What type of data should not be saved to OneDrive?

[...] Microsoft OneDrive has the following restrictions and limitations on the type of data that should not be saved: Sensitive or confidential information: OneDrive is not intended to store personal or sensitive information like passwords, financial information, or health records. Illegal content: OneDrive is not to be used to store or share copyrighted, obscene, or otherwise illegal material. Large files: Files over 100 GB are not supported. Specific file types: Some file types such as .exe, .msi, and .cmd are blocked for security reasons.

Based on the highlighted above, why does Microsoft OneDrive, just automatically (at times), backup the Desktop, Documents, and Pictures folders without asking the user if they have any such sensitive data in these folders before sync'ing them to OneDrive?

Microsoft is not providing the end-user an opportunity to not allow OneDrive to backup these folders in case the end-user knows such sensitive documents exists within these folders.

I am helping someone that had sensitive information in OneDrive, but they had no idea OneDrive automatically backed up the Desktop, Documents, and Pictures folders at one time. Someone got in to their account with full access to OneDrive and now trying to figure out how to handle the OneDrive usage. Microsoft pushes end-users to use OneDrive, however, provides zero warning about sync'ing such sensitive data to OneDrive.

Microsoft would not even provide any solution or workaround or any type of effort to explain to the end-user about this problem, So I doubt I'd receive an answer here, just comments. Thanks.

100% agree with you. There are any number of types of personal things one might be saving on one's hard drive for privacy (even poetry, ideas for patents, personal e-mails, etc), without realizing that they would be synced to OneDrive without your knowledge or wishes. Then, someone can access OneDrive. This just happened to me. I can see that someone was poking around in files personal to me while I was not online or on any device. They could use this to plagiarize, to steal an identity, to do any number of things. Sensitive data is at risk and neither a hard drive nor the cloud appear to be safe bets.

I did a test with OneDrive in Windows 11 Pro on another computer. After OneDrive blindly and unknowingly backed up the Desktop, Documents, and Pictures to OneDrive, I discovered Microsoft scans and modifies your data files in OneDrive. I had about 2GB of data uploaded to OneDrive. A mixture of documents, excel files, random pics that I saved from Facebook, Google search, and screen shots. Microsoft removed some JPG and PNG files because they could not identify the type of data these files were in OneDrive. The JPG and PNG files removed were just screen shots of Windows 11 program window, including OneDrive, and removed these files. The Excel spreadsheet that contained a list of fake email addresses, usernames, and passwords were also modified. I got notices in OneDrive that these files were modified by "Microsoft OneDrive" which I have never seen before.

After my test with OneDrive (MS 365/1TB OneDrive), I deleted these files. I received Microsoft OneDrive security warnings that deleting a large number of files indicate either virus or malicious attack. Thus Microsoft locked my account for about two days. The files that "I" deleted were restored back or just did not delete. I deleted these files through the OneDrive app and OneDrive.com, both setting off security warnings that prevented me from removing my files (2GB). Eventually I did successfully delete the files from OneDrive.

Along with Microsoft scanning my system a while back about old Microsoft Office installations, which is found in the Event Viewer logs, and then disabled (which they will not admit fault) my Office 2019 Home and Business product key, I have a lot of doubt about Microsoft abusing OneDrive to spy and pry on people's data in OneDrive.

I am keeping my Windows 11 Pro system using a Local Account and trying to prevent any Microsoft Account logins or use on the system. Seems like when a Microsoft Account login get used in Windows 11 that Microsoft wants to dominate the system with the Microsoft Account without your authorization. I had Windows Mail app set up with my Microsoft Account when I do not even use the program/app.

Hello

I am Abdal and I would be glad to help you with your question.

Microsoft OneDrive has the following restrictions and limitations on the type of data that should not be saved:

Sensitive or confidential information: OneDrive is not intended to store personal or sensitive information like passwords, financial information, or health records.

Illegal content: OneDrive is not to be used to store or share copyrighted, obscene, or otherwise illegal material.

Large files: Files over 100 GB are not supported.

Specific file types: Some file types such as .exe, .msi, and .cmd are blocked for security reasons.

You can also refer the below article for more information

https://uwm.edu/itsecurity/onedrive-security-recommendations/

Note: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.

I hope this information helps.

Regards,

Abdal

You need to go to "Manage backup" in the OneDrive settings to turn off the syncing of the Documents folder.

If you want to keep the backup (syncing) ON then you must remove files you don't want to sync from the Documents folder. You can't selectively sync some documents and not others.

It's OK to backup sensitive information as long as you are not doing anything illegal.

I and my other concern end-users use this as a determination on the difference between saving files to the local computer versus cloud drive (in this case OneDrive):

If you have an Excel spreadsheet, for example, with all your saved usernames and passwords, along with other detailed information, it seems safer to keep these sensitive information files on your local computer hard drive. There are pro's and con's to each and that is not in question here. You know that these files are not accessible to anyone else.

Now if these sensitive files as mentioned above are on OneDrive, are they just as safe being on the cloud server?

The disadvantages of not accessing your files when the Internet is down or during an outage, or you cannot remember your password to the Microsoft Account, or the Microsoft Account got locked out for some reason that you cannot access those files, etc., have been experienced among these end-users. These users are used to saving all files locally to the computer, including myself, and see cloud services very faulty. However, Microsoft keeps pushing users to OneDrive where it backs up Desktop, Documents, and Pictures. The normal person unfamiliar with OneDrive will backup these folders because they do not understand what they are doing at that time, and when they try to correct it without fully understand OneDrive, they lose their data.

You can encrypt information using cloud encryption services and apps. Copies of your local data will be made to the cloud so you can encrypt passwords and medical records if that makes you feel more secure.

I am unfamiliar with the encryption service with OneDrive, as I do not use it that often. Although OneDrive is getting more popular in the business world, I may have to acquaint myself with this service.