In the landscape of cloud solutions for data storage, OneDrive has established itself as one of the most widely used tools in modern organizations.
Integrated into Microsoft 365, it allows users to store, share, and sync files across multiple devices easily and quickly. Additionally, it enables real-time collaboration on Microsoft 365 documents (Word, Excel, PowerPoint, OneNote) and provides access to content via apps, browsers, and—when integrated—Windows File Explorer. All these features make OneDrive an essential tool for millions of users, both personally and professionally.
New OneDrive Feature
Starting in June 2025, a new OneDrive feature introduced by Microsoft will prompt users actively using a business OneDrive account to also sign in with their personal account. This will make it possible to use both a personal and a business account within the same OneDrive client simultaneously. Contrary to some claims circulating online in recent days, it is important to clarify—as confirmed by Microsoft—that this new feature will not automatically sync files from the personal account with those in the business account.
Users must intentionally move or save files from one account to the other, and by default, Microsoft blocks the transfer of folders to personal OneDrive accounts from organization-managed devices (domain-joined).
What Are the Security Risks?
Even though there is no automatic synchronization between personal and business accounts, the transfer of files from one account to another will be easier. This introduces a significant privacy risk: a user’s personal documents can be easily transferred to their business account, and vice versa, business data could be moved to an unprotected personal account.
Companies may find themselves managing highly sensitive employee data within their systems, such as private photos, tax documents, and medical records. Moreover, it is inevitable that some employees will accidentally save a corporate file to their personal OneDrive, which may in turn sync the file to their personal computer. In such a case, a breach of the employee’s personal account could result in unauthorized access to confidential corporate information.
Security Countermeasures
Organizations that have already disabled personal OneDrive accounts on company devices will not experience any changes in their settings following the rollout of this new feature. However, if such a restriction has not yet been configured, the following countermeasures are recommended to mitigate security risks:
Implement the
DisableNewAccountDetectionpolicywhich suppresses notifications but still allows users to manually configure their personal accounts.
Implement the
DisablePersonalSyncpolicywhich completely prevents users from syncing personal OneDrive files on company devices.
The official Microsoft guide can be consulted at the following link.
Conclusion
The new OneDrive feature has raised some concerns, but it’s important to clarify that it does not result in automatic synchronization between business and personal accounts.
Fully understanding how it works is essential to avoid unnecessary alarm and to apply any countermeasures appropriately. If not already in place, it is advisable to configure the DisableNewAccountDetection and DisablePersonalSync policies to mitigate the risks associated with using personal and business accounts simultaneously in the same OneDrive client.
