This article is more than 1 year old

Microsoft adds new 'Enterprise Products' section to privacy policy

Careful what you tell Azure: Redmond has given itself the right to spam your buddies

Microsoft has updated its privacy policy and, for the first time, added a section devoted to “Enterprise Products.”

The new section is the listed last in Microsoft's privacy policy and covers “those Microsoft products and related offerings that that are offered or designed primarily for use by organizations and developers.”

That includes subscription products like “Office 365, Microsoft Azure, Microsoft Dynamics CRM Online, Microsoft Intune, and Yammer”, which Microsoft classifies as “Online Services”. The policy also covers “Windows Server, SQL Server, Visual Studio, and System Center”, which Redmond calls “On-Prem Products”.

The policy is not the be all and end all of your relationship with Microsoft, as the section is at pains to point out that “some Enterprise Products have their own, separate privacy statements. In the event of a conflict between a Microsoft privacy statement and the terms of any agreement(s) between a customer and Microsoft, the terms of those agreement(s) will control.” The bolding and italics are Microsoft's work. Another thing to watch for: the policy covers end-users and resellers.

So what's in the policy? Redmond says its Online services collect “all text, sound, video, or image files, and software, that are provided to Microsoft by, or on behalf of, you or your end users through use of the Online Service.” But that data “is used only to provide the customer the Online Services including purposes compatible with providing those services.”

“Microsoft will not use Customer Data or derive information from it for any advertising or similar commercial purposes.”

But there are also traps for the unwary, such as admins who “include contact information of your colleagues and friends” when establishing their accounts. If you give up your mates' details, Microsoft will use the data “for the limited purpose of sending them an invitation to use the Online Services”, possibly including “information about you, such as your name and profile photo.”

Microsoft will also use Administrator Data “to contact you to provide information about your account, subscriptions, billing, and updates to the Online Services, including information about new features, security or other technical issues.”

“We may also contact you regarding third-party inquiries we receive regarding use of the Online Services, as described in your agreement. You will not be able to unsubscribe from these non-promotional communications.”

Time for some email filters, perhaps?

On-premises products offer fewer potential pitfalls, as Microsoft says its trawling is “generally limited to usage data”. That means the company may harvest “performance data to learn whether you experience any difficulties” and “device data to learn about your operating environment to improve security features.” And of course you can send crash data to Redmond, if you choose.

The new section is one of many changes to the privacy policy, detailed here.

Among the interesting changes are:

  • Permission for Cortana to access to your browsing history, so that Microsoft can “collect your Microsoft Edge search queries and full browsing history associated with your user ID to personalize your experience.”
  • Clarification of how “Outlook applications can be integrated with multiple accounts from third-party service providers.”
  • Explicit differentiation between Skype and Skype for Business;
  • Detailed explanation of health data harvesting from Microsoft Band;
  • An “updated … discussion of transferring data from the European Economic Area to specify our intent to adopt the forthcoming EU-U.S. Privacy Shield Principles.”

The policy came into effect on Tuesday, August 2. ®

More about


Send us news

Other stories you might like