This week is all about managing privacy controls for Office products. That includes Office on Android devices, Office on iOS devices, Office for Mac devices, Office for the web, and Microsoft 365 apps for enterprise on Windows devices. Most organizations often already have a good look at the required configurations options for the privacy controls on Windows devices. Office for other platforms, however, are often forgotten. Just like Office for the web. Good thing, though, is that there are nowadays multiple privacy controls available that can be configured for Office on all platforms. For some platforms there are even multiple configurations options. Best part of those configuration options is that there is also an option to configure the privacy controls cross platforms. This post will provide a brief overview of the available privacy controls, followed with the steps to configure those controls with that single configuration option that can be used cross all applicable platforms. This post will end with the user experience and where the settings can be found.
Note: This post will rely on the Cloud Policy service for Microsoft 365 integration with Microsoft Intune. That services provides the ability to configure the available settings cross all applicable platforms.
Available privacy controls for Office products
When looking at configuring privacy controls for Office products, it’s important to be familiar with the available controls. For all the different platforms. For Windows devices there were already many configuration options available and for all other devices there are more and more options coming. There are at least enough configuration options to address the most important findings in the Data Privacy Impact Assessment (DPIA) conducted by the Dutch Government that advises to set the telemetry to the lowest level (see paragraph 3.1.3) and to disable the additional connected experiences (see paragraph 3.1.4). For the different platforms, the following table below provides an overview of the settings that are available to manage the privacy controls for the Office products. Including the advised values in the earlier mentioned DPIA (in bold).
|Configure the level of client software diagnostic data sent by Office to Microsoft||Neither*||Windows, MacOS, iOS, Android||This policy setting enables organizations to configure the level of diagnostic data that is collected and sent to Microsoft about the Office client software running on the user’s device. That information is used to keep Office secure and up-to-date, detect, diagnose and remediate problems, and make product improvements.|
|Allow the use of connected experiences in Office that analyze content||Enabled or Disabled||Windows, MacOS, iOS, Android||This policy setting enables organizations to configure whether connected experiences that analyse content are available to users when they’re using Office. That information is used to provide users with design recommendations, editing suggestions, data insights, and similar features.|
|Allow the use of connected experiences in Office that download online content||Enabled or Disabled||Windows, MacOS, iOS, Android||This policy setting enables organizations to configure whether connected experiences that download online content are available to users when they’re using Office. That information is used to provide users with online content including templates, images, 3D models, videos, and reference materials to enhance documents.|
|Allow the use of additional optional connected experiences in Office||Disabled||Windows, MacOS, iOS, Android, Web||This policy setting enables organizations to control whether additional optional connected experiences are available to users when they’re using Office. That enables users to access connected experiences (like the LinkedIn features) with their organization account. These connected experiences are not covered by the commercial agreement with Microsoft and are offered directly to users.|
|Allow the use of connected experiences in Office||Enabled or disabled||Windows, MacOS||This policy setting enables organizations to control whether connected experiences are available to users when they’re using Office. That controls the experiences that analyze content, experiences that download online content, and optional connected experiences. With disabling this policy setting, most other connected experiences are also turned off, such as co-authoring and online file storage.|
Important: Keep in mind that using Neither, as the level of diagnostic data, will make sure that no diagnostic data about the Office product is sent to Microsoft. This option, however, limits Microsoft’s ability to detect, diagnose, and remediate problems that users may encounter when using the Office product.
Note: These privacy controls are available for Excel, Lens, Office app, OneDrive, OneNote, Outlook, Planner, PowerPoint, Skype for Business, Teams, Visio Viewer (iOS only), and Word on mobile devices, version 16.28 or later of Office for Mac, and version 1908 or later of Microsoft 365 Apps for enterprise.
Configuring privacy controls for Office products
After getting familiar with the available privacy controls for the different Office products, it’s important to be familiar with the configuration options. And the actual steps to create the required configuration. Depending on the platform, there are different options for configuring the different privacy controls. That includes custom device configuration profiles, administrative templates, settings catalog and the option to use the Cloud Policy service for Microsoft 365. The latter option is the only configuration option that’s available cross all platforms. That makes the Cloud Policy the best option to use, as it contains the settings that are applicable to all the different platforms. The great thing about the Cloud Policy is that the available settings are applied cross platform, when applicable, based on the signed in user. Even for Office on the web. The following 6 steps walk through the creation of a policy for Office apps in Microsoft Intune (which is using the Cloud Policy service) to configure the required settings for the different privacy controls for the Office products.
- Open the Microsoft Endpoint Manager admin center portal navigate to Apps > Policies for Office apps
- On the Apps | Policies for Office apps blade, click Create to create a new policy configuration
- On the Basics page, provide a valid name for the policy configuration and click Next
- On the Scope page, provide the following information and click Next
- Select the scope: Select This policy configuration applies to users in the specified group to apply the policy configurations to a user group
- Select the group: Select the user group that contains the users that should be targeted with the policy configurations
- On the Policies page, search for the described privacy controls and configure them with the required values
- On the Review and publish page, review the configuration and click Create to create the policy configuration
Note: The Cloud Policy service for Microsoft 365 is the configuration option that is applied to all applicable platforms.
Experiencing privacy controls for Office products
When looking at experiencing the configuration of the different privacy controls, the platform doesn’t really matter. The result will be similar. The only difference cross all platforms is that only for Windows and Mac devices there is a configuration option that enables organizations to prevent the use of all connected experiences with a single setting (Allow the use of connected experiences in Office). The most important settings are related to the level of diagnostic data (Configure the level of client software diagnostic data sent by Office to Microsoft) and the additional connected experiences (Allow the use of additional optional connected experiences in Office). Let’s have a quick look at the effect of the latter setting on a couple of platforms. On the right in Figure 2 is the configuration effect on an iOS device, and on the right in Figure 3 is the configuration effect on an Android device. Below on in Figure 4 is an overview of the effect on a Windows device. That includes an overview of the effect on Office on the web.
For more information about managing privacy controls for Office apps, refer to the following docs.
- Privacy controls available for Office products – Deploy Office | Microsoft Learn
- Use policy settings to manage privacy controls for Microsoft 365 Apps for enterprise – Deploy Office | Microsoft Learn
- Use preferences to manage privacy controls for Office for Mac – Deploy Office | Microsoft Learn
- Use preferences to manage privacy controls for Office on iOS devices – Deploy Office | Microsoft Learn
- Use policy settings to manage privacy controls for Office on Android devices – Deploy Office | Microsoft Learn