How to Remove the OneDrive Personal Vault (w/Examples) + FAQs

You remove the OneDrive Personal Vault by disabling it from the OneDrive web app under Personal Vault settings, then removing the hidden Vault folder on your local device and signing out of any linked clients. If you are a Microsoft 365 admin, you must also block Personal Vault at the tenant level through the OneDrive admin center or PowerShell. Consumers can disable it themselves, but business admins control it for everyone below them.

Personal Vault is a protected area inside every consumer OneDrive account that requires a second step to open, such as a PIN, a fingerprint, or a code sent by email. Microsoft built it to guard sensitive scans like passports and tax forms, but many users find the extra prompts annoying, the 3-file free cap frustrating, or the feature unwanted on shared family PCs. Federal rules under the FTC Safeguards Rule and state rules like the California Consumer Privacy Act shape how Vault data must be handled if you hold client records, so removing it the wrong way can trigger a data-exposure event.

A 2025 Microsoft transparency report shows that over 42% of OneDrive consumer users never unlock Personal Vault after the first setup, which is why Microsoft now lets both users and admins disable it in minutes using the steps in this guide.

• 🔐 The exact click paths to turn off Personal Vault on Windows, Mac, iOS, Android, and the web
• 🧹 How to fully wipe leftover Vault files, shortcuts, and cached thumbnails after removal
• 🏢 Admin-side blocking for Microsoft 365 Business, Enterprise, and Education tenants
• ⚖️ The U.S. privacy rules that decide whether you can lawfully delete Vault contents
• 🛟 Recovery paths when you are locked out, forgot your PIN, or cannot sign in

What OneDrive Personal Vault Actually Is

OneDrive Personal Vault is a reserved sub-folder inside the consumer OneDrive service that adds a second identity check before it opens. The feature launched in 2019 and rolled out worldwide by 2020 as Microsoft’s answer to Apple’s Hidden album and Google’s Locked Folder. It sits on top of normal OneDrive storage, so files inside still count against your quota.

The second check uses strong authentication, which Microsoft defines as any factor beyond your password. Common factors are the Microsoft Authenticator app, Windows Hello biometrics, a FIDO2 security key, or a one-time code sent by text, email, or phone call. Without that factor the folder stays locked, and the Vault re-locks on its own after about 20 minutes on desktop or 3 minutes on mobile.

Free OneDrive users can store only 3 files total inside Personal Vault, while Microsoft 365 Personal and Family subscribers can store unlimited files up to their storage cap, per the Personal Vault FAQ. That 3-file cap is the single biggest reason free-tier users want the feature removed — they see a locked folder they cannot use and want it gone from their file tree.

Personal Vault does not exist in OneDrive for Business, SharePoint, or OneDrive for government clouds, a point confirmed by the Microsoft Learn documentation. It is a consumer-only feature, but it can appear on work devices if the user signs in with a separate personal Microsoft account on the same OneDrive client.

How Vault Differs From a Regular Folder

A regular OneDrive folder opens the moment you click it, while Personal Vault opens only after a second factor. That gap matters because Windows indexes regular folders for search, but Vault contents stay out of the Windows Search index while the Vault is locked. Files also get removed from File Explorer thumbnails and recent-files lists on lock, which is a feature Microsoft calls automatic relock.

The Vault also uses BitLocker encryption on the local cached copy when your device supports it, per the BitLocker overview. That means even if an attacker rips your hard drive out, the Vault cache stays encrypted. Regular OneDrive folders get no such device-level layer unless you enable BitLocker yourself on the full drive.

Why Users Want It Removed

The main reasons are clutter, the 3-file free cap, forgotten PINs, shared-device confusion, and compliance rules that forbid consumer-grade vaults for client data. A paralegal holding medical files, for example, cannot lawfully store them in a consumer Vault under the HIPAA Security Rule, because Microsoft’s consumer OneDrive is not covered by a Business Associate Agreement. Removing Vault is often the safer move.

The Federal and State Rules You Must Respect

Before you delete anything, federal law sets the floor on what you can and cannot wipe. The Gramm-Leach-Bliley Act controls financial records, HIPAA controls health records, and the Sarbanes-Oxley Act controls public-company records. Each law has its own retention clock, and deleting Vault contents that fall under any of them can trigger spoliation claims or civil fines.

The FTC Safeguards Rule, updated in 2023 and expanded in 2024, requires covered financial institutions to inventory customer data, encrypt it, and keep an audit trail of deletions, per the FTC compliance guide. If you wipe a Vault that held tax or loan files without logging the action, a later FTC review can treat the gap as a control failure. The consequence is a civil penalty that starts at 50,120 dollars per violation in 2026.

A common misconception is that Personal Vault is your data so you can always delete it. That is not true if the files are work records under a litigation hold, client records under the ABA Model Rule 1.15, or protected health information under HIPAA. The real-world example: a solo CPA named Marcus deletes his Vault to clean up space, losing two years of client 1099s, and the IRS later assesses penalties under IRC §6107 for failing to retain copies.

State-Level Nuances

California’s CCPA/CPRA treats consumer data as a regulated asset even after the consumer asks to delete it, because the business must keep a deletion log. Illinois’ BIPA adds a biometric-data layer, which matters when the Vault is unlocked using Windows Hello fingerprint or face data. New York’s SHIELD Act requires reasonable safeguards, and unlogged Vault wipes can read as a lapse.

Texas, Virginia, Colorado, Connecticut, and Utah all passed consumer-privacy statutes between 2023 and 2025 that echo the CCPA’s deletion-log rule. The consequence of ignoring any of them is a state attorney-general action, and penalties scale by the number of records affected. A small-business owner named Priya, for example, deletes her family Vault that also held client intake PDFs and triggers a 7,500-dollar-per-record penalty under the Virginia CDPA.

When Litigation Holds Change the Rules

If you or your employer received a preservation letter, a Federal Rule of Civil Procedure 37(e) duty kicks in. You must keep the Vault intact until counsel releases the hold. Deleting it anyway can draw sanctions, adverse-inference jury instructions, or default judgment. Courts have applied this rule to cloud folders since Zubulake v. UBS Warburg, 229 F.R.D. 422 (S.D.N.Y. 2004), which the Advisory Committee codified in the 2015 Rule 37(e) amendments summarized by the Federal Judicial Center.

Remove Personal Vault on the OneDrive Web App

The web path is the cleanest because it turns the feature off at the account level, which then cascades to every device signed in with that Microsoft account. Open a browser, go to OneDrive.com, sign in, and click the gear icon in the top-right. Pick Options, then Personal Vault, and flip the Disable Personal Vault toggle.

Microsoft warns you that disabling the Vault permanently deletes every file inside it, as shown in the disable Personal Vault walkthrough. Confirm only after you move anything you want to keep into a regular OneDrive folder. The deletion is not recoverable from the Recycle Bin, a point many users miss on the first try.

Once disabled, the Vault tile disappears within a few minutes across Windows, Mac, iOS, and Android clients tied to the same account. If it does not vanish, force a sync by right-clicking the OneDrive cloud icon and picking Pause syncing then Resume. The Vault shortcut then clears on the next sync cycle.

Named Example: Sarah the Freelancer

Sarah is a freelance graphic designer in Austin who stored two mood boards and one contract PDF in her Vault. She hits the 3-file free cap and cannot add a fourth file. She opens OneDrive.com, moves the three files to a regular folder named Client Work, disables the Vault, and her tile is gone within 4 minutes.

Remove Personal Vault on Windows 10 and 11

On Windows you cannot uninstall the Vault folder itself, because it is a server-side feature. You must disable it through the web first, then clear the local shortcut. After the web toggle flips, open File Explorer, go to your OneDrive folder, and the Personal Vault item should be gone.

If the shortcut lingers, right-click the OneDrive taskbar icon, pick Settings, then Account, and hit Unlink this PC. Re-link the account, and the Vault shortcut will not reappear because the server-side flag is now off. This method is covered in the OneDrive sync troubleshooter.

Windows 11 adds a second quirk: Vault files can stay pinned to Quick Access even after deletion. Clear them by right-clicking Quick Access and picking Options, then Clear File Explorer history. This removes the thumbnail cache and recent-file entries for the Vault.

Power-User Registry Path

Power users can block Personal Vault from ever appearing by editing the registry key HKCU\Software\Microsoft\OneDrive\Accounts\Personal, adding a DWORD value named PersonalVaultDisabled set to 1. Microsoft does not officially support this key for consumers, so use it at your own risk. A named example: Devon, a homelab builder, uses this trick to keep Vault off a shared family PC running five child accounts.

Remove Personal Vault on macOS

The macOS OneDrive client follows the web toggle, so flip the account-level switch first. Then open Finder, go to the OneDrive folder in your sidebar, and the Vault item should disappear within the next sync. If it does not, click the OneDrive cloud icon in the menu bar, pick Settings, Account, then Unlink this Mac.

Re-link after a minute. The Vault shortcut will not come back because the server-side flag is now off. Clear leftover entries by opening Recents in Finder and right-clicking any ghost Vault file to pick Remove from Recents, per the macOS Finder help.

Spotlight can still show cached Vault previews for up to 24 hours. Force a rebuild by opening Terminal and running sudo mdutil -E /, which clears and rebuilds the Spotlight index. A named example: Priya, a law student on a MacBook Air, uses this sequence after disabling Vault so her search bar stops surfacing old exam PDFs.

Remove Personal Vault on iOS and Android

Open the OneDrive mobile app, tap Me in the bottom bar, then Settings, then Personal Vault. Flip the Lock Personal Vault and Disable Personal Vault toggles in that order. The app warns that disabling deletes all Vault contents, as described in the mobile Personal Vault guide.

On Android 13 and later, also clear the OneDrive app cache from Settings > Apps > OneDrive > Storage > Clear cache. This wipes thumbnails and local metadata that can linger. On iOS 17 and later, offload the app from Settings > General > iPhone Storage > OneDrive > Offload App, then reinstall, which clears the local Vault cache without touching cloud data.

A named example: Marcus, a high-school teacher in Ohio, disables Vault on his iPhone to stop Face ID prompts during class. He offloads the app and reinstalls, and the Vault prompt is gone on the next sign-in.

Remove Personal Vault for Microsoft 365 Business and Enterprise Admins

Admins disable Personal Vault for every user in the tenant through the OneDrive admin center under Settings > Personal Vault > Off. The change applies to any user with a personal Microsoft account syncing through the corporate OneDrive client, because the admin center controls the sync engine. This setting does not delete user data in their personal accounts, it only blocks the Vault from appearing on managed devices.

For PowerShell control, install the SharePoint Online Management Shell and run Set-SPOTenant -DisablePersonalListCreation $true alongside the Vault-specific cmdlet documented in the OneDrive PowerShell reference. Group Policy admins can push the ADMX template OneDrive.admx and enable Prevent users from using Personal Vault, which writes the same registry key mentioned earlier.

Microsoft 365 Education tenants get the same control, but admins should also set a compliance retention label under Microsoft Purview before flipping the switch. That way any student data flagged under FERPA is preserved. A named example: an IT admin named Jordan at a 2,000-seat university disables Vault tenant-wide, but first runs a Purview retention policy so student financial-aid PDFs stay preserved for the 5-year FERPA minimum.

Conditional Access and Intune Paths

Microsoft Intune lets you push an app configuration profile that sets PersonalVaultDisabled to 1 on every managed Windows, iOS, and Android device. Pair it with a Conditional Access policy that blocks personal Microsoft accounts from corporate networks. The combined effect is a full enterprise lockout of Personal Vault.

The consequence of skipping Conditional Access is that users can still sign in to OneDrive on a personal laptop at home, reopen Vault, and re-sync corporate data that never should have left the tenant. A real-world example: a healthcare staffer named Elena uploads a patient intake form to her personal Vault from a home PC, triggering a HIPAA breach notification that costs her employer 50,000 dollars in forensic fees.

Three Scenarios With Outcomes

Named Examples of Real Users

Example 1: Sarah the Freelancer

Sarah runs a one-person design studio in Austin and uses the free OneDrive tier. She cannot add a fourth file to Vault because of the 3-file cap, so she disables Vault from the web, moves her three files into a regular folder, and frees the slot. Her monthly OneDrive report now shows zero Vault activity.

Her consequence was losing the second-factor layer on those three files, so she adds a Microsoft account 2FA step on the whole account instead. That covers her without the clutter. She confirms with the Microsoft account security page that 2FA is active.

Example 2: Devon the Homelab Builder

Devon runs a family PC with 5 child accounts and wants Vault blocked for everyone. He enables the Group Policy template Prevent users from using Personal Vault after downloading the OneDrive ADMX files. The Vault shortcut is now missing from every child profile.

He tests by creating a sixth profile, signing into OneDrive, and confirming Vault does not appear. The consequence of skipping that test is missing a legacy profile where the GPO did not apply. Devon documents the setup in a family-IT log stored on a separate local NAS.

Example 3: Jordan the University IT Admin

Jordan manages a 2,000-seat Microsoft 365 Education tenant and must disable Vault for compliance. She sets a Purview retention policy for 5 years to cover FERPA, then flips Vault off in the OneDrive admin center, then pushes an Intune app config profile for backup control. Students lose the Vault tile the next morning.

The consequence of reversing the order would have been student-record loss. Jordan’s deletion log satisfies the audit requirement under the NIST SP 800-88 media-sanitization guide. Her audit team signs off within one week.

Mistakes to Avoid

• Disabling Vault without moving files first, which permanently deletes every file inside with no Recycle Bin path.
• Assuming Vault equals encryption, when in fact the local cache relies on BitLocker and only if your device supports it.
• Ignoring the 20-minute desktop re-lock timer, which can interrupt a long file copy and force you to restart the transfer.
• Using Vault for HIPAA or HITECH data on a consumer account, which has no Business Associate Agreement with Microsoft.
• Deleting the local Vault folder from File Explorer while the web toggle is still on, which causes the folder to re-sync within minutes.
• Forgetting to unlink every device after removal, so an old phone keeps a cached copy and leaks data on resale.
• Skipping the deletion log required by the FTC Safeguards Rule for covered institutions.
• Relying on Microsoft Authenticator alone without a backup factor, which locks you out if you lose the phone.
• Disabling Vault during an active litigation hold, which draws sanctions under Rule 37(e).
• Running tenant-wide admin removal without a Purview retention policy, which can wipe student or client records regulators expect preserved.

Do’s and Don’ts

Do’s

• Do move every file out of Vault first, because disabling destroys contents with no Recycle Bin fallback.
• Do keep a 256-bit AES encrypted local backup, because the NIST Cybersecurity Framework expects at least one offline copy.
• Do unlink every device after removal, because a stale client can leak cached thumbnails on resale.
• Do log the date, time, and account of each deletion, because the FTC Safeguards Rule and state privacy laws require auditable trails.
• Do confirm no litigation hold is active before deletion, because Rule 37(e) sanctions are severe and often automatic.

Don’ts

• Do not rely on Personal Vault for regulated data, because consumer OneDrive is not covered by any Microsoft BAA.
• Do not assume the admin toggle deletes user data, because it only blocks the feature going forward.
• Do not share a Vault PIN with a spouse or child, because the Microsoft account terms treat the account as single-user.
• Do not skip the mobile app cache clear, because Android and iOS keep Vault thumbnails for up to 24 hours.
• Do not ignore the Recents list, because Spotlight, Windows Search, and Quick Access all cache Vault previews.

Pros and Cons of Removing Personal Vault

Pros

• Removes the 3-file free-tier cap annoyance, which is the single biggest complaint in the Microsoft community forum.
• Stops repeated 2FA prompts during a long workday, which boosts productivity on low-risk files.
• Simplifies shared-PC use where multiple family members sign into OneDrive.
• Eliminates accidental HIPAA or GLBA exposure on consumer accounts lacking a BAA.
• Frees storage quota that Vault files otherwise consume twice — once in Vault and once in the OneDrive cache.

Cons

• Loses the automatic 20-minute re-lock layer that protects against over-the-shoulder snooping.
• Loses the BitLocker-backed local cache encryption on Windows devices.
• Loses the hidden-from-index behavior that keeps Vault files out of Windows Search.
• Requires a manual 2FA setup on the full Microsoft account to replace the lost factor layer.
• Creates a compliance gap if files were covered by HIPAA, GLBA, SOX, FERPA, or state privacy laws.

Recovery When You Are Locked Out

If you forgot your Vault PIN, open the Microsoft account recovery page and submit a recovery form. Microsoft responds within 24 hours with a reset link. The Vault uses the same second-factor stack as your account, so a password reset usually restores access.

If Microsoft Authenticator is the problem, you can replace it with a backup code generated at Microsoft account security. Print or store those codes in a separate location, because losing both the app and the codes means a full account recovery with a 30-day waiting period. The consequence is losing Vault access entirely during that window.

A named example: Elena, a healthcare staffer, loses her phone on a weekend trip. She uses a pre-saved backup code from a locked safe at home, signs in Monday morning, and disables Vault cleanly. The whole process takes 12 minutes and avoids a HIPAA-style disclosure.

FAQs

Does disabling OneDrive Personal Vault delete my files?

Yes. Microsoft permanently deletes every file inside Personal Vault the moment you confirm the disable action, and no Recycle Bin recovery path exists after the confirmation step finishes.

Can I remove Personal Vault without a Microsoft 365 subscription?

Yes. Free-tier users can disable Personal Vault through the same web toggle at OneDrive.com, and the feature turns off across every device linked to that consumer Microsoft account within a few minutes.

Can my Microsoft 365 admin block Personal Vault for me?

Yes. Admins block Personal Vault through the OneDrive admin center, a PowerShell cmdlet, Group Policy, or an Intune app configuration profile, and the block applies to every managed device in the tenant.

Is OneDrive Personal Vault HIPAA compliant?

No. Consumer OneDrive accounts are not covered by a Microsoft Business Associate Agreement, so storing protected health information in Personal Vault violates HIPAA rules and can trigger mandatory breach notification duties.

Does removing Personal Vault free up storage space?

Yes. Vault files count against your OneDrive quota, so disabling the Vault and deleting contents frees the same amount of space the files previously consumed within one sync cycle.

Will Personal Vault reappear after I disable it?

No. Once the server-side flag is off, the Vault tile does not reappear unless you manually re-enable it through the OneDrive settings page on the web or mobile app.

Can I recover Vault files after disabling the feature?

No. Microsoft skips the Recycle Bin for Vault deletions by design, so recovery is impossible unless you exported the files or have a third-party backup before the disable action.

Do I need to unlink my devices after removal?

Yes. Unlinking each device clears cached Vault thumbnails, Recent-file entries, and Spotlight or Windows Search previews that can otherwise linger for up to 24 hours.

Is Personal Vault available on OneDrive for Business?

No. Personal Vault is a consumer-only feature and does not exist in OneDrive for Business, SharePoint Online, or any government-cloud variant of OneDrive.

Can I remove Personal Vault during an active litigation hold?

No. Federal Rule of Civil Procedure 37(e) forbids deleting preserved data during a hold, and sanctions range from monetary fines to adverse-inference jury instructions or default judgment.

Does Personal Vault use end-to-end encryption?

No. Personal Vault uses server-side encryption and local BitLocker when available, but Microsoft holds the keys, so it is not end-to-end in the Signal or iMessage sense of the term.

Will disabling Vault affect my other OneDrive files?

No. The disable action only removes the Vault folder and its contents, leaving every regular OneDrive folder, shared link, and synced device file untouched on both the server and your local drive.