Protect your OneDrive files in Personal Vault
Applies ToOneDrive (home or personal) OneDrive for Windows

Personal Vault is a protected area in OneDrive where you can store your most important or sensitive files and photos without sacrificing the convenience of anywhere access.

We guide you through setting up your Personal Vault with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. Your locked files in Personal Vault then have this extra layer of security, keeping them more secured in the event that someone gains access to your account or your device.

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

Important: 

  • Personal Vault is available for personal users with a OneDrive Basic, Personal, and Family subscription.

  • Personal Vault is only available from the web, the mobile app, or from a windows PC.

Personal Vault automatically locks after a period of inactivity and then you need to unlock it to get to your files again. All your documents, photos, and videos in Personal Vault are easy to access from onedrive.com, your PC, or other capable devices.

Set up OneDrive Personal Vault

Personal Vault is a special folder in your OneDrive that’s protected by an extra layer of security. You’ll need to set it up separately on each device where you want to use it.

  1. The first time you see Personal Vault in your OneDrive, you'll see a message where you can select Get started.Personal Vault get started

    If you don't see the message or you dismissed it, go to your OneDrive and select the Personal Vault folder.

  2. Read about Personal Vault and select Next or Continue (it varies depending on your device).

  3. In the Verify your identity dialog box, verify your account info and make note of your email address in case you want it for the next step. Then select Verify.

    Note: On the OneDrive mobile app, you'll be asked to sign in to OneDrive first before you see the next screen.

  4. Choose a verification method. For example, select Text and follow the instructions to send yourself a text message on your phone.

    If you're using text or email, you'll need to find the text or email message and type in the code that you were sent. For more information on how Microsoft uses verification methods and codes, see Microsoft account security info & verification codes.

    Note: If you don't receive a code, you might need to adjust your account information. For example, make sure your mobile phone number is filled in for your account.

Two-Factor Authentication in OneDrive

OneDrive Personal Vault provides an extra layer of security by using Two-Factor Authentication, which helps ensure only you can access your critical information. Microsoft 365 Basic, Personal, and Family subscribers previously could only store a small number of files in their Personal Vault. Subscribers can now put as many files as they want in their OneDrive Personal Vault (up to your storage limit).

  1. Sign in to OneDrive.com using your Microsoft credentials.Getting to the Personal Vault from your files location.

  2. Enable Personal Vault (from Settings choose Personal Vault, then click Enable).Personal Vault set up features.

  3. Choose Two-Factor Authentication (2FA). For enhanced security, enabling your OneDrive Personal Vault requires 2FA. You can choose to use a secondary email address, or, for greater security, you can use the Microsoft Authenticator app. For more information about the Microsoft Authenticator app, see How to use the Microsoft Authenticator app.

  4. Enter your PIN. Once you've setup Two-Factor Authentication, you'll receive PINs through your chosen authentication method. Enter this PIN to activate your Personal Vault.

Note: Every time you access your OneDrive Personal Vault, you'll be prompted to authenticate via your selected Two-Factor Authentication method, ensuring that only you can view and edit your most sensitive files.

Upload files or folders to Personal Vault

You can add as many files to your OneDrive Personal Vault as you want (up to your storage limit).

  1. In your OneDrive, select the Personal Vault folder.

  2. If you're prompted, sign in with your selected identity verification method. For example, select Text and follow the instructions to send yourself a text message on your phone.

  3. Select the files or folders you want to add to your Personal Vault.

  4. Select Move to and choose Personal Vault (or drag the items).

Tips: 

  • You can use the OneDrive mobile app to scan documents, take pictures, or shoot video directly into your Personal Vault, keeping them off less secure areas of your device, such as your camera roll. 

  • In the Google Chrome or Microsoft Edge browser, you can upload folders from the Folder option on the Upload menu or drag folders to the website.

Move files to Personal Vault

You can move files that are already in your OneDrive to your Personal Vault.

  1. In your OneDrive, select the Personal Vault folder.

  2. If you're prompted, sign in with your selected identity verification method. For example, select Text and follow the instructions to send yourself a text message on your phone.

  3. Select the files you want to move, and then select Move to.

  4. Select the destination you want, and then select Move here (or drag the items).

Note: You can add as many files to your OneDrive Personal Vault as you want (up to your storage limit).

Unlock your Personal Vault

For security, your OneDrive Personal Vault automatically locks when you're not actively using it. Here's how to unlock it.

  1. In your OneDrive, select the Personal Vault folder.

  2. Verify your identity by choosing a verification method. For example, select Text and follow the instructions to send yourself a text message on your phone.

    If you're using text or email, you'll need to find the text or email message that you were sent and type in the code that you were sent.

    You can unlock Personal Vault with the Microsoft Authenticator app. The app doesn't need Internet access to generate an access code.

Tips: 

  • Regularly review your OneDrive Personal Vault to ensure that everything you've stored there is still relevant and requires the extra layer of security.

  • While your Personal Vault will close automatically after 20 minutes of inactivity, you should close your Personal Vault when you’re done working in it. This habit keeps your sensitive files locked away, even if you forget to close your browser.

Lock your Personal Vault

 You can lock your Personal Vault at any time.

  1. In your OneDrive, select your Personal Vault folder.

  2. Select Lock.

Frequently asked questions

You will see the Personal Vault icon in your OneDrive folders or when you click the OneDrive taskbar icon.

  • Windows 11

  • Windows 10 (Version 1903 or newer)

  • Android 6 (or newer)

  • iOS 11.3 (or newer)

  • A web browser with the latest version of Microsoft Edge, Chrome, or Firefox. For added security, use the In-Private or Incognito mode of your browser.

Personal Vault is a protected area in OneDrive that you can only access with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code from the Microsoft Authenticator app, or a code sent to you via email or SMS.

To learn more about authentication, see How to use two-step verification with your Microsoft account.

Because your Personal Vault is a secure folder, it appears as a shortcut in your file list, rather than the folder list:

On a mobile app, you'll see it in the folder list.

To ensure privacy, Personal Vault items do not appear in search results.

For your protection, your OneDrive Personal Vault will automatically lock after a period of time. This means that access to files or playing videos from your Personal Vault will stop.

On the web, your Personal Vault will lock after 20 minutes of inactivity.

  1. Open OneDrive settings (select the OneDrive cloud icon in your notification area, and then select the OneDrive Help and Settings icon then Settings.)

  2. Go to the Account tab.

  3. Under Personal Vault, select the lock wait time.

On a mobile device, your Personal Vault will lock after 3 minutes of inactivity, but you can change this by going to Me > Settings > Personal Vault > Auto-lock or Inactivity lock and selecting a different duration.

Yes (subject to the normal OneDrive file type limitations). Personal Vault is just a place in OneDrive with an extra layer of security.

Note: We are aware of an issue where old Word docs (e.g., filename.doc) cannot be opened from Personal Vault. Word documents saved in the latest format are OK.

No. You need to move the file out of the Personal Vault to share it. 

If you don't have an Microsoft 365 Family or Personal subscription, you can only add up to three files in your Personal Vault. If you do have a subscription, you can add as many files as you want (up to your storage limit).

Mobile and OneDrive.com: Files deleted from your Personal Vault aren't visible in your recycle bin unless your Personal Vault is unlocked. When your Personal Vault is unlocked, the recycle bin files become visible.

Windows 10: Files deleted from your Personal Vault using your PC are permanently deleted and do not appear in your PC recycle bin. However, you can find the files in your OneDrive.com recycle bin as long as the files were already uploaded to OneDrive.

Two-step verification is required to gain access to Personal Vault.

At this time, Personal Vault on Windows 10 doesn't protect the names or hashes of the files in your Personal Vault when the Vault is locked. The OneDrive team is aware of this limitation and is committed to extending protection to these attributes in a future update.

When a Personal Vault file has been opened in a Windows application, the name of the file might appear in that application's Recent list and in other locations throughout Windows. Consider opening Personal Vault files on OneDrive.com to avoid this behavior. 

Microsoft’s two-step verification helps protect you by making it more difficult for someone else to sign in to your Microsoft account. It uses two different forms of identity: your password, and a contact method. Even if someone else finds your password, they'll be stopped if they don't have access to your security information. If you turn on two-step verification, you’ll get a security code to your email, phone, or authenticator app every time you sign in on a device that you haven't designated as trusted. Two-step verification is applied to all of your apps that require sign-in with Microsoft account. This can be frustrating for some users.

Personal Vault offers efficient, quick access to an area of OneDrive that has an extra layer of security for your most important files. For more information, see How to use two-step verification with your Microsoft account

If you already have two-step verification on your Microsoft account, then Personal Vault adds a few more security benefits, including:

  • Files in Personal Vault files are encrypted using BitLocker when in use locally on a Windows 10 PC

  • Files in Personal Vault are not stored unprotected or cached on your PC, on your device, or in the browser

  • Sharing of files in Personal Vault is blocked, meaning you can’t accidentally share a file from Personal Vault

  • Personal Vault automatically locks after a set number of minutes (the automatic-locking interval varies by device and you can set it)

Editing Office documents (Word, PowerPoint, Excel, etc.) in your Personal Vault is supported only on a PC or on the web.

On a mobile app, you can view documents, but you need to move a document out of your Personal Vault to edit it.

Some customers may see that their Personal Vault folder displays text in the wrong language. This is because of a difference between your OneDrive language settings and your PC language settings.

We have started to deploy a fix, but there are two workarounds immediately available:

  1. Change your Microsoft Account Profile language settings to match your PC language settings (Start > Settings > Display Language).

  2. Rename your Personal Vault folder:

    1. Sign in to OneDrive.com.

    2. Unlock your Personal Vault folder.

    3. Choose Rename from the top menu bar. This will synchronize your language settings.

On your computer, thumbnails are hidden for privacy.

On a web browser and your mobile device, thumbnails are visible.

Need more help?

Contact support icon

Contact Support For help with your Microsoft account and subscriptions, visit Account & Billing Help.

For technical support, go to Contact Microsoft Support, enter your problem and select Get Help. If you still need help, select Contact Support to be routed to the best support option.

Work or school badge

Admins Admins should view Help for OneDrive Admins, the OneDrive Tech Community or contact Microsoft 365 for business support.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.