SharePoint: OneDrive and SharePoint – Protect PDF with password

🚨 The Signal: SharePoint and OneDrive now allow users to password-protect PDF files directly within the web interface. This enables setting open passwords for access and owner passwords for restricting actions like printing or editing, enhancing document confidentiality.

The Impact

All users are affected by the new ability to password-protect PDFs, introducing a risk of inconsistent application of security controls.

• End-users: Risk of over-reliance on basic password protection for sensitive data.
• Security Teams: Risk of inconsistent data protection practices across the organisation.
• Data Owners: Risk of misconfiguring permissions, leading to unintended data exposure.

The Action

1. Develop and communicate clear guidelines for when and how to use PDF password protection for sensitive documents.
2. Educate users on the limitations of basic PDF password protection versus Microsoft Purview Information Protection (MPIP) sensitivity labels.
3. Review existing data handling policies to incorporate guidance on this new capability.
4. Consider disabling this feature via PowerShell if MPIP is the mandated data protection standard and user-driven password protection creates policy conflicts.

Domain: SharePoint · Impact: medium · Workload: SharePoint