Office privacy controls

Posted by

Last year the Dutch government asked for a Data Privacy Impact Analysis (or DPIA) on Office 365, Office Pro Plus, Office Online, Office mobile apps and Windows 10.

The DPIA addresses several privacy issues, some related to the so-called telemetric data being used by Microsoft. At this moment Microsoft has addressed some (or all) of these items. And for this short blog I want to focus on one in particular – privacy controls.

I won’t go into detail on all the information on privacy controls. Microsoft has extensive documentation on this. But I do want to emphasise the Office privacy controls. First, because of the DPIA, but (second) because I want to make sure you get to know these controls.

Telemetry, diagnostics and connected experiences

The DPIA mentioned above addressed several issues. Some of these were related to the sending of information to Microsoft. Three types of which are telemetry, diagnostics and connected experiences. As an admin you can disable these connections if needed, and I’ll explain how.

In order to use the options below, there are some requirements:

  • At least Version 1808 of Office 365 ProPlus.
  • User accounts created in or synchronized to Azure Active Directory (AAD). The user must be signed into Office 365 ProPlus with an AAD-based account.
  • Security groups created in or synchronized to Azure Active Directory (AAD), with the appropriate users added to those groups.
  • To create a policy configuration, you must be assigned one of the following roles in Azure Active Directory (AAD): Global Administrator, Security Administrator, or Office Apps Admin.

Getting there

The Office Settings portal is the central location for creating Office ProPlus configurations, downloading standard configurations and creating policies. The Office ProPlus configuration part allows you to create and download specific XML’s for your Office Pro Plus deployment. It’s not limited to Office Pro Plus by the way. It also includes several other Office versions, Visio, Project and language packs.


The configuration detail is enormous. You can set what should be done with existing deployments for example – remove SharePoint Designer….. But it also includes specific Application preferences. And here we find one very interesting one.

Office telemetry agent


This setting controls if telemetry information is send in clear text of in obfuscated form. But this is related to the Office (Pro Plus) installation. You can also set a policy to control more than this.

Policy configuration

Let take a look at the creation of a policy. You go to policy management and select the Create option. A name is mandatory and then you need to determine the scope of the policy -to whom does it apply – users or anonymous users? If you select the later, then there’s only three items to choose from in the policy. For example: allow co-authoring.


Next: which users does the policy apply? This is a security group.


And then it’s time to select the properties of the policy. There’s a lot in here! Take special notice of the recommendations (and security baseline) properties.


In my case I select the three properties directly related to the DPIA. See below.

This slideshow requires JavaScript.

And that’s it. I now have a policy which controls my Office Pro Plus and Office Online experience. If you want to know more about this feature, check out this page:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s