Privacy, even within organizations, has become a major focus area in light of recent laws such as the General Data Protection Regulation (GDPR) in the EU. This is even more important in analytics use-cases where you have to look at dashboards to draw insights, among many other things. In accordance with its commitment to privacy, Microsoft has announced that it is making some changes to Microsoft 365 configurations.
Starting from September 1, 2021 - that is, tomorrow -, usage analytics for Microsoft 365 will be pseudonymized by default. This change impacts user-level information stored and accessed across the following APIs and products:
- Microsoft 365 Reports in the Microsoft 365 admin center
- Microsoft 365 usage reports in Microsoft Graph
- Microsoft Teams analytics and reporting in the Microsoft Teams admin center
- The reportRoot: getSharePointSiteUsageDetail API (1.0 and beta) for SharePoint site detail
It is important to note that while this will be a default configuration from tomorrow, global admins can revert back to showing personally identifiable information (PII) via the Microsoft 365 admin center. Any changes to this configuration will be logged to the Microsoft 365 compliance center for auditing and traceability. Modifications to this configuration will be contingent to the organization's privacy practices.
If identification is allowed, administrative and report reader roles will be allowed to view PII in clear. Meanwhile, Global reader and Usage Summary Reports Reader roles will not be able to see PII in clear regardless of the configuration. Microsoft hopes that this move will help increase privacy while still allowing admins to to measure trends and Microsoft 365 license allocation and renewal within their organization.