16.28 (August ’19) update Provide better transparency as to what telemetry is sent from the client, and controls for changing it Provide a choice over usage of different back-end services that Office connects with to deliver end-user functionality Provide consistency and roaming across desktop and mobile platforms See https://aka.ms/macprivacy for full details
Data - Data to support basic product functionality Connected Experiences In-product features that connect with back-end web services Diagnostic Levels Basic (aka Required) - Keeps Office secure, up-to-date, and performing as expected Full (aka Optional) - Product usage data and enhanced telemetry Zero (aka None) - Don’t send any diagnostic data
Key Type Possible Values com.microsoft.office DiagnosticDataTypePreference string BasicDiagnosticData FullDiagnosticData ZeroDiagnosticData com.microsoft.office SendAllTelemetryEnabled bool TRUE / FALSE com.microsoft.autoupdate2 AcknowledgedDataCollectionPolicy string RequiredDataOnly RequiredAndOptionalData Setting Sends ‘Required’ Diagnostic Data Sends ‘Optional’ Diagnostic Data Sends ‘Required’ Service Data BasicDiagnosticData Yes No Yes FullDiagnosticData Yes Yes Yes ZeroDiagnosticData No No Yes SendAllTelemetryEnabled = FALSE No No No
Experiences Experiences that analyze content Experiences that download content Optional Connected Experiences Preference Domain Key Type Possible Values com.microsoft.offic e ConnectedOfficeExperiencesPreference bool TRUE / FALSE Preference Domain Key Type Possible Values com.microsoft.offic e OfficeExperiencesAnalyzingContentPreference bool TRUE / FALSE Preference Domain Key Type Possible Values com.microsoft.offic e OfficeExperiencesDownloadingContentPreferenc e bool TRUE / FALSE Preference Domain Key Type Possible Values com.microsoft.offic e OptionalConnectedExperiencesPreference bool TRUE / FALSE
Content Experiences Downloading Content Experiences Optional Connected Experiences Alt Text W P W P Authentication W X P OL ON AutoUpdate (MAU) W X P OL ON Cloud Fonts W P OL ON W P OL ON Contact Support W X P OL Data Types X X Designer / Design Ideas P P Document Templates W X P W X P Error Reporting (MERP) W X P OL ON W X P OL ON Flighting (Config Services) W X P OL ON Grammar Suggestions P P P Help W X P OL ON W X P OL ON Ideas X X Insert Icon W X P W X P Insert Online 3D Model W X P W X P W X P Insert Online Picture W X P W X P W X P Insert Online Video W X P W X P W X P Insert Stickers ON ON ON Licensing Service W X P OL ON Mailbox Synchronization OL Map Charts X X X Office Add-ins W X P OL W X P OL OneDrive/OneDrive for Business ON W X P QuickStarter P P P Researcher W W W Resume Assistant W W Save as PDF (conversion service) W W Search Document Templates W X P W X P Send a smile W X P OL ON W X P OL ON Send to OneNote OL OL Smart Lookup W X P OL ON W X P OL ON W X P OL ON Subtitles P P Translator W X P W X P Weather Bar OL OL OL What’s New W X P OL
are sandboxed, regardless of whether you download them from the Mac App Store or Microsoft Content Delivery Network (CDN) Sandboxing restricts the apps from accessing resources outside the app container Notarization All Office apps use the hardened runtime and all download packages are notarized First piece of advice Update your apps monthly to protect against latest threats Example: XL4 Auto_Open protection in 16.31 update
While we have sensible defaults, remember these are only effective in the user space Most attacks exploit multiple vectors Strengthen the default configuration through Config Profiles Use CFPreferences to validate intended implementation python -c "from Foundation import CFPreferencesCopyAppValue; print CFPreferencesCopyAppValue('VisualBasicMacroExecutionState', 'com.microsoft.office')" python -c "from Foundation import CFPreferencesAppValueIsForced; print CFPreferencesAppValueIsForced('VisualBasicMacroExecutionState', 'com.microsoft.office')"
jamf
iamctodd
dougneiner
mclloyd
addyosmani
skipperchong
mongodb
jennybc
nonsquared
gr2m
lauravandoore
eitanlees
tanoku
