OneDrive secure file sharing: Features and limitations explained

In an era where a data breach costs companies an average of $4.88 million, the ability to share files securely has never been more critical. However, it’s equally important to use file-sharing solutions that strike a balance between collaboration and security.

One of the leading solutions in the market is OneDrive, which is trusted by more than a million companies worldwide. However, as security demands increase and risks escalate, businesses should assess whether OneDrive offers sufficient protection for sensitive information. This article examines OneDrive’s secure file-sharing features and compares them to those of specialized virtual data rooms (VDRs).

Key highlights:

• OneDrive provides features such as password protection, restricted downloads, access expiration, and customizable access permissions.
• OneDrive’s viewing and editing permissions can be customized for individual users, anyone with the link, and members of the organization.
• OneDrive is considered Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliant if the organization’s use of the platform adheres to HIPAA data security requirements.
• Virtual data rooms provide enhanced, specialized security features compared to OneDrive, including more flexible access permissions, encrypted downloads, and detailed audit trails.

What is secure file sharing?

Secure file sharing involves transferring documents through mechanisms that ensure privacy and integrity, such as access controls, expiration dates, and password protection.

It’s essential for maintaining the security of business operations, particularly in industries that handle sensitive information, such as healthcare and financial services. OneDrive provides robust security features to safeguard file sharing, including password-protected links, access expiration, and access controls.

OneDrive’s core security features

Here is a detailed breakdown of OneDrive’s link expiration, password protection, and access control features.

Link expiration dates

Link expiration restricts access to shared links for files and folders over time. OneDrive admins can set expiration dates for these links, after which access to the file will be automatically revoked. This feature reduces the risk of accessing outdated and potentially sensitive files. 

Password-protected links

Password protection requires the link’s recipient to enter a password to access a file or folder. OneDrive users can create and apply strong passwords to shared links, providing an additional layer of security to shared files and folders. 

Access permissions

Access permissions enable users to manage which recipients can view and edit shared files and folders. OneDrive provides users with the ability to manage viewing and editing permissions, offering the following options:

• “Open in review mode only” allows comments and suggestions on shared items.
• “Allow editing” allows the recipients to edit, copy, share, move, and delete shared items.
• “Block download” prevents the recipients from downloading shared items.

If “Can edit” is unchecked, the recipients can only view, copy, and download shared items. Additionally, OneDrive provides several options that control who has access to shared links:

• “Anyone” means that anyone with the link has access.
• “People in [your organization]” restricts access to the members of the organization.
• “Specific people” restricts access to select recipients. However, this option doesn’t apply to users who already have access to the link. 
• “People with existing access” refers to individuals who already have permission to view or edit shared links, particularly in the context of collaboration on files and folders.

Robust, granular access permissions are fundamental to secure document management, providing enhanced control over actions and improving the privacy of shared content.

How to use OneDrive for secure file sharing

Files and folders remain private until a user decides to share them. To share files and folders securely, OneDrive users should follow these steps:

1. Browse the file or folder you want to share.
2. Click to select the file or folder.
3. Click “Share” at the top of the page, and the dialog box will appear.
4. Open the “Settings” menu to modify the link access permissions.
5. Check one of the following options: “Anyone,” “People in [your organization],” “People with existing access,” or “People you choose.” This section enables you to control who can access the link.
6. Open “More settings” and select “Can edit” or “Review only.”
7. Select “MM/DD/YYYY” and choose the expiration date for the link. Access will be automatically revoked after the selected date.
8. Click “Set password” and enter a password. Choose a password that is at least 14–16 characters long.
9. Turn on “Block download” to prevent the link recipients from downloading shared content (if applicable).

OneDrive’s shared link settings. Source: Microsoft

OneDrive’s access permissions. Source: Microsoft

Further reading: Explore the key features of a data room app to share files and folders securely on the go.

Compliance and security certifications

Microsoft complies with more than 70 global, industry, and regional data privacy and security certifications, including but not limited to SOC 1/2/3, ISO 27001, GDPR, HIPAA, HITECH, and FedRAMP.

Generally, strong data and privacy compliance is standard practice among technology giants like Microsoft. However, this doesn’t necessarily reflect the platform’s practical capacity to protect sensitive data effectively.

Three best practices for using OneDrive securely

Here are a few practical tips for using OneDrive more securely:

Regularly reviewing access permissions

Organizations that use OneDrive should be aware of the risk of “privilege creep” — when employees accumulate permissions that exceed what’s necessary for their current roles.

Since OneDrive’s shared link permissions can be modified by recipients, it can create challenges in tracking who currently has access to a shared link and the levels of permissions they hold.

To mitigate the risks associated with privilege creep, organizations are advised to review permissions for shared links regularly using Microsoft 365 audit log tools. Audit trails assist administrators in reviewing file and folder activity and changes in access levels for content items.  

Using strong passwords

Using passwords containing 16 characters or more is strongly recommended. The difference in resistance to brute force attacks between a simple eight-character password and a complex 16-character password is exponential. For example, a simple eight-character password may be compromised in just 37 seconds, whereas a 16-character password could take approximately 119 years to crack.

Enabling two-factor authentication

Two-factor authentication (2FA) is a widely recommended practice for protecting user accounts against automated attacks. Not using two-factor authentication significantly increases the risk of data breaches.

For example, an investigation of Microsoft’s network breach in late November 2023 revealed that the breached device inside Microsoft’s network relied on a weak password and didn’t employ 2FA.

Using OneDrive vs. virtual data room solutions

When it comes to secure file sharing, there are more suitable alternatives to OneDrive. Although OneDrive is a general-purpose collaboration tool that integrates with other Microsoft applications (such as Outlook), it lacks specialized security features that maximize file-sharing protection. 

In contrast, VDRs offer security features specifically designed to protect business-critical data in regulated industries. Although data rooms may sacrifice certain collaboration features, such as co-editing, in favor of enhanced security, they continue to be the preferred choice for organizations that require secure and controlled file sharing.

Data rooms not only provide standard security features, like multi-factor authentication, strong passwords, and secure encrypted links, but they also offer much more advanced access permissions. For example, an Ideals data room provides eight levels of permissions, which give significantly greater protection and flexibility compared to OneDrive’s viewing and editing permissions:

• Fence view (a limited visibility mode designed to deter screen capturing)
• View (equivalent to OneDrive’s viewing permissions; however, downloading is restricted)
• Encrypted download (files and folders maintain access permissions even after they have been downloaded) 
• PDF download
• Original download
• Upload
• Manage (equivalent to OneDrive’s editing permissions; however, permission forwarding is restricted)

Data rooms also enable organizations to minimize privilege creep by managing bulk permissions within user groups in a visually intuitive menu.

Ideals’ access permissions can be assigned to user groups through a visually intuitive menu

The restriction on individual collaborators’ right to forward permissions to other users ensures that access management remains under the control of project administrators.

Furthermore, data room audit trails can be selectively configured to display changes in access permissions, making the auditing process more intuitive compared to OneDrive.

Ideals’ permission logs

The bottom line

• OneDrive’s secure file-sharing features offer three levels of access permissions (view, edit, and review only), shared link expiration dates, password-protected links, and the restricted download option. 
• OneDrive users can enhance the security of shared content by enabling two-factor authentication and setting strong passwords. 
• Virtual data rooms are superior solutions for secure file sharing, offering advanced permission settings, the capability to manage permissions for downloaded files, and specialized permission logs. Organizations can explore the security features of data room solutions to select the platforms that best suit their needs.

FAQ