How to Disable the Cortana Services in Microsoft 365

Microsoft Teams Speaker
Microsoft Teams speaker arriving later this year.

Microsoft isn’t new to the Artificial Intelligence market.  Those of us who have been in technology long enough remember Microsoft Bob, which gave Windows 3.1, Windows 95, and Windows NT a Graphical User Interface (GUI) a facelift and provided search companions to help make your life a bit easier. A lot has changed between the introduction of Microsoft Bob on the 10th of March 1995 and the 2nd of April 2014 when Microsoft introduced Cortana. Microsoft has since made changes to Cortana again, more recently using Microsoft Outlook iOS for conversational AI in February 2021  and extended the regions of support on 23rd of April 2021, on the 12th of April it’s been extended to Microsoft Teams rooms with Intelligent speakers.

But it hasn’t all been smooth sailing for Microsoft’s AI.  Cortana has been removed from iOS and Android corresponding app stores, as Microsoft has been working on integrating the service into other applications rather than using a native application.

Privacy Concerns:

Cortana application takes your voice information and ultimately indexes the voice data and stores it.  However, this information does not get deleted if the service is turned off, the information will still be held, this also means that with the integration into Microsoft 365, the user data will be retained by Cortana.  Microsoft has been criticized by security analysts because even though the services have been disabled in Windows the devices have been communicating with Microsoft servers with Cortana information inside a file called threshold.appcache

Going forward:

Microsoft has introduced more regions for Cortana support. Users who are non EDU and GCC who have the Microsoft Teams Mobile app will soon see the Cortana chat button which is the Microphone.  This thinly veiled integration is the Cortana voice assistant into Microsoft Teams by the AI. The users can use the Teams integration to “Call Jason” or possibly, “Send a message to my next meeting,” Likewise, the integration of iOS and Android also allows for users to press the button and say, “join my next meeting”.

This clever integration requires the end user to press the Microsoft button on the device and then join the meeting.  However, with the release of intelligent speakers within Microsoft Teams rooms, this is no longer the case.  There is a closer-knit integration into the Microsoft Teams rooms to allow people to join the meeting without pressing buttons which means the devices are listening to all the time.

Microsoft state that the integration into intelligent speakers enable:

  • The ability to identify participants in the meeting automatically
  • Transcripts can be edited to amend attendees’ names
  • There is a better level of transcription in rooms compared to common microphones
  • Better Cortana experience and accuracy.

It is the last statement that seems ambiguous and won’t work for all organizations, particularly organizations who are concerned about their security and won’t want an AI device listening to all conversations that are happening within earshot.

Resolution:

What can be done? For user accounts, we can disable the Cortana service in Microsoft 365 for these required users.

Connect to Microsoft Teams using the standard method, either through admin credentials or accounts using multi-factor authentication, the instructions can be found here.

Create new policy Teams Cortana Policy with the following PowerShell

PS C:\> New-CsTeamsCortanaPolicy -Identity ExampleCortanaPolicy -CortanaVoiceInvocationMode Disabled

In this example, the policy is created to disable the Cortana wake word ‘Hey Cortana’ but would still work if the Microphone button is pressed in the Microsoft Teams application.

Once the policy is created you then grant the policy to a user, for example.

PS C:\> Grant-CsTeamsCortanaPolicy -identity "Jason Wynn" -PolicyName ExampleCortanaPolicy

Should you want to apply this policy to all users in your tenant a -Global switch can be used and the Cortana voice assistant policy would be applied to every user.

This is fine for users but what about meeting rooms?  By default, the configuration is set to off. However, I have observed where the configuration has not been changed and the devices have been set to on.  Coincidence?

To ensure the Microsoft Teams Room are configured properly we will amend the XML file manually. It can be located at the location on the Microsoft Teams Room endpoint:

C:\Users\Skype\AppData\Local\Packages\Microsoft.SkypeRoomSystem_8wekyb3d8bbwe\LocalState

The creation of the SkypeSettings.xml can be done in a standard XML tooling.  There is basic configuration that can be done as explained in the Managing a Microsoft Teams Room console settings remotely with an XML configuration file

For the simplicity of the configuration, the only attribute we are ensuring is turned off is the Cortana being disabled and Cortana Wake word being disabled.  This can be completed by creating the SkypeSettings.xml in aforementioned folder and using this XML:

<SkypeSettings>          
   <CortanaEnabled>false</CortanaEnabled>
   <CortanaWakewordEnabled>false</CortanaWakewordEnabled>
</SkypeSettings>

Once this is complete the device will no longer be actively listening for the Cortana prompts.