{"id":909,"date":"2024-12-31T20:46:41","date_gmt":"2024-12-31T19:46:41","guid":{"rendered":"https:\/\/sparrow365.de\/?p=909"},"modified":"2025-04-20T22:39:37","modified_gmt":"2025-04-20T20:39:37","slug":"custom-m365-terms-of-use-part-1-tenant-wide-settings","status":"publish","type":"post","link":"https:\/\/sparrow365.de\/index.php\/en\/2024\/12\/31\/custom-m365-terms-of-use-part-1-tenant-wide-settings\/","title":{"rendered":"Custom M365 Terms of Use Part 1: Tenant-Wide Settings"},"content":{"rendered":"

One of the most typical "German problems" is the need to feel secure in terms of data protection<\/strong>. We aim to have a contract with anyone who does anything. Everyone entering a building should sign something, and ideally, anyone we speak to should confirm, preferably with a wax seal, that we are allowed to communicate with them.<\/p>\n

In IT, this translates into wanting an explicit confirmation<\/strong> from every collaboration partner. Otherwise, we couldn\u2019t "process" their audio and chat data. By the way, they’ll also appear in the file history on SharePoint. Maybe we also want non-disclosure agreements or codes of conduct confirmed at login, or something else along those lines.<\/p>\n

For simplicity’s sake, let\u2019s group all these digital documents under the umbrella term "Terms of Use" (ToU)<\/strong>.<\/p>\n

Recently, I had to compile the options for Terms of Use<\/em><\/strong> within M365<\/strong>. Since I couldn\u2019t find a good summary during my research, I believe my findings could be valuable to others.<\/p>\n

This first part will describe the settings that should<\/em><\/strong> apply to the entire M365 environment<\/strong> of an organization and all connected applications.<\/p>\n

\n

In Part 2, I will focus on options within custom integrated applications.<\/em><\/a><\/p>\n<\/blockquote>\n


<\/p>\n

\n

User Types<\/h2>\n

Since options and behaviors apply differently to various user types, let\u2019s clarify some terminology upfront:<\/p>\n

    \n
  1. \n

    Internal Users<\/strong>: Users within your tenant. Their consent is typically confirmed through an employment agreement or contractual relationship. However, this group often includes contractors, for whom confirming Terms of Use is necessary. <\/p>\n

    \n

    Not "Internal Employees"!<\/strong> This refers to the technical account, not the user’s organizational affiliation.<\/em><\/p>\n<\/blockquote>\n<\/li>\n

  2. \n

    Guests<\/strong>: External users explicitly invited to the tenant and required to authenticate.<\/p>\n<\/li>\n

  3. \n

    Other\/Anonymous Users<\/strong>: Users who are not invited to the tenant and do not authenticate. For example, they may appear as "Unverified" in Teams meetings.<\/p>\n<\/li>\n<\/ol>\n

    With these terms clarified, let\u2019s dive into the settings.<\/p>\n

    \n

    Privacy Statement URL<\/h2>\n

    For Entra administrators, the most obvious place to host privacy information is in the "Overview" section of the Entra ID Admin Center<\/strong><\/a>.
    \nSince only a URL can be stored, a web server is needed to host the corresponding content.<\/p>\n

    \"PrivacyStatementURLinEntra\"<\/p>\n


    <\/p>\n

    The same setting is also available in the M365 Admin Center<\/strong><\/a>, and changes made in one admin center automatically reflect in the other.<\/p>\n

    \"M365AdminCenterPrivacyStatement\"<\/p>\n

    \n

    The slightly less detailed<\/em> Microsoft documentation<\/em><\/a><\/p>\n<\/blockquote>\n

    \n

    This URL replaces the default Privacy Statement<\/strong> link in many (but not all<\/em>) Microsoft 365 products (e.g., Teams and SharePoint).<\/p>\n

    Two examples:<\/p>\n\n\n\n\n\n
    SharePoint Invite Link<\/th>\n"Teams Meeting Join Experience"<\/a><\/th>\n<\/tr>\n<\/thead>\n
    \"SharePoint<\/td>\n\"TeamsMeetingJoinUrl\"<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n


    <\/p>\n

    Internal Users<\/strong> and Guests<\/strong> can also always view the Privacy Statement<\/strong> of the current organization on the MyAccount page<\/strong><\/a>:<\/p>\n

    \"PrivacyStatementinMyAccount\"<\/p>\n

    \n


    <\/p>\n

    If you wish to look at the Privacy Statements of all Organisations where you are a Member or Guest, you can do so under "organizations"<\/strong><\/a>.<\/p>\n

    \"Privacy<\/p>\n

    \n


    <\/p>\n

    In practice, these links are mostly accessed by data protection officers or users who enjoy reading terms and conditions. Theoretically, an anonymous user<\/strong> could stumble upon the URL if they visit a supported page. There is no enforcement to view or acknowledge these links<\/em><\/strong>. From a legal perspective this should suffice in most cases, however
    \n\u26a0\ufe0f This is not legal advice!<\/em> \u26a0\ufe0f<\/p>\n


    <\/p>\n

    \n

    Tenant Login Page<\/h2>\n

    An important exception to the "Privacy Statement" URL setting is the login process\u2014the page where users sign in to the organization\u2019s environment. Here, the "Company Branding" settings in the Entra ID Admin Center<\/a> have to be set instead.<\/p>\n

    \n

    These settings only apply if Entra ID authentication is used! If ADFS or a third-party identity provider is federated, the login experience must be configured there.<\/em><\/p>\n<\/blockquote>\n

    \"LoginPageFooter\"<\/p>\n

    By default, no footer is displayed during login. When enabled, both the text and URLs for "Terms of Use" and "Privacy and Cookies" can be customized for different purposes.<\/p>\n\n\n\n\n\n
    Enable Footer<\/th>\nSet URLs<\/th>\n<\/tr>\n<\/thead>\n
    \"EnableFooter\"<\/td>\n\"Set<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
    \n

    For more information, see the Microsoft documentation<\/em><\/a>.<\/p>\n<\/blockquote>\n

    It remains unlikely that a user will klick one of these links.<\/p>\n


    <\/p>\n

    \n

    Conditional Access<\/h2>\n

    If explicit acceptance of Terms of Use is required, Conditional Access is the only tenant-level solution. <\/p>\n

    Using a Conditional Access policy, users must confirm that they\u2019ve read and accepted the uploaded PDF before accessing applications.<\/p>\n

    Key features include:<\/strong><\/p>\n