Microsoft Defines New Privacy Controls for Office 365 ProPlus Users
Microsoft announced this week that it will be reorganizing its Office 365 ProPlus privacy controls with an aim toward becoming more "transparent" about the information it collects.
Office 365 ProPlus is the suite of productivity applications (Access, Excel, OneNote, Outlook, PowerPoint, Publisher and Word) that Microsoft offers to organizations as part of certain Office 365 subscriptions. The applications are more frequently updated via Microsoft's streaming "Click-to-Run" technology compared with so-called "perpetual license" Office products.
In addition to getting more frequent updates, the Office 365 ProPlus applications report information back to Microsoft. Such information, which used to be called "telemetry" by Microsoft (until it became a dirty word), is used to keep the service working optimally. Microsoft officials had previously suggested shying away from "telemetry" in favor of using "diagnostic data."
Microsoft's new Office 365 ProPlus transparency efforts may have gotten a push of sorts. Back in November, the Dutch government claimed that Office 365 ProPlus violated the European Union's General Data Protection Regulation (GDPR) rules because of the information it reported to Microsoft. In March, Microsoft indicated it would add privacy controls for Office 365 ProPlus and Windows 10, starting with version 1904.
The coming privacy changes were underscored this week in a Tuesday announcement by Julie Brill, corporate vice president and deputy general counsel at Microsoft, as well as a Wednesday announcement by Brian Albrecht, principal group program manager for Office data and privacy.
In addition, there's a concise guide for IT pros regarding their controls over Office 365 ProPlus data sent back to Microsoft. It can be found in this "Overview of Privacy Controls for Office 365 ProPlus" document.
Version 1904 Kicks Off New Privacy Controls
The document, dated April 29, confirms that Microsoft's new privacy controls will be coming for Office 365 ProPlus subscribers, starting with version 1904, which is expected to reach the "Semi-Annual Channel (Targeted)" release stage in September and the subsequent "Semi-Annual Channel" release stage in January 2020.
Some Project and Visio versions also will get the new privacy changes. Microsoft is planning to extend the changes to Microsoft Teams, Office for Mac and mobile applications, as well, but the timeline wasn't described.
Brill affirmed that the new privacy controls also will be happening at some point for Microsoft's Windows 10, Xbox and Dynamics 365 products.
Diagnostic and Experience Data
Microsoft collects "diagnostic data" and "connected experience" data from Office 365 ProPlus users. IT pros have organizational control over most of these data collection practices, but they typically will have to specify their preferences over Microsoft's default settings. End users can't override the Office 365 ProPlus controls set by IT departments.
Some of the diagnostic data is deemed as being "required" to keep the service working at its best. There's also "optional" data, which Microsoft claims it uses to better address issues, such as the responsiveness of an app. IT pros also can select a "neither" option, which blocks sending diagnostic data to Microsoft, but Microsoft claims that this option will just make solving Office problems more difficult.
The connected experiences data in Office 365 ProPlus refers to information that's used for collaborations of various types. There are two types of connected experiences data. One will analyze the user's content and make suggestions for such things as "design recommendations, editing suggestions, data insights and similar features." The other type is used for downloading online content, such as "templates, images, 3D models, videos and reference materials to enhance your documents." IT departments can turn connected experiences data reporting on or off, and end users can't override their choices.
Microsoft's document also described "optional connected experiences" data that can be controlled by IT pros, but they get managed under a separate Microsoft Services Agreement.
In addition, Microsoft has so-called "required service data" for connected experiences in Office 365 ProPlus. The document didn't describe if IT pros had any control over the sending of this data to Microsoft. Similarly, Office 365 ProPlus has so-called "essential services," such as licensing information, that can't be disabled.
Brill indicated that Microsoft is consolidating its Office 365 ProPlus privacy information in its "privacy.microsoft.com hub, or in our enterprise Trust Center." Microsoft also plans to publish biannual reports on its data collection practices, which will get published in the privacy hub.
Microsoft has a Diagnostic Data Viewer application that shows the raw data that gets sent to Microsoft. There's also a Privacy Dashboard solution, which Brill noted has been used by "over 10 million people" since May 2018.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.