Office 365 Privacy
Microsoft 365 is a cloud product. CERN contract with Microsoft stiuplates that user data at rest is stored in Switzerland or the EU.
Please note:
- Creation, editing and sharing of MS Office documents is possible directly in CERNBox or in OneDrive. In both cases, the documents are rendered in the browser by Microsoft software running in the Microsoft cloud.
- Microsoft enterpise apps - the MS Office apps installed on ther user's Widnows or Mac computer - collect and send to Microsoft diagnostic data about Office client software running on the user's device.
- In addition, Microsoft enterprise apps provide connected experiences that use cloud-based functionality to provide enhanced Office features. This means that parts of your content - for example the names of the documents that you recently edited - is sent to the Microsoft cloud. In addition, if you choose to use a connected experience that analyzes your content, then this content will be sent to the Microsoft cloud. For example, if you chose to use Translate in Word, the text you typed and selected to translate in the document is also sent to and processed by Microsoft to provide you the connected experience.
For more information on which data is sent from Microsoft 365 Apps for enterprise to Microsoft and what privacy controls you can use in Office 365, check: https://learn.microsoft.com/en-us/deployoffice/privacy/overview-privacy-controls.
On CERN-managed Windows devices, the following privacy settings are set by default.
MS Office privacy settings on CERN-managed devices
| Settings | State | Comment |
|---|---|---|
| Disable Opt-in Wizard on first run | Enabled The Opt-in Wizard does not display the first time users run an Office 2016/O365 application. |
This policy setting controls whether users see the Opt-in Wizard the first time they run a Microsoft Office 2016/O365 application. |
| Enable Customer Experience Improvement Program | Disabled Office 2016/O365 users cannot participate in the Customer Experience Improvement Program. |
This policy setting controls whether users can participate in the Microsoft Office Customer Experience Improvement Program to help improve Microsoft Office. When users choose to participate in the Customer Experience Improvement Program (CEIP), Office 2016/O365 applications automatically send information to Microsoft about how the applications are used. This information is combined with other CEIP data to help Microsoft solve problems and to improve the products and features customers use most often. This feature does not collect users' names, addresses, or any other identifying information except the IP address that is used to send the data. |
| Send Personal Information (*) | Disabled Users cannot send personal information to Microsoft. |
This policy setting controls whether users can send personal information to Office. When users choose to send information Office 2016/0365 applications automatically send information to Microsoft. |
| Online Content Options (*) | Not Configured Office applications use online services and download the latest online content from Office.com when users’ computers are connected to the Internet. Users can change this behavior by deselecting the "Allow Office to connect to the Internet" checkbox in the Privacy Options section of the Trust Center. |
This policy setting controls users' access to the online features of Office 2016 |
| Send Office Feedback | Disabled | This policy setting manages the Office Feedback Tool. The Office Feedback Tool allows users to provide Microsoft feedback regarding their positive and negative experiences when using Office. |
| Automatically receive small updates to improve reliability | Disabled Users will not receive updates from Office Diagnostics. |
This policy setting controls whether Microsoft Office Diagnostics is enabled. Office Diagnostics enables Microsoft to diagnose system problems by periodically downloading a small file to the computer. |
(*) Policies no longer applicable because their functionality is replaced by these 5 new policy settings.
There are new policy settings that will allow us to control settings related to:
- Diagnostic data that is collected and sent to Microsoft about Office client software being used
- Connected experiences that use cloud-based functionality to provide enhanced Office features.
The following 5 policy settings are:
[Diagnostic data]
- Configure the level of client software diagnostic data sent by Office to Microsoft
[Connected experiences]
- Allow the use of connected experiences in Office that analyze content
- Allow the use of connected experiences in Office that download online content
- Allow the use of additional optional connected experiences in Office
- Allow the use of connected experiences in Office
| Settings | State | Comment | Help |
|---|---|---|---|
| Configure the level of client software diagnostic data sent by Office to Microsoft | Enabled Level of diagnostic data : Neither Neither means no diagnostic data about Office client software running on the user's device is sent to Microsoft. |
This policy setting allows you to configure the level of client software diagnostic data that is collected and sent to Microsoft about the Office client software running on the user's device. | - |
| Allow the use of connected experiences in Office that analyze content | Enabled | Experiences that use your Office content to provide you with design recommendations, editing suggestions, data insights, and similar features. For example, PowerPoint Designer or Translator. | More |
| Allow the use of connected experiences in Office that download online content | Enabled | Experiences that allow you to search and download online content including templates, images, 3D models, videos, and reference materials to enhance your documents. For example, Office templates or PowerPoint QuickStarter. | More |
| Allow the use of additional optional connected experiences in Office | Enabled | Other connected experiences available in Office. | More |
| Allow the use of connected experiences in Office | Enabled | To control whether most connected experiences accessible through Microsoft 365 Apps for enterprise are available to your users. If we disable the policy setting, the following types of connected experiences won’t be available to our users: - Experiences that analyze your content - Experiences that download online content - Optional connected experiences |
- |