Microsoft makes privacy changes to Microsoft 365 usage analytics

From now on, it will pseudonymize user-level information by default.

No robot? No problem! Everything is on the cloud

Microsoft has changed the level of detail available in Microsoft 365 usage analytics so that reports are 'pseudonymized' by default when concerning user-level information.

Microsoft 365/Office 365 activity reports include usage data about all of its apps, including the Microsoft Edge browser, Outlook email, Office, Dynamics 365, SharePoint, and Teams. 

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let's look at the top cloud storage options.

Read More

Microsoft says usage analytics from September 1 will pseudonymize user-level information by default to help companies support local privacy laws.

SEE: The best Windows laptops in 2021

The EU's General Data Protection Regulation references pseudonymisation as a security and data protection mechanism, as noted by the ENISA, the EU agency for cybersecurity

The new default affects usage data available to IT teams and administrators in several analytics features, including Microsoft 365 Reports in the Microsoft 365 admin center, Microsoft 365 usage reports in Microsoft Graph, Microsoft Teams analytics and reporting in the Microsoft Teams admin center, and the reportRoot: getSharePointSiteUsageDetail API (1.0 and beta) for SharePoint site detail.

While the default will be to pseudonymize, global administrators have the option to switch back to reports with more personally identifiable information.

"Global administrators can revert this change for their tenant and show identifiable user information if their organization's privacy practices allow," Microsoft notes in a blogpost

Admins can do this by going to the Microsoft 365 admin center at Settings > Org Settings > Services and selecting Reports. Then admins can select "Choose how to show user information", and then select "Show identifiable user information in reports". 

"When user identification is enabled, administrative roles and the report reader role will be able to see identifiable user level information. Global reader and Usage Summary Reports Reader roles will not have access to identifiable user information, regardless of the setting chosen," Microsoft says.  

"These changes to the product will bolster privacy for users while still enabling IT professionals to measure adoption trends, track license allocation and determine license renewal in Microsoft 365."

SEE: Windows 11 FAQ: Here's everything you need to know

Microsoft 365 usage analytics has been a touchy subject for Microsoft after its Productivity Score was criticized by a privacy advocate last year for giving managers the ability to monitor how individual staff members spend their time. 

It provides scores out of 100 for employee communication, meetings, content collaboration, teamwork, mobility, endpoint analytics, network connectivity, and Microsoft 365 App health. 

Microsoft ended up removing end-user names and associated actions so that only aggregate data was shown for communications, meetings, content collaboration, teamwork, and mobility measures in Productivity Score.