"We want a Microsoft Forms survey to be anonymous." "We want to require names." Both common — and Microsoft Forms' notion of anonymity changes shape depending on context.
Which mode you pick — "organizational," "external," "via Teams," "via email" — substantially changes what "anonymous" actually means. This guide covers the mechanics, then digs into how to design surveys so the anonymity you promise is the anonymity respondents get.
Anonymity changes across four scenarios
| Scenario | Name/email auto-capture | De facto anonymity |
|---|---|---|
| Organizational mode × link distribution | Captured | Identified |
| Organizational mode × Teams poll | Captured | Identified |
| External mode × link distribution | Not captured | Anonymous |
| "Specific users" mode | Captured | Identified |
In other words, "anonymous survey = external mode × link distribution" — anything else and individuals are tied to responses inside Microsoft Forms.
How to set up anonymous mode
1. Settings → "Who can fill out this form"
Select "Anyone can respond." This is the biggest lever for anonymization.
2. Turn off "Record name"
In organizational mode, uncheck "Record name." In external mode names aren't recorded anyway, so this only matters in organizational mode.
3. Don't include identifying questions
If your question list includes "Email address" or "Name," that's a named survey. For real anonymity, stick to attribute questions only.
4. Distribute by link
Don't send the poll through Teams — distribute the anonymous URL via email, internal portal, or LP. Teams distribution has a trap discussed below.
How to set up named mode
1. Keep organizational mode
"Only people in my organization" automatically captures the logged-in user's name and email.
2. Turn on "Record name"
Make it explicit.
3. Add attribute questions if needed
Department, role, hire date — anything that isn't auto-captured goes in as a question.
4. Enable "one response per person"
Combined with organizational mode, you get duplicate prevention.
The real topic — Microsoft Forms anonymity pitfalls
Pitfall 1: Sending through Teams is effectively named
Running an "anonymous poll" in a Teams meeting still leaves the meeting attendee list captured elsewhere. Anyone determined to identify respondents can usually infer "who answered" from there.
In small meetings especially, respondents suspect "they could figure out who said this" and self-censor.
Mitigations:
- For genuine anonymity, distribute outside Teams via external URL
- Require everyone to respond, so non-responders don't expose themselves
- If you claim anonymity, design end-to-end for it
Pitfall 2: "Don't record name" in organizational mode isn't the whole story
Even with "Don't record name" enabled, in organizational mode Microsoft 365 tenant administrators can sometimes technically trace who responded.
The issues:
- Audit logs capture access IP
- Network-side identification is possible in some configurations
- "Designed-in anonymity" and "tenant-admin technical traceability" are different problems
For real anonymity, you need external mode + zero identifying questions.
Pitfall 3: Emails can fingerprint recipients
Even with an "anonymous URL," if the marketing automation pipeline rewrites links per recipient, the system can tell who opened it.
Mitigation: distribute high-stakes anonymous surveys via internal noticeboards or a generic portal, not personalized email.
Pitfall 4: Free text identifies people through writing style and content
This isn't a settings issue — it's a human one. Even on anonymous surveys:
- Writing style and pet phrases give people away
- Mentioning a specific department or project does
- "Information only I would know" does
Be honest with respondents that "anonymous" reduces but doesn't eliminate identification risk.
Design that makes "anonymous" credible
Design 1: Be explicit about what you collect and don't
This survey is anonymous.
We do not record name, email, or department.
Responses are used in aggregate only and will not be used to identify individuals.
A sentence in the description visibly changes respondent trust and honesty.
Design 2: Reduce identification through attribute combinations
Asking "age + gender + department" lets you fingerprint individuals. Three or more cross-cutting attributes can effectively break anonymity inside a single organization.
Mitigations:
- Ask the minimum necessary attributes
- Coarser buckets ("30s," "Sales-side") instead of precise values
- Roll departments into categories (Sales / Engineering / G&A)
Design 3: Don't publish thin segments
Publishing aggregate results like "Sales department, women — 2 respondents" identifies those individuals.
Mitigation: suppress segments below n=5 in reports, or merge into a parent category.
Design 4: Codify how free text gets handled
If you publish open-ended responses:
- Editor masks anything personally identifying before publication
- Raw data access is restricted to administrators
- Raw data is deleted after a defined retention period
Recommended settings by use case
| Use case | Recommended mode | Notes |
|---|---|---|
| Employee engagement survey | External mode | Anonymity directly affects honesty |
| Application / booking form | Organizational or external (named) | Contact info required |
| Vendor / partner satisfaction | External mode | Add named questions if needed |
| 360-degree feedback | External mode (strict anonymity) | Relationship to subject matters |
| Customer NPS | External mode | Optionally ask consent to follow up |
| Exit interview | External mode (strict anonymity) | Removes incumbent-pressure bias |
Anonymity design in Repoan
Repoan lets you control anonymity at a fine grain.
- Fully anonymous mode — option to log no IP and no cookies
- Cookie-based duplicate prevention × anonymous — block "same browser, second submission" without identifying anyone
- Per-question named/anonymous switching — e.g., "email optional, content anonymous"
- Standard respondent-facing anonymity messaging templates — built-in copy that establishes trust
- Auto-masking of thin segments — config to hide segments below n=5 from reports
Wrap-up
Microsoft Forms anonymity:
- "Organizational vs. external" mode dramatically changes behavior
- Organizational mode is named by default; external mode is anonymous by default
- Teams distribution is effectively named
- "Don't record name" doesn't address tenant-admin technical traceability
If you call something anonymous, you owe respondents an honest implementation. Real anonymity is a function of settings, distribution method, question structure, and publication rules combined — not a single checkbox.
Related reading: