Sending of diagnostic data to Microsoft must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-278355 | O365-CO-000028 | SV-278355r1152352_rule | CCI-000381 | medium |
| Description | ||||
| Diagnostic data is used to keep Office secure and up to date; detect, diagnose and remediate problems; and make product improvements. | ||||
| STIG | Date | |||
| Microsoft Office 365 ProPlus Security Technical Implementation Guide | 2026-02-12 | |||
Details
Check Text (C-278355r1152352_chk)
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Privacy >> Trust Center >> "Configure the level of client software diagnostic data sent by Office to Microsoft" is set to "Enabled", and "Neither" from the Options is selected.
Use the Windows Registry Editor to navigate to the following key:
HKCU\software\policies\Microsoft\office\common\clienttelemetry
If the value "SendTelemetry" is "REG_DWORD = 3", this is not a finding.
If the registry key does not exist or is not configured properly, this is a finding.
Fix Text (F-82790r1130620_fix)
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Privacy >> Trust Center >> "Configure the level of client software diagnostic data sent by Office to Microsoft" to "Enabled" and select "Neither" from the Options.