Customer problem
As of 2022, Microsoft’s consumer products exist as experience and data silos; users must establish and re-build their relationship with each product separately. Due to this, users have repetitive consent experiences with misaligned value props.
The vision
For customers, a user-centered, One Microsoft product solution to remove user friction, increase user satisfaction, drive deeper ecosystem engagement, and brings the best of Microsoft together.
Internally, the engineering infrastructure enables greater account value, drives business growth, removes data silos, ensures compliance, centralizes data management, and builds customer trust.
The solution
A user-centered privacy framework that connects user data across Microsoft products and services, empowering everyone with the best experiences through unified, meaningful consent.
My role
As the design lead for this project, I led another designer to worked with PMs, designers and engineers cross multiple teams, and delivered the experience from concept to detailed cross-app experiences to 15+ product and cloud service, and on on all the platforms. Except of design, I also represented unified consent team, do regular presentations to keeping the other 5 Microsoft account related work steams updated.
Key research insights
Value Exchange
Controls with granularity
No 3rd party sharing
Storytelling
For user’s to consent to data sharing, value exchange has to be clear and attractive.
Privacy experiences must include easy access to controls with appropriate granularity.
When true, we should reinforce that user data is not shared with 3rd parties.
Users are drawn to compelling storytelling, with clear examples, content, and visuals.
“This is valuable. As a busy mom I need to be coordinated and have the schedules and calendars for the kids, what they’re doing, and to be able to have that information from every device, everywhere that I am.”
–Lena, US
“I’d like if you could indicate what should be and shouldn’t be in it. I’d probably reveal all three types of data, but it’s always good to have more of an option to select what you want to have and what not.”
–Thomas, DE
“It’s great that they say none of your information is being shared this time, but that also makes me wonder why they did not say it in the other ones.”
–Molika, DE
I would trust Microsoft more, because of what I know about Google and Facebook, you're always seeing ads like they're listening to you."
– Lena, US
“What I find appealing here, as opposed to the others, is they tell you clearly what is happening with the information, how it’s being processed, and where it comes from. You have these bullet points clarifying it more effectively.”
–Norman, DE
The design iterations
We made significant progress through multiple iterations of the design.
Initially in Jan 2022, we implemented a two-step consent process, which included both a notice and a consent. Following CELA guidance, we streamlined this to just a notice. Our collaborative efforts with teams from Windows, Edge, and Identity were crucial in deciding the format.
We conducted user testing to ensure legibility and comprehension using a progressive disclosure method.
Upon launching, we enhanced the visuals with the new Microsoft spot illustration style, aligning it with other Sign-in/Sign-up screens. In 2024, the dialog received a fresh, modern update with a center-aligned design, giving it a contemporary and polished look.
A few stories about the decisions
🤓 User research sessions guide us along the way
Conducted user testing on the interruption level and compression level of the Office online version and shipped these features to the web versions of Excel, Word, PowerPoint, OneNote, and Visio.
DECISION 1: Leverage existing SISU dialog
Consistency builds trust. People recognize the UnifiedConsent Notice happens in SignIn/SignUp flow, and from the SignInSignUp-styled dialog, which clearly communicates the Microsoft account-wide scope.
DECISION 2: Skimmable privacy content
Broken-down paragraphs and progressive disclosure enabled by chevron interaction makes UC privacy content more user-friendly. When seeing this design exploration, one customer noted, “it makes me want to actually read it because it is less daunting.
🤩 enhanced the visuals with the new Microsoft spot illustration style
In Nov 2022, I led the effort to enhance user-friendliness by collaborating with the Jadis team and Expression Studio to create a 3D illustration for the sign-in notice and adapt it to fit the style of the Windows OOBE flow.
😨 A conflict between unified consent framework and Outlook mobile’s principles
Collaborated with Outlook mobile team to research, and decided on a hybrid approach
Friendly friction
Business goal: Get users into good state asap
UX goal: Inform users about their data and value of MSA. deliver unified privacy experience to build trust.
Frictionless
Business goal: Keep up the csat, app store ratings high
UX goal: Frictionless path to main JTBDs such as reading emails.
Design variations
Windows OOBE(out of box experience)
<New users>
<Return users>
Teams App
<New users>
<Return users>
Microsoft 365 Online Apps
<Return users>
Microsoft 365 PC Apps
<Return users>
Microsoft 365 Apps on MacOS
<Return users>
Mobile versions on Android and iOS
🤯 As a designer, love the learn the systematic thinking for this project.
Ship it!
Hand off specs
Shipping timeline
Key milestones
- Supported Unified Consent Concept research.
- Led two 5-day cross-team Unified Consent Design Sprints (Windows OOBE and Edge-focused).
- Scoped down in the April 2022 to a Unified Consent Sign-in Notice.
- Collaborated with the identity team to ensure a consistent Microsoft account experience. We are leveraging the same design language and patterns across all products and platforms.
- Conducted usability testing, exceeding privacy expectations and driving brand trust.
- Provided model schema and UI feedback to the Azure Cloud team.
- Delivered Sign-in Notice specs across multiple platforms (Win32, web, macOS, iOS, Android).
- Researched and decided on a hybrid approach with the Outlook mobile team.
- Conducted user testing for Office online features on interruption level and compression level for its specific document open scenarios and shipped them to web versions of Excel, Word, PowerPoint, OneNote, and Visio.
- Provided guidance for Authenticator product-specific scenarios.
- Collaborated with the dev team to solve Win32 implementation issues.
- Worked with the Identity team to address drop-off issues and monitor improvements.
- Resolved SMC(support.microsoft.com) limitations and provided design specifications for W-SDX.
- Senior leadership Satya Nadella(CEO), Rajesh Jha(EVP), Joe Belfiore(CVP of Office Product), Aleš Holeček(CVP of Office Engineering), Jon Friedman(CVP Design & Research) reviewed and celebrated our design achievements.
- Presented design impact at CVP and VP-level leadership meetings and all hands, demo fair and various team events.
- Contributed to the Data and Growth team monthly newsletter.
- Won the Gold Medal for Unified Consent Client SDK-Win32 in E+D and MS Security Accessibility Health Score.
Impact
Unified consent for data-sharing facilitates seamless cross-context functionality via apps participating in the Microsoft account graph (11x11). In FY24, we saw 1.5+ billion data-sharing consents from MSA users across 18+ first party apps and are currently at 686 million consented MSA MAU. We also expanded platform support for retail rollout of Gaming Privacy Controls and Windows DMA in Feb’24.
Reflection
We've achieved incredible alignment and synergy across platform, product, and partner teams to build this infrastructure—we've gone from forming to performing.
Made with ❤️ by Qian