Office Communications Server 2007 R2 has the potential to disclose information over a public network that might be able to be linked to an individual. The information types can be broken down to two specific categories:

Enhanced presence data is information that a user can choose to share or not share over a link to a federated partner or with contacts within an organization. This data is not shared with users on a public IM network. Group policy and client configuration may put some control with the system administrator. Mandatory data is data that is required for the proper operation of the server or the client and is NOT under the control o f the client or system administration. This is information that is necessary at a server or network level for the purposes of routing, state maintenance, and signaling.

The following tables list the data that is exposed.

Table 1. Discretionary Data

Data disclosed Possible settings

Personal Data

Name, Title, Company, E-mail address, Time zone

Telephone Numbers

Work, Mobile, Home

Calendar Information

Free/Busy, Out-of-town notice, meeting details (to those who have access to your calendar)

Presence Status

Away, Available, Busy, Do Not Disturb, Offline

Table 2. Mandatory Data

Data disclosed Example information

IP Address

Actual address of computer or NATed address



Jeremy Los (as defined in Active Directory Domain Services)