Who can see my OneDrive files

I recently conducted a poll on LinkedIn asking people “Who can see my files on OneDrive”. Forty-eight percent people thought that only they can see the files on OneDrive. By default, yes. Read on to find the complete perspective – from the point of view of bosses, users, and IT. Reading time 7 min.

OneDrive who can see - showing OneDrive logo and two eyes peering from clouds

By default, only YOU can see OneDrive files

That is correct. The default setting is – only YOU. It is like your local drive, my documents or desktop. So, nothing to worry about confidentiality and security.

If you share a OneDrive file with someone, then obviously those people have access. You can always remove the rights at any point of time by going to OneDrive – select file – Sharing.

Who else can see my OneDrive files

Anyone with the required permissions can see your OneDrive files

In a typical Office 365 (Microsoft 365) corporate setup, that means the Global Administrator (who is an IT person). In addition, some other administrator roles like SharePoint administrator can see your files, if they want to.

How can others see my OneDrive files? Not fair!

Wrong. These are NOT your files. You created them. Yes. But these are not your personal files. This is OneDrive for Business. These files were created for the organization. They do not belong to you. And any organization has every right to see what its employees are doing.

If this was OneDrive personal, then you are right. Those are your personal files and there is no IT team or administrator. So, only you can see them.

I am an IT Global Administrator. How do I see other’s files?

Good question. Go to Office 365 Administration page – Users – Click on a user – Click on OneDrive and choose Create a Link. That’s it.

Who can see my onedrive files - How admin can create a link using Office 365 admin settings for users.

There is an audit trail created for future reference and to prevent misuse.

Did I just reveal some big secret? NO.

Not at all. This is well known fact. Forget OneDrive, any administrator has full rights on everything they administer. Period. That is how any IT system works – Windows, Linux, cloud – everything!

Here are some articles which explain the OneDrive context…
How to access someone else’s OneDrive account …
How do I see what is in my employees OneDrive
Search Results

Storing files on desktops is better? NO.

Absolutely not. The IT administrator (or people with similar privileges) can also see files on your desktop as easily as they can see your OneDrive files. Don’t even think of storing files on local desktop thinking that they are safer! OneDrive for Business is designed for confidentiality and safety of data. In addition, OneDrive files give you so many benefits…

What happens if your laptop is stolen?

Files stored in the OneDrive for Business are always kept in encrypted form. Unfortunately, files you store locally as well as the locally synchronized copies of your OneDrive files are NOT encrypted by default. Assuming you are using Windows on the desktop, you need to enable BitLocker – which is built-in and free. If you have not done so, and someone steals your laptop, they can just remove the hard disk, put it in another PC and see your files. They don’t even need your username or password!

Check with your IT team if it is enabled for your laptops.

I am the boss. What should I do?

I am sure you already do this. But just for the sake of completeness, you should do the following. This list is only in the context of topics discussed in this article. The real list is much more complex and beyond the scope of this article and my area of expertise!

  1. Find out who is the global administrator for your company’s Office 365. While you are at it, might as well have a list of all administrators for all types of critical IT systems. If you are the CIO, you will already have it. If you are not the IT head, just talk to your IT head. S(he) will help you.
  2. Find out the governance and audit requirements in your country and industry and check with your compliance officer about the status and completeness of actions being taken.
  3. Make sure there is an audit of sensitive actions performed by all key persons – not just IT.
  4. Especially for small businesses, if you are the top boss / owner, make sure you are also the global admin and learn at least few important tasks from your IT person. Managing IT is a complex and full-time job best left to specialists. DO NOT do IT person’s job yourself.
  5. Trust and freedom coupled with unobtrusive, yet comprehensive governance is the best approach.

Who should be the Global Administrator?

The generic recommendation is – two to three responsible and trusted persons should be Global Admins. I will go one step further and say that CIO and CEO (or some other CXO) should have the Global Admin rights – to balance the responsibility and accountability. This is something your organizational governance policies should decide.

As a business leader, you may not understand the technical aspects of all this. But trust me, it is in your interest to understand the crux of the privilege you get as a technical administrator because you have the vicarious responsibility for the entire organization on your shoulders.

Small business owners want to see employees OneDrive files

In my experience, owners, founders, CEOs, or proprietors of a growing business, which is still small, are worried about what their employees are doing. They come from traditional on-premises, closed-network kind of environments where there is strict control over what staff can do. They most certainly want to see their staffs OneDrive files.

For such scenarios, the IT professionals handling the cloud migration should proactively offer the CEOs access to their staff OneDrives. This will help them have peace of mind and sense of control and will help the IT team move to cloud without resistance.

As the company grows, it is increasingly difficult for anyone (IT or non-IT) to strictly monitor what each employee is doing. That is the time you need to stop wasting time micro-managing things and utilize automated systems which will find patterns of misuse.

How to find and prevent leakage of data automatically?

This is a broad and complex topic. But for this discussion, the concept is called Data Loss Protection. Without any manual intervention, you define what the sensitive data looks like and create rules to block that from leaking outside the organization. It could be credit card numbers, employee salaries, customer ids and so on. For details of how to do this on Microsoft 365 platform, read this.

Why does IT need to see other employees OneDrive files?

Here are some common scenarios:

When someone leaves the company…

A routine scenario. New person is going to join. IT can then reassign the old files to the new staff and maintain business continuity.

Manager must have access to files of their team…

This can be a legal or business need in many cases. In many cases, this can mean that files are like a shared drive rather than personal storage. Consider creating a Team for these use cases. Managing a Team based storage is much simpler than managing multiple OneDrive accounts with complicated sharing.

Investigation into some incident

Complaints against a specific employee, legal investigation, compliance breach, data leakage, etc. – there can be many situations where the behavior of one or more staff members is being investigated. Obviously, IT (and the investigation team) needs access to all the data – not just OneDrive files.

Archival, Retention and Compliance

Depending upon the country and industry you are in, there will always be regulatory and compliance related rules you have to follow for managing archival of mails, chats and files. OneDrive is no exception. The archival system is built-in to Microsoft 365 and you can customize it as per local regulations. Here are more details about OneDrive governance. Therefore, the need to see other persons OneDrive files is often statutory.

Learn more about OneDrive

Here is my Online Book for OneDrive. This is a list of all articles I have written and will write about OneDrive.

You can also watch my 15 min webinar on OneDrive Efficiency


Share on linkedin
Share on facebook
Share on twitter

19 Responses

  1. Pretty interesting read, we actually experienced an issue at our work where a former employee somehow deleted a pretty impressive amount of data from our OneDrive. We now backup our data in AvePoint’s solution which can recover deleted OneDrive files.

    1. Backup solutions will add to the cost.
      Deleted files are available for 93 days. During this time, if there was an abnormal volume of deletion, IT should have received an automatic alert from Office 365 security alert system. Check with IT if such an alert was generated. If not, create relevant policies in CASB for alerting IT team of abnormal file copying / deletion.

  2. How can I quickly tell if I have “OneDrive for Business” or “OneDrive Personal”?
    (Why does the article mention so many topics… and then never explain how you can even check what you have???)

  3. Nice article. Do you know if Global Administrators can also read password protected OneNote sections? I tried googling for answer but couldn’t find anything relevant.

    1. Admin cannot read any password protected stuff.. For that matter.. Nobody else can. But there are many password breakers available freely.
      If you want confidential stuff in onedrive, why not use personal version?

  4. How do CEOs and CFOs keep their confidential data? It will be dangerous if admin can access that.

    1. Good question. They don’t understand the risks fully. Large companies have done kind of role based access control with a approval process. They also have insider risk management systems. But otherwise it is a dismal state. I am not saying at IT Admins are misusing the system. But they know that they can. Secondly, all hackers eventually want to break in as admin…

  5. As a business owner and because of the current set up we have right, it is important to check to our employees doing while away on the office desk and working on their comfort OneDrive can allow us to check or share all of the business files their been working on.

    1. Yes. This is more of a governance issue rather than storage location issue.
      The same need exists even when people were working from physical offices using internal networks and local drives.

    1. Not just with Onedrive, but in general in IT, the admin is capable of almost any activity that a user can do. It is not as scary as it sounds. Most organizations have checks and balances in place to prevent misuse and establish accountability.

  6. Great article. A quick question in case you know the answer: if I use Outlook on my pc with my business account of office 365 and I put other email addresses on it (personal ones) will the company be able to see my personal emails? It is useful to have all the email addresses in the same program but the license is from the business’ email. Thank you

  7. we’d love to use it in our family, but there are some concerns whether if I share a Family Subscription (up to six included, I think), then the parent will be able to see everyone’s files.

    I have not yet seen a clear statement that this is NOT the case. Does that exist anywhere?

Queries | Comments | Suggestions | Wish list

%d bloggers like this: