Title

The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder. (Cat II impact)

Discussion

This policy setting configures Office Telemetry Agent to disguise, or obfuscate, certain file properties that are reported in telemetry data. If you enable this policy setting, Office Telemetry Agent obfuscates the file name, file path, and title of Office documents before uploading telemetry data to the shared folder. If you disable or do not configure this policy setting, Office Telemetry Agent uploads telemetry data that shows the full file name, file path, and title of all Office documents.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2016 -> Telemetry Dashboard -> "Turn on privacy setting in Office Telemetry Agent" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\16.0\osm Criteria: If the value enablefileobfuscation is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2016 -> Telemetry Dashboard -> "Turn on privacy setting in Office Telemetry Agent" to "Enabled".

Additional Identifiers

Rule ID: SV-238042r879887_rule

Vulnerability ID: V-238042

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.