Healthcare users will only be able to see the free/busy information of the Office 365 users. Office 365 users will only be able to share detailed calendar information with other Office 365 users.Publishing: this options allows you to publish a calendar for use on a web page, for a non-Office365 user to see, etc. Sharing: this option allows you to specify who can view your calendar, the details they can see and if they have editing or delegate rights. Giving Permissions: this option allows you to specify who can view your calendar, the details they can see and if they have editing rights. NOTE: if you are trying to share a resource, see Office 365 Resource Management Use the Private feature only when you share folders with people whom you trust.There are several options for sharing your personal calendar with other users - sharing, publishing, giving permissions. A person who is granted Reviewer (can read items) permission to access your folders could use programmatic methods or other e-mail programs to view the details of a private item. To make sure that other people cannot read the items that you marked as private, do not grant them Reviewer (can read items) permission to your Calendar, Contacts, or Tasks folder. Note, the last paragraph of the article: Important You should not rely on the Private feature to prevent other people from accessing the details of your appointments, contacts, or tasks. Microsoft has details about allowing other users to manage your mail and calendar here: We, at Kraft Kennedy, have run into this issue several times when creating custom applications with WebDAV that pull back appointments from the Exchange calendar. If the sensitivity is private, then the mesage should not be displayed. The custom application should look at the sensitivity setting of each message before displaying it. People who you give delegate rights to should also be people who you trust.ĭevelopers should note that when writing custom applications with WebDAV, Exchange Web Services, or any other method, all items will be returned including private items. Items that are extrememly sensitive should probably not be stored in Exchange in the first place, or you should take off all delegate / view rights to your mailbox. The end result is that people should realize that just because they mark an appointment or other item private in Outlook, it doesn’t mean that no one else will be able to see it. This architecture is common to all versions of Outlook and Exchange, through 2010, and is not really a bug, so much as an architectural decision by Microsoft to keep item-level permissions in the client-tier. The client applications look at that field to determine whether to display the item. Exchange itself does not support any kind of item-level security or privacy, and only has a field called “sensitivity” which is used by Outlook and OWA. However, you should keep in mind that this privacy is only a feature of the client application–Outlook or OWA–and is not inherent to Exchange. In Outlook or OWA, other users will see a placeholder for the private items, but won’t be able to view any of the details. In these situations, people may rely on marking sensitive items private to hide them from other users.
Users may also delegate rights to other users to view their messages, tasks, and contacts. A common situation in organizations is to make calendars public, so that employees can see other employee’s availability, and collaborate better.