In an effort to better protect the privacy of its customers, Microsoft has revealed that it will change how usage analytics data is collected in Microsoft 365 to “pseudonymize user-level information” by default.
Effectively this means that all user-level information in Microsoft 365 Usage Analytics will be anonymous by default.
For those unfamiliar, Microsoft 365 Usage Analytics gives IT admins access to a dashboard that allows them to measure adoption trends of Microsoft products within their organization. They can also use the service to generate custom reports as well as to share insights with business decision makers.
Microsoft’s privacy-focused update to Microsoft 365 Usage Analytics is rolling out now to business customers and according to a blog post from the company, the change will make it easier for organizations to comply with local privacy laws.
Microsoft 365 Usage Analytics
The change to how usage analytics data is collected in Microsoft 365 will impact user level information across Microsoft 365 Reports in the Microsoft 365 admin center, Microsoft 365 usage reports in Microsoft Graph, Microsoft Teams analytics and reporting in the admin center of its video conferencing software and the reportRoot: getSharePointSiteUsageDetail API for SharePoint site detail.
However, global admins will also be able to revert this change by heading to the Microsoft 365 admin center in order to show personally identifiable information (PII) in their respective tenants. To do this, they’ll need to go to Settings > Org Settings > Services and choose the “Reports” option. From there, they can select the “Show identifiable user information in reports” option under the “Choose how to show user information” section.
Once enabled, admins and report readers will be able to see their user’s PII though it won’t be accessible to the Usage Summary Reports Reader as well as Global reader.
While being able to see employee personal information in reports may be useful to IT admins, keeping this information out of Microsoft’s hands will allow organizations to comply with their country’s data protection regulations.