Apr 27 2020
01:53 PM
- last edited on
Aug 06 2023
05:14 PM
by
TechCommunityAP
Apr 27 2020
01:53 PM
- last edited on
Aug 06 2023
05:14 PM
by
TechCommunityAP
Hi all,
I'm relatively new to using Microsoft Forms, and I did not know that the default setting for MS Forms submissions was to show user feedback as "anonymous." My form is a simple yes or no one question form, and I would like to know who responded. I've seen that the solution is to only allow responses within your organization. But is there any way to view who the anonymous user was after the fact so I don't have to ask people to resubmit their responses?
Any help would be greatly appreciated. Thank You
Apr 28 2020 12:41 AM
@Gary Walker if the form is set to anonymous there is no way to find out who submitted. If there was it would be a compliance nightmare and, in the EU at least, could lead to legal action if it was a public form and someone was contacted who thought the form they had submitted was anonymous.
Rob
Los Gallardos
Microsoft Power Automate Community Super User
Nov 15 2020 11:55 PM
Nov 16 2020 12:34 AM
@saba228 as I explained in my previous response, it is not possible to get the names of who has submitted a response on an anonymous form. Anonymous means anonymous and that's how it should be.
Rob
Los Gallardos
Microsoft Power Automate Community Super User
Nov 27 2020 08:51 AM
Actually, it can be possible if the admin have enabled the audit log. If they query the logs for CreateResponse events they can find something like below.
It shows when the user voted (with second precision in UTC) and the ResponseId. When you check the result excel file, you can find the IDs in first column and the answer time in secod and third column. By cross-corelating them you can find which vote was whose
RunspaceId : eed91bd7-f7b9-466f-8294-16ad2b347806
RecordType : MicrosoftForms
CreationDate : 2020-11-24 13:54:42
UserIds : ***
Operations : CreateResponse
AuditData : {"CreationTime":"2020-11-14T13:54:42","Id":"***","Operation":"CreateResponse","OrganizationId":"***","RecordType":66,"ResultStatus":"Succeeded","UserKey":"","UserType":0,"Version":1,"Workload":"MicrosoftForms","ClientIP":"","UserId":"<email@email>","ActivityParameters":"\"ResponseId\":4}","FormId":"Ho024XU55kyJPfw1H9RNzXN-mpx4yKxGhcITCP5K3UJURThFQVNOVUEyOUxSRVVXSFUyQTU4NExMMC4u","FormName":"Pytanie","FormsUserType":1,"SourceApp":"ms-teamsbot"}
Note that I replaced some parts with asterisks in original response you can find the real e-mail there
Nov 27 2020 09:14 AM
@Karol Grodzicki any situation where with an anonymous response it would be possible to find out the the details of the responder would be really worrying from a legal point of view.
Rob
Los Gallardos
Microsoft Power Automate Community Super User
Nov 27 2020 11:04 AM
@RobElliott This is the result of experiments we recently did in administration team before deciding if it can be used in important secret votings inside of organization. And in enterprise tenant we could find the vote's authors with such cross-corelation.
If you want to reproduce it, 30 minutes after voting open Exchange Online powershell and type something like this:
It looks like there are two remedies:
1. Disable audit logs
2. Require organizer to export excel right after voting, remove ID and date columns, sort the results, delete the forms (+ delete from recycle bin). That prevents even global admins from getting the result excel
Global admins in Microsoft365 are pretty powerful (and even more powerful are on-premise admins). The security & compliance features allow pretty deep insight into mail contents or OneDrive files. That's the way IT works, you need to trust IT 😉
Nov 27 2020 11:34 AM
Nov 27 2020 11:46 AM
@RobElliott I DO understand it. Although it all depends on local law - AFAIK not all countries even allow full anonymity (I guess example could be China).
Anyway, MS365 Terms&Conditions say "You are responsible for all activity that occurs under your Microsoft account" (and there are many other liability-related similar points). So if you use MS Forms to create an anonymous survey, you are also responsible for ensuring the anonymity. From technical PoV it's possible to fail it even accidentally. So it's worth knowing there is such a risk.
And of course, I strongly discourage abusing this the anonymity in this way (unless e.g. agreed by all participants). But we need to be conscious and transparent about this
Aug 06 2021 08:53 AM
I just tried doing a search as you referenced and it looks like they have fixed this as anonymous responses now show as anonymous and do not appear to be tied to any users or IPs.