professionals time to implement protective measures.
What ITS Has Done
ITS has already blocked this setting for all managed Microsoft 365 domains using the DisablePersonalSync policy. If your organization is managed by ITS, you’re already protected.
Organizations without managed domains should inform staff about this update and discourage personal account synchronization.
Have questions about your OneDrive or Microsoft 365 security settings? Get in touch.