In Section 1. Defined Terms, we:
- Defined "Microsoft email protocols and APIs";
- clarified that the Microsoft Graph API is one of the Microsoft APIs that enables access to data in services that are part of the Office 365 and other Microsoft online services listed in Section 1. d).
In Section 2. Scope and Application Registration, we clarified that, except for the APIs for the Microsoft online services listed in Section 1. d), these API Terms do not govern your use of Microsoft APIs if you access APIs that present accompanying terms (" Accompanying Terms") and you have accepted those Accompanying Terms, then those Accompanying Terms will apply to your access of those APIs.
In Section 3. Microsoft APIs License and Guidelines, we clarified that:
- you also may not use any data obtained using the Microsoft APIs outside any permissions expressly granted by Customers in connection with using your Application (section 3. b) 11.);
- you may not use or transfer any data accessed or obtained using the Microsoft APIs for advertising or marketing purposes, including (i) targeting ads, or (ii) serving ads. These restrictions apply to the data accessed or obtained using the Microsoft APIs, and any data aggregated, anonymized or derived from the data (collectively the “Microsoft APIs Data”). For purposes of clarity, this prohibition on using Microsoft APIs Data for advertising or marketing purposes does not extend to using other data, such as (i) the number of users of your Application, (ii) a user identifier you independently receive from a user (e.g., an email address you receive when a user enrolls to use your Application, a device identifier, or an advertising identifier), or (iii) a product or service identifier that identifies a Microsoft Offering (section 3. b) 12.);
- you may not use the Microsoft APIs in a way that could create, in Microsoft's sole discretion and judgment, an unreasonable risk to Customers from a security or privacy perspective (section 3. b) 18.).
- In Section 3. Microsoft APIs License and Guidelines, we:
- clarified that with respect to Microsoft email protocols and APIs, that unless you have use permissions expressly and specifically granted by Customers in connection with using your Application, you may not use Microsoft email protocols and APIs for any purpose other than (1) syncing email messages, calendar events, and contacts, or (2) backing up email messages, calendar events, and contacts.
- added a new section 3. e) regarding Accessing Microsoft OneDrive through a Microsoft API;
- added a new section 3. f) regarding Accessing the Microsoft Yammer Service through a Microsoft API.
In Section 4. Security, we:
- clarified that we may use technology to detect, prevent or limit the impact of any issues caused by your Application (before, after, or instead of suspension of your access). This may include, for example, (i) filtering to stop spam, (ii) performing security or privacy monitoring regarding scraping, denial of service attacks, user impersonation, application impersonation, or illicit consent grant(s), or (iii) limiting or terminating your access to the Microsoft APIs;
- added that you will permit Microsoft reasonable access to your Application for purposes of monitoring compliance with these API Terms, and that you will respond to any questions by Microsoft about your compliance with these API Terms.
- added that upon request by Microsoft, you will provide us (or an independent auditor acting on our behalf) with up to two full-feature client account-level instances to access your Application (and/or other materials relating to your use of the API) as reasonably requested by us to verify your compliance with these API Terms (including, in particular, your security and privacy obligations under these API Terms).
- added that we may restrict or terminate access to the APIs or perform an audit (including by hiring an independent auditor acting on our behalf) of your Application if you fail to provide adequate information and materials (including up to two full-featured instances of your Application) to verify your compliance with these Terms.
- added that the rights and requirements of this section -- 4. Security -- will survive for five (5) years following any termination of these API Terms.
In Section 5. Your Compliance with Applicable Privacy and Data Protection Laws , we added that when your Application allows end users to sign in with a Microsoft account and Microsoft is not providing the user interface for the sign in, your Privacy Statement must also provide a link to https://account.live.com/consent/Manage and/or https://myapps.microsoft.com, or such other location as we may specify from time to time, with a clear indication that Customers and end users can go to that Microsoft site to revoke Data Access Consents at any time. If Customers or end users must take additional steps to disable your Application's access to Customer or end user data, then Your Privacy Statement must clearly indicate to Customers and end users the additional steps required to disable access.
In Section 9. Disclaimer of Warranties, Limitation of Liability and Indemnity, we clarified that there are no third-party beneficiaries to this Agreement.
- In Section 5. Your Compliance with Privacy and Data Protection Laws, for the data you obtained through the Graph API, we clarified that you must:
- in addition to obtaining all necessary consent before processing data, you must obtain additional consent if the processing changes;
- in the event you're storing data locally, ensure that data is kept up to date and implement corrections, restrictions to data, or the deletion of data as reflected in the data obtained through your use of the Graph API;
- implement proper retention and deletion policies; and
- in addition to maintaining a written statement available to Customers and users that describes your privacy practices regarding data and information you collect and use, you must comply with it.
- In Section 5. Your Compliance with Privacy and Data Protection Laws, we clarified that nothing in the Agreement shall be construed as creating a joint controller or processor-subprocessor relationship between you and Microsoft.