I recently conducted a poll on LinkedIn asking people “Who can see my files on OneDrive”. Forty-eight percent people thought that only they can see the files on OneDrive. By default, yes. Read on to find the complete perspective – from the point of view of bosses, users, and IT. Reading time 7 min.
By default, only YOU can see OneDrive files
That is correct. The default setting is – only YOU. It is like your local drive, my documents or desktop. So, nothing to worry about confidentiality and security.
If you share a OneDrive file with someone, then obviously those people have access. You can always remove the rights at any point of time by going to OneDrive – select file – Sharing.
Who else can see my OneDrive files
Anyone with the required permissions can see your OneDrive files
In a typical Office 365 (Microsoft 365) corporate setup, that means the Global Administrator (who is an IT person). In addition, some other administrator roles like SharePoint administrator can see your files, if they want to.
How can others see my OneDrive files? Not fair!
Wrong. These are NOT your files. You created them. Yes. But these are not your personal files. This is OneDrive for Business. These files were created for the organization. They do not belong to you. And any organization has every right to see what its employees are doing.
If this was OneDrive personal, then you are right. Those are your personal files and there is no IT team or administrator. So, only you can see them.
I am an IT Global Administrator. How do I see other’s files?
Good question. Go to Office 365 Administration page – Users – Click on a user – Click on OneDrive and choose Create a Link. That’s it.
There is an audit trail created for future reference and to prevent misuse.
Did I just reveal some big secret? NO.
Not at all. This is well known fact. Forget OneDrive, any administrator has full rights on everything they administer. Period. That is how any IT system works – Windows, Linux, cloud – everything!
Storing files on desktops is better? NO.
Absolutely not. The IT administrator (or people with similar privileges) can also see files on your desktop as easily as they can see your OneDrive files. Don’t even think of storing files on local desktop thinking that they are safer! OneDrive for Business is designed for confidentiality and safety of data. In addition, OneDrive files give you so many benefits…
What happens if your laptop is stolen?
Files stored in the OneDrive for Business are always kept in encrypted form. Unfortunately, files you store locally as well as the locally synchronized copies of your OneDrive files are NOT encrypted by default. Assuming you are using Windows on the desktop, you need to enable BitLocker – which is built-in and free. If you have not done so, and someone steals your laptop, they can just remove the hard disk, put it in another PC and see your files. They don’t even need your username or password!
Check with your IT team if it is enabled for your laptops.
I am the boss. What should I do?
I am sure you already do this. But just for the sake of completeness, you should do the following. This list is only in the context of topics discussed in this article. The real list is much more complex and beyond the scope of this article and my area of expertise!
- Find out who is the global administrator for your company’s Office 365. While you are at it, might as well have a list of all administrators for all types of critical IT systems. If you are the CIO, you will already have it. If you are not the IT head, just talk to your IT head. S(he) will help you.
- Find out the governance and audit requirements in your country and industry and check with your compliance officer about the status and completeness of actions being taken.
- Make sure there is an audit of sensitive actions performed by all key persons – not just IT.
- Especially for small businesses, if you are the top boss / owner, make sure you are also the global admin and learn at least few important tasks from your IT person. Managing IT is a complex and full-time job best left to specialists. DO NOT do IT person’s job yourself.
- Trust and freedom coupled with unobtrusive, yet comprehensive governance is the best approach.
Who should be the Global Administrator?
The generic recommendation is – two to three responsible and trusted persons should be Global Admins. I will go one step further and say that CIO and CEO (or some other CXO) should have the Global Admin rights – to balance the responsibility and accountability. This is something your organizational governance policies should decide.
As a business leader, you may not understand the technical aspects of all this. But trust me, it is in your interest to understand the crux of the privilege you get as a technical administrator because you have the vicarious responsibility for the entire organization on your shoulders.
Small business owners want to see employees OneDrive files
In my experience, owners, founders, CEOs, or proprietors of a growing business, which is still small, are worried about what their employees are doing. They come from traditional on-premises, closed-network kind of environments where there is strict control over what staff can do. They most certainly want to see their staffs OneDrive files.
For such scenarios, the IT professionals handling the cloud migration should proactively offer the CEOs access to their staff OneDrives. This will help them have peace of mind and sense of control and will help the IT team move to cloud without resistance.
As the company grows, it is increasingly difficult for anyone (IT or non-IT) to strictly monitor what each employee is doing. That is the time you need to stop wasting time micro-managing things and utilize automated systems which will find patterns of misuse.
How to find and prevent leakage of data automatically?
This is a broad and complex topic. But for this discussion, the concept is called Data Loss Protection. Without any manual intervention, you define what the sensitive data looks like and create rules to block that from leaking outside the organization. It could be credit card numbers, employee salaries, customer ids and so on. For details of how to do this on Microsoft 365 platform, read this.
Why does IT need to see other employees OneDrive files?
Here are some common scenarios:
When someone leaves the company…
A routine scenario. New person is going to join. IT can then reassign the old files to the new staff and maintain business continuity.
Manager must have access to files of their team…
This can be a legal or business need in many cases. In many cases, this can mean that files are like a shared drive rather than personal storage. Consider creating a Team for these use cases. Managing a Team based storage is much simpler than managing multiple OneDrive accounts with complicated sharing.
Investigation into some incident
Complaints against a specific employee, legal investigation, compliance breach, data leakage, etc. – there can be many situations where the behavior of one or more staff members is being investigated. Obviously, IT (and the investigation team) needs access to all the data – not just OneDrive files.
Archival, Retention and Compliance
Depending upon the country and industry you are in, there will always be regulatory and compliance related rules you have to follow for managing archival of mails, chats and files. OneDrive is no exception. The archival system is built-in to Microsoft 365 and you can customize it as per local regulations. Here are more details about OneDrive governance. Therefore, the need to see other persons OneDrive files is often statutory.
Learn more about OneDrive
Here is my Online Book for OneDrive. This is a list of all articles I have written and will write about OneDrive.
You can also watch my 15 min webinar on OneDrive Efficiency