Office 365 Privacy Settings and Telemetry

Question

I need some help/advice on which telemetry settings to enable/disable in Office365 and registry to maintain a reasonable level of privacy while not breaking functionality. I am not a security/privacy expert but I do know that since Office365 is more cloud based, turning off telemetry settings may reduce functionality and I don't want that. Just basic privacy.

1. Send personal information to Microsoft to make improvements to Office.

In Office 2016, you could disable sending personal information to Microsoft by unchecking the option in File - Options - Trust Center - Trust Center Settings - Privacy Options but is missing in Office 365. What happened to this setting? Should I disable through registry editor or group policy editor?

2. Send Office Feedback (a.k.a. Send a Smile) reagarding positive/negative experiences when using Office along with a desktop screenshot. Any harm in disabling?

3. Customer Experience Improvement Program (CEIP) -- What is it? It seems like it isn't relevant to new versions of Office. If it is, should it be disabled?

4. Office Telemetry Dashboard and Office Telemetry Log -- What is this for? Brief reading suggests they are relevant only for organizations. Are they important for individual users? Are they enabled by default or should be disabled?

5. Is there any need to enable File Obfuscation?

6. Anything else that should be disabled?

Thanks!

Answer 1

A1：

In Office 365, we could go to File > Options > Trust Center > Trust Center Settings > Privacy Options > View Diagnostic Data > Disable View data viewing.

From Microsoft's perspective, it does not want you to disable this function, it needs these diagnostic data to keep Office secure and up-to-date, detect, diagnose and remediate problems, and also make product improvements.

From the user's perspective, you can disable this feature which does not affect your use of Office. If you want to disable it via GPO, please refer to "Use policy settings to manage privacy controls for Microsoft 365 Apps for enterprise". Please note GPO settings are more for organizations, GPO is not apply to all Office versions.

A2：

If you have any suggestions or dissatisfaction with the functions of Office, disabling it will make Microsoft listen less to your voice, but it won't affect your use. As it is a channel provided by Microsoft for users to give feedback on Office.

A3:

The CEIP seems to be a voluntary program. To set the CEPI for Office, please refer to "Customer Experience Improvement Program"

(Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.)

In my opinion, it has the same goal as the diagnostic data mentioned above--- it helps Microsoft improve the features that are used most often and create solutions to common issues.

So, stopping the Customer Experience Improvement Program won't affect your use either.

A4:

As you said, Office Telemetry is more relevant for organizations. It could help IT staff collect the related information which makes Office, some add-ins and etc work better.

It is disabled by default, and I think it not important for individuals.

If you are still worried about it, you can use security software to prevent Office Telemetry Agent which is related to Office Telemetry Agent accessing network. More detailed information, please check out this thread "Remove or Disable Office Telemetry Agent"

A5：

Enabling file obfuscation is to protect the information of files in Office Telemetry Dashboard. But it means nothing when you do not use Office Telemetry Dashboard.

A6:

Maybe you may go to File > Options > Trust Center > Trust Center Settings > Privacy Options > Privacy Settings, uncheck "Enable optional connected experiences". Then some features in Microsoft 365, such as PowerPoint Designer or Editor in Word won't work, and some of your data won't uploaded to Microsoft servers.

Answer 2

Thank you for your reply. A couple of follow-up questions:

Re A1: I am familiar with the Office365 privacy settings to send diagnostic telemetry data and connected experiences and am ok leaving sending this type of data to MS. In older versions of office there was a privacy setting (File - Options - Trust Center - Trust Center Settings - Privacy Options) you could check or uncheck to send personal information (sendcustomerdata regedit key) to MS but is now removed from Office365.

The question here is: Is the "send personal information to MS" checkbox from older Office versions captures in diagnostic telemetry and connected experiences data in Office 365?

Re A3: Is the CEIP valid for modern versions of Office? Cursory search of CEIP on Google gives hits mainly involving Office 2013. It seems like the Diagnostic Telemetry data and connected experiences have superseded CEIP, right? or is CEIP still in use by MS?

Thanks!