deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 5593: changes instances of "telemetry" to "diagnostic data" where appropriate

Browse Source
This commit is contained in:
Jeanie Decker 2018-01-30 21:09:21 +00:00
parent 50c9637613
commit 9236bb2016
59 changed files with 337 additions and 332 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
View File

@ -164,8 +164,8 @@ Users can sign in to Microsoft Edge to access intranet sites and online resource
*Organization policies that this may affect:* <br>
-->
### Telemetry
### Diagnostic data
The Surface Hub OS uses the Windows 10 Connected User Experience and Telemetry component to gather and transmit telemetry data. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization).
The Surface Hub OS uses the Windows 10 Connected User Experience and Telemetry component to gather and transmit diagnostic data. For more information, see [Configure Windows diagnostic data in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization).
*Organization policies that this may affect:* <br> Configure telemetry levels for Surface Hub in the same way as you do for Windows 10 Enterprise.
*Organization policies that this may affect:* <br> Configure diagnostic data levels for Surface Hub in the same way as you do for Windows 10 Enterprise.

2
devices/surface-hub/monitor-surface-hub.md
View File

@ -86,7 +86,7 @@ This table describes the sample queries in the Surface Hub solution:
| Alert type | Impact | Recommended remediation | Details |
| ---------- | ------ | ----------------------- | ------- |
| Software | Error | **Reboot the device**. <br> Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx). <br> Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions: <br> - A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive. <br> - The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the telemetry reporting system. |
| Software | Error | **Reboot the device**. <br> Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx). <br> Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions: <br> - A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive. <br> - The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the diagnostic data reporting system. |
| Software | Error | **Check your Exchange service**. <br> Verify: <br> - The service is available. <br> - The device account password is up to date see [Password management](password-management-for-surface-hub-device-accounts.md) for details.| Triggers when there's an error syncing the device calendar with Exchange. |
| Software | Error | **Check your Skype for Business service**. <br> Verify: <br> - The service is available. <br> - The device account password is up to date see [Password management](password-management-for-surface-hub-device-accounts.md) for details. <br> - The domain name for Skype for Business is properly configured - see [Configure a domain name](use-fully-qualified-domain-name-surface-hub.md). | Triggers when Skype fails to sign in. |
| Software | Error | **Reset the device**. <br> This takes some time, so you should take the device offline. <br> For more information, see [Device reset](device-reset-surface-hub.md).| Triggers when there is an error cleaning up user and app data at the end of a session. When this operation repeatedly fails, the device is locked to protect user data. You must reset the device to continue. |

6
devices/surface-hub/prepare-your-environment-for-surface-hub.md
View File

@ -40,9 +40,9 @@ Depending on your environment, access to additional ports may be needed:
- For online environments, see [Office 365 IP URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US).
- For on-premises installations, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx).
Microsoft collects telemetry to help improve your Surface Hub experience. Add these sites to your allow list:
- Telemetry client endpoint: `https://vortex.data.microsoft.com/`
- Telemetry settings endpoint: `https://settings.data.microsoft.com/`
Microsoft collects diagnostic data to help improve your Surface Hub experience. Add these sites to your allow list:
- Diagnostic data client endpoint: `https://vortex.data.microsoft.com/`
- Diagnostic data settings endpoint: `https://settings.data.microsoft.com/`
### Proxy configuration

2
devices/surface-hub/troubleshoot-surface-hub.md
View File

@ -524,7 +524,7 @@ This section lists status codes, mapping, user messages, and actions an admin ca
<tr class="even">
<td align="left"><p>0x85002004</p></td>
<td align="left"><p>E_FAIL_ABORT</p></td>
<td align="left"><p>This error is used to interrupt the hanging sync, and will not be exposed to users. It will be shown in the telemetry if you force an interactive sync, delete the account, or update its settings.</p></td>
<td align="left"><p>This error is used to interrupt the hanging sync, and will not be exposed to users. It will be shown in the diagnostic data if you force an interactive sync, delete the account, or update its settings.</p></td>
<td align="left"><p>Nothing.</p></td>
</tr>
<tr class="odd">

2
windows/application-management/svchost-service-refactoring.md
View File

@ -33,7 +33,7 @@ Benefits of this design change include:
* Reduced support costs by eliminating the troubleshooting overhead associated with isolating misbehaving services in the shared host.
* Increased security by providing additional inter-service isolation
* Increased scalability by allowing per-service settings and privileges
* Improved resource management through per-service CPU, I/O and memory management and increase clear telemetry (report CPU, I/O and network usage per service).
* Improved resource management through per-service CPU, I/O and memory management and increase clear diagnostic data (report CPU, I/O and network usage per service).
>**Try This**
>

2
windows/client-management/mdm/dmclient-csp.md
View File

@ -216,7 +216,7 @@ Added in Windows 10, version 1607. Returns the hardware device ID.
Supported operation is Get.
<a href="" id="provider-providerid-commercialid"></a>**Provider/*ProviderID*/CommercialID**
Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this telemetry data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its telemetry data with your organization..
Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data with your organization..
Supported operations are Add, Get, Replace, and Delete.

6
windows/client-management/mdm/policy-csp-browser.md
View File

@ -1327,14 +1327,14 @@ The following list shows the supported values:
<!--Description-->
This policy setting lets you decide how much data to send to Microsoft about the book you're reading from the Books tab in Microsoft Edge.
If you enable this setting, Microsoft Edge sends additional telemetry data, on top of the basic telemetry data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic telemetry data, depending on your device configuration.
If you enable this setting, Microsoft Edge sends additional diagnostic data, on top of the basic diagnostic data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic diagnostic data, depending on your device configuration.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) - Disable. No additional telemetry.
- 1 - Enable. Additional telemetry for schools.
- 0 (default) - Disable. No additional diagnostic data.
- 1 - Enable. Additional diagnostic data for schools.
<!--/SupportedValues-->
<!--/Policy-->

4
windows/client-management/mdm/tpmpolicy-csp.md
View File

@ -12,7 +12,7 @@ ms.date: 11/01/2017
# TPMPolicy CSP
The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (telemetry or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
The TPMPolicy CSP was added in Windows 10, version 1703.
@ -30,7 +30,7 @@ The following diagram shows the TPMPolicy configuration service provider in tree
<li>There should be no traffic when machine is on idle. When the user is not interacting with the system/device, no traffic is expected. </li>
<li>There should be no traffic during installation of Windows and first logon when local ID is used.</li>
<li>Launching and using a local app (Notepad, Paint, etc.) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, etc.) should not send any traffic.</li>
<li>Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic, telemetry, etc.) to Microsoft.</li>
<li>Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic data, etc.) to Microsoft.</li>
</ul>
Here is an example:

2
windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
View File

@ -77,7 +77,7 @@ The following list describes the characteristics and parameters.
<p style="margin-left: 20px">Supported operations are Get and Replace.
<a href="" id="configuration-telemetryreportingfrequency"></a>**Configuration/TelemetryReportingFrequency**
<p style="margin-left: 20px">Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection telemetry reporting frequency.
<p style="margin-left: 20px">Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency.
<p style="margin-left: 20px">The following list shows the supported values:

2
windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
View File

@ -227,7 +227,7 @@ The XML below is the current version for this CSP.
<Replace />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>Return or set Windows Defender Advanced Threat Protection telemetry reporting frequency. Allowed values are: 1 - Normal, 2 - Expedite</Description>
<Description>Return or set Windows Defender Advanced Threat Protection diagnostic data reporting frequency. Allowed values are: 1 - Normal, 2 - Expedite</Description>
<DFFormat>
<int />
</DFFormat>

21
windows/client-management/windows-10-mobile-and-mdm.md
View File

@ -2,7 +2,7 @@
title: Windows 10 Mobile deployment and management guide (Windows 10)
description: This guide helps IT professionals plan for and deploy Windows 10 Mobile devices.
ms.assetid: 6CAA1004-CB65-4FEC-9B84-61AAD2125E5E
keywords: Mobile, telemetry, BYOD, MDM
keywords: Mobile, diagnostic data, BYOD, MDM
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@ -14,7 +14,8 @@ ms.date: 09/21/2017
# Windows 10 Mobile deployment and management guide
*Applies to: Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607*
**Applies to:**
- Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607
This guide helps IT professionals plan for and deploy Windows 10 Mobile devices.
@ -189,7 +190,7 @@ Multiple MDM systems support Windows 10 and most support personal and corporate
In addition, Microsoft recently added MDM capabilities powered by Intune to Office 365. MDM for Office 365 supports mobile devices only, such as those running Windows 10 Mobile, iOS, and Android. MDM for Office 365 offers a subset of the management capabilities found in Intune, including the ability to remotely wipe a device, block a device from accessing Exchange Server email, and configure device policies (e.g., passcode requirements). For more information about MDM for Office 365 capabilities, see [Overview of Mobile Device Management for Office 365](http://technet.microsoft.com/en-us/library/ms.o365.cc.devicepolicy.aspx).
**Cloud services**
On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect telemetry (usage data). Windows 10 Mobile enables organizations to manage how devices consume these cloud services.
On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect diagnostic and usage data. Windows 10 Mobile enables organizations to manage how devices consume these cloud services.
**Windows Push Notification Services**
The Windows Push Notification Services enable software developers to send toast, tile, badge, and raw updates from their cloud services. It provides a mechanism to deliver updates to users in a power-efficient and dependable way.
@ -795,9 +796,9 @@ While Windows 10 Mobile provides updates directly to user devices from Windows U
Upgrading to Windows 10 Mobile Enterprise edition provides additional device and app management capabilities for organizations that want to:
- **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 Mobile Enterprise edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released.
- **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organizations certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 Mobile Enterprise is required.
- **Set the telemetry level:** Microsoft collects telemetry data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the telemetry level so that only telemetry information required to keep devices secured is gathered.
- **Set the diagnostic data level:** Microsoft collects diagnostic data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the diagnostic data level so that only diagnostic information required to keep devices secured is gathered.
To learn more about telemetry, visit [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization).
To learn more about diagnostic, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization).
To activate Windows 10 Mobile Enterprise, use your MDM system or a provisioning package to inject the Windows 10 Enterprise license on a Windows 10 Mobile device. Licenses can be obtained from the Volume Licensing portal. For testing purposes, you can obtain a licensing file from the MSDN download center. A valid MSDN subscription is required.
@ -1007,17 +1008,17 @@ The following list shows examples of the Windows 10 Mobile software and hardware
- **Secure Boot state** Indicates whether Secure Boot is enabled
- **Enterprise encryption policy compliance** Indicates whether the device is encrypted
### <a href="" id="manage-telemetry"></a>Manage telemetry
### <a href="" id="manage-telemetry"></a>Manage diagnostic data
*Applies to: Corporate devices with Windows 10 Mobile Enterprise edition*
Microsoft uses telemetry (diagnostics, performance, and usage data) from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry helps keep Windows devices healthy, improve the operating system, and personalize features and services.
Microsoft uses diagnostics, performance, and usage data from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Diagnostic data helps keep Windows devices healthy, improve the operating system, and personalize features and services.
You can control the level of data that telemetry systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system.
You can control the level of data that diagnostic data systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system.
For more information, see [Configure Windows telemetry in Your organization](/windows/configuration/configure-windows-telemetry-in-your-organization).
For more information, see [Configure Windows diagnostic data in Your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization).
>**Note:** Telemetry can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition.
>**Note:** Diagnostic data can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition.
### <a href="" id="mremote-assistance"></a>Remote assistance

6
windows/configuration/TOC.md
View File

@ -1,10 +1,10 @@
# [Configure Windows 10](index.md)
## [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
## [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
## [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md)
## [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)
## [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md)
## [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
## [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
## [Windows 10 diagnostic data for the Full telemetry level](windows-diagnostic-data-1703.md)
## [Windows 10 diagnostic data for the Full diagnostic data level](windows-diagnostic-data-1703.md)
## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)
## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
## [Manage Windows 10 connection endpoints](manage-windows-endpoints-version-1709.md)

84
windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md
View File

@ -1,7 +1,7 @@
---
description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
title: Windows 10, version 1703 basic diagnostic events and fields (Windows 10)
keywords: privacy, telemetry
keywords: privacy, diagnostic data
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@ -24,7 +24,7 @@ The Basic level gathers a limited set of information that is critical for unders
Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. You can learn more about Windows functional and diagnostic data through these articles:
- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
- [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
>[!Note]
>Updated November 2017 to document new and modified events. Weve added some new events and also added new fields to existing events to prepare for upgrades to the next release of Windows.
@ -88,12 +88,12 @@ The following fields are available:
- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server.
- **seqNum** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue.  The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server.
- **iKey** Represents an ID for applications or other logical groupings of events.
- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experiences and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
- **os** Represents the operating system name.
- **osVer** Represents the OS version, and its format is OS dependent.
- **appId** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
- **appVer** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries.
- **cV** Represents the Correlation Vector: A single field for tracking partial order of related diagnostic data events across component boundaries.
### Common Data Extensions.OS
@ -135,7 +135,7 @@ The following fields are available:
### Common Data Extensions.Consent UI Event
This User Account Control (UAC) telemetry point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path.
This User Account Control (UAC) diagnostic data point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path.
The following fields are available:
@ -198,7 +198,7 @@ The following fields are available:
- **HKCU_FlipAhead.HRESULT** The error code returned when trying to query Flip Ahead for the current user.
- **HKLM_TailoredExperiences.TailoredExperiencesWithDiagnosticDataEnabled** Is Tailored Experiences with Diagnostics Data enabled for the current user after the feature update had completed?
- **HKCU_TailoredExperiences.HRESULT** The error code returned when trying to query Tailored Experiences with Diagnostics Data for the current user.
- **HKLM_AdvertisingID.Enabled** Is the adveristing ID enabled for the device?
- **HKLM_AdvertisingID.Enabled** Is the adverising ID enabled for the device?
- **HKLM_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the device.
- **HKCU_AdvertisingID.Enabled** Is the adveristing ID enabled for the current user?
- **HKCU_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the user.
@ -332,7 +332,7 @@ The following fields are available:
- **HasCitData** Is the file present in CIT data?
- **HasUpgradeExe** Does the anti-virus app have an upgrade.exe file?
- **IsAv** Is the file an anti-virus reporting EXE?
- **ResolveAttempted** This will always be an empty string when sending telemetry.
- **ResolveAttempted** This will always be an empty string when sending diagnostic data.
- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file.
@ -1032,7 +1032,7 @@ The following fields are available:
- **AppraiserBranch** The source branch in which the currently running version of Appraiser was built.
- **AppraiserVersion** The version of the Appraiser file generating the events.
- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
- **Context** Indicates what mode Appraiser is running in. Example: Setup or Diagnostic Data.
- **Time** The client time of the event.
- **AppraiserProcess** The name of the process that launched Appraiser.
- **PCFP** An ID for the system calculated by hashing hardware identifiers.
@ -1354,35 +1354,35 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
A summary event indicating the parameters and result of a telemetry run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date.
A summary event indicating the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date.
The following fields are available:
- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability.
- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
- **Time** The client time of the event.
- **RunDate** The date that the telemetry run was stated, expressed as a filetime.
- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime.
- **AppraiserProcess** The name of the process that launched Appraiser.
- **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run.
- **SendingUtc** Indicates if the Appraiser client is sending events during the current diagnostic data run.
- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
- **AppraiserBranch** The source branch in which the version of Appraiser that is running was built.
- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic.
- **EnterpriseRun** Indicates if the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
- **AuxFinal** Obsolete, always set to false
- **StoreHandleIsNotNull** Obsolete, always set to false
- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run.
- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
- **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
- **PCFP** An ID for the system calculated by hashing hardware identifiers.
- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
- **TelementrySent** Indicates if telemetry was successfully sent.
- **TelementrySent** Indicates if diagnostic data was successfully sent.
- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated.
- **RunResult** The hresult of the Appraiser telemetry run.
- **RunResult** The hresult of the Appraiser diagnostic data run.
### Microsoft.Windows.Appraiser.General.WmdrmAdd
@ -1502,14 +1502,14 @@ The following fields are available:
- **MSA_Accounts** Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device.
- **IsFlightsDisabled** Represents if the device is participating in the Windows Insider program.
- **FlightingBranchName** The name of the Windows Insider branch currently used by the device.
- **DeviceSampleRate** The telemetry sample rate assigned to the device.
- **DeviceSampleRate** The diagnostic data sample rate assigned to the device.
- **EnablePreviewBuilds** Used to enable Windows Insider builds on a device.
- **SSRK** Retrieves the mobile targeting settings.
### Census.Hardware
This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up-to-date.
This event sends data about the device, including hardware type, OEM brand, model line, model, diagnostic data level setting, and TPM support, to help keep Windows up-to-date.
The following fields are available:
@ -1532,8 +1532,8 @@ The following fields are available:
- **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
- **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
- **StudyID** Used to identify retail and non-retail device.
- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced.
- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user.
- **TelemetryLevel** The diagnostic data level the user has opted into, such as Basic or Enhanced.
- **TelemetrySettingAuthority** Determines who set the diagnostic data level, such as GP, MDM, or the user.
- **DeviceForm** Indicates the form as per the device classification.
- **DigitizerSupport** Is a digitizer supported?
- **OEMModelBaseBoard** The baseboard model used by the OEM.
@ -1545,7 +1545,7 @@ The following fields are available:
- **Gyroscope** Indicates whether the device has a gyroscope.
- **Magnetometer** Indicates whether the device has a magnetometer.
- **NFCProximity** Indicates whether the device supports NFC.
- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions.
- **TelemetryLevelLimitEnhanced** The diagnostic data level for Windows Analytics-based solutions.
### Census.Memory
@ -1784,45 +1784,45 @@ This event provides information on about security settings used to help keep Win
### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
This event sends data indicating that a device has undergone a change of telemetry opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date.
This event sends data indicating that a device has undergone a change of diagnostic data opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date.
The following fields are available:
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism.
- **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
- **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats.
- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups.
- **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations.
- **CanPerformScripting** True if UTC is allowed to perform scripting.
- **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions.
- **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry opt-in level was last changed.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data opt-in level was last changed.
### TelClientSynthetic.AuthorizationInfo_Startup
This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date.
This event sends data indicating that a device has undergone a change of diagnostic data opt-in level detected at UTC startup, to help keep Windows up to date.
The following fields are available:
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism.
- **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats.
- **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups.
- **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events.
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups.
- **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions.
- **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations.
- **CanPerformScripting** True if UTC is allowed to perform scripting.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry client was last started.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data client was last started.
### TelClientSynthetic.ConnectivityHeartBeat_0
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
This event sends data about the connectivity status of the Connected User Experiences and Telemetry component that uploads diagnostic data events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
The following fields are available:
@ -1838,13 +1838,13 @@ The following fields are available:
### TelClientSynthetic.HeartBeat_5
This event sends data about the health and quality of the telemetry data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
The following fields are available:
- **PreviousHeartBeatTime** The time of last heartbeat event. This allows chaining of events.
- **EtwDroppedCount** The number of events dropped by the ETW layer of the telemetry client.
- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the telemetry client.
- **EtwDroppedCount** The number of events dropped by the ETW layer of the diagnostic data client.
- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the diagnostic data client.
- **DecodingDroppedCount** The number of events dropped because of decoding failures.
- **ThrottledDroppedCount** The number of events dropped due to throttling of noisy providers.
- **DbDroppedCount** The number of events that were dropped because the database was full.
@ -1852,10 +1852,10 @@ The following fields are available:
- **EventSubStoreResetSizeSum** The total size of the event database across all resets reports in this instance.
- **CriticalOverflowEntersCounter** The number of times a critical overflow mode was entered into the event database.
- **EnteringCriticalOverflowDroppedCounter** The number of events that was dropped because a critical overflow mode was initiated.
- **UploaderDroppedCount** The number of events dropped by the uploader layer of the telemetry client.
- **UploaderDroppedCount** The number of events dropped by the uploader layer of the diagnostic data client.
- **InvalidHttpCodeCount** The number of invalid HTTP codes received from Vortex.
- **LastInvalidHttpCode** The last invalid HTTP code received from Vortex.
- **MaxInUseScenarioCounter** The soft maximum number of scenarios loaded by the Connected User Experience and Telemetry component.
- **MaxInUseScenarioCounter** The soft maximum number of scenarios loaded by the Connected User Experiences and Telemetry component.
- **LastEventSizeOffender** The name of the last event that exceeded the maximum event size.
- **SettingsHttpAttempts** The number of attempts to contact the OneSettings service.
- **SettingsHttpFailures** The number of failures from contacting the OneSettings service.
@ -1957,7 +1957,7 @@ The following fields are available:
- **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
- **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the diagnostic data backend.
- **TargetAppId** The kernel reported AppId of the application being reported.
- **TargetAppVer** The specific version of the application being reported
- **TargetAsId** The sequence number for the hanging process.
@ -1982,7 +1982,7 @@ The following fields are available:
- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package.
- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting.
- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the diagnostic data backend.
- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
- **PackageFullName** Store application identity.
- **AppVersion** The version of the app that has hung.

78
windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
View File

@ -1,7 +1,7 @@
---
description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
title: Windows 10, version 1709 basic diagnostic events and fields (Windows 10)
keywords: privacy, telemetry
keywords: privacy, diagnostic data
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@ -32,7 +32,7 @@ You can learn more about Windows functional and diagnostic data through these ar
- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
- [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
@ -106,7 +106,7 @@ The following fields are available:
- **osVer** Represents the OS version, and its format is OS dependent.
- **appId** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
- **appVer** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries.
- **cV** Represents the Correlation Vector: A single field for tracking partial order of related diagnostic data events across component boundaries.
### Common Data Extensions.OS
@ -148,7 +148,7 @@ The following fields are available:
### Common Data Extensions.Consent UI Event
This User Account Control (UAC) telemetry point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path.
This User Account Control (UAC) diagnostic data point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path.
The following fields are available:
@ -262,39 +262,39 @@ The following fields are available:
- **AppraiserBranch** The source branch in which the currently running version of Appraiser was built.
- **AppraiserProcess** The name of the process that launched Appraiser.
- **AppraiserVersion** The version of the Appraiser file generating the events.
- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
- **Context** Indicates what mode Appraiser is running in. Example: Setup or Diagnostic Data.
- **PCFP** An ID for the system calculated by hashing hardware identifiers.
- **Time** The client time of the event.
### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
A summary event indicating the parameters and result of a telemetry run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date.
A summary event indicating the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date.
The following fields are available:
- **AppraiserBranch** The source branch in which the version of Appraiser that is running was built.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run.
- **AppraiserProcess** The name of the process that launched Appraiser.
- **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
- **AuxFinal** Obsolete, always set to false
- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **EnterpriseRun** Indicates if the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
- **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
- **PCFP** An ID for the system calculated by hashing hardware identifiers.
- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
- **RunDate** The date that the telemetry run was stated, expressed as a filetime.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic.
- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
- **RunResult** The hresult of the Appraiser telemetry run.
- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run.
- **RunResult** The hresult of the Appraiser diagnostic data run.
- **SendingUtc** Indicates if the Appraiser client is sending events during the current diagnostic data run.
- **StoreHandleIsNotNull** Obsolete, always set to false
- **TelementrySent** Indicates if telemetry was successfully sent.
- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability.
- **TelementrySent** Indicates if diagnostic data was successfully sent.
- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
- **Time** The client time of the event.
- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated.
@ -1461,7 +1461,7 @@ This event sends Windows Insider data from customers participating in improvemen
The following fields are available:
- **DeviceSampleRate** The telemetry sample rate assigned to the device.
- **DeviceSampleRate** The diagnostic data sample rate assigned to the device.
- **EnablePreviewBuilds** Used to enable Windows Insider builds on a device.
- **FlightIds** A list of the different Windows Insider builds on this device.
- **FlightingBranchName** The name of the Windows Insider branch currently used by the device.
@ -1472,7 +1472,7 @@ The following fields are available:
### Census.Hardware
This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up-to-date.
This event sends data about the device, including hardware type, OEM brand, model line, model, diagnostic data level setting, and TPM support, to help keep Windows up-to-date.
The following fields are available:
@ -1504,9 +1504,9 @@ The following fields are available:
- **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
- **SoCName** The firmware manufacturer of the device.
- **StudyID** Used to identify retail and non-retail device.
- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced.
- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions.
- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user.
- **TelemetryLevel** The diagnostic data level the user has opted into, such as Basic or Enhanced.
- **TelemetryLevelLimitEnhanced** The diagnostic data level for Windows Analytics-based solutions.
- **TelemetrySettingAuthority** Determines who set the diagnostic data level, such as GP, MDM, or the user.
- **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
- **VoiceSupported** Does the device have a cellular radio capable of making voice calls?
@ -1729,45 +1729,45 @@ This event provides information on about security settings used to help keep Win
### TelClientSynthetic.AuthorizationInfo_Startup
This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date.
This event sends data indicating that a device has undergone a change of diagnostic data opt-in level detected at UTC startup, to help keep Windows up to date.
The following fields are available:
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism.
- **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
- **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats.
- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups.
- **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations.
- **CanPerformScripting** True if UTC is allowed to perform scripting.
- **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions.
- **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry client was last started.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data client was last started.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data.
### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
This event sends data indicating that a device has undergone a change of telemetry opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date.
This event sends data indicating that a device has undergone a change of diagnostic data opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date.
The following fields are available:
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism.
- **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
- **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats.
- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups.
- **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations.
- **CanPerformScripting** True if UTC is allowed to perform scripting.
- **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions.
- **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry opt-in level was last changed.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data opt-in level was last changed.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data.
### TelClientSynthetic.ConnectivityHeartBeat_0
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads diagnostic data events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
The following fields are available:
@ -1783,7 +1783,7 @@ The following fields are available:
### TelClientSynthetic.HeartBeat_5
This event sends data about the health and quality of the telemetry data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
The following fields are available:
@ -1791,7 +1791,7 @@ The following fields are available:
- **CensusExitCode** The last exit code of the Census task.
- **CensusStartTime** The time of the last Census run.
- **CensusTaskEnabled** Indicates whether Census is enabled.
- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the telemetry client.
- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the diagnostic data client.
- **CriticalDataDbDroppedCount** The number of critical data sampled events that were dropped at the database layer.
- **CriticalDataThrottleDroppedCount** The number of critical data sampled events that were dropped because of throttling.
- **CriticalOverflowEntersCounter** The number of times a critical overflow mode was entered into the event database.
@ -1800,7 +1800,7 @@ The following fields are available:
- **DecodingDroppedCount** The number of events dropped because of decoding failures.
- **EnteringCriticalOverflowDroppedCounter** The number of events that was dropped because a critical overflow mode was initiated.
- **EtwDroppedBufferCount** The number of buffers dropped in the CUET ETW session.
- **EtwDroppedCount** The number of events dropped by the ETW layer of the telemetry client.
- **EtwDroppedCount** The number of events dropped by the ETW layer of the diagnostic data client.
- **EventSubStoreResetCounter** The number of times the event database was reset.
- **EventSubStoreResetSizeSum** The total size of the event database across all resets reports in this instance.
- **EventsUploaded** The number of events that have been uploaded.
@ -1817,7 +1817,7 @@ The following fields are available:
- **SettingsHttpAttempts** The number of attempts to contact the OneSettings service.
- **SettingsHttpFailures** The number of failures from contacting the OneSettings service.
- **ThrottledDroppedCount** The number of events dropped due to throttling of noisy providers.
- **UploaderDroppedCount** The number of events dropped by the uploader layer of the telemetry client.
- **UploaderDroppedCount** The number of events dropped by the uploader layer of the diagnostic data client.
- **VortexFailuresTimeout** The number of timeout failures received from Vortex.
- **VortexHttpAttempts** The number of attempts to contact the Vortex service.
- **VortexHttpFailures4xx** The number of 400-499 error codes received from Vortex.
@ -1888,7 +1888,7 @@ The following fields are available:
The following fields are available:
- **AppName** The name of the app that has crashed.
- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the diagnostic data backend.
- **AppTimeStamp** The date/time stamp of the app.
- **AppVersion** The version of the app that has crashed.
- **ExceptionCode** The exception code returned by the process that has crashed.
@ -1938,7 +1938,7 @@ This event sends data about hangs for both native and managed applications, to h
The following fields are available:
- **AppName** The name of the app that has hung.
- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the diagnostic data backend.
- **AppVersion** The version of the app that has hung.
- **PackageFullName** Store application identity.
- **PackageRelativeAppId** Store application identity.
@ -3185,7 +3185,7 @@ The following fields are available:
### Microsoft.Windows.UpdateNotificationPipeline.JavascriptJavascriptCriticalGenericMessage
This event indicates that Javascript is reporting a schema and a set of values for critical telemetry
This event indicates that Javascript is reporting a schema and a set of values for critical diagnostic data.
The following fields are available:

2
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -48,7 +48,7 @@ The topics in this library have been updated for Windows 10, version 1709 (also
- [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
- [Multi-app kiosk XML reference](multi-app-kiosk-xml.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)
- [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md)
- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
## September 2017

158
windows/configuration/configure-windows-telemetry-in-your-organization.md → windows/configuration/configure-windows-diagnostic-data-in-your-organization.md
View File

@ -1,6 +1,6 @@
---
description: Use this article to make informed decisions about how you can configure telemetry in your organization.
title: Configure Windows telemetry in your organization (Windows 10)
description: Use this article to make informed decisions about how you can configure diagnostic data in your organization.
title: Configure Windows diagnostic data in your organization (Windows 10)
keywords: privacy
ms.prod: w10
ms.mktglfcycl: manage
@ -11,7 +11,7 @@ author: brianlic-msft
ms.date: 10/17/2017
---
# Configure Windows telemetry in your organization
# Configure Windows diagnostic data in your organization
**Applies to**
@ -19,54 +19,54 @@ ms.date: 10/17/2017
- Windows 10 Mobile
- Windows Server
At Microsoft, we use Windows telemetry to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry gives users a voice in the operating systems development. This guide describes the importance of Windows telemetry and how we protect that data. Additionally, it differentiates between telemetry and functional data. It also describes the telemetry levels that Windows supports. Of course, you can choose how much telemetry is shared with Microsoft, and this guide demonstrates how.
At Microsoft, we use Windows diagnostic data to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Diagnostic data gives users a voice in the operating systems development. This guide describes the importance of Windows diagnostic data and how we protect that data. Additionally, it differentiates between diagnostic data and functional data. It also describes the diagnostic data levels that Windows supports. Of course, you can choose how much diagnostic data is shared with Microsoft, and this guide demonstrates how.
To frame a discussion about telemetry, it is important to understand Microsofts privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows telemetry system in the following ways:
To frame a discussion about diagnostic data, it is important to understand Microsofts privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows diagnostic data system in the following ways:
- **Control.** We offer customers control of the telemetry they share with us by providing easy-to-use management tools.
- **Transparency.** We provide information about the telemetry that Windows and Windows Server collects so our customers can make informed decisions.
- **Security.** We encrypt telemetry in transit from your device and protect that data at our secure data centers.
- **Control.** We offer customers control of the diagnostic data they share with us by providing easy-to-use management tools.
- **Transparency.** We provide information about the diagnostic data that Windows and Windows Server collects so our customers can make informed decisions.
- **Security.** We encrypt diagnostic data in transit from your device and protect that data at our secure data centers.
- **Strong legal protections.** We respect customers local privacy laws and fight for legal protection of their privacy as a fundamental human right.
- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows telemetry system. Customer content inadvertently collected is kept confidential and not used for user targeting.
- **Benefits to you.** We collect Windows telemetry to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers.
- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows diagnostic data system. Customer content inadvertently collected is kept confidential and not used for user targeting.
- **Benefits to you.** We collect Windows diagnostic data to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers.
This article applies to Windows and Windows Server telemetry only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, telemetry controls, and so on. This article describes the types of telemetry we may gather, the ways you might manage it in your organization, and some examples of how telemetry can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
This article applies to Windows and Windows Server diagnostic data only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, diagnostic data controls, and so on. This article describes the types of diagnostic data we may gather, the ways you might manage it in your organization, and some examples of how diagnostic data can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
Use this article to make informed decisions about how you might configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services.
Use this article to make informed decisions about how you might configure diagnostic data in your organization. Diagnostic data is a term that means different things to different people and organizations. For this article, we discuss diagnostic data as system data that is uploaded by the Connected User Experiences and Telemetry component. The diagnostic data data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services.
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
## Overview
In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM.
In previous versions of Windows and Windows Server, Microsoft used diagnostic data to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control diagnostic data streams by using the Privacy option in Settings, Group Policy, or MDM.
For Windows 10, we invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows work better for your organization.
## Understanding Windows telemetry
## Understanding Windows diagnostic data
Windows as a Service is a fundamental change in how Microsoft plans, builds, and delivers the operating system. Historically, we released a major Windows version every few years. The effort required to deploy large and infrequent Windows versions was substantial. That effort included updating the infrastructure to support the upgrade. Windows as a Service accelerates the cadence to provide rich updates more frequently, and these updates require substantially less effort to roll out than earlier versions of Windows. Since it provides more value to organizations in a shorter timeframe, delivering Windows as a Service is a top priority for us.
The release cadence of Windows may be fast, so feedback is critical to its success. We rely on telemetry at each stage of the process to inform our decisions and prioritize our efforts.
The release cadence of Windows may be fast, so feedback is critical to its success. We rely on diagnostic data at each stage of the process to inform our decisions and prioritize our efforts.
### What is Windows telemetry?
Windows telemetry is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways:
### What is Windows diagnostic data?
Windows diagnostic data is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways:
- Keep Windows up to date
- Keep Windows secure, reliable, and performant
- Improve Windows through the aggregate analysis of the use of Windows
- Personalize Windows engagement surfaces
Here are some specific examples of Windows telemetry data:
Here are some specific examples of Windows diagnostic data data:
- Type of hardware being used
- Applications installed and usage details
- Reliability information on device drivers
### What is NOT telemetry?
### What is NOT diagnostic data?
Telemetry can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not telemetry. For example, exchanging a users location for local weather or news is not an example of telemetry—it is functional data that the app or service requires to satisfy the users request.
Diagnostic data can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not diagnostic data. For example, exchanging a users location for local weather or news is not an example of diagnostic data—it is functional data that the app or service requires to satisfy the users request.
There are subtle differences between telemetry and functional data. Windows collects and sends telemetry in the background automatically. You can control how much information is gathered by setting the telemetry level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.
There are subtle differences between diagnostic data and functional data. Windows collects and sends diagnostic data in the background automatically. You can control how much information is gathered by setting the diagnostic data level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.
If youre an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services).
@ -76,26 +76,26 @@ The following are specific examples of functional data:
- Bing searches
- Wallpaper and desktop settings synced across multiple devices
### Telemetry gives users a voice
### Diagnostic data gives users a voice
Windows and Windows Server telemetry gives every user a voice in the operating systems development and ongoing improvement. It helps us understand how Windows 10 and Windows Server 2016 behaves in the real world, focus on user priorities, and make informed decisions that benefit them. For our enterprise customers, representation in the dataset on which we will make future design decisions is a real benefit. The following sections offer real examples of these benefits.
Windows and Windows Server diagnostic data gives every user a voice in the operating systems development and ongoing improvement. It helps us understand how Windows 10 and Windows Server 2016 behaves in the real world, focus on user priorities, and make informed decisions that benefit them. For our enterprise customers, representation in the dataset on which we will make future design decisions is a real benefit. The following sections offer real examples of these benefits.
### Drive higher app and driver quality
Our ability to collect telemetry that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Telemetry helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues.
Our ability to collect diagnostic data that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Diagnostic data helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues.
#### Real-world example of how Windows telemetry helps
There was a version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our telemetry, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on telemetry from the Windows Insiders devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Telemetry helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls.
#### Real-world example of how Windows diagnostic data helps
There was a version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our diagnostic data, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on diagnostic data from the Windows Insiders devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Diagnostic data helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls.
### Improve end-user productivity
Windows telemetry also helps Microsoft better understand how customers use (or do not use) the operating systems features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers experiences. Examples are:
Windows diagnostic data also helps Microsoft better understand how customers use (or do not use) the operating systems features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers experiences. Examples are:
- **Start menu.** How do people change the Start menu layout? Do they pin other apps to it? Are there any apps that they frequently unpin? We use this dataset to adjust the default Start menu layout to better reflect peoples expectations when they turn on their device for the first time.
- **Cortana.** We use telemetry to monitor the scalability of our cloud service, improving search performance.
- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later telemetry showed significantly higher usage of this feature.
- **Cortana.** We use diagnostic data to monitor the scalability of our cloud service, improving search performance.
- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature.
**These examples show how the use of telemetry data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.**
**These examples show how the use of diagnostic data data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.**
### Insights into your own organization
@ -108,7 +108,7 @@ Upgrading to new operating system versions has traditionally been a challenging,
To better help customers through this difficult process, Microsoft developed Upgrade Readiness to give enterprises the tools to plan and manage the upgrade process end to end and allowing them to adopt new Windows releases more quickly and on an ongoing basis.
With Windows telemetry enabled, Microsoft collects computer, application, and driver compatibility-related information for analysis. We then identify compatibility issues that can block your upgrade and suggest fixes when they are known to Microsoft.
With Windows diagnostic data enabled, Microsoft collects computer, application, and driver compatibility-related information for analysis. We then identify compatibility issues that can block your upgrade and suggest fixes when they are known to Microsoft.
Use Upgrade Readiness to get:
@ -122,50 +122,50 @@ Use Upgrade Readiness to get:
The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
## How is telemetry data handled by Microsoft?
## How is diagnostic data data handled by Microsoft?
### Data collection
Windows 10 and Windows Server 2016 includes the Connected User Experience and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores telemetry events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
Windows 10 and Windows Server 2016 includes the Connected User Experiences and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores diagnostic data events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
1. Operating system features and some management applications are instrumented to publish events and data. Examples of management applications include Virtual Machine Manager (VMM), Server Manager, and Storage Spaces.
2. Events are gathered using public operating system event logging and tracing APIs.
3. You can configure the telemetry level by using MDM policy, Group Policy, or registry settings.
4. The Connected User Experience and Telemetry component transmits the telemetry data.
3. You can configure the diagnostic data level by using MDM policy, Group Policy, or registry settings.
4. The Connected User Experiences and Telemetry component transmits the diagnostic data data.
Info collected at the Enhanced and Full levels of telemetry is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels.
Info collected at the Enhanced and Full levels of diagnostic data is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels.
### Data transmission
All telemetry data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks.
All diagnostic data data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks.
### Endpoints
The Microsoft Data Management Service routes data back to our secure cloud storage. Only Microsoft personnel with a valid business justification are permitted access.
The following table defines the endpoints for telemetry services:
The following table defines the endpoints for diagnostic data services:
| Service | Endpoint |
| - | - |
| Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com<br />settings-win.data.microsoft.com |
| Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com<br />settings-win.data.microsoft.com |
| [Windows Error Reporting](http://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com |
| [Online Crash Analysis](http://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com |
| OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 |
### Data use and access
The principle of least privileged access guides access to telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customers discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft may share business reports with OEMs and third-party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.
The principle of least privileged access guides access to diagnostic data data. Microsoft does not share personal data of our customers with third parties, except at the customers discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft may share business reports with OEMs and third-party partners that include aggregated and anonymized diagnostic data information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.
### Retention
Microsoft believes in and practices information minimization. We strive to gather only the info we need and to store it only for as long as its needed to provide a service or for analysis. Much of the info about how Windows and apps are functioning is deleted within 30 days. Other info may be retained longer, such as error reporting data or Microsoft Store purchase history.
## Telemetry levels
This section explains the different telemetry levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, except for the **Security** level, which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016.
## Diagnostic data levels
This section explains the different diagnostic data levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, except for the **Security** level, which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016.
The telemetry data is categorized into four levels:
The diagnostic data data is categorized into four levels:
- **Security**. Information thats required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
- **Security**. Information thats required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
- **Basic**. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the **Security** level.
@ -175,20 +175,20 @@ The telemetry data is categorized into four levels:
The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016.
![breakdown of telemetry levels and types of administrative controls](images/priv-telemetry-levels.png)
![breakdown of diagnostic data levels and types of administrative controls](images/priv-telemetry-levels.png)
### Security level
The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions.
The Security level gathers only the diagnostic data info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions.
> [!NOTE]
> If your organization relies on Windows Update for updates, you shouldnt use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is telemetry data about Windows Server features or System Center gathered.
Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is diagnostic data data about Windows Server features or System Center gathered.
The data gathered at this level includes:
- **Connected User Experience and Telemetry component settings**. If general telemetry data has been gathered and is queued, it is sent to Microsoft. Along with this telemetry, the Connected User Experience and Telemetry component may download a configuration settings file from Microsofts servers. This file is used to configure the Connected User Experience and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
- **Connected User Experiences and Telemetry component settings**. If general diagnostic data data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsofts servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
- **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address.
@ -202,15 +202,15 @@ The data gathered at this level includes:
Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as Windows Server Update Services, System Center Configuration Manager, or a third-party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates.
For servers with default telemetry settings and no Internet connectivity, you should set the telemetry level to **Security**. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity.
For servers with default diagnostic data settings and no Internet connectivity, you should set the diagnostic data level to **Security**. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity.
No user content, such as user files or communications, is gathered at the **Security** telemetry level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computers registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time.
No user content, such as user files or communications, is gathered at the **Security** diagnostic data level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computers registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time.
### Basic level
The Basic level gathers a limited set of data thats critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version. The Connected User Experience and Telemetry component does not gather telemetry data about System Center, but it can transmit telemetry for other non-Windows applications if they have user consent.
The Basic level gathers a limited set of data thats critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version. The Connected User Experiences and Telemetry component does not gather diagnostic data data about System Center, but it can transmit diagnostic data for other non-Windows applications if they have user consent.
The normal upload range for the Basic telemetry level is between 109 KB - 159 KB per day, per device.
The normal upload range for the Basic diagnostic data level is between 109 KB - 159 KB per day, per device.
The data gathered at this level includes:
@ -232,7 +232,7 @@ The data gathered at this level includes:
- Storage attributes, such as number of drives, type, and size
- **Connected User Experience and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experience and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time.
- **Connected User Experiences and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experiences and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time.
- **Quality-related information**. Helps Microsoft develop a basic understanding of how a device and its operating system are performing. Some examples are the device characteristics of a Connected Standby device, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app.
@ -259,7 +259,7 @@ The Enhanced level gathers data about how Windows and apps are used and how they
This is the default level for Windows 10 Enterprise and Windows 10 Education editions, and the minimum level needed to quickly identify and address Windows, Windows Server, and System Center quality issues.
The normal upload range for the Enhanced telemetry level is between 239 KB - 348 KB per day, per device.
The normal upload range for the Enhanced diagnostic data level is between 239 KB - 348 KB per day, per device.
The data gathered at this level includes:
@ -271,14 +271,14 @@ The data gathered at this level includes:
- **Some crash dump types**. All crash dump types, except for heap dumps and full dumps.
If the Connected User Experience and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experience and Telemetry component at the **Enhanced** telemetry level will only gather data about the events associated with the specific issue.
If the Connected User Experiences and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experiences and Telemetry component at the **Enhanced** diagnostic data level will only gather data about the events associated with the specific issue.
#### Limit Enhanced diagnostic data to the minimum required by Windows Analytics
Windows Analytics Device Health reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events. In the past, organizations sending **Enhanced** or **Full** level diagnostic data were able to participate in Device Health. However, organizations that required detailed event and field level documentation were unable to move from **Basic** to **Enhanced**.
In Windows 10, version 1709, we introduce the **Limit Enhanced diagnostic data to the minimum required by Windows Analytics** feature. When enabled, this feature lets you send only the following subset of **Enhanced** level diagnostic data. For more info about Device Health, see the [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor) topic.
- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/eventname) topic.
- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/eventname) topic.
- **Some crash dump types.** All crash dump types, except for heap and full dumps.
@ -308,7 +308,7 @@ The **Full** level gathers data necessary to identify and to help fix problems,
Additionally, at this level, devices opted in to the [Windows Insider Program](http://insider.windows.com) will send events, such as reliability and app responsiveness. that can show Microsoft how pre-release binaries and features are performing. These events help us make decisions on which builds are flighted. All devices in the [Windows Insider Program](http://insider.windows.com) are automatically set to this level.
If a device experiences problems that are difficult to identify or repeat using Microsofts internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the **Full** telemetry level and have exhibited the problem.
If a device experiences problems that are difficult to identify or repeat using Microsofts internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the **Full** diagnostic data level and have exhibited the problem.
However, before more data is gathered, Microsofts privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:
@ -320,27 +320,27 @@ However, before more data is gathered, Microsofts privacy governance team, in
## Enterprise management
Sharing telemetry data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the telemetry level and managing specific components is the best option.
Sharing diagnostic data data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option.
Customers can set the telemetry level in both the user interface and with existing management tools. Users can change the telemetry level in the **Diagnostic data** setting. In the **Settings** app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic, Enhanced, and Full. The Security level is not available.
Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic, Enhanced, and Full. The Security level is not available.
IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a telemetry level. If youre using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security telemetry level is available when managing the policy. Setting the telemetry level through policy overrides users choices. The remainder of this section describes how to do that.
IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a diagnostic data level. If youre using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security diagnostic data level is available when managing the policy. Setting the diagnostic data level through policy overrides users choices. The remainder of this section describes how to do that.
### Manage your telemetry settings
### Manage your diagnostic data settings
We do not recommend that you turn off telemetry in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center.
We do not recommend that you turn off diagnostic data in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center.
> [!IMPORTANT]
> These telemetry levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experience and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these telemetry levels. You should work with your app vendors to understand their telemetry policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses telemetry, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx).
> These diagnostic data levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experiences and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these diagnostic data levels. You should work with your app vendors to understand their diagnostic data policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses diagnostic data, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx).
You can turn on or turn off System Center telemetry gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center telemetry is turned on. However, setting the operating system telemetry level to **Basic** will turn off System Center telemetry, even if the System Center telemetry switch is turned on.
You can turn on or turn off System Center diagnostic data gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center diagnostic data is turned on. However, setting the operating system diagnostic data level to **Basic** will turn off System Center diagnostic data, even if the System Center diagnostic data switch is turned on.
The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 is **Enhanced**.
The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**.
### Configure the operating system telemetry level
### Configure the operating system diagnostic data level
You can configure your operating system telemetry settings using the management tools youre already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your telemetry levels through a management policy overrides any device level settings.
You can configure your operating system diagnostic data settings using the management tools youre already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy overrides any device level settings.
Use the appropriate value in the table below when you configure the management policy.
@ -352,9 +352,9 @@ Use the appropriate value in the table below when you configure the management p
| Full | Security data, basic system and quality data, enhanced insights and advanced reliability data, and full diagnostics data. | **3** |
### Use Group Policy to set the telemetry level
### Use Group Policy to set the diagnostic data level
Use a Group Policy object to set your organizations telemetry level.
Use a Group Policy object to set your organizations diagnostic data level.
1. From the Group Policy Management Console, go to **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds**.
@ -362,11 +362,11 @@ Use a Group Policy object to set your organizations telemetry level.
3. In the **Options** box, select the level that you want to configure, and then click **OK**.
### Use MDM to set the telemetry level
### Use MDM to set the diagnostic data level
Use the [Policy Configuration Service Provider (CSP)](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to apply the System/AllowTelemetry MDM policy.
### Use Registry Editor to set the telemetry level
### Use Registry Editor to set the diagnostic data level
Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting.
@ -380,25 +380,25 @@ Use Registry Editor to manually set the registry level on each device in your or
5. Click **File** &gt; **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization.
### Configure System Center 2016 telemetry
### Configure System Center 2016 diagnostic data
For System Center 2016 Technical Preview, you can turn off System Center telemetry by following these steps:
For System Center 2016 Technical Preview, you can turn off System Center diagnostic data by following these steps:
- Turn off telemetry by using the System Center UI Console settings workspace.
- Turn off diagnostic data by using the System Center UI Console settings workspace.
- For information about turning off telemetry for Service Management Automation and Service Provider Foundation, see [How to disable telemetry for Service Management Automation and Service Provider Foundation](https://support.microsoft.com/kb/3096505).
- For information about turning off diagnostic data for Service Management Automation and Service Provider Foundation, see [How to disable telemetry for Service Management Automation and Service Provider Foundation](https://support.microsoft.com/kb/3096505).
### Additional telemetry controls
### Additional diagnostic data controls
There are a few more settings that you can turn off that may send telemetry information:
There are a few more settings that you can turn off that may send diagnostic data information:
- To turn off Windows Update telemetry, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](http://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/).
- To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](http://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/).
- Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** &gt; **Update & security** &gt; **Windows Defender**.
- Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](http://support.microsoft.com/kb/891716).
- Turn off **Linguistic Data Collection** in **Settings** &gt; **Privacy**. At telemetry levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
- Turn off **Linguistic Data Collection** in **Settings** &gt; **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
> [!NOTE]
> Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.

10
windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields.md → windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
View File

@ -1,7 +1,7 @@
---
description: Use this article to learn more about the enhanced telemetry events used by Windows Analytics
description: Use this article to learn more about the enhanced diagnostic data events used by Windows Analytics
title: Windows 10, version 1709 enhanced telemtry events and fields used by Windows Analytics (Windows 10)
keywords: privacy, telemetry
keywords: privacy, diagnostic data
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@ -13,15 +13,15 @@ ms.author: jaimeo
---
# Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics
# Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics
**Applies to**
- Windows 10, version 1709 and later
Windows Analytics Device Health reports are powered by diagnostic data not included in the Basic level. This includes crash reports and certain OS telemetry events. Organizations sending Enhanced or Full level diagnostic data were able to participate in Device Health, but some organizations which required detailed event and field level documentation were unable to move from Basic to Enhanced.
Windows Analytics Device Health reports are powered by diagnostic data not included in the Basic level. This includes crash reports and certain OS diagnostic data events. Organizations sending Enhanced or Full level diagnostic data were able to participate in Device Health, but some organizations which required detailed event and field level documentation were unable to move from Basic to Enhanced.
In Windows 10, version 1709, we introduce a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system telemetry events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
In Windows 10, version 1709, we introduce a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
## KernelProcess.AppStateChangeSummary

2
windows/configuration/gdpr-win10-whitepaper.md
View File

@ -179,7 +179,7 @@ The GDPR includes explicit requirements for breach notification where a personal
As noted in the Windows Security Center white paper, [Post Breach: Dealing with Advanced Threats](http://wincom.blob.core.windows.net/documents/Post_Breach_Dealing_with_Advanced_Threats_Whitepaper.pdf), “_Unlike pre-breach, post-breach assumes a breach has already occurred acting as a flight recorder and Crime Scene Investigator (CSI). Post-breach provides security teams the information and toolset needed to identify, investigate, and respond to attacks that otherwise will stay undetected and below the radar._”
#### Insightful security telemetry
#### Insightful security diagnostic data
For nearly two decades, Microsoft has been turning threats into useful intelligence that can help fortify our platform and protect customers. Today, with the immense computing advantages afforded by the cloud, we are finding new ways to use our rich analytics engines driven by threat intelligence to protect our customers.
By applying a combination of automated and manual processes, machine learning and human experts, we can create an Intelligent Security Graph that learns from itself and evolves in real-time, reducing our collective time to detect and respond to new incidents across our products.

6
windows/configuration/index.md
View File

@ -19,11 +19,11 @@ Enterprises often need to apply custom configurations to devices for their users
| Topic | Description |
| --- | --- |
| [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) | Use this article to make informed decisions about how you can configure Windows telemetry in your organization. |
| [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Use this article to make informed decisions about how you can configure Windows diagnostic data in your organization. |
| [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1709. |
|[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md)|Learn about diagnostic data that is collected by Windows Analytics.|
|[Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)|Learn about diagnostic data that is collected by Windows Analytics.|
| [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1703. |
| [Windows 10 diagnostic data for the Full telemetry level](windows-diagnostic-data-1703.md) | Learn about the types of data that is collected at the full level in Windows 10, version 1703 and later. |
| [Windows 10 diagnostic data for the Full diagnostic data level](windows-diagnostic-data-1703.md) | Learn about the types of data that is collected at the full level in Windows 10, version 1703 and later. |
|[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|Learn about Windows 10 and the upcoming GDPR-compliance requirements.|
| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro. |
| [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places. It can connect you to open Wi-Fi hotspots it knows about through crowdsourcing, or to Wi-Fi networks your contacts have shared with you by using Wi-Fi Sense. The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10. |

14
windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -19,13 +19,13 @@ ms.date: 01/29/2018
- Windows 10
- Windows Server 2016
If you're looking for content on what each telemetry level means and how to configure it in your organization, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro.
If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure telemetry at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
You can configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. You should not extract this package to the windows\\system32 folder because it will not apply correctly. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article.
@ -69,7 +69,7 @@ Here's a list of changes that were made to this article for Windows 10, version
## <a href="" id="bkmk-othersettings"></a>Management options for each setting
The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections.
The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections.
If you're running Windows 10, they will be included in the next update for the Long Term Servicing Branch.
@ -362,7 +362,7 @@ Windows Insider Preview builds only apply to Windows 10 and are not available fo
> [!NOTE]
> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for zero exhaust) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Full**. Although the telemetry level may initially appear as **Basic**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Full**.
> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for zero exhaust) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Full**. Although the diagnostic data level may initially appear as **Basic**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Full**.
To turn off Insider Preview builds for a released version of Windows 10:
@ -886,7 +886,7 @@ To turn off **Turn on SmartScreen Filter to check web content (URLs) that Micros
To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**:
> [!NOTE]
> If the telemetry level is set to either **Basic** or **Security**, this is turned off automatically.
> If the diagnostic data level is set to either **Basic** or **Security**, this is turned off automatically.
@ -1725,7 +1725,7 @@ For Windows 10 only, you can stop Enhanced Notifications:
- Turn off the feature in the UI.
You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
You can also use the registry to turn off Malicious Software Reporting Tool diagnostic data by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
### <a href="" id="bkmk-wmp"></a>24. Windows Media Player

50
windows/configuration/manage-windows-endpoints-version-1709.md
View File

@ -133,7 +133,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|----------------|----------|------------|
| backgroundtaskhost | HTTPS | www.bing.com/proactive/v2/spark?cc=US&setlang=en-US |
The following endpoint is used by Cortana to report diagnostic and telemetry information.
The following endpoint is used by Cortana to report diagnostic and diagnostic data information.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them.
| Source process | Protocol | Destination |
@ -175,6 +175,30 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|----------------|----------|------------|
| | | dmd.metaservices.microsoft.com.akadns.net |
## Diagnostic Data
The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | | cy2.vortex.data.microsoft.com.akadns.net |
The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | | v10.vortex-win.data.microsoft.com/collect/v1 |
The following endpoints are used by Windows Error Reporting.
To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| wermgr | | watson.telemetry.microsoft.com/Telemetry.Request |
| |TLS v1.2 |modern.watson.data.microsoft.com.akadns.net|
## Font streaming
The following endpoints are used to download fonts on demand.
@ -340,7 +364,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|----------------|----------|------------|
| dmclient | HTTPS | settings.data.microsoft.com |
The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experience and Telemetry component and Windows Insider Program use it.
The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working.
| Source process | Protocol | Destination |
@ -355,29 +379,7 @@ The following endpoint is used to retrieve Skype configuration values. To turn o
|----------------|----------|------------|
|microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com |
## Telemetry
The following endpoint is used by the Connected User Experience and Telemetry component and connects to the Microsoft Data Management service.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | | cy2.vortex.data.microsoft.com.akadns.net |
The following endpoint is used by the Connected User Experience and Telemetry component and connects to the Microsoft Data Management service.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | | v10.vortex-win.data.microsoft.com/collect/v1 |
The following endpoints are used by Windows Error Reporting.
To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| wermgr | | watson.telemetry.microsoft.com/Telemetry.Request |
| |TLS v1.2 |modern.watson.data.microsoft.com.akadns.net|
## Windows Defender

2
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -50,7 +50,7 @@ Apps can take advantage of shared PC mode with the following three APIs:
- [IsEnabled](https://docs.microsoft.com/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences.
- [ShouldAvoidLocalStorage](https://docs.microsoft.com/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app.
- [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) - This informs apps when the PC is used in an education environment. Apps may want to handle telemetry differently or hide advertising functionality.
- [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) - This informs apps when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.
###Customization

2
windows/configuration/wcd/wcd-connectivityprofiles.md
View File

@ -166,7 +166,7 @@ The **Config** settings are initial settings that can be overwritten when settin
### SystemCapabilities
You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Telemetry data is generated by the system to provide data that can be used to diagnose both software and hardware issues.
You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Diagnostic data data is generated by the system to provide data that can be used to diagnose both software and hardware issues.
| Setting | Description |
| --- | --- |

4
windows/configuration/wcd/wcd-policies.md
View File

@ -372,10 +372,10 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowExperimentation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | X | X | | | |
| [AllowLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | X | X | X | X | X |
| [AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | X | X | X | X | X |
| [AllowTelemetry](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and useage telemetry data. | X | X | | | |
| [AllowTelemetry](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | X | X | | | |
| [AllowUserToResetPhone](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | X | X | | | |
| [DisableOneDriveFileSync](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | X | | | | |
| [LimitEnhancedDiagnosticDataWindowsAnalytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | X | X | | | |
| [LimitEnhancedDiagnosticDataWindowsAnalytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | X | X | | | |
## TextInput

8
windows/configuration/windows-diagnostic-data-1703.md
View File

@ -1,6 +1,6 @@
---
title: Windows 10 diagnostic data for the Full telemetry level (Windows 10)
description: Use this article to learn about the types of data that is collected the the Full telemetry level.
title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10)
description: Use this article to learn about the types of data that is collected the the Full diagnostic data level.
keywords: privacy,Windows 10
ms.prod: w10
ms.mktglfcycl: manage
@ -11,12 +11,12 @@ ms.author: lizross
ms.date: 04/05/2017
---
# Windows 10 diagnostic data for the Full telemetry level
# Windows 10 diagnostic data for the Full diagnostic data level
**Applies to:**
- Windows 10, version 1703 and later
Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the users needs. This article describes all types diagnostic data collected by Windows at the Full telemetry level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md).
Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the users needs. This article describes all types diagnostic data collected by Windows at the Full diagnostic data level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md).
The data covered in this article is grouped into the following categories:

2
windows/deployment/deploy.md
View File

@ -21,7 +21,7 @@ Windows 10 upgrade options are discussed and information is provided about plann
|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. |
|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. |
|[Windows 10 volume license media](windows-10-media.md) |This topic provides information about updates to volume licensing media in the current version of Windows 10. |
|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. |
|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. |
|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. |
|[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |

2
windows/deployment/index.md
View File

@ -32,7 +32,7 @@ Windows 10 upgrade options are discussed and information is provided about plann
|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. |
|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. |
|[Windows 10 volume license media](windows-10-media.md) |This topic provides information about media available in the Microsoft Volume Licensing Service Center. |
|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. |
|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. |
|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. |
|[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |

2
windows/deployment/planning/act-technical-reference.md
View File

@ -20,7 +20,7 @@ We've replaced the majority of functionality included in the Application Compati
Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsofts experience upgrading millions of devices to Windows 10.
With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
With Windows diagnostic data enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
Use Upgrade Analytics to get:
- A visual workflow that guides you from pilot to production

12
windows/deployment/update/device-health-get-started.md
View File

@ -23,17 +23,17 @@ Steps are provided in sections that follow the recommended setup process:
Device Health has the following requirements:
1. Device Health is currently only compatible with Windows 10 and Windows Server 2016 devices. The solution is intended to be used with desktop devices (Windows 10 workstations and laptops).
2. The solution requires that at least the [enhanced level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) is enabled on all devices that are intended to be displayed in the solution. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization).
3. The telemetry of your organizations Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint:
2. The solution requires that at least the [enhanced level of diagnostic data](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#basic-level) is enabled on all devices that are intended to be displayed in the solution. To learn more about Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization).
3. The diagnostic data of your organizations Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the diagnostic data services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on diagnostic data endpoints and summarizes the use of each endpoint:
Service | Endpoint
--- | ---
Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com<BR>settings-win.data.microsoft.com
Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com<BR>settings-win.data.microsoft.com
Windows Error Reporting | watson.telemetry.microsoft.com
Online Crash Analysis | oca.telemetry.microsoft.com
>[!NOTE]
> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. See [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization) for steps to exclude authentication for these endpoints.
> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. See [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization) for steps to exclude authentication for these endpoints.
## Add Device Health to Microsoft Operations Management Suite
@ -79,7 +79,7 @@ After you have added Device Health and devices have a Commercial ID, you will be
>[!NOTE]
>You can unsubscribe from the Device Health solution if you no longer want to monitor your organizations devices. User device data will continue to be shared with Microsoft while the opt-in keys are set on user devices and the proxy allows traffic.
## Deploy your Commercial ID to your Windows 10 devices and set the telemetry level
## Deploy your Commercial ID to your Windows 10 devices and set the diagnostic data level
In order for your devices to show up in Windows Analytics: Device Health, they must be configured with your organizations Commercial ID. This is so that Microsoft knows that a given device is a member of your organization and to feed that devices data back to you. There are two primary methods for widespread deployment of your Commercial ID: Group Policy and Mobile Device Management (MDM).
@ -114,7 +114,7 @@ If you need further information on Windows Error Reporting (WER) settings, see [
Devices must be able to reach the endpoints specified in the "Device Health prerequisites" section of this topic.
>[!NOTE]
> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3 of the "Device Health prerequisites" section of this topic. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. (If you need more information about telemetry endpoints and how to manage them, see [Configure Windows telemetry in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-telemetry-in-your-organization).
> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3 of the "Device Health prerequisites" section of this topic. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. (If you need more information about diagnostic data endpoints and how to manage them, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization).
If you are using proxy server authentication, it is worth taking extra care to check the configuration. Prior to Windows 10, version 1703, WER uploads error reports in the machine context. Both user (typically authenticated) and machine (typically anonymous) contexts require access through proxy servers to the diagnostic endpoints. In Windows 10, version 1703, and later WER will attempt to use the context of the user that is logged on for proxy authentication such that only the user account requires proxy access.

14
windows/deployment/update/device-health-monitor.md
View File

@ -19,7 +19,7 @@ Device Health is the newest Windows Analytics solution that complements the exis
Like Upgrade Readiness and Update Compliance, Device Health is a solution built within Operations Management Suite (OMS), a cloud-based monitoring and automation service that has a flexible servicing subscription based on data usage and retention. This release is free for customers to try and will not incur charges on your OMS workspace for its use. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
Device Health uses Windows diagnostic data that is part of all Windows 10 devices. If you have already employed Upgrade Readiness or Update Compliance solutions, all you need to do is select Device Health from the OMS solution gallery and add it to your OMS workspace. Device Health requires enhanced telemetry, so you might need to implement this policy if you've not already done so.
Device Health uses Windows diagnostic data that is part of all Windows 10 devices. If you have already employed Upgrade Readiness or Update Compliance solutions, all you need to do is select Device Health from the OMS solution gallery and add it to your OMS workspace. Device Health requires enhanced diagnostic data, so you might need to implement this policy if you've not already done so.
Device Health provides the following:
@ -27,7 +27,7 @@ Device Health provides the following:
- Identification of devices that crash frequently, and therefore might need to be rebuilt or replaced
- Identification of device drivers that are causing device crashes, with suggestions of alternative versions of those drivers that might reduce the number of crashes
- Notification of Windows Information Protection misconfigurations that send prompts to end users
- No need for new complex customized infrastructure, thanks to cloud-connected access using Windows 10 telemetry
- No need for new complex customized infrastructure, thanks to cloud-connected access using Windows 10 diagnostic data
See the following topics in this guide for detailed information about configuring and using the Device Health solution:
@ -56,10 +56,10 @@ The Device Health architecture and data flow is summarized by the following five
**(1)** User computers send telemetry data to a secure Microsoft data center using the Microsoft Data Management Service.<BR>
**(2)** Telemetry data is analyzed by the Microsoft Telemetry Service.<BR>
**(3)** Telemetry data is pushed from the Microsoft Telemetry Service to your OMS workspace.<BR>
**(4)** Telemetry data is available in the Device Health solution.<BR>
**(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.<BR>
**(2)** Diagnostic data is analyzed by the Microsoft Telemetry Service.<BR>
**(3)** Diagnostic data is pushed from the Microsoft Telemetry Service to your OMS workspace.<BR>
**(4)** Diagnostic data is available in the Device Health solution.<BR>
**(5)** You are now able to proactively monitor Device Health issues in your environment.<BR>
These steps are illustrated in following diagram:
@ -67,7 +67,7 @@ These steps are illustrated in following diagram:
[![](images/analytics-architecture.png)](images/analytics-architecture.png)
>[!NOTE]
>This process assumes that Windows telemetry is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices).
>This process assumes that Windows diagnostic data is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices).

10
windows/deployment/update/update-compliance-get-started.md
View File

@ -24,19 +24,19 @@ Steps are provided in sections that follow the recommended setup process:
Update Compliance has the following requirements:
1. Update Compliance is currently only compatible with Windows 10 devices. The solution is intended to be used with desktop devices (Windows 10 workstations and laptops).
2. The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) enabled. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization).
3. The telemetry of your organizations Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint:
2. The solution requires that Windows 10 diagnostic data is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of diagnostic data](/configuration/configure-windows-diagnostic-data-in-your-organization#basic-level) enabled. To learn more about Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization).
3. The diagnostic data of your organizations Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the diagnostic data services](/configuration/configure-windows-diagnostic-data-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on diagnostic data endpoints and summarizes the use of each endpoint:
Service | Endpoint
--- | ---
Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com<BR>settings-win.data.microsoft.com
Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com<BR>settings-win.data.microsoft.com
Windows Error Reporting | watson.telemetry.microsoft.com
Online Crash Analysis | oca.telemetry.microsoft.com
4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troublehsoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md) topic for help on ensuring the configuration is correct.
For endpoints running Windows 10, version 1607 or earlier, [Windows telemetry must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level), to be compatible with Windows Defender Antivirus.
For endpoints running Windows 10, version 1607 or earlier, [Windows diagnostic data must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level), to be compatible with Windows Defender Antivirus.
See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.
@ -74,7 +74,7 @@ If you are not yet using OMS, use the following steps to subscribe to OMS Update
![OMS workspace with new Update Compliance tile on the right side highlighted](images/uc-09a.png)
9. Click **Subscribe** to subscribe to OMS Update Compliance. You will then need to distribute your Commercial ID across all your organizations devices. More information on the Commercial ID is provided below.
![Series of blades showing Connected Sources, Windows Telemetry, and Upgrade Analytics solution with Subscribe button](images/uc-10a.png)
![Series of blades showing Connected Sources, Windows Diagnostic Data, and Upgrade Analytics solution with Subscribe button](images/uc-10a.png)
After you are subscribed to OMS Update Compliance and your devices have a Commercial ID, you will begin receiving data. It will typically take 24 hours for the first data to begin appearing. The following section explains how to deploy your Commercial ID to your Windows 10 devices.

14
windows/deployment/update/update-compliance-monitor.md
View File

@ -19,7 +19,7 @@ With Windows 10, organizations need to change the way they approach monitoring a
Update Compliance is a solution built within Operations Management Suite (OMS), a cloud-based monitoring and automation service which has a flexible servicing subscription based off data usage/retention. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
Update Compliance uses the Windows telemetry that is part of all Windows 10 devices. It collects system data including update installation progress, Windows Update for Business (WUfB) configuration data, Windows Defender Antivirus data, and other update-specific information, and then sends this data privately to a secure cloud to be stored for analysis and usage within the solution.
Update Compliance uses the Windows diagnostic data that is part of all Windows 10 devices. It collects system data including update installation progress, Windows Update for Business (WUfB) configuration data, Windows Defender Antivirus data, and other update-specific information, and then sends this data privately to a secure cloud to be stored for analysis and usage within the solution.
Update Compliance provides the following:
@ -28,7 +28,7 @@ Update Compliance provides the following:
- The ability to track protection and threat status for Windows Defender Antivirus-enabled devices
- An overview of WUfB deferral configurations (Windows 10 Anniversary Update [1607] and later)
- Powerful built-in [log analytics](https://www.microsoft.com/en-us/cloud-platform/insight-and-analytics?WT.srch=1&WT.mc_id=AID529558_SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=log%20analytics&utm_campaign=Hybrid_Cloud_Management) to create useful custom queries
- Cloud-connected access utilizing Windows 10 telemetry means no need for new complex, customized infrastructure
- Cloud-connected access utilizing Windows 10 diagnostic data means no need for new complex, customized infrastructure
See the following topics in this guide for detailed information about configuring and using the Update Compliance solution:
@ -43,10 +43,10 @@ An overview of the processes used by the Update Compliance solution is provided
The Update Compliance architecture and data flow is summarized by the following five-step process:
**(1)** User computers send telemetry data to a secure Microsoft data center using the Microsoft Data Management Service.<BR>
**(2)** Telemetry data is analyzed by the Update Compliance Data Service.<BR>
**(3)** Telemetry data is pushed from the Update Compliance Data Service to your OMS workspace.<BR>
**(4)** Telemetry data is available in the Update Compliance solution.<BR>
**(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.<BR>
**(2)** Diagnostic data is analyzed by the Update Compliance Data Service.<BR>
**(3)** Diagnostic data is pushed from the Update Compliance Data Service to your OMS workspace.<BR>
**(4)** Diagnostic data is available in the Update Compliance solution.<BR>
**(5)** You are able to monitor and troubleshoot Windows updates and Windows Defender AV in your environment.<BR>
These steps are illustrated in following diagram:
@ -54,7 +54,7 @@ These steps are illustrated in following diagram:
![Update Compliance architecture](images/uc-01-wdav.png)
>[!NOTE]
>This process assumes that Windows telemetry is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices).
>This process assumes that Windows diagnostic data is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices).

2
windows/deployment/update/update-compliance-using.md
View File

@ -16,7 +16,7 @@ In this section you'll learn how to use Update Compliance to monitor your device
Update Compliance:
- Uses telemetry gathered from user devices to form an all-up view of Windows 10 devices in your organization.
- Uses diagnostic data gathered from user devices to form an all-up view of Windows 10 devices in your organization.
- Enables you to maintain a high-level perspective on the progress and status of updates across all devices.
- Provides a workflow that can be used to quickly identify which devices require attention.
- Enables you to track deployment compliance targets for updates.

2
windows/deployment/update/waas-configure-wufb.md
View File

@ -28,7 +28,7 @@ ms.date: 10/13/2017
You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and above. The MDM policies use the OMA-URI setting from the [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx).
>[!IMPORTANT]
>For Windows Update for Business policies to be honored, the Telemetry level of the device must be set to **1 (Basic)** or higher. If it is set to **0 (Security)**, Windows Update for Business policies will have no effect. For instructions, see [Configure the operating system telemetry level](https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-telemetry-in-your-organization#configure-the-operating-system-telemetry-level).
>For Windows Update for Business policies to be honored, the Diagnostic Data level of the device must be set to **1 (Basic)** or higher. If it is set to **0 (Security)**, Windows Update for Business policies will have no effect. For instructions, see [Configure the operating system diagnostic data level](https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#configure-the-operating-system-diagnostic-data-level).
Some Windows Update for Business policies are not applicable or behave differently for devices running Windows 10 Mobile Enterprise. Specifically, policies pertaining to Feature Updates will not be applied to Windows 10 Mobile Enterprise. All Windows 10 Mobile updates are recognized as Quality Updates, and can only be deferred or paused using the Quality Update policy settings. Additional information is provided in this topic and in [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md).

2
windows/deployment/update/waas-manage-updates-wufb.md
View File

@ -121,7 +121,7 @@ Windows Update for Business was first made available in Windows 10, version 1511
## Monitor Windows Updates using Update Compliance
Update Compliance, now **available in public preview**, provides a holistic view of OS update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This new service uses telemetry data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated.
Update Compliance, now **available in public preview**, provides a holistic view of OS update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This new service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated.
![Update Compliance Dashboard](images/waas-wufb-update-compliance.png)

2
windows/deployment/update/waas-overview.md
View File

@ -45,7 +45,7 @@ One of the biggest challenges for organizations when it comes to deploying a new
Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. With Windows 10, application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously. Microsoft understands the challenges organizations experienced when they migrated from the Windows XP operating system to Windows 7 and has been working to make Windows 10 upgrades a much better experience.
Most Windows 7compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal. Combined with valuable feedback via the Windows Insider Program and telemetry data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10.
Most Windows 7compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal. Combined with valuable feedback via the Windows Insider Program and diagnostic data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10.
For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. If its unclear whether an application is compatible with Windows 10, IT pros can either consult with the ISV or check the supported software directory at [http://www.readyforwindows.com](http://www.readyforwindows.com).

8
windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md
View File

@ -14,7 +14,7 @@ With the release of Upgrade Readiness, enterprises now have the tools to plan an
Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsofts experience upgrading millions of devices to Windows 10.
With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
Use Upgrade Readiness to get:
@ -28,11 +28,11 @@ Use Upgrade Readiness to get:
The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what diagnostic data Microsoft collects and how that data is used and protected by Microsoft, see:
- [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization)
- [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
- [Manage connections from Windows operating system components to Microsoft services](/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services)
- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
- [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
##**Related topics**

6
windows/deployment/upgrade/troubleshoot-upgrade-readiness.md
View File

@ -24,16 +24,16 @@ If you still dont see data in Upgrade Readiness, follow these steps:
## Disable Upgrade Readiness
If you want to stop using Upgrade Readiness and stop sending telemetry data to Microsoft, follow these steps:
If you want to stop using Upgrade Readiness and stop sending diagnostic data data to Microsoft, follow these steps:
1. Unsubscribe from the Upgrade Readiness solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.
![Upgrade Readiness unsubscribe](../images/upgrade-analytics-unsubscribe.png)
2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**:
2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the diagnostic data level to **Security**:
**Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*
**Windows 10**: Follow the instructions in the [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#enterprise-management) topic.
**Windows 10**: Follow the instructions in the [Configure Windows diagnostic data in your organization](/configuration/configure-windows-diagnostic-data-in-your-organization.md) topic.
3. If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0". The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*.
4. You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**.

4
windows/deployment/upgrade/upgrade-readiness-additional-insights.md
View File

@ -18,7 +18,7 @@ This topic provides information on additional features that are available in Upg
The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
> [!NOTE]
> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, data will be collected on all sites visited by Microsoft Edge on computers running Windows 10 version 1803 (including Insider Preview builds) or newer. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, data will be collected on all sites visited by Microsoft Edge on computers running Windows 10 version 1803 (including Insider Preview builds) or newer. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
### Install prerequisite security update for Internet Explorer
@ -27,7 +27,7 @@ Ensure the following prerequisites are met before using site discovery:
1. Install the prerequisite KBs to add Site Discovery support and the latest fixes from the [Microsoft Update Catalog](http://www.catalog.update.microsoft.com/home.aspx). Install the following:
- For Windows 7 and Windows 8.1 - March, 2017 (or later) Security Monthly Rollup
- For Windows 10 - Cumulative Update for Windows 10 Version 1607 (KB4015217) (or later)
2. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it. In addition, to enable Site Discovery on Windows 10 you must set computers to the **Enhanced Telemetry Level** for the Feedback and Diagnostics setting (Privacy > Feedback & Diagnostics settings), and enable **Page Prediction within Internet Explorer 11**.
2. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it. In addition, to enable Site Discovery on Windows 10 you must set computers to the **Enhanced** diagnostic data level for the Feedback and Diagnostics setting (Privacy > Feedback & Diagnostics settings), and enable **Page Prediction within Internet Explorer 11**.
If you do not plan to use the Upgrade Readiness deployment script to enable Site discovery, you must create the following registry entry.

10
windows/deployment/upgrade/upgrade-readiness-architecture.md
View File

@ -8,7 +8,7 @@ ms.date: 04/25/2017
# Upgrade Readiness architecture
Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Readiness components work together in a typical installation.
Microsoft analyzes system, application, and driver diagnostic data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Readiness components work together in a typical installation.
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
<img src="media/image1.png" width="624" height="401" />
@ -16,13 +16,13 @@ Microsoft analyzes system, application, and driver telemetry data to help you de
![Upgrade Readiness architecture](../images/ur-arch-diagram.png)
After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Readiness, telemetry data is analyzed by the Upgrade Readiness Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Readiness solution (5) to plan and manage Windows upgrades.
After you enable Windows diagnostic data on user computers and install the compatibility update KB (1), user computers send computer, application and driver diagnostic data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Readiness, diagnostic data is analyzed by the Upgrade Readiness Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Readiness solution (5) to plan and manage Windows upgrades.
For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
For more information about what diagnostic data Microsoft collects and how that data is used and protected by Microsoft, see:
[Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization)<BR>
[Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization)<BR>
[Manage connections from Windows operating system components to Microsoft services](/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services)<BR>
[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)<BR>
[Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)<BR>
##**Related topics**

6
windows/deployment/upgrade/upgrade-readiness-data-sharing.md
View File

@ -16,7 +16,7 @@ To enable data sharing with the Upgrade Readiness solution, the following endpoi
| **Endpoint** | **Function** |
|---------------------------------------------------------|-----------|
| `https://v10.vortex-win.data.microsoft.com/collect/v1`<br>`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. |
| `https://v10.vortex-win.data.microsoft.com/collect/v1`<br>`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experiences and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. |
| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. |
| `https://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
@ -28,7 +28,7 @@ There are several different methods your organization can use to connect to the
### Direct connection to the Internet
This scenario is very simple since there is no proxy involved. If you are using a network firewall which is blocking outgoing traffic, please keep in mind that even though we provide DNS names for the endpoints needed to communicate to the Microsoft telemetry backend, We therefore do not recommend to attempt to whitelist endpoints on your firewall based on IP-addresses.
This scenario is very simple since there is no proxy involved. If you are using a network firewall which is blocking outgoing traffic, please keep in mind that even though we provide DNS names for the endpoints needed to communicate to the Microsoft diagnostic data backend, We therefore do not recommend to attempt to whitelist endpoints on your firewall based on IP-addresses.
In order to use the direct connection scenario, set the parameter **ClientProxy=Direct** in **runconfig.bat**.
@ -46,7 +46,7 @@ If you want to learn more about Proxy considerations on Windows, please take a l
### Logged-in users Internet connection
In order to accommodate complex proxy scenarios, we also support using the currently logged-in users internet connection. This scenario supports PAC scripts, proxy autodetection and authentication. Essentially, if the logged in user can reach the Windows Telemetry endpoints, the telemetry client can send data. If runconfig.bat runs while no user is logged in, telemetry events get written into a buffer which gets flushed when a user logs in.
In order to accommodate complex proxy scenarios, we also support using the currently logged-in users internet connection. This scenario supports PAC scripts, proxy autodetection and authentication. Essentially, if the logged in user can reach the Windows diagnostic data endpoints, the diagnostic data client can send data. If runconfig.bat runs while no user is logged in, diagnostic data events get written into a buffer which gets flushed when a user logs in.
In order to enable this scenario, you need:
- A current quality update Rollup for Windows 7, 8.1 or Windows 10 Version 1511. Updates shipped after October 2016 have the needed code

6
windows/deployment/upgrade/upgrade-readiness-deployment-script.md
View File

@ -27,7 +27,7 @@ The Upgrade Readiness deployment script does the following:
3. Checks whether the computer has a pending restart.  
4. Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended).
5. If enabled, turns on verbose mode for troubleshooting.
6. Initiates the collection of the telemetry data that Microsoft needs to assess your organizations upgrade readiness.
6. Initiates the collection of the diagnostic data that Microsoft needs to assess your organizations upgrade readiness.
7. If enabled, displays the scripts progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file.
## Running the script
@ -169,7 +169,7 @@ The deployment script displays the following exit codes to let you know if it wa
</tr>
<tr>
<td>18 - Appraiser KBs not installed or **appraiser.dll** not found.</td>
<td>Either the Appraiser KBs are not installed, or the **appraiser.dll** file was not found. For more information, see appraiser telemetry events and fields information in the [Data collection](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#data-collection-and-privacy) and privacy topic.</td>
<td>Either the Appraiser KBs are not installed, or the **appraiser.dll** file was not found. For more information, see appraiser diagnostic data events and fields information in the [Data collection](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#data-collection-and-privacy) and privacy topic.</td>
</tr>
<tr>
<td>19 - Function **CheckAppraiserKB**, which checks the compatibility update KBs, failed with unexpected exception.</td>
@ -263,7 +263,7 @@ The deployment script displays the following exit codes to let you know if it wa
\Windows\DataCollection**</font>
or <font size='1'>**HKLM:\SOFTWARE\Microsoft\Windows
\CurrentVersion\Policies\DataCollection**</font></td>
<td>For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization).</td>
<td>For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows diagnostic data in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization).</td>
</tr>
<tr>
<td>40 - Function **CheckTelemetryOptIn** failed with an unexpected exception. </td>

8
windows/deployment/upgrade/upgrade-readiness-get-started.md
View File

@ -31,11 +31,11 @@ When you are ready to begin using Upgrade Readiness, perform the following steps
## Data collection and privacy
To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see the following topics:
To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what diagnostic data Microsoft collects and how that data is used and protected by Microsoft, see the following topics:
- [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization)
- [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
- [Manage connections from Windows operating system components to Microsoft services](/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services)
- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
- [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
## Add Upgrade Readiness to Operations Management Suite
@ -90,7 +90,7 @@ Note: The compatibility update KB runs under the computers system account.
### Connection settings
The settings that are used to enable client computers to connect to Windows Telemetry depend on the type of connection scenario you use. These scenarios are discussed in [this blog post](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) and are summarized below.
The settings that are used to enable client computers to connect to Windows diagnostic data depend on the type of connection scenario you use. These scenarios are discussed in [this blog post](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) and are summarized below.
| **Connection scenario** | **ClientProxy setting** <BR>in **runconfig.bat** | **Local computer configuration** |
|---------------------------------------------------------|-----------|-----------|

14
windows/deployment/upgrade/upgrade-readiness-requirements.md
View File

@ -14,9 +14,9 @@ This article introduces concepts and steps needed to get up and running with Upg
### Windows 7 and Windows 8.1
To perform an in-place upgrade, user computers must be running the latest version of either Windows 7 SP1 or Windows 8.1. After you enable Windows telemetry, Upgrade Readiness performs a full inventory of computers so that you can see which version of Windows is installed on each computer.
To perform an in-place upgrade, user computers must be running the latest version of either Windows 7 SP1 or Windows 8.1. After you enable Windows diagnostic data, Upgrade Readiness performs a full inventory of computers so that you can see which version of Windows is installed on each computer.
The compatibility update KB that sends telemetry data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Readiness cannot evaluate Windows XP or Windows Vista for upgrade eligibility.
The compatibility update KB that sends diagnostic data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Readiness cannot evaluate Windows XP or Windows Vista for upgrade eligibility.
<!--With Windows 10, edition 1607, the compatibility update KB is installed automatically.-->
@ -47,13 +47,13 @@ Important: You can use either a Microsoft Account or a Work or School account to
Upgrade Readiness can be integrated with your installation of Configuration Manager. For more information, see [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
## Telemetry and data sharing
## Diagnostic data and data sharing
After youve signed in to Operations Management Suite and added the Upgrade Readiness solution to your workspace, youll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Readiness.
See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
See [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization) for more information about how Microsoft uses Windows diagnostic data.
**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, youll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
**Whitelist diagnostic data endpoints.** To enable diagnostic data to be sent to Microsoft, youll need to whitelist the following Microsoft endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
`https://v10.vortex-win.data.microsoft.com/collect/v1`<BR>
`https://vortex-win.data.microsoft.com/health/keepalive`<BR>
@ -68,7 +68,7 @@ See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields
**Subscribe your OMS workspace to Upgrade Readiness.** For Upgrade Readiness to receive and display upgrade readiness data from Microsoft, youll need to subscribe your OMS workspace to Upgrade Readiness.
**Enable telemetry and connect data sources.** To allow Upgrade Readiness to collect system, application, and driver data and assess your organizations upgrade readiness, communication must be established between Upgrade Readiness and user computers. Youll need to connect Upgrade Readiness to your data sources and enable telemetry to establish communication.
**Enable diagnostic data and connect data sources.** To allow Upgrade Readiness to collect system, application, and driver data and assess your organizations upgrade readiness, communication must be established between Upgrade Readiness and user computers. Youll need to connect Upgrade Readiness to your data sources and enable diagnostic data to establish communication.
**Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you dont already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
@ -82,7 +82,7 @@ Before you get started configuring Upgrade Anatlyics, review the following tips
**Upgrade Readiness does not support on-premises Windows deployments.** Upgrade Readiness is built as a cloud service, which allows Upgrade Readiness to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises.
**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. Were adding support for additional regions and well update this information when new international regions are supported.
**In-region data storage requirements.** Windows diagnostic data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. Were adding support for additional regions and well update this information when new international regions are supported.
### Tips

2
windows/deployment/upgrade/upgrade-readiness-resolve-issues.md
View File

@ -141,7 +141,7 @@ Applications and drivers that are meet certain criteria to be considered low ris
The first row reports the number of your apps that have an official statement of support on Windows 10 from the software vendor, so you can be confident that they will work on your target operating system.
The second row (**Apps that are "Highly adopted"**) shows apps that have a ReadyForWindows status of "Highly adopted". This means that they have been installed on at least 100,000 commercial Windows 10 devices, and that Microsoft has not detected significant issues with the app in telemetry. Since these apps are prevalent in the ecosystem at large, you can be confident that they will work in your environment as well.
The second row (**Apps that are "Highly adopted"**) shows apps that have a ReadyForWindows status of "Highly adopted". This means that they have been installed on at least 100,000 commercial Windows 10 devices, and that Microsoft has not detected significant issues with the app in diagnostic data. Since these apps are prevalent in the ecosystem at large, you can be confident that they will work in your environment as well.
Each row of the blade uses a different criterion to filter your apps or drivers. You can view a list of applications that meet the criterion by clicking into a row of the blade. For example, if you click the row that says "Apps that are 'Highly adopted'", the result is a list of apps that have a ReadyForWindows status of "Highly adopted". From here, you can bulk-select the results, select **Ready to upgrade**, and then click **Save**.  This will mark all apps meeting the "Highly adopted" criterion as "Ready to upgrade"--no further validation is required. Any applications that you have marked as *Mission critical* or *Business critical* are filtered out, as well as any app that has an issue known to Microsoft. This allows you to work with apps in bulk without having to worry about missing a critical app.

2
windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md
View File

@ -54,7 +54,7 @@ Select **Total computers** for a list of computers and details about them, inclu
- Computer model
- Operating system version and build
- Count of system requirement, application, and driver issues per computer
- Upgrade assessment based on analysis of computer telemetry data
- Upgrade assessment based on analysis of computer diagnostic data
- Upgrade decision status
Select **Total applications** for a list of applications discovered on user computers and details about them, including:

2
windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md
View File

@ -10,7 +10,7 @@ ms.date: 08/30/2017
You can use Upgrade Readiness to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Readiness enables you to deploy Windows with confidence, knowing that youve addressed potential blocking issues.
- Based on telemetry data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organizations upgrade readiness.
- Based on diagnostic data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organizations upgrade readiness.
- Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them.
When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks.

2
windows/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md
View File

@ -17,7 +17,7 @@ ms.date: 07/27/2017
On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as [WannaCrypt](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt), appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install [MS17-010](https://technet.microsoft.com/en-us/library/security/ms17-010.aspx) if they have not already done so.
Microsoft antimalware telemetry immediately picked up signs of this campaign. Our expert systems gave us visibility and context into this new attack as it happened, allowing [Windows Defender Antivirus](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-defender-in-windows-10) to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware.
Microsoft antimalware diagnostic data immediately picked up signs of this campaign. Our expert systems gave us visibility and context into this new attack as it happened, allowing [Windows Defender Antivirus](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-defender-in-windows-10) to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware.
In this blog, we provide an early analysis of the end-to-end ransomware attack. Please note this threat is still under investigation. The attack is still active, and there is a possibility that the attacker will attempt to react to our detection response.

4
windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
View File

@ -133,10 +133,10 @@ https://msdl.microsoft.com/download/symbols
Universal Telemetry Client
</td>
<td>
Used by Windows to send client telemetry, Windows Defender Antivirus uses this for product quality monitoring purposes
Used by Windows to send client diagnostic data, Windows Defender Antivirus uses this for product quality monitoring purposes
</td>
<td>
This update uses SSL (TCP Port 443) to download manifests and upload telemetry to Microsoft that uses the following DNS endpoints: <ul><li>vortex-win.data.microsoft.com</li><li>settings-win.data.microsoft.com</li></ul></td>
This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: <ul><li>vortex-win.data.microsoft.com</li><li>settings-win.data.microsoft.com</li></ul></td>
</tr>
</table>

2
windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
View File

@ -51,7 +51,7 @@ In order for devices to properly show up in Update Compliance, you have to meet
>- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance.
> - [Cloud-delivered protection is enabled](enable-cloud-protection-windows-defender-antivirus.md).
> - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud)
> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 telemetry must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level).
> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level).
> - It has been 3 days since all requirements have been met
If the above pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us.

4
windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
View File

@ -106,11 +106,11 @@ Health Status for onboarded machines: Sense Is Running | ./Device/Vendor/MSFT/Wi
Health Status for onboarded machines: Onboarding State | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 1 | Onboarded to Windows Defender ATP
Health Status for onboarded machines: Organization ID | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OrgId | String | Use OrgID from onboarding file | Onboarded to Organization ID
Configuration for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1 <br> Default value: 1 | Windows Defender ATP Sample sharing is enabled
Configuration for onboarded machines: telemetry reporting frequency | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/TelemetryReportingFrequency | Integer | 1 or 2 <br> 1: Normal (default)<br><br> 2: Expedite | Windows Defender ATP telemetry reporting
Configuration for onboarded machines: diagnostic data reporting frequency | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/TelemetryReportingFrequency | Integer | 1 or 2 <br> 1: Normal (default)<br><br> 2: Expedite | Windows Defender ATP diagnostic data reporting
> [!NOTE]
> - The **Health Status for onboarded machines** policy uses read-only properties and can't be remediated.
> - Configuration of telemetry reporting frequency is only available for machines on Windows 10, version 1703.
> - Configuration of diagnostic data reporting frequency is only available for machines on Windows 10, version 1703.
> - Using the Expedite mode might have an impact on the machine's battery usage and actual bandwidth used for sensor data. You should consider this when these measures are critical.

2
windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
View File

@ -60,7 +60,7 @@ To effectively offboard the endpoints from the service, you'll need to disable t
2. In Windows Defender Security Center portal, select **Endpoint management**> **Non-Windows**.
3. Toggle the third-party provider switch button to turn stop telemetry from endpoints.
3. Toggle the third-party provider switch button to turn stop diagnostic data from endpoints.
>[!WARNING]
>If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on endpoints.

2
windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
View File

@ -47,7 +47,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
- WinHTTP configured using netsh command Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy)
## Configure the proxy server manually using a registry-based static proxy
Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report telemetry and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet.
Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report diagnostic data and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet.
The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**.

10
windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
View File

@ -155,7 +155,7 @@ The service could not contact the external processing servers at that URL.</td>
<td>17</td>
<td>Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable```.</td>
<td>An error occurred with the Windows telemetry service.</td>
<td>[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).<br>
<td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled).<br>
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
</tr>
@ -206,7 +206,7 @@ Ensure real-time antimalware protection is running properly.</td>
<td>28</td>
<td>Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable```.</td>
<td>An error occurred with the Windows telemetry service.</td>
<td>[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).<br>
<td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).<br>
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
</tr>
@ -222,7 +222,7 @@ Ensure real-time antimalware protection is running properly.</td>
<td>31</td>
<td>Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable```.</td>
<td>An error occurred with the Windows telemetry service during onboarding. The offboarding process continues.</td>
<td>[Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).</td>
<td>[Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).</td>
</tr>
<tr>
<td>32</td>
@ -241,7 +241,7 @@ If the identifier does not persist, the same machine might appear twice in the p
<td>34</td>
<td>Windows Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable```.</td>
<td>An error occurred with the Windows telemetry service.</td>
<td>[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).<br>
<td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).<br>
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
</tr>
@ -250,7 +250,7 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen
<td>Windows Defender Advanced Threat Protection service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. Failure code: ```variable```.</td>
<td>An error occurred with the Windows telemetry service during offboarding. The offboarding process continues.
</td>
<td>Check for errors with the Windows telemetry service.</td>
<td>Check for errors with the Windows diagnostic data service.</td>
</tr>
<tr>
<td>36</td>

4
windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
View File

@ -72,8 +72,8 @@ Follow theses actions to correct known issues related to a misconfigured machine
- [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)</br>
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
- [Ensure the telemetry and diagnostics service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled)</br>
If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint.
- [Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled)</br>
If the endpoints aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint.
- [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)</br>
If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.

11
windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
View File

@ -72,13 +72,14 @@ The Windows Defender ATP sensor can utilize up to 5MB daily of bandwidth to com
For more information on additional proxy configuration settings see, [Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
Before you configure endpoints, the telemetry and diagnostics service must be enabled. The service is enabled by default in Windows 10.
Before you configure endpoints, the diagnostic data service must be enabled. The service is enabled by default in Windows 10.
### Telemetry and diagnostics settings
You must ensure that the telemetry and diagnostics service is enabled on all the endpoints in your organization.
<span id="telemetry-and-diagnostics-settings" />
### Diagnostic data settings
You must ensure that the diagnostic data service is enabled on all the endpoints in your organization.
By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them.
**Use the command line to check the Windows 10 telemetry and diagnostics service startup type**:
**Use the command line to check the Windows 10 diagnostic data service startup type**:
1. Open an elevated command-line prompt on the endpoint:
@ -100,7 +101,7 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the
**Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:**
**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
1. Open an elevated command-line prompt on the endpoint:

11
windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
View File

@ -128,7 +128,7 @@ ID | Severity | Event description | Troubleshooting steps
## Troubleshoot onboarding issues on the endpoint
If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
- [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log)
- [Ensure the telemetry and diagnostics service is enabled](#ensure-the-telemetry-and-diagnostics-service-is-enabled)
- [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled)
- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
- [Ensure the endpoint has an Internet connection](#ensure-the-endpoint-has-an-internet-connection)
- [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)
@ -176,14 +176,15 @@ Event ID | Message | Resolution steps
<br>
There are additional components on the endpoint that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
### Ensure the telemetry and diagnostics service is enabled
If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint. The service might have been disabled by other programs or user configuration changes.
<span id="ensure-the-diagnostics-service-is-enabled" />
### Ensure the diagnostic data service is enabled
If the endpoints aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint. The service might have been disabled by other programs or user configuration changes.
First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't).
### Ensure the service is set to start
**Use the command line to check the Windows 10 telemetry and diagnostics service startup type**:
**Use the command line to check the Windows 10 diagnostic data service startup type**:
1. Open an elevated command-line prompt on the endpoint:
@ -204,7 +205,7 @@ First, you should check that the service is set to start automatically when Wind
If the `START_TYPE` is not set to `AUTO_START`, then you'll need to set the service to automatically start.
**Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:**
**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
1. Open an elevated command-line prompt on the endpoint:

2
windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
View File

@ -43,7 +43,7 @@ Windows Defender SmartScreen helps to provide an early warning system against we
- **Operating system integration.** SmartScreen is integrated into the Windows 10 operating system, meaning that it checks any files an app (including 3rd-party browsers and email clients) attempts to download and run.
- **Improved heuristics and telemetry.** SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files.
- **Improved heuristics and diagnostic data.** SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files.
- **Management through Group Policy and Microsoft Intune.** SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md).

2
windows/whats-new/whats-new-windows-10-version-1607.md
View File

@ -35,7 +35,7 @@ Windows ICD now includes simplified workflows for creating provisioning packages
Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsofts experience upgrading millions of devices to Windows 10.
With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
Use Upgrade Readiness to get: