Table of Contents
A Really Bad Idea
Microsoft’s big new idea that it would be “cool” or “awesome” (pick your descriptive term) if they could send Office 365 users emails with product training and tips ran into a heap of bad feedback from customers. The news was given to tenant administrators in a message center update (MC152628) on 30 October. The idea has now been withdrawn so that Microsoft can “review your suggestions.” In other words, the penny might have dropped for Microsoft to realize that they can’t send anything to tenant users without the say-so and upfront approval of the company who a) employs the target recipients and b) pays Microsoft for their Office 365 license.
I don’t know who came up with this bright (or dim) suggestion. In any case, it doesn’t matter because the idea is terrible no matter who conceived the plan. It smacks of a certain arrogance for Microsoft to believe that they have the right to communicate directly with people whom Microsoft has no commercial or other relationship. It’s not like sending out email to people who have bought an individual license for Office or Office 365 personal. The intended recipients were all Office 365 business users.
Disable End User Communications
Microsoft compounded the problem by setting the default state for End User Communications to “On.” Not every administrator would notice that a new setting had turned up in the Office 365 Admin Center, and many others would have been too busy to investigate.
The recommendation is to maintain control by going to the Settings section of the Office 365 Admin Center, select Services & Add-ins, and then set the slider for End user communication topics to Off. At least then you’ll have some control over communications if Microsoft persists with the idea following their period of mature reflection.
Creating a New Phishing Vector
Apart from anything else, if Microsoft sends unexpected email to end users, it’s a way of training those recipients to expect to see messages that they might trust (because of their origin), thus creating a potential vector that hackers might exploit in a phishing attack.
We’ve Been Here Before
In March 2017, Microsoft tried to execute another hare-brained plan to auto-generate Office 365 Groups for managers and ran into the same kind of protests. That plan died soon afterward, again after running into customer protest when they found out that Microsoft intended creating objects in the Azure Active Directory instances owned and managed by customers. Like this time, the plan reflected an arrogant notion that Microsoft knows best.
A Provider, Not an Educator
Microsoft is a provider of office services through Office 365. It is not an educator of end users. Sending unwanted and uninvited email is a form of spam, and in this case the spam couldn’t be blocked because it would be generated by a trusted partner inside the boundaries of Office 365.
Perhaps Microsoft should learn by asking customers what they think of proposed features before decisions hatched around a conference table in the Redmond HQ find their way into a product. It might just save everyone time and angst and allow Microsoft more time to deliver high-quality software and fix some of the flaws that have appeared in Office 365.