/
Securely Sharing Documents Using OneDrive

Securely Sharing Documents Using OneDrive

Jump to Summary

Securely sharing encrypted documents via OneDrive

Purpose: This article outlines the secure process for sharing sensitive files using encrypted archives and OneDrive share links.

Prerequisites

Before you start, ensure you have:

  • 7-Zip installed on your workstation.

  • Access to a OneDrive account for storing and sharing files.

  • A strong password manager or a way to generate and store strong passwords securely.

Step 1: Create an encrypted archive with 7-Zip

Use 7-Zip to create a password-protected archive before uploading anything to OneDrive.

  1. Right-click the file or folder you want to share and open it with 7-Zip’s “Add to archive…” option. On Windows, you may need to click “Show more options” to be able to see the “7-Zip” right click menu.

    image-20260413-215201.png

    and then find 7-Zip as below, hovering it and selecting ‘Add to Archive…'

    image-20260413-215229.png

     

  2. In the Add to Archive dialog, set the archive format:

    • .7z (preferred)

    • .zip only if you must share with tools that do not support .7z, and select AES-256 encryption.

  3. Under the Encryption section, configure:

    • Enter a strong password in the Password fields.

    • Set Encryption method to AES-256.

    • Enable “Encrypt file names” so that file names are not visible without the password.

  4. Select OK to create the encrypted archive, then verify it appears where you expect.

image-20260413-215100.png
How the Add to Archive dialog should look when completed.

Strong password guidance: use a long, unique passphrase (for example, at least 16 characters with a mix of words, numbers, and symbols). Avoid passwords reused from other accounts. Store it in an approved password manager whenever possible.

Step 2: Upload the encrypted archive to OneDrive

Only upload the encrypted archive (for example, .7z or .zip), not the original unencrypted files.

image-20260413-215552.png

  1. Open your OneDrive in a browser or OneDrive client. You can drag and drop into the browser window as shown above.

  2. Upload the encrypted archive file to the appropriate OneDrive folder.

  3. Confirm the upload completes and the file appears in the folder.

Step 3: Create a restricted OneDrive share link

Share the encrypted archive only with specific people and limit what they can do with it.

image-20260413-215843.png

  1. In OneDrive, select the encrypted archive and choose the Share option.

  2. In the sharing settings, you can adjust access options:

    • Set the link to Specific people rather than open or organization-wide links.

    • Grant View-only access wherever possible. (option behind gear icon )

    • If available, enable Block download so recipients can only view, not save a copy. (Note: this may not apply to all file types or tenants.)

    • You may also set an expiration date (option behind gear icon )

  3. Enter the email addresses of the intended recipients and click “Copy Link” or “Send” to send the invitation through OneDrive/Teams.

image-20260413-220024.png

 

Step 4: Share the password via a separate channel

Never send the encrypted-file password in the same message or channel as the OneDrive link.

image-20260413-220311.png

 

  1. Send the OneDrive share link to the recipient using Teams or the built-in OneDrive sharing invitation.

  2. Send the password for the encrypted archive using a different channel, such as:

    • Email (separate from any email that contains the OneDrive link).

    • Phone call or voice message.

    • A separate chat thread that does not include the OneDrive link.

  3. Confirm with the recipient that they can access the OneDrive file and successfully open the archive using the provided password.

Security notes

Do not rely on OneDrive permissions alone for sensitive content. Always encrypt files with a strong password before uploading.

Avoid including sensitive information in file or folder names where possible, even when using encrypted archives with encrypted file names.

Do and Don’t

Item

Guidance

Item

Guidance

Do

Use 7-Zip with AES-256 and encrypted file names for all sensitive files before uploading to OneDrive.

Do

Restrict OneDrive links to specific people and prefer view-only access; use block download where available.

Do not

Send the password in the same message, email, or chat as the OneDrive link.

Do not

Reuse passwords or use simple, guessable passwords for encrypted archives.

Troubleshooting

Common issues and quick checks:

  • Recipient cannot open the archive:

    • Confirm they have 7-Zip (or another tool that supports .7z and AES-256) installed.

    • Verify the password was entered correctly, including capitalization and symbols.

  • Recipient cannot access the OneDrive link:

    • Check that the link is set to Specific people and that the recipient’s email address is correctly added.

    • Update the share settings to resend an invitation if necessary.

  • File opens without asking for a password:

    • Confirm you encrypted the correct file and that the archive shows as encrypted with a password.

    • If needed, recreate the archive with the correct encryption and password settings enabled.

 

TL; DR (Summary)

1) Encrypt: Encrypt and compress the file or folders using 7z AES-256 + encrypt file names.

2) Upload: OneDrive - upload encrypted archive only.

3) Share: Specific people, view-only, expiry if possible.

4) Password: send via separate channel; never with the link.