You dont have javascript enabled! Please enable it! How To Verify Security On Microsoft OneDrive – Complete Overview - CHARBEL NEMNOM - MVP | MCT | CCSP | CISM - Cloud & CyberSecurity

How To Verify Security On Microsoft OneDrive – Complete Overview

6 Min. Read

Of all the workplace tools that a person is likely to use, Microsoft Office 365 is perhaps the most ubiquitous out there. This service can make your life easier in the workspace and even help you achieve higher productivity levels.

However, these rewards come with unique risks, especially related to cybersecurity and data protection. Fortunately, this article will review how to verify security on Microsoft OneDrive in Microsoft/Office 365.

By implementing the techniques and safeguards mentioned here, you can help ensure that your sensitive data and workplace details are not at risk.

What is Microsoft OneDrive?

Microsoft/Office 365 is a subscription-based software service provided by Microsoft that offers a suite of productivity tools and services for both personal and business use.

Microsoft 365 includes popular Microsoft applications such as Word, Excel, PowerPoint, and Outlook and other services such as OneDrive for cloud storage, Microsoft Teams for collaboration and communication, and SharePoint for content management.

With a Microsoft 365 subscription, users can access these tools and services from any device, anywhere, with an internet connection. They receive automatic updates and new features as they are released.

Set up file storage and sharing in Microsoft 365
Set up file storage and sharing in Microsoft 365

Microsoft 365 is available in several subscription plans, with different options for individuals, small businesses, and larger enterprises. These plans include features and services like online meetings, business email hosting, and advanced security features.

In summary, Microsoft/Office 365 is a subscription-based software service that provides users with a comprehensive suite of productivity tools and services that can be accessed from anywhere with an internet connection.

Verify Security on Microsoft OneDrive

Microsoft Office 365 is designed with security in mind, and it includes various features and tools to help ensure the safety of user data. Here are some steps you can take to verify the security of your Office 365 account:

Multi-Factor Authentication (MFA)

While setting up MFA might seem like a bit of a chore, it is pretty important as it serves as an additional layer of security that requires users to provide more than one form of authentication to access their accounts.

By enabling multi-factor authentication, you can help prevent unauthorized access to your account, even if someone else has somehow managed to get their hands on your password.

Enable Azure AD Multi-Factor Authentication
Enable Azure AD Multi-Factor Authentication

As a side note, it’s not feasible to enable Multi-Factor Authentication (MFA) for OneDrive only. MFA will secure the user’s access to all his data and applications in Microsoft 365 by requiring a second form of authentication.

Strong and Unique Passwords

A good password is the foundation of any cybersecurity, irrespective of the software or platform in question. When it comes to using Microsoft, make sure that you use a strong password that is unique and complex.

Avoid using common passwords or repeating passwords across multiple accounts. Additionally, it’s best to practice repeatedly changing your password regularly.

Make sure that your new password is not simply a variation of the old one. Instead, it should be completely unique and not have a discernible link or pattern to the last one.

For this, you could eliminate common and bad passwords using Azure Active Directory (Azure AD) Password Protection. By default, the Azure AD password policy is applied to all user and admin accounts that are created and managed directly in Azure AD. However, you can create your own custom ban passwords list and define parameters to lock out an account after repeated bad password attempts.

Azure Active Directory Password Protection
Azure Active Directory Password Protection

Please note that the Azure AD password policy does NOT apply to user accounts synchronized from an on-premises AD DS environment using Azure AD Connect unless you enable (EnforceCloudPasswordPolicyForPasswordSyncedUsers).

For more information about planning and deploying on-premises Azure Active Directory Password Protection, check the official Microsoft documentation.

Review Audit Logs

Microsoft 365 provides audit logs that allow you to track and monitor user and admin activities in your account. By reviewing these logs, you can identify any suspicious or unauthorized activities.

For more information about the operations that are audited for Microsoft OneDrive, please check the Audit log activities (File and page activities) table.

You could also leverage Microsoft Sentinel to visualize information based on events ingested from the Office 365 audit log to Sentinel.

Microsoft Sentinel | Office 365 activity log connector
Microsoft Sentinel | Office 365 activity log connector

The Office 365 audit log collects large quantities of data from different workloads. Although the audit data is enormously valuable when the time comes to investigate events like a user copying a folder from a site to another location in SharePoint or OneDrive for Business.

Configure Security Settings

Microsoft/Office 365 includes various security settings that can be configured to meet your specific security needs. These include settings for email encryption, spam filtering, and data loss prevention.

Some settings might be excessive for your needs, but it never hurts to be cautious. This is especially the case if you may be handling sensitive work data that should not leak out.

If you are using OneDrive home and personal plans, make sure to use and protect your OneDrive files in Personal Vault. OneDrive Personal Vault is a protected area in OneDrive that you can only access with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS.

OneDrive Settings | Personal Vault
OneDrive Settings | Personal Vault

Please note that personal Vault is not available in OneDrive for business, or work and school accounts.

Software Updates

Frequent software updates can be annoying and tedious, especially as they tend to interrupt the regular flow of work and slow you down for a little while.

Despite this, however, these regular software updates are extremely important in maintaining your account’s security.

Microsoft OneDrive Update
Microsoft OneDrive Update

Make sure that you keep your Microsoft/Office 365 software up to date with the latest security updates and patches. This will help to ensure that any vulnerabilities are addressed in a timely manner.

Monitor Access

Keep track of who can access your Office 365 account and monitor user activity to identify any unusual behavior or potential security breaches.

This can include reviewing user permissions, auditing user activity logs, and configuring alerts for specific actions or events. By default, many of these functions will be handled by an organization’s own IT and security department.

Again, you could leverage Microsoft Sentinel to monitor access on events ingested from the Office 365 audit log to Sentinel. For example, you can monitor when files are shared from OneDrive with third-party guests by running the following Kusto Query Language (KQL) query:

//Find when files are shared from OneDrive to third party guests
//Data connector required for this query - Office 365
| where TimeGenerated > ago(7d)
| where OfficeWorkload == "OneDrive"
| where Operation in ("SecureLinkCreated", "AddedToSecureLink")
| where TargetUserOrGroupType == "Guest" or TargetUserOrGroupName contains "#EXT#"
| project
    ['User Who Shared']=UserId,
    ['Guest Granted Access']=TargetUserOrGroupName,
    ['File Shared']=OfficeObjectId
| sort by TimeGenerated desc 

However, if your company does not have a dedicated IT or security department, it may be helpful to carry out these checks yourself.

Data Loss Prevention (DLP)

DLP is a feature in Office 365 that helps prevent unauthorized users from sharing or accessing sensitive data. By configuring DLP policies, you can prevent users from sending sensitive information via email or sharing it on cloud storage platforms.

Using Microsoft Purview, you can implement data loss prevention by defining and applying DLP policies. With a DLP policy, you can identify, monitor, and automatically protect sensitive items across:

  • Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive.
  • Office applications such as Word, Excel, and PowerPoint.
  • Windows 10, Windows 11, and macOS (three latest released versions) endpoints.
  • non-Microsoft cloud apps.
  • on-premises file shares and on-premises SharePoint.

Learn more about data loss prevention in OneDrive for Business.

Advanced Threat Protection

Office 365 Advanced Threat Protection (ATP), which since September 2020 has become Microsoft Defender for Office 365, is a collection of tools dedicated to preventing online threats.

Advanced threat protection (ATP) is a set of security features in Microsoft Defender for Office 365 that help protect against advanced threats such as phishing attacks, malware, and ransomware. Microsoft Defender for Office 365 is integrated with other Microsoft 365 services such as OneDrive, SharePoint Online, Exchange Online, and others services.

Microsoft Defender for Office 365 amplifies your protection
Microsoft Defender for Office 365 amplifies your protection

ATP includes features such as Safe Links, which helps to protect against malicious URLs, and Safe Attachments, which allows to detection and blocking of malware.

Learn More: How To Use Microsoft 365 Defender?

Conduct Regular Security Training

The best cure is prevention. Educating your employees on security best practices is an important part of ensuring the overall security of your Microsoft/Office 365 account.

This can include training on how to identify and avoid phishing attacks, how to create strong passwords, and how to use Office 365 security features effectively.

Microsoft/Office 365 Security Training
Microsoft/Office 365 Security Training

The training need not be tedious and costly. Even reading an article (such as this one) on best practices for security when using Microsoft Office 365 can go a long way in helping ensure that data breaches are minimized.

Final Thoughts

In summary, Microsoft/Office 365 is an invaluable and ubiquitous tool being used in workplaces all across the world due to the benefits it provides to a user’s productivity. However, due to this importance, it can be a target for hackers and other malicious actors.

Fortunately, ensuring your security is not too difficult. By integrating even a few of the steps shared in this article, you can make your account almost immune to many common forms of hacking.

> Learn more about how OneDrive safeguards your data in the cloud.

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect with 21+ years of IT experience. As a Swiss Certified Information Security Manager (ISM), CCSP, CISM, Microsoft MVP, and MCT, he excels in optimizing mission-critical enterprise systems. His extensive practical knowledge spans complex system design, network architecture, business continuity, and cloud security, establishing him as an authoritative and trustworthy expert in the field. Charbel frequently writes about Cloud, Cybersecurity, and IT Certifications.

Get Started With Microsoft Secure Score

5 Threats Facing Your Kubernetes Deployments – Check K8s Security


Let us know what you think, or ask a question...