deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 22:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into siosulli-wps

Browse Source
This commit is contained in:
Sinead O'Sullivan
2020-06-24 12:18:12 +01:00
parent 87442e4bc7 54781e29d3
commit 4b4d783104
525 changed files with 10891 additions and 5211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

319
windows/privacy/index.yml
View File

@ -1,156 +1,191 @@
### YamlMime:YamlDocument
documentType: LandingData
### YamlMime:Hub
title: Windows Privacy
summary: Get ready for General Data Protection Regulation (GDPR) by viewing and configuring Windows diagnostic data in your organization.
brand: m365
metadata:
document_id:
title: Windows Privacy
description: Learn about how privacy is managed in Windows.
keywords: Windows 10, Windows Server, Windows Server 2016, privacy, GDPR, compliance, endpoints
services: windows
ms.product: windows
ms.topic: hub-page # Required
ms.collection: M365-security-compliance
author: danihalfin
ms.author: daniha
manager: dansimp
ms.date: 02/21/2019 #Required; mm/dd/yyyy format.
ms.localizationpriority: high
author: danihalfin
ms.author: daniha
ms.date: 04/25/2018
ms.topic: conceptual
audience: ITPro
manager: dansimp
ms.collection: M365-security-compliance
ms.devlang: na
sections:
- items:
- type: markdown
text: Get ready for General Data Protection Regulation (GDPR) by viewing and configuring Windows diagnostic data in your organization.
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: \windows\privacy\gdpr-it-guidance
html: <p>Learn about GDPR and how Microsoft helps you get started towards compliance</p>
image:
src: https://docs.microsoft.com/media/common/i_advanced.svg
title: Start with GDPR basics
- href: \windows\privacy\configure-windows-diagnostic-data-in-your-organization
html: <p>Make informed decisions about how you can configure diagnostic data in your organization</p>
image:
src: https://docs.microsoft.com/media/common/i_filter.svg
title: Configure Windows diagnostic data
- href: \windows\privacy\diagnostic-data-viewer-overview
html: <p>Review the Windows diagnostic data sent to Microsoft by device in your organization</p>
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
title: View Windows diagnostic data
- title: Understand Windows diagnostic data in Windows 10
# highlightedContent section (optional)
# Maximum of 8 items
highlightedContent:
# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
items:
# Card
- title: Start with GDPR basics
itemType: get-started
url: gdpr-it-guidance.md
# Card
- title: Configure Windows diagnostic data
itemType: how-to-guide
url: configure-windows-diagnostic-data-in-your-organization.md
# Card
- title: View Windows diagnostic data
itemType: how-to-guide
url: diagnostic-data-viewer-overview.md
- type: paragraph
# productDirectory section (optional)
productDirectory:
title: Understand Windows diagnostic data in Windows 10
summary: For the latest Windows 10 version, learn more about what Windows diagnostic data is collected at various diagnostics levels.
items:
# Card
- title: Basic level events and fields
# imageSrc should be square in ratio with no whitespace
imageSrc: https://docs.microsoft.com/media/common/i_extend.svg
summary: Learn more about basic Windows diagnostic data events and fields collected.
url: required-windows-diagnostic-data-events-and-fields-2004.md
# Card
- title: Enhanced level events and fields
imageSrc: https://docs.microsoft.com/media/common/i_delivery.svg
summary: Learn more about Windows diagnostic data events and fields used by Windows Analytics.
url: enhanced-diagnostic-data-windows-analytics-events-and-fields.md
# Card
- title: Full level data categories
imageSrc: https://docs.microsoft.com/media/common/i_get-started.svg
summary: Learn more about all Windows diagnostic data collected.
url: windows-diagnostic-data.md
text: 'For the latest Windows 10 version, learn more about what Windows diagnostic data is collected at various diagnostics levels.'
# conceptualContent section (optional)
# conceptualContent:
# # itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
# title: sectiontitle # < 60 chars (optional)
# summary: sectionsummary # < 160 chars (optional)
# items:
# # Card
# - title: cardtitle1
# links:
# - url: file1.md OR https://docs.microsoft.com/file1
# itemType: itemType
# text: linktext1
# - url: file2.md OR https://docs.microsoft.com/file2
# itemType: itemType
# text: linktext2
# - url: file3.md OR https://docs.microsoft.com/file3
# itemType: itemType
# text: linktext3
# # footerLink (optional)
# footerLink:
# url: filefooter.md OR https://docs.microsoft.com/filefooter
# text: See more
# # Card
# - title: cardtitle2
# links:
# - url: file1.md OR https://docs.microsoft.com/file1
# itemType: itemType
# text: linktext1
# - url: file2.md OR https://docs.microsoft.com/file2
# itemType: itemType
# text: linktext2
# - url: file3.md OR https://docs.microsoft.com/file3
# itemType: itemType
# text: linktext3
# # footerLink (optional)
# footerLink:
# url: filefooter.md OR https://docs.microsoft.com/filefooter
# text: See more
# # Card
# - title: cardtitle3
# links:
# - url: file1.md OR https://docs.microsoft.com/file1
# itemType: itemType
# text: linktext1
# - url: file2.md OR https://docs.microsoft.com/file2
# itemType: itemType
# text: linktext2
# - url: file3.md OR https://docs.microsoft.com/file3
# itemType: itemType
# text: linktext3
# # footerLink (optional)
# footerLink:
# url: filefooter.md OR https://docs.microsoft.com/filefooter
# text: See more
- type: list
# # tools section (optional)
# tools:
# title: sectiontitle # < 60 chars (optional)
# summary: sectionsummary # < 160 chars (optional)
# items:
# # Card
# - title: cardtitle1
# # imageSrc should be square in ratio with no whitespace
# imageSrc: ./media/index/image1.svg OR https://docs.microsoft.com/media/logos/image1.svg
# url: file1.md
# # Card
# - title: cardtitle2
# imageSrc: ./media/index/image2.svg OR https://docs.microsoft.com/media/logos/image2.svg
# url: file2.md
# # Card
# - title: cardtitle3
# imageSrc: ./media/index/image3.svg OR https://docs.microsoft.com/media/logos/image3.svg
# url: file3.md
style: cards
# additionalContent section (optional)
# Card with summary style
# additionalContent:
# # Supports up to 3 sections
# sections:
# - title: sectiontitle # < 60 chars (optional)
# summary: sectionsummary # < 160 chars (optional)
# items:
# # Card
# - title: cardtitle1
# summary: cardsummary1
# url: file1.md OR https://docs.microsoft.com/file1
# # Card
# - title: cardtitle2
# summary: cardsummary2
# url: file1.md OR https://docs.microsoft.com/file2
# # Card
# - title: cardtitle3
# summary: cardsummary3
# url: file1.md OR https://docs.microsoft.com/file3
# # footer (optional)
# footer: "footertext [linktext](https://docs.microsoft.com/footerfile)"
className: cardsM
columns: 3
items:
- href: \windows\privacy\basic-level-windows-diagnostic-events-and-fields
html: <p>Learn more about basic Windows diagnostic data events and fields collected</p>
image:
src: https://docs.microsoft.com/media/common/i_extend.svg
title: Basic level events and fields
- href: \windows\privacy\enhanced-diagnostic-data-windows-analytics-events-and-fields
html: <p>Learn more about Windows diagnostic data events and fields used by Windows Analytics</p>
image:
src: https://docs.microsoft.com/media/common/i_delivery.svg
title: Enhanced level events and fields
- href: \windows\privacy\windows-diagnostic-data
html: <p>Learn more about all Windows diagnostic data collected</p>
image:
src: https://docs.microsoft.com/media/common/i_get-started.svg
title: Full level data categories
- items:
- type: list
style: cards
className: cardsL
items:
- title: View and manage Windows 10 connection endpoints
html: <p><a class="barLink" href="/windows/privacy/manage-windows-endpoints">Manage Windows 10 connection endpoints</a></p>
<p><a class="barLink" href="/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services">Manage connections from Windows to Microsoft services</a></p>
- title: Additional resources
html: <p><a class="barLink" href="https://www.microsoft.com/en-us/trustcenter/cloudservices/windows10">Windows 10 on Trust Center</a></p>
<p><a class="barLink" href="https://docs.microsoft.com/microsoft-365/compliance/gdpr">GDPR on Microsoft 365 Compliance solutions</a></p>
<p><a class="barLink" href="https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted">Support for GDPR Accountability on Service Trust Portal</a></p>
# additionalContent section (optional)
# Card with links style
additionalContent:
# Supports up to 3 sections
sections:
- items:
# Card
- title: More Windows privacy
links:
- text: "Windows 10 & Privacy Compliance: A Guide for IT and Compliance Professionals"
url: Windows-10-and-privacy-compliance.md
- text: Windows 10 personal data services configuration
url: windows-personal-data-services-configuration.md
- text: Beginning your GDPR journey for Windows 10
url: gdpr-win10-whitepaper.md
# Card
- title: View and manage Windows 10 connection endpoints
links:
- text: Manage Windows 10 connection endpoints
url: manage-windows-endpoints.md
- text: Manage connection endpoints for non-Enterprise editions of Windows 10
url: windows-endpoints-2004-non-enterprise-editions.md
- text: Manage connections from Windows to Microsoft services
url: manage-connections-from-windows-operating-system-components-to-microsoft-services.md
# Card
- title: Additional resources
links:
- text: Windows 10 on Trust Center
url: https://www.microsoft.com/en-us/trustcenter/cloudservices/windows10
- text: GDPR on Microsoft 365 Compliance solutions
url: https://docs.microsoft.com/microsoft-365/compliance/gdpr
- text: Support for GDPR Accountability on Service Trust Portal
url: https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted
# footer (optional)
# footer: "footertext [linktext](https://docs.microsoft.com/footerfile)"

8
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -14,7 +14,7 @@ ms.author: obezeajo
manager: robsize
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 5/14/2020
ms.date: 6/3/2020
---
# Manage connections from Windows 10 operating system components to Microsoft services
@ -37,7 +37,9 @@ Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline]
> - The **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied.
> [!Warning]
> If a user executes the **Reset this PC** command (Settings -> Update & Security -> Recovery) with the **Keep my files option** (or the **Remove Everything** option) the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied in order to re-restrict the device. Egress traffic may occur prior to the re-application of the Restricted Traffic Limited Functionality Baseline settings.
> - If a user executes the **Reset this PC** command (Settings -> Update & Security -> Recovery) with the **Keep my files option** (or the **Remove Everything** option) the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied in order to re-restrict the device. Egress traffic may occur prior to the re-application of the Restricted Traffic Limited Functionality Baseline settings.
> - To restrict a device effectively (first time or subsequently), it is recommended to apply the Restricted Traffic Limited Functionality Baseline settings package in offline mode.
> - During update or upgrade of Windows, egress traffic may occur.
To use Microsoft Intune cloud based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm)
@ -550,7 +552,7 @@ To disable the Microsoft Account Sign-In Assistant:
### <a href="" id="bkmk-edge"></a>13. Microsoft Edge
Use Group Policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682).
Use Group Policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682) and [Configure Microsoft Edge policy settings on Windows](https://docs.microsoft.com/DeployEdge/configure-microsoft-edge).
### <a href="" id="bkmk-edgegp"></a>13.1 Microsoft Edge Group Policies

6
windows/privacy/manage-windows-2004-endpoints.md
View File

@ -12,7 +12,7 @@ ms.author: obezeajo
manager: robsize
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 5/11/2020
ms.date: 6/9/2020
---
# Manage connection endpoints for Windows 10 Enterprise, version 2004
@ -53,7 +53,7 @@ The following methodology was used to derive these network endpoints:
||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|tile-service.weather.microsoft.com
||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/*
||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2|evoke-windowsservices-tas.msedge.net|
|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible turn off traffic to this endpoint, but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to turn off traffic to this endpoint, but it is not recommended because as root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
|||HTTP|ctldl.windowsupdate.com|
|Cortana and Search|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2|www.bing.com*|
@ -80,7 +80,7 @@ The following methodology was used to derive these network endpoints:
||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store. |HTTP|*.dl.delivery.mp.microsoft.com|
||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2|manage.devcenter.microsoft.com|
|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
|||HTTPS|*ow1.res.office365.com|
|||HTTPS|office.com|

6
windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
View File

@ -84,7 +84,7 @@ The following methodology was used to derive the network endpoints:
|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
|www.msftconnecttest.com|HTTPS|Network Connection (NCSI)
|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
|www.office.com|HTTPS|Microsoft Office
@ -144,7 +144,7 @@ The following methodology was used to derive the network endpoints:
|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
|www.msftconnecttest.com|HTTPS|Network Connection (NCSI)
|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
|www.msn.com|HTTPS|Network Connection (NCSI)
|www.office.com|HTTPS|Microsoft Office
@ -198,6 +198,6 @@ The following methodology was used to derive the network endpoints:
|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
|www.microsoft.com|HTTP|Connected User Experiences and Telemetry, Microsoft Data Management service
|www.msftconnecttest.com|HTTPS|Network Connection (NCSI)
|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
|www.office.com|HTTPS|Microsoft Office