Privacy changes to Microsoft 365 Usage Analytics
Published Aug 30 2021 09:00 AM 17K Views

At Microsoft, we’re committed to both data-driven insights and user privacy. As part of that commitment, we’re making a change to Microsoft 365 usage analytics on September 1st to pseudonymize user-level information by default. This change affects the following products and APIs, and will help companies support their local privacy laws: 


Global administrators can revert this change for their tenant and show identifiable user information if their organization’s privacy practices allow. This can be achieved in the Microsoft 365 admin center by going to Settings > Org Settings > Services and selecting Reports. Under Choose how to show user information, uncheck the statement In all reports, display de-identified names for users, groups, and sites, and then save your changes. Showing identifiable user information is a logged event in the Microsoft 365 compliance center audit log.  


When user identification is enabled, administrative roles and the report reader role will be able to see identifiable user level information. Global reader and Usage Summary Reports Reader roles will not have access to identifiable user information, regardless of the setting chosen. 


These changes to the product will bolster privacy for users while still enabling IT professionals to measure adoption trends, track license allocation and determine license renewal in Microsoft 365. 


Continue the conversation by joining us in the Microsoft 365 Tech Community! Whether you have product questions or just want to stay informed with the latest updates on new releases, tools, and blogs, Microsoft 365 Tech Community is your go-to resource to stay connected!

Occasional Visitor


Depuis que cette fonctionnalité a été activée, nous avons une série de chiffres et de lettres à la place des username.

Par contre, dans les paramètres de l'organisation > Rapports, l'option est bien cochée.

En décochant l'option "Show identifiable user information in reports", on retrouve bien les noms ou adresses mails dans les rapports.

Il y a soit un problème de traduction, soit un problème de fonctionnalité.

Merci d'avance

Senior Member



was this information communicated in advance via some other location? Without such communication, applications dependent on the previous behavior and setting are suddenly broken, requiring customer to react.


Rob O

Frequent Visitor

There is some way to decode the pseudonymize data? there are some graph endpoint to recover the user information?

New Contributor


Yes : 

Global administrators can revert this change for their tenant and view identifiable user information if their organization's privacy practices permit. 
This can be done in the Microsoft 365 admin center by going to Settings> Organization Settings> Services and selecting Reports.
Under Choose how to display user information, deselect Display identifiable user information in reports.
New Contributor

Is it possible to get the same kind of pseudonymization on other graph endpoints?


It would be great to be able to tie data to departments or countries (not necessarily individual users) by combining the data with

Regular Visitor

Was this announced in the M365 or Azure Admin Message Center? There is also nothing about anonymizing usage data in the M365 Road Map, other than a reference to Teams usage anonymization in May 2021. Please share where this was announced or communicated prior to August 30th 2021 for a Sept. 1 2021 implementation. This change broke several reports in our environment that require user information to be in the report. We have reverted, but would have appreciated advanced communication. Thank you!


@downtownmtb-Allina @Robert Osborne Thank you for taking the time to share the impact this change has had. This change was announced via the Microsoft 365 public roadmap and message center in the Microsoft 365 Admin Center. The announcement was provided with 30 days notice in line with our standard notification procedures for this type of change.


@Axel Andersen I’m not aware of any further efforts regarding pseudonymization for other graph endpoints, we will provide your request to the Graph API team and ask them to reach out.

Senior Member

@James_Bell please can you share the relevant items?

I can only see roadmap feature ID 70774 last modified in June, which refers to admins "will have the option" to anonymise, not that it would be switched to on by default.

The Message Center does not have anything relevant against searches for "privacy", "anonymize", "anonymous".



Hi @Simon Gardner , it was contained in Message Center Post: MC275344 and Roadmap ID: 81959


Occasional Visitor

You need to update the documentation of the affected methods to indicate that some fields will be anonymized.




Hi @Grattle , thanks for letting me know. I'll work with our documentation team to have the content updated. 

Frequent Visitor

Hi, I want to maintain pseudonymize option in the tenant, but I need to get a report from Graph, anybody knows if there are some way to "decrypt" these data on my side by coding? i'm using c#

Occasional Visitor

Hi, If userPrincipalName and displayName is concealed, how can we know the data belongs to which user? For example, if we want active users report, we can only see the ID which serves no purpose in that report. I understand that we can disable this option, but my question is why do we had this option in the first place?


Is there a mapping for the concealed information and the actual information anywhere that only admins can view/fetch? If so, that would be useful.


@EmanuelVazquez we do not provide the ability to decrypt the information.  @Manikandan_N , we include the option to bolster privacy for users while still enabling IT professionals to measure adoption trends, track license allocation and determine license renewal in Microsoft 365.  There is no mapping between the settings.  The change described in the article is to modify the default setting to hide user level information from 'off' to 'on'. We did not modify the functionality of the product with this change, just the default setting which can be reverted using the method described above. 



Occasional Visitor

Hi, shall we modify(enable/disable) this setting via powershell or graph api? Or any ways to know that this setting is enabled or not via powershell/api?

Occasional Visitor

Hi, @James_Bell.


I have some questions about getSharePointSiteUsageDetail API. This report provide information about used storage, file count, last activity date and others. Maybe those properties can be received via either Graph API or SharePoint REST API?


For used storage i've already found SharePoint API endpoint:

GET http://<sitecollection>/<site>/_api/site/usage


Could you suggest some endpoint for file count and last activity date?


Thank you!

Occasional Visitor

Dear @James_Bell ,


Kindly ask you to support us with an issue that we have faced with User Activity Reports, obtained via Graph API. We are using GetTeamsUserActivityDetail API (


Recently we have noticed that mapping is not working due to the format of data in the UserPrincipalDate being changed, starting from the 1st of September the data in this field was encoded. 


We've changed the configuration in the admin center and now data come in decoded format. We've also reprocessed API for the last 28 days, but can't reprocess the data for the previous period, starting from 1st of September till 5th of January due to API limitation. 


Can you please advise us on how to solve this issue with historical data, how we can obtain decoded data for the requested period, or maybe you can suggest to us an algorithm, how to decode the UserPrincipalName field?


Thank you beforehand!

Occasional Visitor

Hi @James_Bell ,

Is it possible to revert this change (that is, to show identifiable user information) only for specific users and applications?

Our use case is that we generate many custom reports to analyze license usage and application adoption, in which we use identifiable information. However, we would like to keep data anonymized by default and preserve user privacy as much as possible.
Therefore, we would like to have one single application that gets all identifiable information via Graph API, but everywhere else the information should always appear pseudonymized.

Thank you in advance,
Leonardo Benitez

Frequent Contributor

I do not see where @LeonardoBenitez question was answered. We would also like to reinstate this setting (as instructed in your article) but would like to restrict its viewing to M365 admin roles and SPO site owners. Is there a way to do that?


Thanks, in advance, for your follow-up



Hi @Lisa Stebbins @LeonardoBenitez , it is not possible to allow this for specific users and applications - the setting is on or off.  We have made it easier to change the setting to be on or off via an API, which is an auditable event. More information can be found here:  

Version history
Last update:
‎Sep 14 2021 09:31 AM
Updated by: