Microsoft 365 admin center: Organizational Data – Granular access policy controls for custom attributes

🚨 The Signal: Admins can now precisely control who sees custom organizational data attributes in Microsoft 365, preventing broad exposure. This enhances data governance and reduces the risk of sensitive information leakage.

The Impact

Admins and security teams are affected by new controls to prevent sensitive data exposure to unauthorised users.

• Admins: New configuration options for custom attribute visibility.
• Security Teams: Reduced risk of sensitive data overexposure.
• Managers: Controls over sharing non-public data with delegates.
• All Users: Improved privacy for custom organizational data.

The Action

1. Review existing custom attribute publication policies in Microsoft 365 admin center.
2. Identify sensitive custom attributes currently broadly exposed.
3. Create or modify access policies to restrict sensitive attributes to specific user groups.
4. Configure sharing permissions for leaders/managers regarding Workforce Insights delegates.

Impact: high · Workload: Microsoft Purview · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898