Most PC users can agree that as Windows progresses, Microsoft forces more integration with its other products and services onto the user. One of the worst culprits for this has to be OneDrive, Microsoft's cloud storage service, which Windows basically tricks people into using on install. While normally just frustrating for consumers, this could become a huge security risk when Microsoft's planned June update goes ahead.
The update, spotted by Techzine, adds a new feature called “Prompt to Add Personal Account to OneDrive Sync,” that asks users to add their personal data to a business account running the device. This will come up as a prompt on any business device that detects a personal account, asking if the user would like to synchronise their files. Ticking yes will automatically add these files to the business OneDrive account, potentially bypassing a bunch of security features.
It also means business files can be copied to the personal account by default. So unless the IT department has specifically put their own safeguards in place for this, data can go back and forth between a user's business and personal account.
This would be fine if the world was full of super savvy tech users, but given this will roll out on work-from-home laptops all over the globe, that's just not going to be the case. A helpful looking message asking users to synchronise accounts isn't going to get a second look from most who'll simply tick "yes". Maybe this is the real reason Microsoft is also laying off 3% of it's workforce.
Then you can combine that with the fact that half the users out there don't even realise they're using OneDrive. I've recently had the pleasure of setting up a very capable Razer Blade 2024 model laptop and it reminded me just how pervasive and sneaky Microsoft can be. Even after declining setting up OneDrive during the initialisation, all my default files and save locations were OneDrive folders. It's really not the easiest thing to get rid of, especially in Windows 11.
And frankly, it's an insidious piece of money grabbing deception. It brought me back to the days of working tech support and finding many customers didn't even realise they were using the service they were supposedly out of memory for. Having confused elderly folks asking why they need to pay for more storage for whatever "this cloud thing is" only to find their laptop drives empty is infuriating.
For anyone really worried, it's probably a good idea to contact your IT department and make sure they're ready for this update. They can use the DisableNewAccountDetection policy, to stop the popup from coming up on computers asking for syncrhonisation or better yet, enable the DisablePersonalSync policy all together.
