Microsoft Viva: Anonymous comments in Engage events

🚨 The Signal: Microsoft Viva Engage now allows anonymous comments in events, similar to anonymous questions. This feature, when enabled by organizers, hides user identities from the UI and compliance systems, potentially increasing unmoderated content and data exfiltration risks.

The Impact

All Viva Engage users are affected, increasing the risk of unmoderated content and potential data exfiltration.

• End Users: Can post anonymously, increasing risk of inappropriate content.
• Organizers: Must decide whether to enable anonymity, impacting content moderation.
• Security Teams: Increased risk of unmoderated content and data exfiltration.
• Compliance Teams: New challenge for content moderation and accountability.

The Action

1. Review existing Viva Engage governance policies for anonymous content.
2. Communicate to event organizers the implications of enabling anonymous comments.
3. Monitor Viva Engage content for policy violations, especially in events with anonymity enabled.
4. Assess if current Purview policies adequately address anonymous content in Viva Engage.

Domain: Purview · Impact: high · Workload: Microsoft Purview