Forum Discussion
Restrict users from saving passwords in One Drive
What is the best approach I can use to restrict users from saving their passwords in OneDrive?
One possible way you can do is if you have enough sample of those data, then you can train identifier through DLP to look for those files. Or, you can try to regex to your heart content but most likely you will also get a lot of false positive.
So all in all, it's a culture issue and should be dealt with by having policy in place, and HR enforcing disciplinary actions.
I was in similar shoe few years ago and pushed password manager - result was no one use it. We sit down with individuals, yes it took a looooong time, and help them move all their password to password manager, then delete the file in front of them. We then, audit their data and see if they hide it somewhere else.
No easy, tech only, solution for a culture issue.
What do you mean exactly? If the users are storing their passwords in some file stored within ODFB, there's not much you can do. Configuring a DLP policy with the "password" SIT can help with potential sharing/external access, but as far as saving the passwords within a file, email or similar, you cannot prevent that.
Thank you for the response. We are working to make users utilize password manager rather than saving passwords with ODFB. We actually had an instance where user account was compromised and the bad actor was easily able to get high privileged credentials saved within users ODFB. I was just wondering if we can restrict or at least generate some alerts in this case.
As I mentioned above, look into DLP policies with the "All credentials" SIT: https://learn.microsoft.com/en-us/purview/sit-defn-all-creds
