Microsoft will let Viva Glint customers replace the default confidentiality statement employees see before surveys with custom, tenant-specific privacy language, starting in June 2026. The change turns a once-standardized trust message into an admin-managed text field, shifting the burden of honest disclosure from Redmond to every HR and IT team that uses the platform.

The new setting explained

Viva Glint administrators will see a toggle in general settings: “Show default Microsoft statements.” Turn it off, and two text boxes appear – one for confidential surveys and one for non-confidential (identifiable) programs. The system picks the right statement automatically based on each program’s confidentiality threshold. The feature appears on the Microsoft 365 Roadmap under ID 557982, last updated July 6, 2026.

Microsoft’s own Learn documentation now explains that the custom statements apply globally, across all survey programs. If an organization runs engagement surveys, lifecycle exit polls, and always-on pulse checks, the same wording will greet employees in every one of them. The documentation also makes clear that the swap does not touch the underlying reporting mechanics. Thresholds, suppression rules, raw data export controls, and access permissions stay exactly as they are configured.

Why the default language mattered

The default Microsoft confidentiality statement carried a quiet but heavy load. It told survey takers whether their responses were confidential or identifiable, described aggregation and minimum group sizes, warned that comments could appear verbatim once thresholds are met, and, when raw exports were enabled, disclosed that a limited set of people might see identifiable data. All of that sat in a single paragraph at the top of a survey.

For many employees, that paragraph was the entire privacy policy. Legal disclaimers and links to longer documents rarely get read. The default language, vetted by Microsoft, kept the promise simple and tethered to the product’s actual behavior. Removing it means the organization inherits the job of being truthful about a machine whose inner workings are still controlled by Microsoft’s code.

The gap between wording and reality

“Your responses are confidential” is a powerful sentence. In a Viva Glint program with a 5-response threshold, aggregation, and no raw exports enabled, it may be accurate. In a program where an HR director can pull an identifiable raw data dump for an exit interview analysis, that same sentence is incomplete at best, misleading at worst.

Microsoft’s documentation makes plain that thresholds can’t be changed after a survey cycle has launched and collected data. That means the custom statement must be locked in before the first invitation goes out. If a program’s confidentiality model drifts later – perhaps a raw export is turned on for one-off analysis – the statement may need updating. There is no automated sync between the words and the settings.

The raw export disclosure is the make-or-break line

The feature’s quiet center is an optional raw data export statement. Microsoft Learn “strongly recommends” including it when raw exports are enabled, because that’s where promises about confidentiality become tangible. The dashboard shows aggregated results with safeguards. A raw export may show exactly who said what. Employees should not have to guess whether that option is turned on.

Organizations that want both analytical flexibility and high participation will have to write a sentence that neither hides the raw export reality nor scares employees away. The best version will name the roles who can access identifiable data and the circumstances – for example, “a limited HR analytics team may review raw responses for [specific purpose], without linking them to your identity in reports.” Vague reassurances will erode credibility the moment an employee hears about a raw export after the fact.

Translation multiplies the governance challenge

Microsoft requires that custom statements be translated into every configured survey language. If a translation is missing for a language an employee uses, that person sees a generic message warning that customized privacy wording isn’t included. The warning protects Microsoft, but it creates a two-tier experience: some employees get the careful, tailored statement; others get an obvious gap.

For global companies, the translation burden is likely greater than the authoring burden. Legal terms like “confidential,” “anonymous,” “aggregate,” and “raw data” don’t always carry the same weight across jurisdictions. A statement that sounds right in English might overpromise in German or sound suspiciously vague in Japanese. Machine translation won’t cut it. Every version needs legal review against local norms and the same mapping to the tool’s technical configuration.

Treating the new text boxes as a simple copywriting task is the fastest way to get into trouble. The custom statement is a policy interface, not a brand asset. The right people to draft it include the Viva Glint admin, HR communications, privacy counsel, employee relations, and whoever governs data exports and retention. A checklist helps.

  • Audit every active survey program to confirm whether it is confidential or identifiable. The statement must align, not just with the majority, but with every program that will be used.
  • Document exact thresholds: minimum group sizes for ratings, comments, and any suppression rules that hide adjacent data. If the statement names a number, that number must match the live configuration.
  • Disclose raw data access honestly. If any raw export feature is on, state who can see it, when, and for what purpose. If no raw export is enabled, say so clearly – and lock down the setting so it can’t be switched on silently.
  • Translate with care, not speed. Work with native-speaking reviewers who understand local privacy expectations. Avoid marketing language; stick to factual, verifiable claims.
  • Freeze and version the statement. Before each survey cycle, capture the exact wording, language versions, and approval trail. If an employee raises a privacy question six months later, you must be able to show what they read.
  • Restrict who can change the setting. Viva Glint’s admin permissions should treat confidentiality messaging like a privileged operation, not a routine configuration. Consider requiring a second approval.

How we got here

Viva Glint grew from an employee engagement tool into HR infrastructure. As it matured, customers chafed at Microsoft’s one-size-fits-all privacy statements. A European works council might demand different wording than a Canadian privacy office. A US-based company with union contracts needed language that reflected negotiated terms. Microsoft’s default, however well-crafted, couldn’t cover every case.

The pattern is familiar across Microsoft 365. Microsoft provides a platform default, then slowly exposes more controls as large customers push for localization and compliance. For branding, retention labels, or conditional access, that progression is generally safe. For employee feedback, where trust is the entire currency, the stakes are higher. The new feature is the logical extension of “you run the tenant” philosophy into the delicate territory of what employees believe about their own privacy.

The outlook: more control, more accountability

Custom confidentiality statements are unlikely to be the last such handoff. As Viva Glint adds more program types, language settings may need to become granular – per program, not just tenant-wide. Microsoft may later add auditing logs for statement changes, or perhaps a warning when a raw export is enabled after a cycle starts without a matching disclosure. For now, the burden sits squarely with the organizations that asked for this control.

Companies that invest the time to write accurate, locally appropriate, and auditable statements will build more trust than the default ever could. Those that treat this as a quick admin-center chore will discover that a few poorly chosen words can undo years of employee goodwill. The new text box is small. Its impact is not.