diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index f6ab6a91ed..8f20a10e5e 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -1,6 +1,6 @@ --- title: Changes to Windows diagnostic data collection -description: This article provides information on changes to Windows diagnostic data collection Windows 10. +description: This article provides information on changes to Windows diagnostic data collection Windows 10 and Windows 11. keywords: privacy, diagnostic data ms.prod: w10 ms.mktglfcycl: manage @@ -13,14 +13,14 @@ author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/08/2021 +ms.date: 09/17/2021 --- # Changes to Windows diagnostic data collection **Applies to** - Windows 11 -- Windows 10, version 1903 and later +- Windows 10, version 1903 and newer - Windows Server 2022 Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. As part of this effort, we have moved our major products and services to a model where data sent back to Microsoft from customer devices will be classified as either **Required** or **Optional**. We believe this will provide our customers with a simpler experience – information should be easier to find, easier to understand, and easier to act upon through the tools we provide. @@ -48,9 +48,9 @@ Starting in Windows 10, version 1903 and later, both the **Out-of-Box-Experience ## Behavioral changes -Starting in Windows 11 and Windows Server 2022, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they are upgraded, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that leverage enhanced data collection may not work properly. For a list of services, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change. For a list of steps, see [Configure a Windows 11 device to limit crash dumps and logs](#configure-a-windows-11-device-to-limit-crash-dumps-and-logs). For more information on services that rely on Enhanced diagnostic data, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). +Starting in Windows 11 and Windows Server 2022, we’re simplifying the Windows diagnostic data controls by moving from four diagnostic data settings to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they are upgraded to a supported version of the operating system, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that leverage enhanced data collection may not work properly. For a list of services, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change. -Additionally, you will see the following policy changes in an upcoming release of Windows Holographic, version 21H1 (HoloLens 2), Windows Server 2022 and Windows 11: +Additionally, you will see the following policy changes in Windows Server 2022, Windows 11, and Windows Holographic, version 21H1 (HoloLens 2): | Policy type | Current policy | Renamed policy | | --- | --- | --- | @@ -67,18 +67,7 @@ A final set of changes includes two new policies that can help you fine-tune dia - Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Diagnostic Log Collection** - MDM policy: System/LimitDiagnosticLogCollection ->[!Important] ->All the changes mentioned in this section will not be released on versions of Windows, version 1809 and earlier as well as Windows Server 2019 and earlier. - -## Configure a Windows 11 device to limit crash dumps and logs - -With the Enhanced diagnostic data level being split out into new policies, we're providing additional controls to manage what types of crash dumps are collected and whether to send additional diagnostic logs. Here are some steps on how to configure them: - -1. Choose to send optional diagnostic data by setting one of the following policies: - - Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow Diagnostic Data**. Set the policy value to **Send optional diagnostic data**. - - MDM: System/AllowTelemetry. Set the policy value to **3**. -2. Enable the following Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Dump Collection** -3. Enable the following Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Diagnostic Log Collection** +For more info, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). ## Services that rely on Enhanced diagnostic data @@ -91,14 +80,12 @@ The following provides information on the current configurations: ## New Windows diagnostic data processor configuration -**Applies to:** +Enterprise customers have an option for controlling their Windows diagnostic data for their Azure Active Directory joined devices. This configuration option is supported on the following versions of Windows: -- Windows 10 Education, Professional, and Enterprise editions, version 1809 with July 2021 update and later -- Windows 11 Education, Professional, and Enterprise editions +- Windows 11 Enterprise, Professional, and Education +- Windows 10, Enterprise, Professional, and Education, version 1809 with at least the July 2021 update. -Enterprise customers will now have a new option for controlling their Windows diagnostic data for their Azure Active Directory joined devices. - -Previously, enterprise customers had two options in managing their Windows diagnostic data: 1) allow Microsoft to be the [controller](/compliance/regulatory/gdpr#terminology) of that data and responsible for determining the purposes and means of the processing of Windows diagnostic data in order to improve the Windows 10 operating system and deliver analytical services, or 2) turn off diagnostic data flows altogether. +Previously, enterprise customers had two options in managing their Windows diagnostic data: 1) allow Microsoft to be the [controller](/compliance/regulatory/gdpr#terminology) of that data and responsible for determining the purposes and means of the processing of Windows diagnostic data in order to improve the Windows operating system and deliver analytical services, or 2) turn off diagnostic data flows altogether. Now, customers will have a third option that allows them to be the controller for their Windows diagnostic data, while still benefiting from the purposes that this data serves, such as quality of updates and device drivers. Under this approach, Microsoft will act as a data [processor](/compliance/regulatory/gdpr#terminology), processing Windows diagnostic data on behalf of the controller. diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 6be7c306f9..9f13070d00 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -1,5 +1,5 @@ --- -description: Use this article to make informed decisions about how you can configure diagnostic data in your organization. +description: Use this article to make informed decisions about how you can configure Windows diagnostic data in your organization. title: Configure Windows diagnostic data in your organization (Windows 10 and Windows 11) keywords: privacy ms.prod: w10 @@ -20,13 +20,17 @@ ms.date: 09/08/2021 **Applies to** -- Windows 11 +- Windows 11 Enterprise +- Windows 11 Education +- Windows 11 Professional - Windows 10 Enterprise - Windows 10 Education - Windows 10 Professional - Windows Server 2016 and later +- Surface Hub +- Hololens -This article applies to Windows 11, Windows 10, Windows Server, Surface Hub, and HoloLens diagnostic data only. It describes the types of diagnostic data sent back to Microsoft and the ways you can manage it within your organization. Microsoft uses the data to quickly identify and address issues affecting its customers. +This topic describes the types of Windows diagnostic data sent back to Microsoft and the ways you can manage it within your organization. Microsoft uses the data to quickly identify and address issues affecting its customers. ## Overview @@ -36,13 +40,13 @@ For more information about how Windows diagnostic data is used, see [Diagnostics ### Diagnostic data gives users a voice -Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows and Windows Server behave in the real world, focus on user priorities, and make informed decisions that benefit both consumer and enterprise customers. The following sections offer real examples of these benefits. +Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behave in the real world, focus on user priorities, and make informed decisions that benefit both consumer and enterprise customers. The following sections offer real examples of these benefits. ### _Improve app and driver quality_ Our ability to collect diagnostic data that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Diagnostic data helps us to quickly identify and fix critical reliability and security issues with apps and device drivers used on Windows. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues. -For example, in an earlier version of Windows 10 there was a version of a video driver that was crashing on some devices, causing the device to restart. We detected the problem in our diagnostic data, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on diagnostic data from the Windows Insiders’ devices, we were able to validate the new version of the video driver and rolled it out to the broad public as an update the next day. Diagnostic data helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls. +For example, in an earlier version of Windows there was a version of a video driver that was crashing on some devices, causing the device to restart. We detected the problem in our diagnostic data, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on diagnostic data from the Windows Insiders’ devices, we were able to validate the new version of the video driver and rolled it out to the broad public as an update the next day. Diagnostic data helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls. ### _Improve end-user productivity_ @@ -52,7 +56,7 @@ Windows diagnostic data also helps Microsoft better understand how customers use - **Cortana.** We use diagnostic data to monitor the scalability of our cloud service, improving search performance. -- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between apps. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature. +- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between apps. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature. ## How Microsoft handles diagnostic data @@ -76,7 +80,7 @@ All diagnostic data is encrypted using Transport Layer Security (TLS) and uses c ### Endpoints -The following table lists the endpoints related to how you can manage the collection and control of diagnostic data. For more information around the endpoints that are used to send data back to Microsoft, see [Manage connection endpoints for Windows 10 Enterprise, version 21H1](manage-windows-21h1-endpoints.md) and and [Manage connection endpoints for Windows 11](manage-windows-11-endpoints.md). +The following table lists the endpoints related to how you can manage the collection and control of diagnostic data. For more information around the endpoints that are used to send data back to Microsoft, see the **Manage connection endpoints** section of the left-hand navigation menu. | Windows service | Endpoint | | - | - | @@ -100,7 +104,7 @@ There are four diagnostic data collection settings. Each setting is described in - Diagnostic data off (Security) - Required diagnostic data (Basic) -- Enhanced (This setting is only available on devices running Windows 10 and Windows Server 2019 and earlier. It is not supported on Windows 11 and Windows Server 2022.) +- Enhanced (This setting is only available on devices running Windows 10, Windows Server 2016, and Windows Server 2019.) - Optional diagnostic data (Full) Here’s a summary of the types of data that is included with each setting: @@ -109,14 +113,14 @@ Here’s a summary of the types of data that is included with each setting: | --- | --- | --- | --- | --- | | **Diagnostic data events** | No Windows diagnostic data sent. | Minimum data required to keep the device secure, up to date, and performing as expected. | Additional data about the websites you browse, how Windows and apps are used and how they perform, and device activity. The additional data helps Microsoft to fix and improve products and services for all users. | Additional data about the websites you browse, how Windows and apps are used and how they perform. This data also includes data about device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users.| | **Crash Metadata** | N/A | Yes | Yes | Yes | -| **Crash Dumps** | N/A | No | Triage dumps only

For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). | Full memory dumps

For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). | +| **Crash Dumps** | N/A | No | Triage dumps only

For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). | Full and triage memory dumps

For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). | | **Diagnostic logs** | N/A | No | No | Yes | | **Data collection** | N/A | 100% | Sampling applies | Sampling applies | ### Diagnostic data off -This setting was previously labeled as **Security**. When you configure this setting, no Windows diagnostic data is sent from your device. This is only available on Windows Server, Windows 10 Enterprise, and Windows 10 Education, and Windows 11. If you choose this setting, devices in your organization will still be secure. +This setting was previously labeled as **Security**. When you configure this setting, no Windows diagnostic data is sent from your device. This is only available on Windows Server, Windows Enterprise, and Windows Education editions. If you choose this setting, devices in your organization will still be secure. >[!NOTE] > If your organization relies on Windows Update, the minimum recommended setting is **Required diagnostic data**. Because no Windows Update information is collected when diagnostic data is off, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates. @@ -125,7 +129,7 @@ This setting was previously labeled as **Security**. When you configure this set Required diagnostic data, previously labeled as **Basic**, gathers a limited set of data that’s critical for understanding the device and its configuration. This data helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version. -This is the default setting for Windows 10 Education editions, the desktop editions starting with Windows 10, version 1903 and Windows 11. +This is the default setting for current releases of Windows, Windows 10, version 1903. Required diagnostic data includes: @@ -158,7 +162,7 @@ Required diagnostic data includes: In Windows 10 and Windows Server 2019, enhanced diagnostic data includes data about the websites you browse, how Windows and apps are used and how they perform, and device activity. The additional data helps Microsoft to fix and improve products and services for all users. >[!Important] ->This diagnostic data setting is not available on Windows 11 and Windows Server 2022 and has been replaced with policies that can control the amount of optional diagnostic data that is sent. More information on these settings are available in the Manage enterprise diagnostic data section of this document. +>This diagnostic data setting is not available on Windows 11 and Windows Server 2022 and has been replaced with policies that can control the amount of optional diagnostic data that is sent. More information on these settings are available in the **Manage diagnostic data using Group Policy and MDM** section of this topic. When you choose to send enhanced diagnostic data, required diagnostic data will always be included, and we collect the following additional information: @@ -187,7 +191,7 @@ Optional diagnostic data, previously labeled as **Full**, includes more detailed >[!Note] >Crash dumps collected in optional diagnostic data may unintentionally contain personal data, such as portions of memory from a document and a web page. For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). -## Manage enterprise diagnostic data +## Manage diagnostic data using Group Policy and MDM Use the steps in this section to configure the diagnostic data settings for Windows and Windows Server in your organization. @@ -214,7 +218,7 @@ You can use Group Policy to set your organization’s diagnostic data setting: 1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**. -2. Double-click **Allow Telemetry**. +2. Double-click **Allow Telemetry** (or **Allow diagnostic data** on Windows 11 and Windows Server 2022). > [!NOTE] > If devices in your organization are running Windows 10, 1803 and later, the user can still use Settings to set the diagnostic data setting to a more restrictive value, unless the **Configure diagnostic data opt-in settings user interface** policy is set. @@ -224,8 +228,6 @@ You can use Group Policy to set your organization’s diagnostic data setting: ### Use Group Policy to manage optional diagnostic data collection -There were two new policies added in Windows 11 to help you further managed your optional diagnostic data collection. These policies are not supported on Windows 10. - The following policy lets you limit the types of [crash dumps](/windows/win32/dxtecharts/crash-dump-analysis) that can be sent back to Microsoft. If this policy is enabled, Windows Error Reporting will send only kernel mini dumps and user mode triage dumps. 1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**. @@ -247,8 +249,11 @@ You can also limit the number of diagnostic logs that are sent back to Microsoft Use [Policy Configuration Service Provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) to apply the following MDM policies: - System/AllowTelemetry - - System/LimitDumpCollection (supported on Windows 11 only) - - System/LimitDiagnosticLogCollection (supported on Windows 11 only) + - System/LimitDumpCollection + - System/LimitDiagnosticLogCollection + +> [!NOTE] +> The last two policies are only available on Windows 11 and Windows Server 2022. ## Enable Windows diagnostic data processor configuration @@ -256,7 +261,9 @@ The Windows diagnostic data processor configuration enables you to be the contro ### Prerequisites -- The device must have Windows 11, Windows 10 Professional, Education or Enterprise edition, version 1809 with July 2021 update or later. +- The device must be any of the following releases of Windows: + - Windows 11 Enterprise, Professional, or Education edition + - Windows 10 Enterprise, Education, or Professional edition, version 1809 with July 2021 update or later. - The device must be joined to Azure Active Directory. The diagnostic data setting on the device should be set to Required diagnostic data or higher, and the following endpoints need to be reachable: diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml index 7442f63a54..96516c4786 100644 --- a/windows/privacy/toc.yml +++ b/windows/privacy/toc.yml @@ -1,7 +1,7 @@ - name: Privacy href: index.yml items: - - name: "Windows 10 & Windows 11 Privacy Compliance: A Guide for IT and Compliance Professionals" + - name: "Windows Privacy Compliance: A Guide for IT and Compliance Professionals" href: windows-10-and-privacy-compliance.md - name: Configure Windows diagnostic data in your organization href: configure-windows-diagnostic-data-in-your-organization.md diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 167086af45..317810aead 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -1,6 +1,6 @@ --- -title: Windows 10 & Windows 11 Privacy Compliance Guide -description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows 10. +title: Windows Privacy Compliance Guide +description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows. keywords: privacy, GDPR, compliance ms.prod: w10 ms.mktglfcycl: manage @@ -16,11 +16,13 @@ ms.topic: article ms.date: 07/21/2020 --- -# Windows 10 and Windows 11 Privacy Compliance:
A Guide for IT and Compliance Professionals +# Windows Privacy Compliance:
A Guide for IT and Compliance Professionals Applies to: -- Windows 11 +- Windows 11 Enterprise +- Windows 11 Education +- Windows 11 Professional - Windows 10 Enterprise - Windows 10 Education - Windows 10 Professional @@ -32,7 +34,7 @@ At Microsoft, we are committed to data privacy across all our products and servi Microsoft collects data through multiple interactions with users of Windows devices. This information can contain personal data that may be used to provide, secure, and improve Windows services. To help users and organizations control the collection of personal data, Windows provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article. -This information allows administrators and compliance professionals to work together to better manage personal data privacy considerations and related regulations, such as the General Data Protection Regulation (GDPR) +This information allows administrators and compliance professionals to work together to better manage personal data privacy considerations and related regulations, such as the General Data Protection Regulation (GDPR). ## 1. Windows data collection transparency @@ -45,23 +47,21 @@ When setting up a device, a user can configure their privacy settings. Those pri The following table provides an overview of the Windows 10 and Windows 11 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information. > [!NOTE] -> This table is limited to the privacy settings that are available as part of setting up a Windows 10 (Windows 10, version 1809 and later) or Windows 11 device. For the full list of settings that involve data collection, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). +> This table is limited to the privacy settings that are available as part of setting up a curent version of Windows. For the full list of settings that involve data collection, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). | Feature/Setting | Description | Supporting Content | Privacy Statement | | --- | --- | --- | --- | -| Diagnostic Data |

Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device and understand the device's service issues and use patterns.

Diagnostic data is categorized into the following:

| [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | -| Inking and typing diagnostics | Microsoft collects optional inking and typing diagnostic data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | -| Speech | Use your voice for dictation and to talk to Cortana and other apps that use Windows cloud-based speech recognition. Microsoft collects voice data to help improve speech services. | [Learn more](https://support.microsoft.com/help/4468250/windows-10-speech-voice-activation-inking-typing-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainspeechinkingtypingmodule) | +| Diagnostic Data |

Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft to quickly identify and address issues affecting its customers.

Diagnostic data is categorized into the following:

| [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | +| Inking & typing | Microsoft collects optional inking and typing diagnostic data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | | Location | Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services. | [Learn more](https://support.microsoft.com/help/4468240/windows-10-location-service-and-privacy) |[Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) | | Find my device | Use your device’s location data to help you find your device if you lose it. | [Learn more](https://support.microsoft.com/help/11579/microsoft-account-find-and-lock-lost-windows-device) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) | | Tailored Experiences | Let Microsoft offer you tailored experiences based on the diagnostic data you choose to send. Tailored experiences include personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | | Advertising Id | Apps can use advertising ID to provide more personalized advertising in accordance with the privacy policy of the app provider. | [Learn more](https://support.microsoft.com/help/4459081/windows-10-general-privacy-settings) | [Privacy statement](https://support.microsoft.com/help/4459081/windows-10-general-privacy-settings) | -| Activity History/Timeline – Cloud Sync | If you want Windows Timeline and other Windows features to help you continue what you were doing, even when you switch devices, send Microsoft your activity history, which includes info about websites you browse and how you use apps and services. | [Learn more](https://support.microsoft.com/help/4468227/windows-10-activity-history-and-your-privacy-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainactivityhistorymodule) | -| Cortana |

Cortana is Microsoft’s personal digital assistant, which helps busy people get things done, even while they’re at work. Cortana on Windows is available in [certain regions and languages](https://support.microsoft.com/help/4026948/cortanas-regions-and-languages). Cortana learns from certain data about the user, such as location, searches, calendar, contacts, voice input, speech patterns, email, content, and communication history from text messages. In Microsoft Edge, Cortana uses browsing history. The user is in control of how much data is shared.

Cortana has powerful configuration options, specifically optimized for a business. By signing in with an Azure Active Directory (Azure AD) account, enterprise users can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.

| [Learn more](https://support.microsoft.com/help/4468233/cortana-and-privacy-microsoft-privacy)

[Cortana integration in your business or enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview) | [Privacy statement](https://privacy.microsoft.com/privacystatement#maincortanamodule) | + ### 1.2 Data collection monitoring -[Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) is a Microsoft Store app (available in Windows 10, version 1803 and later and Windows 11) that lets a user review the Windows diagnostic data that is being collected on their Windows 10 or Windows 11 device and sent to Microsoft in real-time. DDV groups the information into simple categories that describe the data that’s being collected. +[Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) is a Microsoft Store app (available in Windows 10, version 1803 and later and Windows 11) that lets a user review the Windows diagnostic data that is being collected on their Windows device and sent to Microsoft in real-time. DDV groups the information into simple categories that describe the data that’s being collected. An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](microsoft-diagnosticdataviewer.md) provides further information. @@ -74,7 +74,7 @@ Windows provides the ability to manage privacy settings through several differen ### 2.1 Privacy setting options for users -Once a Windows device is set up, a user can manage data collection settings by navigating to **Start > Settings > Privacy**. Administrators can control privacy settings via setting policy on the device (see Section 2.2 below). If this is the case, the user will see an alert that says **Some settings are hidden or managed by your organization** when they navigate to **Start > Settings > Privacy**. In this case, the user can only change settings in accordance with the policies that the administrator has applied to the device. +Once a Windows device is set up, a user can manage data collection settings by navigating to the Settings app in Windows. Administrators can control privacy settings via setting policy on the device (see Section 2.2 below). If this is the case, the user will see an alert that says **Some settings are hidden or managed by your organization** when they navigate to the Settings app. In this case, the user can only change settings in accordance with the policies that the administrator has applied to the device. ### 2.2 Privacy setting controls for administrators @@ -109,7 +109,7 @@ If you want the ability to fully control and apply restrictions on data being se Alternatively, your administrators can also choose to use Windows Autopilot. Autopilot lessens the overall burden of deployment while allowing administrators to fully customize the out-of-box experience. However, since Windows Autopilot is a cloud-based solution, administrators should be aware that a minimal set of device identifiers are sent back to Microsoft during initial device boot up. This device-specific information is used to identify the device so that it can receive the administrator-configured Autopilot profile and policies. -You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows 10 and Windows 11: +You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows: - [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot) - [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process) @@ -120,11 +120,11 @@ Administrators can manage the data sent from their organization to Microsoft by For more details, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available on how to configure each setting, the impact to functionality, and which versions of Windows that are applicable. -#### _2.3.3 Managing Windows 10 and Windows 11 connections_ +#### _2.3.3 Managing Windows connections_ Some Windows components, apps, and related services transfer data to Microsoft network endpoints. An administrator may want to block these endpoints for their organization to meet their specific compliance objectives. -[Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H1-endpoints.md) and [Manage connection endpoints for Windows 11](manage-windows-11-endpoints.md) provide a list of endpoints for the latest Windows 10 and Windows 11 releases, along with descriptions of any functionality that would be impacted by restricting data collection. Details for additional Windows versions can be found on the Windows Privacy site under the **Manage Windows connection endpoints** section of the left-hand navigation menu. +The **Manage Windows connection endpoints** section on the left-hand navigation menu provides a list of endpoints for the latest Windows releases, along with descriptions of any functionality that would be impacted by restricting data collection. #### _2.3.4 Limited functionality baseline_ @@ -155,9 +155,10 @@ An administrator can disable a user’s ability to delete their device’s diagn **Applies to:** -- Windows 10 (version 1809 with July 2021 update and later) and Windows 11 Enterprise, Pro, Education editions +- Windows 11 Enterprise, Professional, and Education editions +- Windows 10 Enterprise, Professional, and Education, version 1809 with July 2021 update and newer -The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 and Windows 11 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing service-based capabilities. +The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing service-based capabilities. The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific AAD User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific AAD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific AAD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer. @@ -175,7 +176,7 @@ For more information on how Microsoft can help you honor rights and fulfill obli ## 3. The process for exercising data subject rights -This section discusses the different methods Microsoft provides for users and administrators to exercise data subject rights for data collected from a Windows 10 or Windows 11 device. +This section discusses the different methods Microsoft provides for users and administrators to exercise data subject rights for data collected from a Windows device. For IT administrators who have devices using the Windows diagnostic data processor configuration, refer to the [Data Subject Requests for the GDPR and CCPA](/compliance/regulatory/gdpr-dsr-windows). Otherwise proceed to the sections below. @@ -188,7 +189,7 @@ Users can delete their device-based data by going to **Settings** > **Privacy** ### 3.2 View -The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from a Windows 10 or Windows 11 device. Administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet. +The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from a Windows device. Administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet. >[!Note] >If the Windows diagnostic data processor configuration is enabled, IT administrators can view the diagnostic data that is associated with a user from the admin portal. @@ -217,7 +218,7 @@ The following sections provide details about how privacy data is collected and m ### 5.1 Windows Server 2016 and later -Windows Server follows the same mechanisms as Windows 10 for handling of personal data. +Windows Server follows the same mechanisms as Windows for handling of personal data. >[!Note] >The Windows diagnostic data processor configuration is not available for Windows Server. @@ -240,11 +241,11 @@ An administrator can configure privacy-related settings, such as choosing to onl ### 5.4 Microsoft Managed Desktop -[Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows 10 and Windows 11 Enterprise edition, Office 365 ProPlus, and Microsoft security services. +[Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows Enterprise edition, Office 365 ProPlus, and Microsoft security services. ### 5.5 Update Compliance -[Update Compliance](/windows/deployment/update/update-compliance-monitor) is a service that enables organizations to monitor security, quality and feature updates for Windows 10 and Windows 11 Professional, Education, and Enterprise editions, and view a report of device and update issues related to compliance that need attention. Update Compliance uses Windows 10 and Windows 11 diagnostic data for all its reporting. +[Update Compliance](/windows/deployment/update/update-compliance-monitor) is a service that enables organizations to monitor security, quality and feature updates for Windows Professional, Education, and Enterprise editions, and view a report of device and update issues related to compliance that need attention. Update Compliance uses Windows diagnostic data for all its reporting. ## Additional Resources