Privacy supplement for Microsoft Lync Server 2013
Last updated: February 2013
Contents
This page is a supplement to the Privacy Statement for Microsoft Lync Products. In order to understand the data collection and use practices relevant for a particular Microsoft Lync product or service, we recommend you read both the Privacy statement for Microsoft Lync products and this supplement.
This privacy supplement addresses the deployment and use of Microsoft Lync 2013 communications software deployed within your enterprise. If your company is using Lync Server as part of an online solution or service (in other words, if a third party [for example, Microsoft] is hosting the servers upon which the software runs), information will be transferred to that third party. To learn more about the use of the data being transferred to that third party, please consult your enterprise administrator or your service provider.
Archiving
What This Feature Does: Archiving provides organizations that may be subject to retention requirements based on industry or regulatory requirements, or which may have their own organizational retention requirements with a way to archive certain Lync related communications and usage data in support of those requirements.
Information Collected, Processed, or Transmitted: Archiving stores the content of both peer-to-peer and multiparty instant messages, conference content, including uploaded content (for example, handouts) and event-related content (for example, joining, leaving, uploading, sharing, and changes in visibility) on a server configured by the enterprise administrator. Peer-to-peer file transfers, audio/video for peer-to-peer conversations, application sharing during peer-to-peer conversation, conferencing annotations and polls cannot be archived. No information is sent to Microsoft.
Use of Information: Allows an organization to archive content to meet industry, regulatory, or organizational retention requirements.
Choice/Control: Archiving is off by default. There are no user-level controls for this feature; the enterprise administrator for the organization manages it.
-
From the Monitoring and Archiving Settings page, update the Archiving Policy and Archiving Configuration.
To enable Exchange integration:
-
From the Monitoring and Archiving Settings page, and update the Archiving Configuration.
Note: After Exchange integration has been enabled, users whose are homed to Microsoft Exchange Server 2010 or newer need to be managed from the Exchange Control Panel.
Activity Feed
What This Feature Does: Activity Feed enables the end users to see "social updates" from their contacts on their Contacts list. It permits the end users to display to others your most recent personal notes, changes to your picture, and changes to your title or office location.
Information Collected, Processed, or Transmitted: End users will publish, through presence, the following information in Microsoft Lync 2013:
-
The update time of their corporate picture (from your enterprise's corporate directory, such as Active Directory Domain Services)
-
A web picture (that the end user uploads and want others to see) with the updated time
-
The time their corporate title changed and the title itself (from the corporate directory)
-
The time their corporate office location changed and the office location itself (from the corporate directory)
-
A history of the last several personal notes that have been posted
-
Their Out of Office note from Microsoft Exchange Server
No information is sent to Microsoft.
Use of Information: This information will be shared with contacts in the end user's Contacts list that are viewing their activity feed and are in a Family and Friends, Workgroup, Colleagues, or External Contacts privacy relationships.
Choice/Control: The enterprise administrator can configure the PersonalNoteHistoryDepth in-band setting which will control how many personal notes will be kept for the end user. If set to 0, then no note history is kept, and only the current note is stored (as it has been in past releases). Each end user will also have the ability to not publish anything to their Activity Feed by checking the appropriate setting in the options dialog of their Lync client.
Address Book Service
What This Feature Does: The Address Book Service allows Lync Server clients, such as Lync 2010 and newer desktop clients, Lync for mobile devices, and so on, to search for contacts.
Information Collected, Processed, or Transmitted: The end user provides a search string that is then used to search for a match in the Address Book database or in the Address Book download files. Any matching records found for a given search string will be returned back to the client.
Use of Information: The information in the search string will be used to search for matching records.
Choice/Control: The Address Book Service is enabled by default. There is no option to disable this service.
Call Admission Control
What This Feature Does: Call Admission Control allows enterprise administrators to control the amount of Lync Server audio/video traffic on WAN link.
Information Collected, Processed, or Transmitted: Call Admission Control collects, processes and receives the IP addresses of the caller and the callee, the endpoint location information (inside or outside the enterprise network) of both sides, and whether the call is federated. No information is sent to Microsoft.
Use of Information: The enterprise administrator can use this information to administer the enterprise's use of a particular WAN link for audio/video calls Lync Server.
Choice/Control: Call Admission Control is turned off by default and can be turned on by an enterprise administrator by going to the Lync Server Control Panel Network Configuration setting page, and updating the Global policy to enable bandwidth management.
Note: Emergency services could be impacted by Call Admission Control policies (that is emergency services might get routed to the wrong trunk).
Call Detail Records (CDR) Data Collection and Reporting
What This Feature Does: Call Detail Records (CDR) Data Collection and Reporting collects and reports details of registrations, peer-to-peer communications and meetings that have occurred using Lync Server.
Information Collected, Processed, or Transmitted: If enabled, the data from all registrations, peer-to-peer communications and meetings is recorded in the CDR database. (The content is not recorded.) The CDR data is stored in the Monitoring Server database that is deployed in the enterprise and reported in a set of standard Monitoring Server reports. No information is sent to Microsoft.
Use of Information: The CDR data can be used to review the history of registrations, peer-to-peer communications and meeting that happened in the organization.
Choice/Control: CDR is turned on by default, but the enterprise administrator must install a Monitoring Server, connected to a Monitoring Server backend database, to collect the CDR data. The enterprise administrator can deploy the standard Monitoring Server reports or create custom reports by querying the Monitoring Server database.
Call Delegation
What This Feature Does: Call Delegation allows users to assign one or more individuals (delegates) to make or receive calls and set-up or join online meetings on their behalf.
Information Collected, Processed, or Transmitted: When assigning delegates, delegate contact information must be provided by the user during the configuration process. Users who are set-up as delegates will receive a notification informing them that someone in their organization has designated them as a delegate. When delegate(s) answer a call on behalf of the person who has assigned them as a delegate, that person will receive an email notification informing them about this event. No information is sent to Microsoft.
Use of Information: Lync uses the delegate's contact information to allow them to make or receive calls and schedule or join meetings on behalf of the person to whom they are a delegate.
Choice/Control: Call Delegation is off by default. The enterprise administrator can enable and disable Call Delegation for their organization by setting EnableDelegation to True.
Note: Enterprise administrators can configure Exchange Calendar Delegate sync-up with Lync Server 2010 or newer. When enabled, Exchange Calendar Delegates with appropriate permissions (equal to or greater than Non-editing Author permissions) will be automatically added as delegates in Lync. This, however, does not change the Call Forwarding settings.
Caller ID
What This Feature Does: Caller ID controls the telephone number that is displayed to the called party. The enterprise administrator can choose to override caller ID by providing an alternative number which will be displayed as the caller ID for all outgoing calls from their organization or for a particular set of numbers. For example, the administrator can configure Caller ID so that the general company number is displayed instead of the user's personal work number.
Information Collected, Processed, or Transmitted: The user's telephone number or the alternately configured telephone number. No information is sent to Microsoft.
Use of Information: When placing a call the user's phone number or an alternate number (if configured) is displayed to the call recipient.
Choice/Control: Suppress Caller ID can be checked or unchecked by going to Lync Server Control Panel Route page. If Suppress caller ID is not checked, the caller's phone number will be displayed. If Suppress caller ID is checked, an alternative number must be provided and will be displayed to the called party
Calling Party Name Display
What This Feature Does: This Display Name contains the end user's name as stored in the Lync Server local repository (Address Book Service). For outgoing calls from end users on Lync Server to the public switched telephone network (PSTN), this feature sends any Display Name information to the egress PSTN gateway/IP-PBX/session border controller.
Information Collected, Processed, or Transmitted: For outgoing calls from the Lync Server network, the Display Name is sent to the egress PSTN Gateway/IP-PBX/Session Border Controller if there are no privacy restrictions in Lync Server for providing this information. This information can then be displayed to the destination party for the call.
Use of Information: The information is used so the called party has the calling party's name displayed along with the calling party's phone number. This should not be considered as definitive.
Choice/Control: At present, there are no controls within Lync Server to set privacy restrictions for the provision of Display Name information. The Display Name is always transmitted from the server. Certain PSTN Gateways/IP-PBXs/Session Border Controllers may have the ability to filter or replace Display Name information per call direction (inbound, outbound).
Client-Side Logging
What This Feature Does: Client-side logging collects information that the second-level support team can use to determine the cause of an issue. Client-Side Logs are stored locally on the user's computer.
Information Collected, Processed, or Transmitted: When Client-Side Logging is enabled specific usage information will be logged and stored on the user's computer. This information can include meeting subjects and locations; session initiation protocol (SIP) messages; responses to Lync invites; information about the sender and receiver of instant messages; the route the message took; the users Contacts list and presence information; the names of any applications, attachments, Microsoft PowerPoint files, whiteboards, or polls they shared to include any poll questions that were shared and an index of how they voted are all logged in the client-side logs. The contents of Lync conversations are not stored (instant messages, PowerPoint decks, whiteboard contents, notes, poll details, etc.) in the client-side logs. No information is sent to Microsoft.
Use of Information: The information collected in the client-side logs can be used by the user's customer support or can be sent to Microsoft to troubleshoot Lync issues.
Choice/Control: Client-Side Logging is off by default. The enterprise administrator can enable or disable this feature for their enterprise by setting ucEnableUserLogging to 1.
Emergency Services (911)
What This Feature Does: When made available by the enterprise administrator Emergency Services allows Lync to transmit a location to a third-party routing service provider selected by the customer. The third-party routing service provider will then transmit the location to the emergency responders when an emergency services number is dialed (such as 911 in the United States). When enabled, the location information transmitted to emergency services personnel is the location that the enterprise administrator has assigned to each user (for example, building and office number) and entered into the location database or, if such a location is not available, the location users may have manually entered in the Location field. If a users dials emergency services while using Lync via a wireless Internet connection, while they are still in their work location, the location information transmitted to emergency responders will be merely an approximate location based on the location assigned to the wireless endpoint with which their computer is communicating. The location information of that wireless endpoint, moreover, is input manually by the enterprise administrator, and therefore, the location information transmitted to the emergency services personnel may not be the user's actual physical location. To be fully functional this feature requires the enterprise to retain a routing service provided by certified solution providers, and the service is only available within the United States.
Information Collected, Processed, or Transmitted: The location information obtained by Lync is determined by the automatic location information populated by the Location Information Server or by the location information manually entered in the Location field by the user. This information is stored in memory on the user's computer, so when an emergency services number is entered, this location information is transmitted with the call for the purpose of routing to the appropriate emergency services provider and providing their approximate location. Their location may also be sent using an instant message to a local security desk. For emergency calls, the call detail record will contain their location information. No information is sent to Microsoft.
Use of Information: Location is used for routing the call to the appropriate emergency services provider and for dispatching emergency responders. This information can also be sent to the enterprise's security desk as a notification with the caller's location and call back information.
Choice/Control: This feature is off by default. The enterprise administrator enables it.
Disabled:
Emergency Services is disabled by default. If enabled by the enterprise administrator, the Location Policy can be modified or removed from the subnets and/or users, and the routing service can be discontinued from the service provider.
Enabled:
A Location Policy that enables Emergency Services is required to be defined and assigned to either subnet where unified communications (UC) clients will be registering from or to users or both. Emergency Services routing service must be obtained from a service provider and routing connectivity to the service provider established.
Note: The enterprise administrator can restrict the emergency calling capability to a user's work location, so users should check with their administrator for information about the extent to which the emergency calling functionality is available.
Location Infrastructure
What This Feature Does: End user location and time zone information is computed and shared with others over the presence functionality.
Information Collected, Processed, or Transmitted: The end user's geographic location data is collected by one of two mechanisms: the user manually enters the data, or it is automatically populated by the enterprise's Location Information Server ("LIS"). In addition, the end user's time zone is retrieved from the Windows operating system on the end user's computer. The location data that is collected consists of a "description" string as well as formatted address information. The description is any string that would help inform others about the end user's location (such as "Home" or "Work"), while the formatted address information is a civic address(such as "5678 Main St, Buffalo, NY, 98052"). No information is sent to Microsoft.
Use of Information: The location description and time zone data are shared with others over Lync presence, based on how their Presence privacy is configured. The information is displayed in the user's contact card. Note that the formatted address, or civic address, is not shared over the contact card but may be transmitted to emergency services personnel if the end-user makes an emergency call (e.g., 911). (See "Emergency Services" description.)
Choice/Control: The enterprise administrator has the following controls:
-
EnhancedEmergencyServicesEnabled: If set to True, the location name entry in the location field and a full Location dialog box are available by using the Set Location item in the location area menu. If it is set to False, a limited location entry is available for the location name in the location field. Also, when the control is set to True, location data will be shared for emergency services calls. If it is set to False, it will not be shared over emergency services calls. This cannot be overridden by end users. Be aware that the location description (either retrieved from LIS or entered by end user) will still be shared over presence regardless of how this toggle is set.
-
UseLocationForE911Only: If set to True, the location data in the LIS will not be automatically shared via presence. If set to False, the location data in the LIS will be automatically shared over presence.
-
PublishLocationDataDefault: This control configures the default behavior for all users who have not explicitly elected to share or not share their location description by using presence. If set to True, by default the location will be shared. If set to False, by default, the location will not be shared.
-
LocationRequired: This setting controls whether end users are prompted to enter their location. There are three possible values: Yes, Disclaimer, and No.
-
Yes - Shows "Set your location" in red if there is no location data.
-
Disclaimer - Shows "Set your location" in red with an "X" beside it if there is no location data. End users can click the "X" to view the disclaimer. Note: If an enterprise administrator chooses this value, then they would need to populate the text of the disclaimer.
-
No - Shows "Set your location" in black when there is no location data.
-
Lync Web App Server
What This Feature Does: The Microsoft Lync Web App web component needs to be deployed in order to use Lync Web App, which is a Microsoft Silverlight browser plug-in based program that provides meeting experience.
Information Collected, Processed, or Transmitted: The end user's sign in address, password, and meeting information will be used to authenticate the user before connecting him or her to a meeting. Program sharing and desktop sharing information will be shared with all users in that meeting. All meeting participants will be able to view the end user's presence and contact information.
Use of Information: User sign in address, password, and meeting information will be used to authenticate the user before connecting him or her to a meeting.
Choice/Control: The Lync Web App web component is enabled by default.
Media Bypass Location aspects
What This Feature Does: Media Bypass determines the locality of the default local media termination IP addresses of a Lync Server user and the PSTN Gateway/IP-PBX/Session Border Controller that is to be used in a PSTN or PBX call associated with that user. If the two elements are located such that they are well connected, with no bandwidth constraints, and media bypass has been enabled, media will flow directly between the Lync Server user and the PSTN Gateway/IP-PBX/Session Border Controller, bypassing the Lync Server Mediation Server. The signaling for the call will continue to go from the Lync Server user to the Lync Server Mediation Server and to the PSTN Gateway/IP-PBX/Session Border Controller.
Information Collected, Processed, or Transmitted: The locality of the local default media termination IP address for the end user and the PSTN Gateway/IP-PBX/Session Border Controller is determined by matching each local default media IP address of each to a Bypass ID stored in the Lync Server configuration store. The Bypass ID is a GUID, and it is not filtered by the Access Proxy, so it is provided to outside users and federated users, as well as being available to inside users. This feature doesn't send any information to Microsoft.
Use of Information: If the Lync Server user and the PSTN Gateway/IP-PBX/Session Border Controller are in the same locale, the Bypass ID associated with each element's local default media IP will be the same. The party receiving the Bypass ID from its peer will see that its own Bypass ID is a match. In that case, the media for the call is allowed to go directly between the Lync Server user and the PSTN Gateway/IP-PBX/Session Border Controller, bypassing the Mediation Server.
Choice/Control: Media bypass is by default disabled both globally and for each trunk to a particular PSTN Gateway/IP-PBX/Session Border Controller. The enterprise administrator can enable it both globally and for a particular trunk by using the two methods below.
Using the Lync Server Control Panel
-
Global bypass is enabled by clicking Network Configuration, double-clicking Global configuration in the list, and then, on the Edit Global Setting page, clicking Turn on media bypass and selecting the granularity.
-
Bypass for a particular trunk is enabled by clicking Voice Routing, clicking the Trunk Configuration tab, double-clicking an existing trunk, and then clicking Enable media bypass.
Using the Microsoft Lync Server 2013 Management Shell
-
The New-CsTrunkConfiguration or Set-CsTrunkConfiguration cmdlets can be used to enable media bypass for a trunk.
-
The New-CsNetworkMediaBypassConfiguration and Set-CsNetworkConfiguration cmdlets can be used to enable global media bypass.
Meeting Attachments
What This Feature Does: Meeting Attachment allows meeting organizers to upload and share files with meeting participants either by displaying them in the meeting or for download later.
Information Collected, Processed, or Transmitted: Meeting attachments are uploaded by the meeting organizer and are stored on the Lync Server. The length of time attachments will persist on the server is configurable by the enterprise administrator. They are available for download by the meeting organizer and participants until the meeting organizer deletes them or the administrator configured retention period ends. At that time the meeting attachment will be deleted. No information is sent to Microsoft.
Use of Information: Uploaded meeting attachments are shared with and can be downloaded by meeting participants. Availability of attachments can be restricted to particular meeting participants' roles (organizer, presenters, everyone). If an attachment has been restricted from access to a particular role, it will not be visible in their attachments list.
Choice/Control: Meeting attachments are enabled by default. The enterprise administrator can enable or disable this feature for any or all users through the AllowFileTransfer policy.
Peer-to-Peer File Transfer
What This Feature Does: Peer-to-Peer File Transfer allows Lync users to transfer files to one another in peer-to-peer (two-party) instant-message conversations.
Information Collected, Processed, or Transmitted: The file is transferred directly between the file owner and the other person in the conversation. No information is sent to Microsoft.
Use of Information: Users choose to initiate the file transfer and choose the file to be transferred. The file recipient must explicitly agree to receive the file. Files shared using Peer-to-Peer File Transfer is not stored on Lync Server.
Choice/Control: Peer-to-Peer file transfer is enabled by default. The enterprise administrator can enable or disable this feature for any or all users through the EnableP2PFileTransfer policy.
Persistent Group Chat
What This Feature Does: Persistent chat lets users collaborate by posting messages into persistent chat rooms. The data is persisted on the server, and members of the room can have access to the data, including historical data. Persistent Group Chat allows users to have group conversations, search for, join and participate in group chat conversations, search content within and across rooms, and create filters to track conversations on particular topics.
Information Collected, Processed, or Transmitted: Persistent Group Chat stores the content of group chat conversations on a server configured by the enterprise administrator. No information is sent to Microsoft.
Use of Information: Persistent Group Chat is a persistent chat much like a "chat room" where the conversation never really ends as chat members join and leave the conversation. In order for this to happen the chat must persist.
Choice/Control: Persistent Group Chat must be enabled by the enterprise administrator. If enabled, the administrator can control the retention period, the server on which this information is stored, if Group Chat history is archived for compliance or other purposes, and manage/modify any properties on a room. Users with different roles have different access to the persisted data, as outlined in the following list.
-
Administrators can delete older content (for example, content posted before a certain date) from any chat room to keep the size of the database from growing greatly. Or, they can remove or replace messages considered inappropriate for a given chat room. (or consider, unsuitable)
-
End users, including message authors, cannot delete content from any chat room.
-
Chat room managers can disable rooms, but cannot delete rooms. Only administrators can delete a chat room after it's created.
Personal Picture
What This Feature Does: Personal Picture allows users to display their personal picture to other people within their organization in the Contact Card. If a user elects to display their personal picture in their contact card, other Lync users will be able to view the picture in their Lync contacts list using the "Show photos of contacts" option. If users choose to display their personal picture to others they can choose to display the default picture used by their organization if this capability has been enabled for the enterprise or they can upload a picture from their computer.
Information Collected, Processed, or Transmitted: Personal Picture sharing preferences and any custom pictures that have been uploaded. No information is sent to Microsoft.
Use of Information: The information is stored on the Lync server and used to customize the user experience and share with others.
Choice/Control: The enterprise administrator controls:
•Whether users share the pictures initially by default or not. This can be overridden.
•The maximum size of a picture that a user could upload.
•What kinds of pictures are allowed.
PIN Authentication
What This Feature Does: PIN Authentication is a mechanism used to authenticate users joining Conference Auto Attendant meetings and to authenticate users deploying Microsoft Lync Phone Edition for the first time. The user enters the phone number or extension and PIN that Lync Server uses to validate the user's credentials. A PIN can be set by the user or provisioned by an enterprise administrator.
Information Collected, Processed, or Transmitted: During authentication, the phone number or extension and the user's PIN are collected. Lync Server validates this information against its backend database. The PIN is stored in the backend database as a one way hash for security purposes. Once set, the PIN is not visible to anyone. A PIN can be set or reset by a user or by an administrator or a help-desk user.
When an administrator or help-desk user sets or resets the PIN, the new PIN is shown and can be sent optionally in email to the user. The email template provided is customizable and includes text that informs the user that the PIN may have been viewed by the administrator or help-desk user, and, therefore, it is recommended that the user set the PIN again.
Use of Information: The PIN is used by Lync Server to authenticate the user to the meeting or to deploy the phone running Lync Phone Edition.
Choice/Control: This is enabled by default. The enterprise administrator can disable PIN authentication from the Lync Server Control Panel Security Settings page, by checking the box for PIN authentication.
Polling
What This Feature Does: Polling allows the meeting organizer to quickly gather information or compile the preference of meeting and conversation participants. This information can also be saved and later analyzed after the meeting.
Information Collected, Processed, or Transmitted: Individual votes are anonymous. Aggregated poll results are seen by all presenters and can be shown to all attendees by any presenter. Polls are stored on Lync Server according to meeting content expiration policies, as defined by the enterprise administrator. No information is sent to Microsoft.
Use of Information: The Polling feature enhances collaboration by enabling presenters to quickly determine participant preferences.
Choice/Control: The enterprise administrator has the following policies
-
EnableDataCollaboration: This policy allows enterprise administrator to restrict all data collaboration features—Microsoft PowerPoint Collaboration, File Sharing, Polling, Whiteboard Collaboration, and Attachments. If this policy is set to False, the feature level policies for these features are irrelevant.
-
AllowPolling: This policy allows enterprise administrators to enable or disable the Polling feature. This feature is enabled by default.
PowerPoint Collaboration
What This Feature Does: PowerPoint Collaboration allows users to show, view, and annotate PowerPoint presentations during an online conversation or meeting.
Information Collected, Processed, or Transmitted: End user actions drive all uses of this feature—whether they are uploading, navigating through, or annotating a PowerPoint presentation. Any file presented in a conversation or meeting will be transmitted to all meeting participants, and they will be able to retrieve it directly from a folder on their computers. The file owner or presenter can restrict others from saving the file, but this does not restrict them from retrieving or seeing it. PowerPoint files are stored on Lync Server according to the meeting content expiration policies defined by the enterprise administrator. No information is sent to Microsoft.
Use of Information: Collaborating with PowerPoint helps conversation participants deliver effective presentations and receive feedback.
Choice/Control: The enterprise administrator has the following policies:
-
EnableDataCollaboration: This policy allows the enterprise administrator to restrict or permit all data collaboration features—PowerPoint Collaboration, File Sharing, Polling, Whiteboard Collaboration, and Attachments. If this policy is set to False, the feature level policies for these features are irrelevant.
-
AllowAnnotations: This policy allows the enterprise administrator to restrict annotation capabilities on PowerPoint content for meeting participants.
In addition, presenters can restrict annotations on PowerPoint presentation by participant role (None, Presenters only, Everyone) through the Meeting Options dialog box. This setting is available per meeting.
Presence and Contact Information
What This Feature Does: Presence and Contact Information allows a user to view presence and contact information about other users (both inside and outside the organization), and share their own published information such as presence, status, title, phone number, location and notes. The enterprise administrator may also configure integration with Microsoft Outlook and Microsoft Exchange Server so that a user's out-of-office messages and other status information (for example, when a user has a meeting scheduled in their Outlook calendar) will be displayed.
Information Collected, Processed, or Transmitted: The user's sign-in address and password for login and authentication purposes. Any additional telephone numbers they may want to make available, information such as out-of-office messages and other status information if Microsoft Outlook and Microsoft Exchange Server integration has been configured by the administrator and enabled in Outlook; including any notes or availability that might have been manually by the user is made available in the Contact Card. No information is sent to Microsoft.
Use of Information: Sign-in address and password are used to log in to Lync and connect to the Lync Server. Based on how the user has configured their privacy settings other Lync users and programs will be able to access the presence, contact, and status information, if published, so users can better communicate with each other.
Choice/Control: Users can choose what information is published about themselves or their enterprise administrator can configure published information on their behalf. The enterprise administrator can disable the end users' ability to control their published information by going to the Lync Server Control Panel Users and IM and Presence Settings pages.
Privacy Mode
What This Feature Does: Privacy Mode is a setting that allows users to determine how much of their presence information (such as Available, Busy, Do Not Disturb, and so on) they will share with contacts listed in their Contacts list.
Information Collected, Processed, or Transmitted: Enabling Privacy Mode causes Lync to enter a mode in which a user can adjust user settings so that their presence information is shared only with contacts in their Contacts list. No information is sent to Microsoft.
Use of Information: The setting allows the user to determine how their presence data is shared.
Choice/Control:
-
The enterprise administrator, at the pool level, can choose to enable Privacy Mode (by using the EnablePrivacyMode in-band setting). Once enabled, by default, any end users of Lync will switch to Privacy Mode as soon as they sign in.
-
When Privacy Mode is enabled on the server, through the admin setting, the end users can choose to have either everyone see their Presence (Standard Mode) or only their contacts to see their Presence (Privacy Mode).
-
If Standard mode is enabled on the server, through the admin settings, end users cannot switch to Privacy Mode. They can operate only in Standard Mode. However, they can "pre-opt-out" of Privacy Mode so that if the administrator were to later switch to Privacy Mode, they would not be switched upon signing into Lync.
Private Line
What This Feature Does: Private Line is a feature that provides an unpublished additional phone number to an end user. The end user can choose to give out the additional phone number to others.
Information Collected, Processed, or Transmitted: from the Private Line feature is collected in a similar way to how calls to a regular non-private number are handled, that is, call details records will be stored just as they are for any call.
There are instances when the private number will be sent to a third-party inadvertently, such as when the caller to the private number transfers the call to another person.
Use of Information: This information is used to provide history of call occurrence. Please see the Call Detail Records Data Collection and Reporting section for more information.
Choice/Control: There are no end user or administrator controls for this feature.
Quality of Experience (QoE) Data Collection and Reporting
What This Feature Does: Quality of Experience (QoE) Data Collection and Reporting collects and reports media quality of peer-to-peer communications and meetings using Lync. These statistics include IP addresses, loss rate, devices used, poor quality events that occurred in the call, and so on.
Information Collected, Processed, or Transmitted: If the enterprise administrator enables QoE, media quality data of peer-to-peer communications Lync and meetings are recorded in the QoE database. This capability does not record the content of the Lync. The QoE data is stored in the Monitoring Server backend database deployed in the enterprise and reported in a set of standard Monitoring Server reports. No information is sent to Microsoft.
Use of Information: The enterprise administrator has access to this information and can use it to collect feedback on the quality of media that is flowing in the system. This includes user IP addresses.
Choice/Control: QoE is turned on by default, but the enterprise administrator must install a Monitoring Server, connected to a Monitoring Server backend database, to collect the QoE data. The enterprise administrator can deploy the standard Monitoring Server reports or create custom reports querying the Monitoring Server database.
Enterprise Administrators can turn off QoE reports by using the following Windows PowerShell cmdlet for Lync Server:
Set-CsQoEConfiguration –EnableQoE $False
Role Based Access Control
What This Feature Does: The Role Based Access Control (RBAC) feature enables delegation of administrative rights for enterprise administrator scenarios. The interaction of an enterprise administrator with the management interfaces can be limited to specifically allowed operations and by which objects can be modified.
Information Collected, Processed, or Transmitted: The capabilities of an enterprise administrator are evaluated at run time based on the user's group membership, specifically Active Directory security groups. The capabilities of a role in the system are configured and set in the central management server.
Use of Information: An enterprise administrator can configure additional RBAC admin roles for a given deployment. An enterprise administrator can view all the roles another admin is a member of.
Choice/Control: This is the security/authorization mechanism for IT management tasks. The feature does not have impact on or visibility to the end users.
Recording
What This Feature Does: Recording allows meeting participants to capture any audio, video, instant messaging (IM), application sharing, Microsoft PowerPoint presentations, whiteboard, and polling that occurs during a meeting for archiving or playback.
Information Collected, Processed, or Transmitted: If meeting participants choose to record a session, the recording will be saved locally on their computer. If participants share content during a meeting that is being recorded, that content will be included in the meeting recording. When a participant starts recording, a notification that a recording has started will broadcast to all participants with compatible clients and devices. Participants in a recorded session who are using incompatible clients or devices will be recorded but will not receive the recording notice. A list of incompatible clients and devices can be found below. No information is sent to Microsoft.
Incompatible clients include:
-
Microsoft Office Communicator 2007 R2
-
Microsoft Office Communicator 2007
-
Microsoft Office Communicator Web Access (2007 R2 release)
-
Microsoft Office Communicator Web Access (2007 release)
-
Microsoft Office Communications Server 2007 R2 Attendant
Incompatible devices include:
-
Microsoft Lync 2010 Phone Edition
-
Microsoft Office Communicator 2007 R2 Phone Edition
-
Microsoft Office Communicator 2007 Phone Edition
Note: Regardless of the device or used, a participant using video in a full-screen mode during a meeting or conversation will not be signaled that a recording has started until he or she returns to the conversation window.
Use of Information: The recording is saved locally on the user's machine and may be used or shared by the owner just as they would share any other file type. If there are failures during a recording's publishing phase, it is possible for data captured during a paused recording state to be unintentionally included in the recording. If any part of the publishing phase fails (See Recording Manager for a "Warning..." status), recordings should not be distributed to others even if they can be played back in some form.
Choice/Control: The enterprise administrator has the following controls:
-
AllowConferenceRecording: The default policy setting is False.
-
For the user who escalates from a peer-to-peer call into a meeting, if their policy is set to True, all presenters will be able to record.
-
For the user who starts an ad-hoc meeting, if their policy is set to True, all presenters will be able to record.
-
For the user who scheduled a meeting, if their policy is set to True at the time the first person joins the meeting, all presenters will be able to record.
-
For these three scenarios, if the user who escalated, initiated, or scheduled a meeting's policy is set to False, recording is not available to any presenters or attendees.
-
If the policy is changed while a meeting is in session, the policy may not take effect until all participants have exited and re-entered the meeting.
-
-
EnableP2PRecording: The default is False and is set at the time the user signs in to Lync.
-
If set to True, a user who initiates a conversation with someone who also has this policy set to True will be able to record.
-
Users can record only if both parties on the peer-to-peer communication are permitted to record.
-
-
AllowExternalToRecord: The default is False. External users include both federated and anonymous users.
-
Meeting: The AllowExternalToRecord policy is applied at the time the first person enters the meeting and only when AllowConferenceRecording is set to True.
-
If set to True, in a meeting where recording is allowed, non-enterprise presenters, will also be allowed to record. If the policy is changed while a meeting is in session, the new policy will not take effect until all participants have exited and re-entered the meeting.
-
If set to False, in a meeting where recording is allowed, non-enterprise presenters will not be allowed to record. If the policy is changed while a meeting is in session, the new policy may not take effect until all participants have exited and re-entered the meeting.
-
-
Peer to Peer (P2P): The AllowExternalToRecord policy is applied to peer-to-peer conversations only when EnableP2PRecording policy is set to True.
-
If set to True, the non-enterprise user is allowed to record.
-
If set to False, the non-enterprise user will not be allowed to record, while the user preventing non-enterprise recording will be able to record.
-
-
Response Group Service -Agent Anonymization
What This Feature Does: Response Group Service (RGS) enables enterprise administrators to create and configure one or more small response groups for the purpose of routing and queuing incoming phone calls to one or more designated agents or end users. This feature enables a RGS agent to handle calls without disclosing automatically his identity to the remote party.
Information Collected, Processed, or Transmitted: The identity of the agent is not displayed in a visual way if the remote party is using a Microsoft Communications client or a PSTN phone, but the identity is transmitted in Session Description Protocol (SDP) packets when IM modality is added to an anonymous voice call. The identity can therefore be retrieved from client traces. No information is sent to Microsoft.
Use of Information: A non-Microsoft Communications client could display the information about the agent in the user interface and hence reveal the identity of the agent. This could enable the remote party to call an agent directly without using the RGS.
Choice/Control: There are no end user or administrator controls for this feature.
Server-Side Logging
What This Feature Does: Server-Side Logging enables the enterprise administrator to collect different types of traffic that is traveling to and from any domain or Uniform Resource Identifier (URI).
Information Collected, Processed, or Transmitted: If the enterprise administrator enables logging for Lync, then traffic traveling to and from the specified domain or URI is included in the log files. Depending on configuration, this collected information can be used for debugging purposes. Information about the end users, such as the following, is logged to a file specified by the administrator: meeting subject, location, SIP messages, responses to Lync invites, information about the sender and receiver of each Lync message, the route that the message took, Contacts list, presence information, IM) conversation content as well as the names of any shared programs, attachments, Microsoft PowerPoint files, whiteboards, polls, and poll questions, and an index of the poll option(s) they voted for. No information is automatically sent to Microsoft, but the administrator can choose to manually send information.
Use of Information: Server-side logs can be used to troubleshoot Lync issues, that is, to determine what issues are being encountered on which server or domain.
Choice/Control: Server-Side Logging is turned off by default and must be turned on by an enterprise administrator. The administrator can use the following Windows PowerShell command-line interface cmdlets to turn on or turn off this feature per site, service, or server: New-CsDiagnosticsFilterConfiguration, Set-CsDiagnosticsFilterConfiguration, and Get-CsDiagnosticsFilterConfiguration. To log the content of IM conversations, certain settings must be set with help from Microsoft Support.
Sign-in Error Reporting
What This Feature Does: The Sign-in Error Reporting feature automatically generates an error report when a user unsuccessfully attempts to sign in to Lync. The user will then be given the option to send the error report to Microsoft.
Information Collected, Processed, or Transmitted: The information collected in the error report contains information such as the quality of the user's internet connection and any error codes or exception data generated as a result of the failed sign-in attempts. The report may also contain personally identifiable information such as the user's IP address and Session Initiation Protocol Uniform Resource Identifier (SIP URI). This information may be sent to Microsoft.
Use of Information: The data contained in the Sign-in Error Report is used by Microsoft to assist in troubleshooting and resolving login issues. It will also be used by Microsoft to identify common login issues and trends in order to help improve the Lync login experience.
Choice/Control: This feature is off by default and can be managed by the enterprise administrator. The administrator can choose to always send or never send the sign-in error report to Microsoft or to allow the user to decide.
Skill Search
What This Feature Does: Skill Search allows users to search for people in their enterprise by using any property listed in Microsoft SharePoint services (for example, name, email, skills, area of expertise, etc.) This feature is available only if the enterprise administrator has deployed SharePoint and turned on Lync and SharePoint integration.
Information Collected, Processed, or Transmitted: The search query entered in Lync will be sent to the enterprise's SharePoint server. The response from SharePoint is processed by Lync, and the search results and related information is displayed. No information is sent to Microsoft.
Use of Information: Information entered by the user is sent to SharePoint to get search results, which are displayed in Lync.
Choice/Control: This feature can be enabled or disabled by enterprise administrators by the 4 in-band settings.
-
SPSearchInternalURL
-
SPSearchExternalURL
-
SPSearchCenterInternalURL
-
SPSearchCenterExternalURL
Smart Cropping
What This Feature Does: When a user is sharing video during a video conference, Smart Cropping will determine the location of the user's head within the field of view of their webcam using facial detection. Once the location of the users head is determined, the Lync 2013 client translates that into coordinates and adds the coordinates to the video bit stream they are sending. The receiving Lync 2013 client uses that information to crop the incoming video bit stream from its native (landscape) aspect ratio according to the rectangle coordinates in order to center the user's head in the cropped video. Smart Cropping is a real-time function that continuously monitors the user's movements making adjustments to the coordinates placed in the video bit stream allowing the receiving Lync 2013 client to adjust the video cropping, keeping the users head centered in the video view.
Information Collected, Processed, or Transmitted: The coordinates of the user's head within their cameras field of view is added to the video bit stream. No information is sent to Microsoft.
Use of Information: The coordinates will be used to crop the correct part of the incoming video.
Choice/Control: This feature cannot be disabled.
Note: Users of legacy Lync clients and Lync for mobile devices will see the full aspect ratio of the video being sent.
Unified Contact Store
What This Feature Does: The Unified Contact Store consists of three main features:
-
Search merge – This feature merges the Global Address list (GAL) with a user's personal Outlook contacts so that, when a user searches for a contact, there will be only a single entry in the search results.
-
Contact merge – This feature aggregates contact information between Outlook and GAL entries using matching email and/or sign-in identifiers. Once a match is determined, Lync aggregates data from three data sources (Outlook, GAL, and presence). This aggregated data is displayed in various user interface components, including search results, your Contacts list, and a contact card.
-
Creating Outlook contacts for Lync contacts (contact synchronization) – Lync will create Outlook contacts for all the user's contacts in the default contacts folder, if the user has a mailbox on Microsoft Exchange Server 2010 or newer. By having an Outlook contact for every Lync contact, the user can access Lync contact information from Outlook, Outlook Web Access, and mobile devices that synchronize contacts with Exchange.
Information Collected, Processed, or Transmitted: Lync aggregates contact information from presence, Active Directory, and Outlook. This information is used internally by Lync. When creating Outlook contacts, Lync will be writing presence, Active Directory, and Outlook contact information to Exchange. No information is sent to Microsoft.
Use of Information: Contact information from presence, Active Directory, and Outlook are shown in the Lync user interface (Contacts list, contact card, search results, and so on). This information can also be written to Exchange by using contact synchronization (the third item in the preceding list).
Choice/Control: This feature is enabled or disabled by the enterprise administrator via the EnableExchangeContactSync in-band setting.
Voice Quality Improvements
What This Feature Does: Lync provides notifications to the user to help them improve the quality of their call if it detects device, network, or computer issues during the call.
Information Collected, Processed, or Transmitted: Information about the end user's audio device setup, network set up and other media connections will be collected by Lync to determine audio quality. If Lync determines that something is adversely impacting audio quality during a voice communication the end user will be informed that there is a voice quality problem. Other call participants are only shown a notification that the end users are using a device that is causing poor audio quality. They do not know what device the end user is using. No information is sent to Microsoft.
Use of Information: The information that is sent to others in the call is used to help improve the quality of the call.
Choice/Control: The enterprise administrator can turn off voice quality notification about devices by following the PowerShell command as described below.
$a = get-csclientpolicy
$b = new-csclientpolicyentrytype –Name DisablePoorDeviceWarning –Value 1
$a.PolicyEntry.Add($b)
Set-csClientPolicy $a
Whiteboard Collaboration
What This Feature Does: Whiteboard Collaboration allows users to create and share a virtual whiteboard where session participants can make notes, drawings, and import images to work on together during meetings and conversations.
Information Collected, Processed, or Transmitted: Annotations made on whiteboards will be seen by all participants. When saving a whiteboard the whiteboard and all annotations will be stored on the Lync Server. It will be retained on the server according to meeting content expiration policies set by the administrator. No information is sent to Microsoft.
Use of Information: The Whiteboard feature enhances collaboration by enabling meeting participants to discuss ideas, brainstorm, take notes, and so on.
Choice/Control: The enterprise administrator has the following policies:
-
EnableDataCollaboration admin policy – This policy allows enterprise administrator to restrict all data collaboration features—PowerPoint Collaboration, File Sharing, Polling, Whiteboard Collaboration, and Attachments. If this policy is set to False, the feature level policies for these features are irrelevant.
-
AllowAnnotations administrator policy – This policy allows the enterprise administrator to restrict annotation capabilities for all meeting participants. If this setting is turned off, end users will not see an entry point to create a whiteboard in the Lync user interface.
No comments:
Post a Comment