This article provides steps for how to delete personal data from the device or service and can be used to support your obligations under the GDPR. If you’re looking for general info about GDPR, see the GDPR section of the Service Trust portal.
For additional videos, see:
- Assist in meeting privacy regulations.
- Azure AD Premium P1, P2, EMS E3, or EMS E5 subscription.
- One of the following administrator accounts for the directory you want to configure:
- Global Administrator
- Security Administrator
- Conditional Access Administrator
Sign in to Azure as a Global Administrator, Security Administrator, or Conditional Access Administrator.
Click New terms.
In the Display name box, enter a title that users see when they sign in.
For example, if you set the expire starting on date to Jan 1 and frequency to Monthly, here is how expirations might occur for two users:
User First accept date First expire date Second expire date Third expire date Alice Jan 1 Feb 1 Mar 1 Apr 1 Bob Jan 15 Feb 1 Mar 1 Apr 1
User First accept date First expire date Second expire date Third expire date Alice Jan 1 Jan 31 Mar 2 Apr 1 Bob Jan 15 Feb 14 Mar 16 Apr 15
It is possible to use the Expire consents and Duration before re-acceptance requires (days) settings together, but typically you use one or the other.
If you selected a custom Conditional Access template, then a new screen appears that allows you to create the custom Conditional Access policy.
View report of who has accepted and declined
To view the history for an individual user, click the ellipsis (...) and then View History.
In the view history pane, you see a history of all the accepts, declines, and expirations.
View Azure AD audit logs
To get started with Azure AD audit logs, use the following procedure:
Click View audit logs.
On the Azure AD audit logs screen, you can filter the information using the provided lists to target specific audit log information.
You can also click Download to download the information in a .csv file for use locally.
If you click a log, a pane appears with additional activity details.
Sign in to https://myapps.microsoft.com.
In the upper right corner, click your name and select Profile.
Click Edit terms.
Click Save to save your changes.
Once you save your changes, users will not have to reaccept these edits.
In the details pane, click the Languages tab.
Click Add language.
Click Add to add the language.
Here is a list of the supported platforms and software.
|Chrome (with extension)||Yes||Yes||Yes|
- A device can only be joined to one tenant.
- A user must have permissions to join their device.
- The Intune Enrollment app is not supported.
- Azure AD B2B users are not supported.
If the user's device is not joined, they will receive a message that they need to join their device. Their experience will be dependent on the platform and software.
Join a Windows 10 device
If a user is using Windows 10 and Microsoft Edge, they will receive a message similar to the following to join their device.
If they are using Chrome, they will be prompted to install the Windows 10 Accounts extension.
If a user is using browser that is not supported, they will be asked to use a different browser.
Click Delete terms.
In the message that appears asking if you want to continue, click Yes.
Conditional Access policies take effect immediately. When this happens, the administrator will start to see “sad clouds” or "Azure AD token issues". The administrator must sign out and sign in again in order to satisfy the new policy.
Users in scope will need to sign-out and sign-in in order to satisfy a new policy if:
B2B guests (Preview)
Support for cloud apps (Preview)
Azure Information Protection
Microsoft Intune Enrollment
Frequently asked questions
Q: How long is information stored?
A: Yes, end users are able to select hyperlinks to additional pages but links to sections within the document are not supported.
A: You can create a Conditional Access policy on the enterprise applications using modern authentication. For more information, see enterprise applications.
A: The user is blocked from getting access to the application. The user would have to sign in again and accept the terms in order to get access.
Q: What happens if I'm also using Intune terms and conditions?