Last month, Microsoft announced that they are going to be rolling out a new OneDrive sync feature in May 2025. But be careful; if you intend on using this, just know, this is a data disaster waiting to happen to your company.
The new feature titled “Prompt to Add a Personal Account to OneDrive Sync” allows OneDrive to detect if there are any other Microsoft personal accounts that are not synced to their business devices. This will then ask the user if they would like to sync their personal files and folders on their business devices. Once accepted, the personal files will be synced alongside their professional work files and “no action is needed to enable this behaviour by default.”
If users accept this new sync feature they can freely transfer their personal files to business accounts and vise-versa, allowing potentially sensitive company data to be shared in a completely uncontrolled environment with anyone outside the business.
By simply copying and pasting a business folder onto a personal account, any file can be passed and distributed outside the scope of your company. A seamless data breach in the bow of personal convenience.
The sync feature completely removes existing security protocols as it entirely neglects the corporate guidelines that are in place to expressly prevent the synchronisation of personal and professional accounts.
IT admins can use 2 group policies to mitigate this feature but only if they are known and enabled prior to any files being transferred outside the business.
This policy simply prevents the prompt from appearing on users screens. However, users that are aware of the feature can still configure and enable it manually in their personal account settings. You cannot rely on this policy alone to keep your companies data safe.
By enabling and implementing this policy, users are prevented from syncing their personal Microsoft accounts to business devices. It is important to reiterate that if any files have already been transferred from a business device to a personal account, those files will remain on the personal account and have to be manually deleted by the user.
Not to sync. Microsoft enables this feature by default and it’s up to your IT department to make sure this doesn’t become a problem before it even exists. If you don’t, you are opening yourself to a massive data breach and malware invasion and you will be none the wiser.
If you feel like you need help with your cyber security, you can ask us for help.
At Labyrinth Technologies, our aim is to help businesses boost their cyber security without breaking the bank. We provide honest advice, carefully curated strategies, and clever solutions tailored to your business. Get in touch with us here.
© 2025 Labyrinth Technology Limited. Company number 04326900. Web Design by Netzoll
Empowering London Businesses with Efficient IT Solutions to Save Time and Stay Ahead of the Competition.
