Microsoft Office 365 ProPlus STIG Version Comparison

There are 6 differences between versions v3 r2 (Jan. 30, 2025) (the "left" version) and v3 r4 (Oct. 1, 2025) (the "right" version).

Check O365-CO-000028 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

Sending of diagnostic data to Microsoft must be disabled.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Privacy >> Trust Center >> "Configure the level of client software diagnostic data sent by Office to Microsoft" is set to "Enabled", and "Neither" from the Options is selected. Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\common\clienttelemetry If the value "SendTelemetry" is "REG_DWORD = 3", this is not a finding. If the registry key does not exist or is not configured properly, this is a finding.

Discussion

Diagnostic data is used to keep Office secure and up to date; detect, diagnose and remediate problems; and make product improvements.

Fix

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Privacy >> Trust Center >> "Configure the level of client software diagnostic data sent by Office to Microsoft" to "Enabled" and select "Neither" from the Options.