Microsoft 365: Organizational Data – Granular access policy controls for custom attributes

🚨 The Signal: New granular controls for Microsoft 365 Organizational Data custom attributes allow administrators to limit sharing to specific users or groups, enhancing data governance and preventing broad, unintended data exposure. This improves control over sensitive organizational insights.

The Impact

Microsoft 365 administrators are affected, gaining enhanced controls to mitigate risks of unauthorized or overly broad data sharing.

• Security Teams: Reduced risk of sensitive organizational data exposure.
• Microsoft 365 Administrators: New configuration options for attribute sharing policies.
• Workforce Insights Delegates: Access to non-public data can now be explicitly controlled.
• Compliance Officers: Improved ability to meet data governance requirements.

The Action

1. Review existing Organizational Data sharing policies for custom attributes.
2. Familiarize with new granular access controls for custom attributes upon rollout.
3. Define and implement 'Staging' policies to test new attributes with selected users.
4. Configure explicit sharing policies for new custom attributes, defaulting to 'not shared'.
5. Establish policies for sharing non-public data with Workforce Insights delegates.

Impact: medium · Workload: Microsoft Purview