Share via


Plan privacy options for Office 2013

 

Applies to: Office 2013, Office 365 ProPlus

Summary: Explains how Office 2013 privacy settings let you control the disclosure of private information.

The Welcome to Office experience lets users enable or disable several Internet-based services that help protect and improve Office 2013 applications. For more information about the Welcome to Office experience, see the Privacy Statement for Microsoft Office 2013 Office.com article.

Roadmap arrow for guide to Office security.

This article is part of the Guide to Office 2013 security. Use the roadmap as a starting point for articles, downloads, posters, and videos that help you assess Office 2013 security.

Are you looking for security information about individual Office 2013 applications? You can find this information by searching for “2013 security” on Office.com.

In this article:

  • About planning privacy options

  • Suppress the Welcome to Office experience

  • Configure privacy options

  • Related privacy options

About planning privacy options for Office 2013

The first time that users start Office 2013, they go through the Welcome to Office first run experience.

If users choose to Install important and recommended updates for Office and other products:

  • Recommended and important updates are automatically installed for the Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 and Windows Server 2008 R2 operating systems and Office 2013 applications. Users are notified about new optional software.

  • Applications can connect to Office.com for updated Help content and can receive targeted Help content for the Office 2013 applications that are installed.

  • Applications can periodically download small files that help determine system problems and prompt users to send error reports to Microsoft.

  • Users can sign up for the Customer Experience Improvement Program or the Office Personalized Experience Program (OPEP), depending on the SKU they have installed. For more information about OPEP, see the Microsoft Office Personalized Experience Program Office.com article. For more information about CEIP, see Microsoft Customer Experience Improvement Program.

If users choose Install Updates Only, recommended and important updates are automatically installed for the Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008, and Windows Server 2008 R2 operating systems and Office 2013 applications. Users are notified about new optional software. But, privacy options aren’t changed in Office 2013 applications, which means that the default privacy options take effect. If users choose Don’t Make Changes, automatic updating isn’t changed in the Windows Security Center and privacy options aren’t changed in Office 2013. The default privacy options take effect.

The default privacy options for Office 2013 applications are as follows:

  • Office 2013 applications don’t connect to Office.com for updated Help content and Office applications aren’t detected on users' computers. Users won't experience optimal results when they search for Help.

  • Office 2013 applications don’t download small programs that help diagnose problems and error message information isn’t sent to Microsoft.

  • Users aren’t enrolled in the Customer Experience Improvement Program.

Because the Welcome to Office experience lets users enable or disable several Internet-based services, you might want to prevent the dialog box from appearing and, instead, configure these services individually. If you suppress the dialog box, we recommend that you enable all Internet-based services, which you can do by configuring privacy options.

Note

For information about how to configure security settings in the Office Customization Tool (OCT) and the Office 2013 Administrative Templates, see Configure security by using OCT or Group Policy for Office 2013.

Suppress the Welcome to Office experience

You can suppress the Welcome to Office experience by enabling the Suppress recommended settings dialog setting. This Group Policy setting is located in the Group Policy Object Editor under User Configuration\Administrative Templates\(ADM\ADMX)\Microsoft Office 2013\Miscellaneous. This setting prevents the Welcome to Office experience from appearing the first time that a user starts Office 2013. If you enable this setting, the automatic updating feature remains unchanged and the privacy options that control Internet-based services aren’t enabled.

If you suppress the Welcome to Office experience without enabling certain privacy options, you disable several features that improve Office 2013 applications and you could expose a computer to security threats. Therefore, if you enable this setting we recommend that you also enable all the privacy options that are discussed in Configure privacy options in Office 2013.

Most organizations enable this setting, including organizations that have a highly restrictive security environment or a security environment that restricts Internet access.

Configure privacy options in Office 2013

Office 2013 provides several settings that let you control the disclosure of private information. These settings are often known as privacy options. You can enable or disable each of these settings to suit your organization’s security requirements. But, if you suppress the Welcome to Office experience, we recommend that you also enable all the following settings:

Group Policy setting name: Online content options. This Group Policy setting is located in the Group Policy Object Editor under User Configuration\Administrative Templates\(ADM\ADMX)\Microsoft Office 2013\ Tools | Options | General | Service Options… \ Online Content.

  • Description: This setting controls whether the Office 2013 Help system can download Help content from Office.com. You can choose one of three options for this setting:

    •   **Never show online content or entry points**. The Help system doesn’t connect to Office.com to download content. This is the default setting if you suppress the **Welcome to Office** experience or if users select **Don’t make changes** or **Install Updates Only**.
      
    •   **Search only offline content whenever available**. The Help system doesn’t connect to Office.com to download content.
      
    •   **Search online content whenever available**. The Help system connects to Office.com for content when the computer is connected to the Internet.
      
  • Impact: If you enable this setting and select Never show online content or entry points or Search only offline content whenever available, users can’t access updated Help topics through the Help system and you can’t get templates from Office.com.

  • Guidelines: Most organizations enable this setting and select Search online content when available. This is the recommended configuration for this setting. But, organizations that have a highly restrictive security environment, or a security environment that restricts Internet access, typically enable this setting and select Never show online content or entry points.

Group Policy setting name: Automatically receive small updates to improve reliability. This Group Policy setting is located in the Group Policy Object Editor under User Configuration\Administrative Templates\(ADM\ADMX)\Microsoft Office 2013\ Privacy\Trust Center.

  • Description: This setting controls whether client computers periodically download small files that enable Microsoft to diagnose system problems.

  • Impact: If you enable this setting, Microsoft collects information about specific errors and the IP address of the computer. No personally identifiable information is transmitted to Microsoft other than the IP address of the computer requesting the update.

  • Guidelines: Most organizations enable this setting, which is the recommended configuration. Organizations that have a highly restrictive security environment, or a security environment that restricts Internet access, typically disable this setting.

Group Policy setting name: Enable Customer Experience Improvement Program (CEIP). This Group Policy setting is located in the Group Policy Object Editor under User Configuration\Administrative Templates\(ADM\ADMX)\Microsoft Office 2013\Privacy\Trust Center.

  • Description: This setting controls whether users participate in the CEIP to help improve Office 2013. When users participate in the CEIP, Office 2013 applications automatically send information to Microsoft about how the applications are used. This information is combined with other CEIP data to help Microsoft solve problems and improve the products and features customers use most often. CEIP doesn’t collect users’ names, addresses, or any other identifying information except the IP address of the computer that is used to send the data.

  • Impact: If you enable this setting, users participate in the CEIP.

  • Guidelines: Most organizations enable this setting, which is the recommended configuration. Organizations that have a highly restrictive security environment, or a security environment that restricts Internet access, typically don’t enable this setting.

Group Policy setting name: Improve Proofing Tools. This Group Policy setting is located in the Group Policy Object Editor under User Configuration\Administrative Templates\(ADM\ADMX)\Microsoft Office 2013\Tools\Options\Spelling.

  • Description: This setting controls whether the Help Improve Proofing Tools feature sends usage data to Microsoft. The Help Improve Proofing Tools feature collects data about how users use the proofing tools, such as additions to the custom dictionary, and sends the data to Microsoft. After about six months, the feature stops sending data to Microsoft and deletes the data collection file from the user's computer. By default, this feature is enabled if users choose to participate in the Customer Experience Improvement Program (CEIP).
If your organization has policies that govern the use of external resources, such as the CEIP, people who use the Help Improve Proofing Tools feature might be violating these policies. If you disable this policy setting, the Help Improve Proofing Tools feature doesn’t collect proofing tool usage information and doesn't transmit it to Microsoft. If you don’t configure this policy setting, the behavior is of the same as setting the policy to "Enabled."
  • Impact: If you enable this setting, users participate in the CEIP. Although this feature doesn’t intentionally collect personal information, some content that is sent could include items that were marked as spelling or grammar errors, such as proper names and account numbers. But, any numbers such as account numbers, street addresses, and telephone numbers are converted to zeros when the data is collected. Microsoft uses this information only to improve the effectiveness of the Office Proofing Tools, not to identify users.

  • Guidelines: Most organizations enable this setting, which is the recommended configuration. Organizations that have a highly restrictive security environment, or a security environment that restricts Internet access, typically don’t enable this setting.

Several other settings are related to privacy disclosure in Office 2013 applications. If you are changing privacy options because you have a special security environment, you might want to evaluate the following settings:

  • Protect document metadata for password protected files   This setting determines whether metadata is encrypted when you use the Encrypt with Password feature.

  • Protect document metadata for rights managed Office Open XML files   This setting determines whether metadata is encrypted when you use the Restrict Permission by People feature.

  • Warn before printing, saving, or sending a file that contains tracked changes or comments   This setting determines whether users are warned about comments and tracked changes before they print, save, or send a document.

  • Make hidden markup visible   This setting determines whether all tracked changes are visible when you open a document.

  • Prevent document inspectors from running   This setting lets you disable Document Inspector modules. Document Inspector modules, available in various Office applications since Office 2007, allows users to remove hidden and personal information from their Office documents.

Note

For the latest information about policy settings, refer to the Office 2013 Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool TechNet article.

See also

Guide to Office 2013 security
Understand security threats and countermeasures for Office 2013
Overview of security in Office 2013
Configure security by using OCT or Group Policy for Office 2013

Privacy Statement for Microsoft Office 2013