deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #215 from MicrosoftDocs/19h1-basic-diag

Browse Source 
Windows 10, version 1903 update
This commit is contained in:
Dani Halfin 2019-05-17 11:15:03 -07:00 committed by GitHub
commit 89f83d15fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 16835 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.openpublishing.redirection.json
View File

@ -14257,7 +14257,7 @@
}, },
{ {
"source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md", "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md",
"redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809", "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903",
"redirect_document_id": true "redirect_document_id": true
}, },
{ {

1
windows/privacy/TOC.md
View File

@ -7,6 +7,7 @@
### [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md) ### [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md)
### [Diagnostic Data Viewer for PowerShell Overview](Microsoft-DiagnosticDataViewer.md) ### [Diagnostic Data Viewer for PowerShell Overview](Microsoft-DiagnosticDataViewer.md)
## Basic level Windows diagnostic data events and fields ## Basic level Windows diagnostic data events and fields
### [Windows 10, version 1903 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
### [Windows 10, version 1809 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) ### [Windows 10, version 1809 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
### [Windows 10, version 1803 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md) ### [Windows 10, version 1803 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
### [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md) ### [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)

128
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
View File

@ -7,13 +7,13 @@ ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
localizationpriority: high localizationpriority: high
audience: ITPro
author: brianlic-msft author: brianlic-msft
ms.author: brianlic ms.author: brianlic
manager: dansimp manager: dansimp
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 02/15/2019 audience: ITPro
ms.date: 04/19/2019
--- ---
@ -1464,7 +1464,7 @@ The following fields are available:
### Census.Processor ### Census.Processor
This event sends data about the processor (architecture, speed, number of cores, manufacturer, and model number), to help keep Windows up to date. This event sends data about the processor to help keep Windows up to date.
The following fields are available: The following fields are available:
@ -1822,61 +1822,6 @@ The following fields are available:
## Diagnostic data events ## Diagnostic data events
### TelClientSynthetic.AbnormalShutdown_0
This event sends data about boot IDs for which a normal clean shutdown was not observed, to help keep Windows up to date.
The following fields are available:
- **AbnormalShutdownBootId** Retrieves the Boot ID for which the abnormal shutdown was observed.
- **CrashDumpEnabled** Indicates whether crash dumps are enabled.
- **CumulativeCrashCount** Cumulative count of operating system crashes since the BootId reset.
- **CurrentBootId** BootId at the time the abnormal shutdown event was being reported.
- **FirmwareResetReasonEmbeddedController** Firmware-supplied reason for the reset.
- **FirmwareResetReasonEmbeddedControllerAdditional** Additional data related to the reset reason provided by the firmware.
- **FirmwareResetReasonPch** Hardware-supplied reason for the reset.
- **FirmwareResetReasonPchAdditional** Additional data related to the reset reason provided by the hardware.
- **FirmwareResetReasonSupplied** Indicates whether the firmware supplied any reset reason.
- **FirmwareType** ID of the FirmwareType as enumerated in DimFirmwareType.
- **HardwareWatchdogTimerGeneratedLastReset** Indicates whether the hardware watchdog timer caused the last reset.
- **HardwareWatchdogTimerPresent** Indicates whether hardware watchdog timer was present or not.
- **LastBugCheckBootId** The Boot ID of the last captured crash.
- **LastBugCheckCode** Code that indicates the type of error.
- **LastBugCheckContextFlags** Additional crash dump settings.
- **LastBugCheckOriginalDumpType** The type of crash dump the system intended to save.
- **LastBugCheckOtherSettings** Other crash dump settings.
- **LastBugCheckParameter1** The first parameter with additional info on the type of the error.
- **LastBugCheckProgress** Progress towards writing out the last crash dump.
- **LastSuccessfullyShutdownBootId** The Boot ID of the last fully successful shutdown.
- **PowerButtonCumulativePressCount** Indicates the number of times the power button has been pressed ("pressed" not to be confused with "released").
- **PowerButtonCumulativeReleaseCount** Indicates the number of times the power button has been released ("released" not to be confused with "pressed").
- **PowerButtonErrorCount** Indicates the number of times there was an error attempting to record Power Button metrics (e.g.: due to a failure to lock/update the bootstat file).
- **PowerButtonLastPressBootId** The Boot ID of the last time the Power Button was detected to have been pressed ("pressed" not to be confused with "released").
- **PowerButtonLastPressTime** The date and time the Power Button was most recently pressed ("pressed" not to be confused with "released").
- **PowerButtonLastReleaseBootId** The Boot ID of the last time the Power Button was released ("released" not to be confused with "pressed").
- **PowerButtonLastReleaseTime** The date and time the Power Button was most recently released ("released" not to be confused with "pressed").
- **PowerButtonPressCurrentCsPhase** Represents the phase of Connected Standby exit when the power button was pressed.
- **PowerButtonPressIsShutdownInProgress** Indicates whether a system shutdown was in progress at the last time the Power Button was pressed.
- **PowerButtonPressLastPowerWatchdogStage** The last stage completed when the Power Button was most recently pressed.
- **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
- **TransitionInfoBootId** The Boot ID of the captured transition information.
- **TransitionInfoCSCount** The total number of times the system transitioned from "Connected Standby" mode to "On" when the last marker was saved.
- **TransitionInfoCSEntryReason** Indicates the reason the device last entered "Connected Standby" mode ("entered" not to be confused with "exited").
- **TransitionInfoCSExitReason** Indicates the reason the device last exited "Connected Standby" mode ("exited" not to be confused with "entered").
- **TransitionInfoCSInProgress** Indicates whether the system was in or entering Connected Standby mode when the last marker was saved.
- **TransitionInfoLastReferenceTimeChecksum** The checksum of TransitionInfoLastReferenceTimestamp.
- **TransitionInfoLastReferenceTimestamp** The date and time that the marker was last saved.
- **TransitionInfoPowerButtonTimestamp** The most recent date and time when the Power Button was pressed (collected via a different mechanism than PowerButtonLastPressTime).
- **TransitionInfoSleepInProgress** Indicates whether the system was in or entering Sleep mode when the last marker was saved.
- **TransitionInfoSleepTranstionsToOn** The total number of times the system transitioned from Sleep mode to on, when the last marker was saved.
- **TransitionInfoSystemRunning** Indicates whether the system was running when the last marker was saved.
- **TransitionInfoSystemShutdownInProgress** Indicates whether a device shutdown was in progress when the power button was pressed.
- **TransitionInfoUserShutdownInProgress** Indicates whether a user shutdown was in progress when the power button was pressed.
- **TransitionLatestCheckpointId** Represents a unique identifier for a checkpoint during the device state transition.
- **TransitionLatestCheckpointSeqNumber** Represents the chronological sequence number of the checkpoint.
- **TransitionLatestCheckpointType** Represents the type of the checkpoint, which can be the start of a phase, end of a phase, or just informational.
### TelClientSynthetic.AuthorizationInfo_RuntimeTransition ### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. The telemetry opt-in level signals what data we are allowed to collect. This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. The telemetry opt-in level signals what data we are allowed to collect.
@ -3009,26 +2954,43 @@ The following fields are available:
- **winInetError** The HResult of the operation. - **winInetError** The HResult of the operation.
## Privacy logging notification events
### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue.
The following fields are available:
- **cleanupTask** Indicates whether the task that launched the dialog should be cleaned up.
- **cleanupTaskResult** The return code of the attempt to clean up the task used to show the dialog.
- **deviceEvaluated** Indicates whether the device was eligible for evaluation of a known issue.
- **deviceImpacted** Indicates whether the device was impacted by a known issue.
- **modalAction** The action the user took on the dialog that was presented to them.
- **modalResult** The return code of the attempt to show a dialog to the user explaining the issue.
- **resetSettingsResult** The return code of the action to correct the known issue.
## Remediation events ## Remediation events
### Microsoft.Windows.Remediation.Applicable ### Microsoft.Windows.Remediation.Applicable
This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date. deny
The following fields are available: The following fields are available:
- **ActionName** The name of the action to be taken by the plug-in. - **ActionName** The name of the action to be taken by the plug-in.
- **AppraiserBinariesValidResult** Indicates whether plug-in was appraised as valid. - **AppraiserBinariesValidResult** Indicates whether the plug-in was appraised as valid.
- **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check. - **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check.
- **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid. - **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid.
- **AppraiserTaskDisabled** Indicates the appraiser task is disabled. - **AppraiserTaskDisabled** Indicates the appraiser task is disabled.
- **AppraiserTaskValidFailed** Indicates the Appraiser task did not function and requires intervention. - **AppraiserTaskValidFailed** Indicates the Appraiser task did not function and requires intervention.
- **CV** Correlation vector - **CV** Correlation vector
- **DateTimeDifference** The difference between local and reference clock times. - **DateTimeDifference** The difference between local and reference clock times.
- **DateTimeSyncEnabled** Indicates whether the datetime sync plug-in is enabled. - **DateTimeSyncEnabled** Indicates whether the Datetime Sync plug-in is enabled.
- **DaysSinceLastSIH** The number of days since the most recent SIH executed. - **DaysSinceLastSIH** The number of days since the most recent SIH executed.
- **DaysToNextSIH** The number of days until the next scheduled SIH execution. - **DaysToNextSIH** The number of days until the next scheduled SIH execution.
- **DetectedCondition** Indicates whether detect condition is true and the perform action will be run. - **DetectedCondition** Indicates whether detected condition is true and the perform action will be run.
- **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed. - **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed.
- **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed. - **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
- **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed. - **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
@ -3042,12 +3004,12 @@ The following fields are available:
- **PackageVersion** The version of the current remediation package. - **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event. - **PluginName** Name of the plugin specified for each generic plugin event.
- **Reload** True if SIH reload is required. - **Reload** True if SIH reload is required.
- **RemediationNoisyHammerAcLineStatus** Event that indicates the AC Line Status of the machine. - **RemediationNoisyHammerAcLineStatus** Indicates the AC Line Status of the device.
- **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started. - **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started.
- **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled. - **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled.
- **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists. - **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists.
- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task. - **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task.
- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent hammer task ran. - **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent Noisy Hammer task ran.
- **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder. - **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder.
- **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed. - **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed.
- **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run. - **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run.
@ -3097,7 +3059,7 @@ The following fields are available:
### Microsoft.Windows.Remediation.Completed ### Microsoft.Windows.Remediation.Completed
This event enables completion tracking of a process that remediates issues preventing security and quality updates. This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
The following fields are available: The following fields are available:
@ -3113,12 +3075,12 @@ The following fields are available:
- **CV** The Correlation Vector. - **CV** The Correlation Vector.
- **DateTimeDifference** The difference between the local and reference clocks. - **DateTimeDifference** The difference between the local and reference clocks.
- **DaysSinceOsInstallation** The number of days since the installation of the Operating System. - **DaysSinceOsInstallation** The number of days since the installation of the Operating System.
- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in Megabytes. - **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in megabytes.
- **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes. - **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes.
- **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes. - **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes.
- **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in. - **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in.
- **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user. - **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user.
- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes. - **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
- **HResult** The result of the event execution. - **HResult** The result of the event execution.
- **LatestState** The final state of the plug-in component. - **LatestState** The final state of the plug-in component.
- **PackageVersion** The package version for the current Remediation. - **PackageVersion** The package version for the current Remediation.
@ -3173,7 +3135,7 @@ The following fields are available:
- **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network. - **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network.
- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present. - **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present.
- **usoScanIsUserLoggedOn** TRUE if the user is logged on. - **usoScanIsUserLoggedOn** TRUE if the user is logged on.
- **usoScanPastThreshold** TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late). - **usoScanPastThreshold** TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
- **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background". - **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
- **WindowsHyberFilSysSizeInMegabytes** The size of the Windows Hibernation file, measured in Megabytes. - **WindowsHyberFilSysSizeInMegabytes** The size of the Windows Hibernation file, measured in Megabytes.
- **WindowsInstallerFolderSizeInMegabytes** The size of the Windows Installer folder, measured in Megabytes. - **WindowsInstallerFolderSizeInMegabytes** The size of the Windows Installer folder, measured in Megabytes.
@ -3302,13 +3264,13 @@ The following fields are available:
### Microsoft.Windows.Remediation.Started ### Microsoft.Windows.Remediation.Started
This event reports whether a plug-in started, to help ensure Windows is up to date. deny
The following fields are available: The following fields are available:
- **CV** Correlation vector. - **CV** Correlation vector.
- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. - **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
- **PackageVersion** Current package version of Remediation. - **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event. - **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin. - **Result** This is the HRESULT for detection or perform action phases of the plugin.
@ -3717,7 +3679,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Applicable ### Microsoft.Windows.SedimentLauncher.Applicable
Indicates whether a given plugin is applicable. This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -3733,7 +3695,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Completed ### Microsoft.Windows.SedimentLauncher.Completed
Indicates whether a given plugin has completed its work. This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -3779,7 +3741,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Started ### Microsoft.Windows.SedimentLauncher.Started
This event indicates that a given plug-in has started. This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -3817,7 +3779,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Applicable ### Microsoft.Windows.SedimentService.Applicable
This event indicates whether a given plug-in is applicable. This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -3833,7 +3795,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Completed ### Microsoft.Windows.SedimentService.Completed
This event indicates whether a given plug-in has completed its work. This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -3886,7 +3848,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Started ### Microsoft.Windows.SedimentService.Started
This event indicates a specified plug-in has started. This information helps ensure Windows is up to date. This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -4042,7 +4004,7 @@ The following fields are available:
### SIHEngineTelemetry.EvalApplicability ### SIHEngineTelemetry.EvalApplicability
This event is sent when targeting logic is evaluated to determine if a device is eligible a given action. This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action.
@ -4236,7 +4198,7 @@ The following fields are available:
- **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector. - **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector.
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. - **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content. - **RevisionNumber** The revision number of the specified piece of content.
- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). - **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. - **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. - **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
@ -5127,12 +5089,12 @@ This event lists the reboot reason when an app is going to reboot.
The following fields are available: The following fields are available:
- **BootId** The boot ID. - **BootId** The system boot ID.
- **BoottimeSinceLastShutdown** The boot time since the last shutdown. - **BoottimeSinceLastShutdown** The boot time since the last shutdown.
- **RebootReason** Reason for the reboot. - **RebootReason** Reason for the reboot.
## Microsoft Store events ## Windows Store events
### Microsoft.Windows.Store.Partner.ReportApplication ### Microsoft.Windows.Store.Partner.ReportApplication
@ -6296,6 +6258,12 @@ This event sends data specific to the FixupEditionId mitigation used for OS Upda
## Windows Update Reserve Manager events ## Windows Update Reserve Manager events
### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
This event returns data about the Update Reserve Manager, including whether its been initialized.
### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment ### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment.

123
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
View File

@ -7,13 +7,13 @@ ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
localizationpriority: high localizationpriority: high
audience: ITPro
author: brianlic-msft author: brianlic-msft
ms.author: brianlic ms.author: brianlic
manager: dansimp manager: dansimp
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 02/15/2019 audience: ITPro
ms.date: 04/19/2019
--- ---
@ -68,7 +68,7 @@ The following fields are available:
- **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device.
- **DecisionSystemBios_RS4** The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device. - **DecisionSystemBios_RS4** The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device.
- **InventoryApplicationFile** The count of the number of this particular object type present on this device. - **InventoryApplicationFile** The count of the number of this particular object type present on this device.
- **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine.
- **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device.
- **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device.
- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. - **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device.
@ -1329,7 +1329,7 @@ The following fields are available:
### Census.App ### Census.App
Provides information on IE and Census versions running on the device This event sends version data about the Apps running on this device, to help keep Windows up to date.
The following fields are available: The following fields are available:
@ -1538,7 +1538,7 @@ The following fields are available:
### Census.Processor ### Census.Processor
Provides information on several important data points about Processor settings This event sends data about the processor to help keep Windows up to date.
The following fields are available: The following fields are available:
@ -1912,6 +1912,41 @@ The following fields are available:
- **pendingDecision** Indicates the cause of reboot, if applicable. - **pendingDecision** Indicates the cause of reboot, if applicable.
### CbsServicingProvider.CbsSelectableUpdateChangeV2
This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
The following fields are available:
- **applicableUpdateState** Indicates the highest applicable state of the optional content.
- **buildVersion** The build version of the package being installed.
- **clientId** The name of the application requesting the optional content change.
- **downloadSource** Indicates if optional content was obtained from Windows Update or a locally accessible file.
- **downloadtimeInSeconds** Indicates if optional content was obtained from Windows Update or a locally accessible file.
- **executionID** A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
- **executionSequence** A counter that tracks the number of servicing operations attempted on the device.
- **firstMergedExecutionSequence** The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
- **firstMergedID** A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
- **hrDownloadResult** The return code of the download operation.
- **hrStatusUpdate** The return code of the servicing operation.
- **identityHash** A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
- **initiatedOffline** Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
- **majorVersion** The major version of the package being installed.
- **minorVersion** The minor version of the package being installed.
- **packageArchitecture** The architecture of the package being installed.
- **packageLanguage** The language of the package being installed.
- **packageName** The name of the package being installed.
- **rebootRequired** Indicates whether a reboot is required to complete the operation.
- **revisionVersion** The revision number of the package being installed.
- **stackBuild** The build number of the servicing stack binary performing the installation.
- **stackMajorVersion** The major version number of the servicing stack binary performing the installation.
- **stackMinorVersion** The minor version number of the servicing stack binary performing the installation.
- **stackRevision** The revision number of the servicing stack binary performing the installation.
- **updateName** The name of the optional Windows Operation System feature being enabled or disabled.
- **updateStartState** A value indicating the state of the optional content before the operation started.
- **updateTargetState** A value indicating the desired state of the optional content.
## Diagnostic data events ## Diagnostic data events
### TelClientSynthetic.AuthorizationInfo_RuntimeTransition ### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
@ -3107,25 +3142,42 @@ The following fields are available:
- **winInetError** The HResult of the operation. - **winInetError** The HResult of the operation.
## Privacy logging notification events
### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue.
The following fields are available:
- **cleanupTask** Indicates whether the task that launched the dialog should be cleaned up.
- **cleanupTaskResult** The return code of the attempt to clean up the task used to show the dialog.
- **deviceEvaluated** Indicates whether the device was eligible for evaluation of a known issue.
- **deviceImpacted** Indicates whether the device was impacted by a known issue.
- **modalAction** The action the user took on the dialog that was presented to them.
- **modalResult** The return code of the attempt to show a dialog to the user explaining the issue.
- **resetSettingsResult** The return code of the action to correct the known issue.
## Remediation events ## Remediation events
### Microsoft.Windows.Remediation.Applicable ### Microsoft.Windows.Remediation.Applicable
This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date. deny
The following fields are available: The following fields are available:
- **ActionName** The name of the action to be taken by the plug-in. - **ActionName** The name of the action to be taken by the plug-in.
- **AppraiserBinariesValidResult** Indicates whether plug-in was appraised as valid. - **AppraiserBinariesValidResult** Indicates whether the plug-in was appraised as valid.
- **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check. - **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check.
- **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid. - **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid.
- **AppraiserTaskDisabled** Indicates the appraiser task is disabled. - **AppraiserTaskDisabled** Indicates the appraiser task is disabled.
- **CV** Correlation vector - **CV** Correlation vector
- **DateTimeDifference** The difference between local and reference clock times. - **DateTimeDifference** The difference between local and reference clock times.
- **DateTimeSyncEnabled** Indicates whether the datetime sync plug-in is enabled. - **DateTimeSyncEnabled** Indicates whether the Datetime Sync plug-in is enabled.
- **DaysSinceLastSIH** The number of days since the most recent SIH executed. - **DaysSinceLastSIH** The number of days since the most recent SIH executed.
- **DaysToNextSIH** The number of days until the next scheduled SIH execution. - **DaysToNextSIH** The number of days until the next scheduled SIH execution.
- **DetectedCondition** Indicates whether detect condition is true and the perform action will be run. - **DetectedCondition** Indicates whether detected condition is true and the perform action will be run.
- **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed. - **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed.
- **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed. - **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
- **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed. - **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
@ -3139,12 +3191,12 @@ The following fields are available:
- **PackageVersion** The version of the current remediation package. - **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event. - **PluginName** Name of the plugin specified for each generic plugin event.
- **Reload** True if SIH reload is required. - **Reload** True if SIH reload is required.
- **RemediationNoisyHammerAcLineStatus** Event that indicates the AC Line Status of the machine. - **RemediationNoisyHammerAcLineStatus** Indicates the AC Line Status of the device.
- **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started. - **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started.
- **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled. - **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled.
- **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists. - **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists.
- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task. - **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task.
- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent hammer task ran. - **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent Noisy Hammer task ran.
- **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder. - **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder.
- **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed. - **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed.
- **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run. - **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run.
@ -3214,7 +3266,7 @@ The following fields are available:
### Microsoft.Windows.Remediation.Completed ### Microsoft.Windows.Remediation.Completed
This event enables completion tracking of a process that remediates issues preventing security and quality updates. This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
The following fields are available: The following fields are available:
@ -3232,12 +3284,12 @@ The following fields are available:
- **CV** The Correlation Vector. - **CV** The Correlation Vector.
- **DateTimeDifference** The difference between the local and reference clocks. - **DateTimeDifference** The difference between the local and reference clocks.
- **DaysSinceOsInstallation** The number of days since the installation of the Operating System. - **DaysSinceOsInstallation** The number of days since the installation of the Operating System.
- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in Megabytes. - **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in megabytes.
- **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes. - **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes.
- **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes. - **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes.
- **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in. - **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in.
- **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user. - **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user.
- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes. - **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
- **hasRolledBack** Indicates whether the client machine has rolled back. - **hasRolledBack** Indicates whether the client machine has rolled back.
- **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS. - **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS.
- **hResult** The result of the event execution. - **hResult** The result of the event execution.
@ -3298,7 +3350,7 @@ The following fields are available:
- **RunResult** The HRESULT for Detection or Perform Action phases of the plug-in. - **RunResult** The HRESULT for Detection or Perform Action phases of the plug-in.
- **ServiceHealthPlugin** The nae of the Service Health plug-in. - **ServiceHealthPlugin** The nae of the Service Health plug-in.
- **StartComponentCleanupTask** TRUE if the Component Cleanup task started successfully. - **StartComponentCleanupTask** TRUE if the Component Cleanup task started successfully.
- **systemDriveFreeDiskSpace** Indicates the free disk space on system drive in MBs. - **systemDriveFreeDiskSpace** Indicates the free disk space on system drive, in megabytes.
- **systemUptimeInHours** Indicates the amount of time the system in hours has been on since the last boot. - **systemUptimeInHours** Indicates the amount of time the system in hours has been on since the last boot.
- **TotalSizeofOrphanedInstallerFilesInMegabytes** The size of any orphaned Windows Installer files, measured in Megabytes. - **TotalSizeofOrphanedInstallerFilesInMegabytes** The size of any orphaned Windows Installer files, measured in Megabytes.
- **TotalSizeofStoreCacheAfterCleanupInMegabytes** The size of the Microsoft Store cache after cleanup, measured in Megabytes. - **TotalSizeofStoreCacheAfterCleanupInMegabytes** The size of the Microsoft Store cache after cleanup, measured in Megabytes.
@ -3313,7 +3365,7 @@ The following fields are available:
- **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network. - **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network.
- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present. - **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present.
- **usoScanIsUserLoggedOn** TRUE if the user is logged on. - **usoScanIsUserLoggedOn** TRUE if the user is logged on.
- **usoScanPastThreshold** TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late). - **usoScanPastThreshold** TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
- **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background". - **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
- **windows10UpgraderBlockWuUpdates** Event to report the value of Windows 10 Upgrader BlockWuUpdates Key. - **windows10UpgraderBlockWuUpdates** Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
- **windowsEditionId** Event to report the value of Windows Edition ID. - **windowsEditionId** Event to report the value of Windows Edition ID.
@ -3347,13 +3399,13 @@ The following fields are available:
### Microsoft.Windows.Remediation.Started ### Microsoft.Windows.Remediation.Started
This event reports whether a plug-in started, to help ensure Windows is up to date. This event is sent when Windows Update sediment remediations have started on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
The following fields are available: The following fields are available:
- **CV** Correlation vector. - **CV** Correlation vector.
- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. - **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
- **PackageVersion** Current package version of Remediation. - **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event. - **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin. - **Result** This is the HRESULT for detection or perform action phases of the plugin.
@ -3615,7 +3667,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Applicable ### Microsoft.Windows.SedimentLauncher.Applicable
Indicates whether a given plugin is applicable. This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -3631,7 +3683,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Completed ### Microsoft.Windows.SedimentLauncher.Completed
Indicates whether a given plugin has completed its work. This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -3678,7 +3730,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Started ### Microsoft.Windows.SedimentLauncher.Started
This event indicates that a given plug-in has started. This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -3716,7 +3768,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Applicable ### Microsoft.Windows.SedimentService.Applicable
This event indicates whether a given plug-in is applicable. This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -3732,7 +3784,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Completed ### Microsoft.Windows.SedimentService.Completed
This event indicates whether a given plug-in has completed its work. This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -3786,7 +3838,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Started ### Microsoft.Windows.SedimentService.Started
This event indicates a specified plug-in has started. This information helps ensure Windows is up to date. This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -4128,7 +4180,7 @@ The following fields are available:
- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.)
- **RevisionNumber** Unique revision number of Update - **RevisionNumber** Unique revision number of Update
- **ServerId** Identifier for the service to which the software distribution client is connecting, such as Windows Update and Microsoft Store. - **ServerId** Identifier for the service to which the software distribution client is connecting, such as Windows Update and Microsoft Store.
- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) - **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **SystemBIOSMajorRelease** Major version of the BIOS. - **SystemBIOSMajorRelease** Major version of the BIOS.
- **SystemBIOSMinorRelease** Minor version of the BIOS. - **SystemBIOSMinorRelease** Minor version of the BIOS.
- **UpdateId** Unique Update ID - **UpdateId** Unique Update ID
@ -4192,7 +4244,7 @@ The following fields are available:
- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one - **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. - **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content. - **RevisionNumber** The revision number of the specified piece of content.
- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). - **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. - **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. - **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
@ -5298,7 +5350,7 @@ The following fields are available:
- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson). - **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
## Microsoft Store events ## Windows Store events
### Microsoft.Windows.Store.Partner.ReportApplication ### Microsoft.Windows.Store.Partner.ReportApplication
@ -6514,12 +6566,29 @@ The following fields are available:
## Windows Update Reserve Manager events ## Windows Update Reserve Manager events
### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending.
### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
This event returns data about the Update Reserve Manager, including whether its been initialized.
### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment ### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment.
### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment
This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed.
## Winlogon events ## Winlogon events
### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon ### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon

209
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
View File

@ -7,13 +7,13 @@ ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
localizationpriority: high localizationpriority: high
audience: ITPro
author: brianlic-msft author: brianlic-msft
ms.author: brianlic ms.author: brianlic
manager: dansimp manager: dansimp
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 02/15/2019 audience: ITPro
ms.date: 04/19/2019
--- ---
@ -1374,7 +1374,7 @@ The following fields are available:
### Census.App ### Census.App
Provides information on IE and Census versions running on the device. This event sends version data about the Apps running on this device, to help keep Windows up to date.
The following fields are available: The following fields are available:
@ -1582,9 +1582,53 @@ The following fields are available:
- **SLICVersion** Returns OS type/version from SLIC table. - **SLICVersion** Returns OS type/version from SLIC table.
### Census.PrivacySettings
This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
The following fields are available:
- **Activity** Current state of the activity history setting.
- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting.
- **ActivityHistoryCollection** Current state of the activity history collection setting.
- **AdvertisingId** Current state of the advertising ID setting.
- **AppDiagnostics** Current state of the app diagnostics setting.
- **Appointments** Current state of the calendar setting.
- **Bluetooth** Current state of the Bluetooth capability setting.
- **BluetoothSync** Current state of the Bluetooth sync capability setting.
- **BroadFileSystemAccess** Current state of the broad file system access setting.
- **CellularData** Current state of the cellular data capability setting.
- **Chat** Current state of the chat setting.
- **Contacts** Current state of the contacts setting.
- **DocumentsLibrary** Current state of the documents library setting.
- **Email** Current state of the email setting.
- **FindMyDevice** Current state of the "find my device" setting.
- **GazeInput** Current state of the gaze input setting.
- **HumanInterfaceDevice** Current state of the human interface device setting.
- **InkTypeImprovement** Current state of the improve inking and typing setting.
- **Location** Current state of the location setting.
- **LocationHistory** Current state of the location history setting.
- **Microphone** Current state of the microphone setting.
- **PhoneCall** Current state of the phone call setting.
- **PhoneCallHistory** Current state of the call history setting.
- **PicturesLibrary** Current state of the pictures library setting.
- **Radios** Current state of the radios setting.
- **SensorsCustom** Current state of the custom sensor setting.
- **SerialCommunication** Current state of the serial communication setting.
- **Sms** Current state of the text messaging setting.
- **SpeechPersonalization** Current state of the speech services setting.
- **USB** Current state of the USB setting.
- **UserAccountInformation** Current state of the account information setting.
- **UserDataTasks** Current state of the tasks setting.
- **UserNotificationListener** Current state of the notifications setting.
- **VideosLibrary** Current state of the videos library setting.
- **Webcam** Current state of the camera setting.
- **WiFiDirect** Current state of the Wi-Fi direct setting.
### Census.Processor ### Census.Processor
Provides information on several important data points about Processor settings. This event sends data about the processor to help keep Windows up to date.
The following fields are available: The following fields are available:
@ -1695,6 +1739,50 @@ The following fields are available:
- **SpeechInputLanguages** The Speech Input languages installed on the device. - **SpeechInputLanguages** The Speech Input languages installed on the device.
### Census.UserPrivacySettings
This event provides information about the current users privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represents the authority that set the value. The effective consent is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = user, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
The following fields are available:
- **Activity** Current state of the activity history setting.
- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting.
- **ActivityHistoryCollection** Current state of the activity history collection setting.
- **AdvertisingId** Current state of the advertising ID setting.
- **AppDiagnostics** Current state of the app diagnostics setting.
- **Appointments** Current state of the calendar setting.
- **Bluetooth** Current state of the Bluetooth capability setting.
- **BluetoothSync** Current state of the Bluetooth sync capability setting.
- **BroadFileSystemAccess** Current state of the broad file system access setting.
- **CellularData** Current state of the cellular data capability setting.
- **Chat** Current state of the chat setting.
- **Contacts** Current state of the contacts setting.
- **DocumentsLibrary** Current state of the documents library setting.
- **Email** Current state of the email setting.
- **GazeInput** Current state of the gaze input setting.
- **HumanInterfaceDevice** Current state of the human interface device setting.
- **InkTypeImprovement** Current state of the improve inking and typing setting.
- **InkTypePersonalization** Current state of the inking and typing personalization setting.
- **Location** Current state of the location setting.
- **LocationHistory** Current state of the location history setting.
- **Microphone** Current state of the microphone setting.
- **PhoneCall** Current state of the phone call setting.
- **PhoneCallHistory** Current state of the call history setting.
- **PicturesLibrary** Current state of the pictures library setting.
- **Radios** Current state of the radios setting.
- **SensorsCustom** Current state of the custom sensor setting.
- **SerialCommunication** Current state of the serial communication setting.
- **Sms** Current state of the text messaging setting.
- **SpeechPersonalization** Current state of the speech services setting.
- **USB** Current state of the USB setting.
- **UserAccountInformation** Current state of the account information setting.
- **UserDataTasks** Current state of the tasks setting.
- **UserNotificationListener** Current state of the notifications setting.
- **VideosLibrary** Current state of the videos library setting.
- **Webcam** Current state of the camera setting.
- **WiFiDirect** Current state of the Wi-Fi direct setting.
### Census.VM ### Census.VM
This event sends data indicating whether virtualization is enabled on the device, and its various characteristics, to help keep Windows up to date. This event sends data indicating whether virtualization is enabled on the device, and its various characteristics, to help keep Windows up to date.
@ -1819,7 +1907,6 @@ The following fields are available:
- **ext_cs** Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs). - **ext_cs** Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs).
- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). - **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). - **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
- **ext_receipts** Describes the fields related to time as provided by the client for debugging purposes. See [Common Data Extensions.receipts](#common-data-extensionsreceipts).
- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). - **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser). - **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc). - **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
@ -1845,16 +1932,6 @@ The following fields are available:
- **ver** Represents the major and minor version of the extension. - **ver** Represents the major and minor version of the extension.
### Common Data Extensions.receipts
Represents various time information as provided by the client and helps for debugging purposes.
The following fields are available:
- **originalTime** The original event time.
- **uploadTime** The time the event was uploaded.
### Common Data Extensions.sdk ### Common Data Extensions.sdk
Used by platform specific libraries to record fields that are required for a specific SDK. Used by platform specific libraries to record fields that are required for a specific SDK.
@ -2027,6 +2104,41 @@ The following fields are available:
- **transactionCanceled** Indicates whether the uninstall was cancelled. - **transactionCanceled** Indicates whether the uninstall was cancelled.
### CbsServicingProvider.CbsSelectableUpdateChangeV2
This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
The following fields are available:
- **applicableUpdateState** Indicates the highest applicable state of the optional content.
- **buildVersion** The build version of the package being installed.
- **clientId** The name of the application requesting the optional content change.
- **downloadSource** Indicates if optional content was obtained from Windows Update or a locally accessible file.
- **downloadtimeInSeconds** Indicates if optional content was obtained from Windows Update or a locally accessible file.
- **executionID** A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
- **executionSequence** A counter that tracks the number of servicing operations attempted on the device.
- **firstMergedExecutionSequence** The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
- **firstMergedID** A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
- **hrDownloadResult** The return code of the download operation.
- **hrStatusUpdate** The return code of the servicing operation.
- **identityHash** A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
- **initiatedOffline** Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
- **majorVersion** The major version of the package being installed.
- **minorVersion** The minor version of the package being installed.
- **packageArchitecture** The architecture of the package being installed.
- **packageLanguage** The language of the package being installed.
- **packageName** The name of the package being installed.
- **rebootRequired** Indicates whether a reboot is required to complete the operation.
- **revisionVersion** The revision number of the package being installed.
- **stackBuild** The build number of the servicing stack binary performing the installation.
- **stackMajorVersion** The major version number of the servicing stack binary performing the installation.
- **stackMinorVersion** The minor version number of the servicing stack binary performing the installation.
- **stackRevision** The revision number of the servicing stack binary performing the installation.
- **updateName** The name of the optional Windows Operation System feature being enabled or disabled.
- **updateStartState** A value indicating the state of the optional content before the operation started.
- **updateTargetState** A value indicating the desired state of the optional content.
## Deployment extensions ## Deployment extensions
### DeploymentTelemetry.Deployment_End ### DeploymentTelemetry.Deployment_End
@ -4120,26 +4232,43 @@ The following fields are available:
- **threadId** The ID of the thread the activity was run on. - **threadId** The ID of the thread the activity was run on.
## Privacy logging notification events
### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue.
The following fields are available:
- **cleanupTask** Indicates whether the task that launched the dialog should be cleaned up.
- **cleanupTaskResult** The return code of the attempt to clean up the task used to show the dialog.
- **deviceEvaluated** Indicates whether the device was eligible for evaluation of a known issue.
- **deviceImpacted** Indicates whether the device was impacted by a known issue.
- **modalAction** The action the user took on the dialog that was presented to them.
- **modalResult** The return code of the attempt to show a dialog to the user explaining the issue.
- **resetSettingsResult** The return code of the action to correct the known issue.
## Remediation events ## Remediation events
### Microsoft.Windows.Remediation.Applicable ### Microsoft.Windows.Remediation.Applicable
This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date. deny
The following fields are available: The following fields are available:
- **ActionName** The name of the action to be taken by the plug-in. - **ActionName** The name of the action to be taken by the plug-in.
- **AppraiserBinariesValidResult** Indicates whether plug-in was appraised as valid. - **AppraiserBinariesValidResult** Indicates whether the plug-in was appraised as valid.
- **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check. - **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check.
- **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid. - **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid.
- **AppraiserTaskDisabled** Indicates the appraiser task is disabled. - **AppraiserTaskDisabled** Indicates the appraiser task is disabled.
- **AppraiserTaskValidFailed** Indicates the Appraiser task did not function and requires intervention. - **AppraiserTaskValidFailed** Indicates the Appraiser task did not function and requires intervention.
- **CV** Correlation vector - **CV** Correlation vector
- **DateTimeDifference** The difference between local and reference clock times. - **DateTimeDifference** The difference between local and reference clock times.
- **DateTimeSyncEnabled** Indicates whether the datetime sync plug-in is enabled. - **DateTimeSyncEnabled** Indicates whether the Datetime Sync plug-in is enabled.
- **DaysSinceLastSIH** The number of days since the most recent SIH executed. - **DaysSinceLastSIH** The number of days since the most recent SIH executed.
- **DaysToNextSIH** The number of days until the next scheduled SIH execution. - **DaysToNextSIH** The number of days until the next scheduled SIH execution.
- **DetectedCondition** Indicates whether detect condition is true and the perform action will be run. - **DetectedCondition** Indicates whether detected condition is true and the perform action will be run.
- **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed. - **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed.
- **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed. - **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
- **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed. - **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
@ -4153,12 +4282,12 @@ The following fields are available:
- **PackageVersion** The version of the current remediation package. - **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event. - **PluginName** Name of the plugin specified for each generic plugin event.
- **Reload** True if SIH reload is required. - **Reload** True if SIH reload is required.
- **RemediationNoisyHammerAcLineStatus** Event that indicates the AC Line Status of the machine. - **RemediationNoisyHammerAcLineStatus** Indicates the AC Line Status of the device.
- **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started. - **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started.
- **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled. - **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled.
- **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists. - **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists.
- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task. - **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task.
- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent hammer task ran. - **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent Noisy Hammer task ran.
- **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder. - **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder.
- **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed. - **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed.
- **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run. - **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run.
@ -4228,7 +4357,7 @@ The following fields are available:
### Microsoft.Windows.Remediation.Completed ### Microsoft.Windows.Remediation.Completed
This event enables completion tracking of a process that remediates issues preventing security and quality updates. This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
The following fields are available: The following fields are available:
@ -4246,12 +4375,12 @@ The following fields are available:
- **CV** The Correlation Vector. - **CV** The Correlation Vector.
- **DateTimeDifference** The difference between the local and reference clocks. - **DateTimeDifference** The difference between the local and reference clocks.
- **DaysSinceOsInstallation** The number of days since the installation of the Operating System. - **DaysSinceOsInstallation** The number of days since the installation of the Operating System.
- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in Megabytes. - **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in megabytes.
- **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes. - **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes.
- **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes. - **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes.
- **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in. - **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in.
- **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user. - **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user.
- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes. - **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
- **hasRolledBack** Indicates whether the client machine has rolled back. - **hasRolledBack** Indicates whether the client machine has rolled back.
- **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS. - **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS.
- **hResult** The result of the event execution. - **hResult** The result of the event execution.
@ -4316,7 +4445,7 @@ The following fields are available:
- **ServiceHealthInstalledBitMap** List of services installed by the plugin. - **ServiceHealthInstalledBitMap** List of services installed by the plugin.
- **ServiceHealthPlugin** The nae of the Service Health plug-in. - **ServiceHealthPlugin** The nae of the Service Health plug-in.
- **StartComponentCleanupTask** TRUE if the Component Cleanup task started successfully. - **StartComponentCleanupTask** TRUE if the Component Cleanup task started successfully.
- **systemDriveFreeDiskSpace** Indicates the free disk space on system drive in MBs. - **systemDriveFreeDiskSpace** Indicates the free disk space on system drive, in megabytes.
- **systemUptimeInHours** Indicates the amount of time the system in hours has been on since the last boot. - **systemUptimeInHours** Indicates the amount of time the system in hours has been on since the last boot.
- **TotalSizeofOrphanedInstallerFilesInMegabytes** The size of any orphaned Windows Installer files, measured in Megabytes. - **TotalSizeofOrphanedInstallerFilesInMegabytes** The size of any orphaned Windows Installer files, measured in Megabytes.
- **TotalSizeofStoreCacheAfterCleanupInMegabytes** The size of the Microsoft Store cache after cleanup, measured in Megabytes. - **TotalSizeofStoreCacheAfterCleanupInMegabytes** The size of the Microsoft Store cache after cleanup, measured in Megabytes.
@ -4331,7 +4460,7 @@ The following fields are available:
- **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network. - **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network.
- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present. - **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present.
- **usoScanIsUserLoggedOn** TRUE if the user is logged on. - **usoScanIsUserLoggedOn** TRUE if the user is logged on.
- **usoScanPastThreshold** TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late). - **usoScanPastThreshold** TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
- **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background". - **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
- **windows10UpgraderBlockWuUpdates** Event to report the value of Windows 10 Upgrader BlockWuUpdates Key. - **windows10UpgraderBlockWuUpdates** Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
- **windowsEditionId** Event to report the value of Windows Edition ID. - **windowsEditionId** Event to report the value of Windows Edition ID.
@ -4365,13 +4494,13 @@ The following fields are available:
### Microsoft.Windows.Remediation.Started ### Microsoft.Windows.Remediation.Started
This event reports whether a plug-in started, to help ensure Windows is up to date. This event is sent when Windows Update sediment remediations have started on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
The following fields are available: The following fields are available:
- **CV** Correlation vector. - **CV** Correlation vector.
- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. - **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
- **PackageVersion** Current package version of Remediation. - **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event. - **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin. - **Result** This is the HRESULT for detection or perform action phases of the plugin.
- **RunCount** The number of times the remediation event started (whether it completed successfully or not). - **RunCount** The number of times the remediation event started (whether it completed successfully or not).
@ -4598,7 +4727,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Applicable ### Microsoft.Windows.SedimentLauncher.Applicable
Indicates whether a given plugin is applicable. This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -4614,7 +4743,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Completed ### Microsoft.Windows.SedimentLauncher.Completed
Indicates whether a given plugin has completed its work. This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -4629,7 +4758,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Started ### Microsoft.Windows.SedimentLauncher.Started
This event indicates that a given plug-in has started. This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -4642,7 +4771,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Applicable ### Microsoft.Windows.SedimentService.Applicable
This event indicates whether a given plug-in is applicable. This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -4658,7 +4787,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Completed ### Microsoft.Windows.SedimentService.Completed
This event indicates whether a given plug-in has completed its work. This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -4680,7 +4809,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Started ### Microsoft.Windows.SedimentService.Started
This event indicates a specified plug-in has started. This information helps ensure Windows is up to date. This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available: The following fields are available:
@ -4934,7 +5063,7 @@ The following fields are available:
- **FlightId** The specific id of the flight the device is getting - **FlightId** The specific id of the flight the device is getting
- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.)
- **RevisionNumber** Identifies the revision number of this specific piece of content - **RevisionNumber** Identifies the revision number of this specific piece of content
- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) - **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **SystemBIOSMajorRelease** Major release version of the system bios - **SystemBIOSMajorRelease** Major release version of the system bios
- **SystemBIOSMinorRelease** Minor release version of the system bios - **SystemBIOSMinorRelease** Minor release version of the system bios
- **UpdateId** Identifier associated with the specific piece of content - **UpdateId** Identifier associated with the specific piece of content
@ -4997,7 +5126,7 @@ The following fields are available:
- **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector. - **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector.
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. - **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content. - **RevisionNumber** The revision number of the specified piece of content.
- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). - **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. - **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. - **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
@ -5988,7 +6117,7 @@ The following fields are available:
- **PertProb** Constant used in algorithm for randomization. - **PertProb** Constant used in algorithm for randomization.
## Microsoft Store events ## Windows Store events
### Microsoft.Windows.Store.StoreActivating ### Microsoft.Windows.Store.StoreActivating
@ -7646,6 +7775,12 @@ This event is sent when the Update Reserve Manager returns an error from one of
### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
This event returns data about the Update Reserve Manager, including whether its been initialized.
### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization ### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization
This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot. This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot.

8581
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
View File

File diff suppressed because it is too large Load Diff

7937
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md Normal file
View File

File diff suppressed because it is too large Load Diff

5
windows/privacy/windows-diagnostic-data.md
View File

@ -12,17 +12,18 @@ ms.author: daniha
manager: dansimp manager: dansimp
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 03/13/2018 ms.date: 04/15/2019
--- ---
# Windows 10, version 1709 and newer diagnostic data for the Full level # Windows 10, version 1709 and newer diagnostic data for the Full level
Applies to: Applies to:
- Windows 10, version 1903
- Windows 10, version 1809 - Windows 10, version 1809
- Windows 10, version 1803 - Windows 10, version 1803
- Windows 10, version 1709 - Windows 10, version 1709
Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1809 Basic level diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields). Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1903 Basic level diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields).
In addition, this article provides references to equivalent definitions for the data types and examples from [ISO/IEC 19944:2017 Information technology -- Cloud computing -- Cloud services and devices: Data flow, data categories and data use](https://www.iso.org/standard/66674.html). Each data type also has a Data Use statement, for diagnostics and for Tailored experiences on the device, using the terms as defined by the standard. These Data Use statements define the purposes for which Microsoft processes each type of Windows diagnostic data, using a uniform set of definitions referenced at the end of this document and based on the ISO standard. Reference to the ISO standard provides additional clarity about the information collected, and allows easy comparison with other services or guidance that also references the standard. In addition, this article provides references to equivalent definitions for the data types and examples from [ISO/IEC 19944:2017 Information technology -- Cloud computing -- Cloud services and devices: Data flow, data categories and data use](https://www.iso.org/standard/66674.html). Each data type also has a Data Use statement, for diagnostics and for Tailored experiences on the device, using the terms as defined by the standard. These Data Use statements define the purposes for which Microsoft processes each type of Windows diagnostic data, using a uniform set of definitions referenced at the end of this document and based on the ISO standard. Reference to the ISO standard provides additional clarity about the information collected, and allows easy comparison with other services or guidance that also references the standard.