Microsoft published a privacy-related message in the Message Center on 27 February. The message is only available for accounts with the Global Administrator or Message Center Privacy Reader role.
- Accounts with the roles should search the Message Center for message MC1018441 (or GetDiagnostics feature inadvertently usable by your organization).
- If you are using Privileged Identity Management (PIM), the Global Admin or Message Center Privacy Reader role must be activated. Otherwise, the account will not have access to the message.
- Tenants are affected if they configured the Cloud Policy “Configure Get Diagnostics feature’s visibility in the Help Ribbon in Office applications and control the feature’s mode of operation.”
Microsoft describes the issue in the message MC1018441.
Microsoft recently received reports of an issue regarding Office Diagnostics Service (ODS), which was inadvertently allowing users to run the GetDiagnostics feature, despite your organization configuring a policy to prevent access to this feature. We determined that this issue occurred due to a policy attribute that was not properly received by the service, resulting in the policy not blocking the feature as expected.
We developed a code fix and successfully resolved the issue from occurring going forward on 25 February 2025; however, admins will need to take action to ensure that the policy is properly configured otherwise the issue will continue to occur.
If Configuration setting is not set to “Not configured,” the policy “Configure Get Diagnostics feature’s visibility in the Help Ribbon of Office applications and control the feature’s mode of operation” is affected.
You need to disable the policy once (= Not configured), save the entire policy configuration, and reconfigure the policy. The fix from Microsoft is then applied. Repeat the steps if you have configured the policy in multiple cloud policies.
