diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md index a229e2df1a..6148d1201c 100644 --- a/windows/privacy/TOC.md +++ b/windows/privacy/TOC.md @@ -1,6 +1,6 @@ # [Privacy](index.yml) ## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md) -## [Windows 10 and the GDPR for IT Decision Makers](gdpr-it-guidance.md) +## [Windows and the GDPR: Information for IT Administrators and Decision Makers](gdpr-it-guidance.md) ## [Windows 10 personal data services configuration](windows-personal-data-services-configuration.md) ## [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) ## [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index ada643a31a..c0acd3cd73 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -2791,7 +2791,7 @@ The following fields are available: ### Microsoft.Windows.Remediation.Applicable -This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. The following fields are available: @@ -2814,7 +2814,7 @@ The following fields are available: - **HResult** The HRESULT for detection or perform action phases of the plugin. - **IsAppraiserLatestResult** The HRESULT from the appraiser task. - **IsConfigurationCorrected** Indicates whether the configuration of SIH task was successfully corrected. -- **LastHresult** The HRESULT for detection or perform action phases of the plugin. +- **LastHresult** The HResult of the operation. - **LastRun** The date of the most recent SIH run. - **NextRun** Date of the next scheduled SIH run. - **PackageVersion** The version of the current remediation package. @@ -2875,7 +2875,7 @@ The following fields are available: ### Microsoft.Windows.Remediation.Completed -This event enables completion tracking of a process that remediates issues preventing security and quality updates. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. The following fields are available: @@ -2964,123 +2964,9 @@ The following fields are available: - **WindowsSxsTempFolderSizeInMegabytes** The size of the WinSxS (Windows Side-by-Side) Temp folder, measured in Megabytes. -### Microsoft.Windows.Remediation.DiskCleanUnExpectedErrorEvent - -This event indicates that an unexpected error occurred during an update and provides information to help address the issue. - -The following fields are available: - -- **CV** The Correlation vector. -- **ErrorMessage** A description of any errors encountered while the plug-in was running. -- **GlobalEventCounter** The client-side counter that indicates ordering of events. -- **Hresult** The result of the event execution. -- **PackageVersion** The version number of the current remediation package. -- **SessionGuid** GUID associated with a given execution of sediment pack. - - -### Microsoft.Windows.Remediation.Error - -This event indicates a Sediment Pack error (update stack failure) has been detected and provides information to help address the issue. - -The following fields are available: - -- **HResult** The result of the event execution. -- **Message** A message containing information about the error that occurred. -- **PackageVersion** The version number of the current remediation package. - - -### Microsoft.Windows.Remediation.FallbackError - -This event indicates an error when Self Update results in a Fallback and provides information to help address the issue. - -The following fields are available: - -- **s0** Indicates the Fallback error level. See [Microsoft.Windows.Remediation.wilResult](#microsoftwindowsremediationwilresult). -- **wilResult** The result of the Windows Installer Logging. See [wilResult](#wilresult). - - -### Microsoft.Windows.Remediation.RemediationNotifyUserFixIssuesInvokeUIEvent - -This event occurs when the Notify User task executes and provides information about the cause of the notification. - -The following fields are available: - -- **CV** The Correlation vector. -- **GlobalEventCounter** The client-side counter that indicates ordering of events. -- **PackageVersion** The version number of the current remediation package. -- **RemediationNotifyUserFixIssuesCallResult** The result of calling the USO (Update Session Orchestrator) sequence steps. -- **RemediationNotifyUserFixIssuesUsoDownloadCalledHr** The error code from the USO (Update Session Orchestrator) download call. -- **RemediationNotifyUserFixIssuesUsoInitializedHr** The error code from the USO (Update Session Orchestrator) initialize call. -- **RemediationNotifyUserFixIssuesUsoProxyBlanketHr** The error code from the USO (Update Session Orchestrator) proxy blanket call. -- **RemediationNotifyUserFixIssuesUsoSetSessionHr** The error code from the USO (Update Session Orchestrator) session call. - - -### Microsoft.Windows.Remediation.RemediationShellFailedAutomaticAppUpdateModifyEventId - -This event provides the modification of the date on which an Automatic App Update scheduled task failed and provides information about the failure. - -The following fields are available: - -- **CV** The Correlation Vector. -- **GlobalEventCounter** The client-side counter that indicates ordering of events. -- **hResult** The result of the event execution. -- **PackageVersion** The version number of the current remediation package. - - -### Microsoft.Windows.Remediation.RemediationShellUnexpectedExceptionId - -This event identifies the remediation plug-in that returned an unexpected exception and provides information about the exception. - -The following fields are available: - -- **CV** The Correlation Vector. -- **GlobalEventCounter** The client-side counter that indicates ordering of events. -- **PackageVersion** The version number of the current remediation package. -- **RemediationShellUnexpectedExceptionId** The ID of the remediation plug-in that caused the exception. - - -### Microsoft.Windows.Remediation.RemediationUHEnableServiceFailed - -This event tracks the health of key update (Remediation) services and whether they are enabled. - -The following fields are available: - -- **CV** The Correlation Vector. -- **GlobalEventCounter** The client-side counter that indicates ordering of events. -- **hResult** The result of the event execution. -- **PackageVersion** The version number of the current remediation package. -- **serviceName** The name associated with the operation. - - -### Microsoft.Windows.Remediation.RemediationUpgradeSucceededDataEventId - -This event returns information about the upgrade upon success to help ensure Windows is up to date. - -The following fields are available: - -- **AppraiserPlugin** TRUE / FALSE depending on whether the Appraiser plug-in task fix was successful. -- **ClearAUOptionsPlugin** TRUE / FALSE depending on whether the AU (Auto Updater) Options registry keys were successfully deleted. -- **CV** The Correlation Vector. -- **DatetimeSyncPlugin** TRUE / FALSE depending on whether the DateTimeSync plug-in ran successfully. -- **DiskCleanupPlugin** TRUE / FALSE depending on whether the DiskCleanup plug-in ran successfully. -- **GlobalEventCounter** The client-side counter that indicates ordering of events. -- **NoisyHammerPlugin** TRUE / FALSE depending on whether the NoisyHammer plug-in ran successfully. -- **PackageVersion** The version number of the current remediation package. -- **RebootRequiredPlugin** TRUE / FALSE depending on whether the Reboot plug-in ran successfully. -- **RemediationNotifyUserFixIssuesPlugin** TRUE / FALSE depending on whether the User Fix Issues plug-in ran successfully -- **RemediationPostUpgradeDiskSpace** The amount of disk space available after the upgrade. -- **RemediationPostUpgradeHibernationSize** The size of the Hibernation file after the upgrade. -- **ServiceHealthPlugin** A list of services updated by the plug-in. -- **SIHHealthPlugin** TRUE / FALSE depending on whether the SIH Health plug-in ran successfully. -- **StackDataResetPlugin** TRUE / FALSE depending on whether the update stack completed successfully. -- **TaskHealthPlugin** A list of tasks updated by the plug-in. -- **UpdateApplicabilityFixerPlugin** TRUE / FALSE depending on whether the update applicability fixer plug-in completed successfully. -- **WindowsUpdateEndpointPlugin** TRUE / FALSE depending on whether the Windows Update Endpoint was successful. - - ### Microsoft.Windows.Remediation.Started -This event reports whether a plug-in started, to help ensure Windows is up to date. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. The following fields are available: @@ -3091,31 +2977,6 @@ The following fields are available: - **Result** This is the HRESULT for detection or perform action phases of the plugin. -### Microsoft.Windows.Remediation.wilResult - -This event provides Self Update information to help keep Windows up to date. - -The following fields are available: - -- **callContext** A list of diagnostic activities containing this error. -- **currentContextId** An identifier for the newest diagnostic activity containing this error. -- **currentContextMessage** A message associated with the most recent diagnostic activity containing this error (if any). -- **currentContextName** Name of the most recent diagnostic activity containing this error. -- **failureCount** Number of failures seen within the binary where the error occurred. -- **failureId** The identifier assigned to this failure. -- **failureType** Indicates the type of failure observed (exception, returned, error, logged error, or fail fast). -- **fileName** The source code file name where the error occurred. -- **function** The name of the function where the error occurred. -- **hresult** The failure error code. -- **lineNumber** The Line Number within the source code file where the error occurred. -- **message** A message associated with the failure (if any). -- **module** The name of the binary module in which the error occurred. -- **originatingContextId** The identifier for the oldest diagnostic activity containing this error. -- **originatingContextMessage** A message associated with the oldest diagnostic activity containing this error (if any). -- **originatingContextName** The name of the oldest diagnostic activity containing this error. -- **threadId** The identifier of the thread the error occurred on. - - ## Sediment events ### Microsoft.Windows.Sediment.Info.AppraiserData @@ -3465,15 +3326,17 @@ The following fields are available: - **Time** The system time at which the event occurred. +## Sediment Launcher events + ### Microsoft.Windows.SedimentLauncher.Applicable -Indicates whether a given plugin is applicable. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. The following fields are available: - **CV** Correlation vector. - **DetectedCondition** Boolean true if detect condition is true and perform action will be run. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **GlobalEventCounter** Client side counter which indicates ordering of events. - **IsSelfUpdateEnabledInOneSettings** True if self update enabled in Settings. - **IsSelfUpdateNeeded** True if self update needed by device. - **PackageVersion** Current package version of Remediation. @@ -3483,97 +3346,43 @@ The following fields are available: ### Microsoft.Windows.SedimentLauncher.Completed -Indicates whether a given plugin has completed its work. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. The following fields are available: - **CV** Correlation vector. - **FailedReasons** Concatenated list of failure reasons. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **GlobalEventCounter** Client side counter which indicates ordering of events. - **PackageVersion** Current package version of Remediation. - **PluginName** Name of the plugin specified for each generic plugin event. - **Result** This is the HRESULT for detection or perform action phases of the plugin. - **SedLauncherExecutionResult** HRESULT for one execution of the Sediment Launcher. -### Microsoft.Windows.SedimentLauncher.Error - -This event indicates an error occurred during the execution of the plug-in. The information provided helps ensure future upgrade/update attempts are more successful. - -The following fields are available: - -- **HResult** The result for the Detection or Perform Action phases of the plug-in. -- **Message** A message containing information about the error that occurred (if any). -- **PackageVersion** The version number of the current remediation package. - - -### Microsoft.Windows.SedimentLauncher.FallbackError - -This event indicates that an error occurred during execution of the plug-in fallback. - -The following fields are available: - -- **s0** Error occurred during execution of the plugin fallback. See [Microsoft.Windows.SedimentLauncher.wilResult](#microsoftwindowssedimentlauncherwilresult). - - -### Microsoft.Windows.SedimentLauncher.Information - -This event provides general information returned from the plug-in. - -The following fields are available: - -- **HResult** This is the HRESULT for detection or perform action phases of the plugin. -- **Message** Information message returned from a plugin containing only information internal to the plugins execution. -- **PackageVersion** Current package version of Remediation. - - ### Microsoft.Windows.SedimentLauncher.Started -This event indicates that a given plug-in has started. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. The following fields are available: - **CV** Correlation vector. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **GlobalEventCounter** Client side counter which indicates ordering of events. - **PackageVersion** Current package version of Remediation. - **PluginName** Name of the plugin specified for each generic plugin event. - **Result** This is the HRESULT for detection or perform action phases of the plugin. -### Microsoft.Windows.SedimentLauncher.wilResult - -This event provides the result from the Windows internal library. - -The following fields are available: - -- **callContext** List of telemetry activities containing this error. -- **currentContextId** Identifier for the newest telemetry activity containing this error. -- **currentContextMessage** Custom message associated with the newest telemetry activity containing this error (if any). -- **currentContextName** Name of the newest telemetry activity containing this error. -- **failureCount** Number of failures seen within the binary where the error occurred. -- **failureId** Identifier assigned to this failure. -- **failureType** Indicates what type of failure was observed (exception, returned error, logged error or fail fast). -- **fileName** Source code file name where the error occurred. -- **function** Name of the function where the error occurred. -- **hresult** Failure error code. -- **lineNumber** Line number within the source code file where the error occurred. -- **message** Custom message associated with the failure (if any). -- **module** Name of the binary where the error occurred. -- **originatingContextId** Identifier for the oldest telemetry activity containing this error. -- **originatingContextMessage** Custom message associated with the oldest telemetry activity containing this error (if any). -- **originatingContextName** Name of the oldest telemetry activity containing this error. -- **threadId** Identifier of the thread the error occurred on. - +## Sediment Service events ### Microsoft.Windows.SedimentService.Applicable -This event indicates whether a given plug-in is applicable. +This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date. The following fields are available: - **CV** Correlation vector. - **DetectedCondition** Determine whether action needs to run based on device properties. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **GlobalEventCounter** Client side counter which indicates ordering of events. - **IsSelfUpdateEnabledInOneSettings** Indicates if self update is enabled in One Settings. - **IsSelfUpdateNeeded** Indicates if self update is needed. - **PackageVersion** Current package version of Remediation. @@ -3583,13 +3392,13 @@ The following fields are available: ### Microsoft.Windows.SedimentService.Completed -This event indicates whether a given plug-in has completed its work. +This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date. The following fields are available: - **CV** Correlation vector. - **FailedReasons** List of reasons when the plugin action failed. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **GlobalEventCounter** Client side counter which indicates ordering of events. - **PackageVersion** Current package version of Remediation. - **PluginName** Name of the plugin specified for each generic plugin event. - **Result** This is the HRESULT for detection or perform action phases of the plugin. @@ -3603,40 +3412,9 @@ The following fields are available: - **SedimentServiceTotalIterations** Number of 5 second iterations service will wait before running again. -### Microsoft.Windows.SedimentService.Error - -This event indicates whether an error condition occurred in the plug-in. - -The following fields are available: - -- **HResult** This is the HRESULT for detection or perform action phases of the plugin. -- **Message** Custom message associated with the failure (if any). -- **PackageVersion** Current package version of Remediation. - - -### Microsoft.Windows.SedimentService.FallbackError - -This event indicates whether an error occurred for a fallback in the plug-in. - -The following fields are available: - -- **s0** Event returned when an error occurs for a fallback in the plugin. See [Microsoft.Windows.SedimentService.wilResult](#microsoftwindowssedimentservicewilresult). - - -### Microsoft.Windows.SedimentService.Information - -This event provides general information returned from the plug-in. - -The following fields are available: - -- **HResult** This is the HRESULT for detection or perform action phases of the plugin. -- **Message** Custom message associated with the failure (if any). -- **PackageVersion** Current package version of Remediation. - - ### Microsoft.Windows.SedimentService.Started -This event indicates a specified plug-in has started. This information helps ensure Windows is up to date. +This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date. The following fields are available: @@ -3647,31 +3425,6 @@ The following fields are available: - **Result** This is the HRESULT for Detection or Perform Action phases of the plugin. -### Microsoft.Windows.SedimentService.wilResult - -This event provides the result from the Windows internal library. - -The following fields are available: - -- **callContext** List of telemetry activities containing this error. -- **currentContextId** Identifier for the newest telemetry activity containing this error. -- **currentContextMessage** Custom message associated with the newest telemetry activity containing this error (if any). -- **currentContextName** Name of the newest telemetry activity containing this error. -- **failureCount** Number of failures seen within the binary where the error occurred. -- **failureId** Identifier assigned to this failure. -- **failureType** Indicates what type of failure was observed (exception, returned error, logged error or fail fast). -- **fileName** Source code file name where the error occurred. -- **function** Name of the function where the error occurred. -- **hresult** Failure error code. -- **lineNumber** Line number within the source code file where the error occurred. -- **message** Custom message associated with the failure (if any). -- **module** Name of the binary where the error occurred. -- **originatingContextId** Identifier for the oldest telemetry activity containing this error. -- **originatingContextMessage** Custom message associated with the oldest telemetry activity containing this error (if any). -- **originatingContextName** Name of the oldest telemetry activity containing this error. -- **threadId** Identifier of the thread the error occurred on. - - ## Setup events ### SetupPlatformTel.SetupPlatformTelActivityEvent diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index e6b7d5cbc6..7ed5621811 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -3004,7 +3004,7 @@ This event is triggered whenever the current app state is changed by: launch, sw ### Microsoft.Windows.Remediation.Applicable -This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. The following fields are available: @@ -3022,7 +3022,7 @@ The following fields are available: - **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed. - **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed. - **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed. -- **GlobalEventCounter** Client side counter that indicates ordering of events sent by the remediation system. +- **GlobalEventCounter** Client side counter that indicates ordering of events. - **HResult** The HRESULT for detection or perform action phases of the plugin. - **IsAppraiserLatestResult** The HRESULT from the appraiser task. - **IsConfigurationCorrected** Indicates whether the configuration of SIH task was successfully corrected. @@ -3085,29 +3085,9 @@ The following fields are available: - **TimeServiceSyncType** Type of sync behavior for Date & Time service on device. -### Microsoft.Windows.Remediation.ChangePowerProfileDetection - -Indicates whether the remediation system can put in a request to defer a system-initiated sleep to enable installation of security or quality updates. - -The following fields are available: - -- **ActionName** A descriptive name for the plugin action -- **CurrentPowerPlanGUID** The ID of the current power plan configured on the device -- **CV** Correlation vector -- **GlobalEventCounter** Counter that indicates the ordering of events on the device -- **PackageVersion** Current package version of remediation service -- **RemediationBatteryPowerBatteryLevel** Integer between 0 and 100 indicating % battery power remaining (if not on battery, expect 0) -- **RemediationFUInProcess** Result that shows whether the device is currently installing a feature update -- **RemediationFURebootRequred** Indicates that a feature update reboot required was detected so the plugin will exit. -- **RemediationScanInProcess** Result that shows whether the device is currently scanning for updates -- **RemediationTargetMachine** Result that shows whether this device is a candidate for remediation(s) that will fix update issues -- **SetupMutexAvailable** Result that shows whether setup mutex is available or not -- **SysPowerStatusAC** Result that shows whether system is on AC power or not - - ### Microsoft.Windows.Remediation.Completed -This event enables completion tracking of a process that remediates issues preventing security and quality updates. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. The following fields are available: @@ -3129,7 +3109,7 @@ The following fields are available: - **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes. - **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes. - **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in. -- **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user. +- **GlobalEventCounter** Client-side counter that indicates ordering of events. - **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes. - **hasRolledBack** Indicates whether the client machine has rolled back. - **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS. @@ -3222,30 +3202,14 @@ The following fields are available: - **windowsUpgradeRecoveredFromRs4** Event to report the value of the Windows Upgrade Recovered key. -### Microsoft.Windows.Remediation.RemediationShellMainExeEventId - -Enables tracking of completion of process that remediates issues preventing security and quality updates. - -The following fields are available: - -- **CV** Client side counter which indicates ordering of events sent by the remediation system. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by the remediation system. -- **PackageVersion** Current package version of Remediation. -- **RemediationShellCanAcquireSedimentMutex** True if the remediation was able to acquire the sediment mutex. False if it is already running. -- **RemediationShellExecuteShellResult** Indicates if the remediation system completed without errors. -- **RemediationShellFoundDriverDll** Result whether the remediation system found its component files to run properly. -- **RemediationShellLoadedShellDriver** Result whether the remediation system loaded its component files to run properly. -- **RemediationShellLoadedShellFunction** Result whether the remediation system loaded the functions from its component files to run properly. - - ### Microsoft.Windows.Remediation.Started -This event reports whether a plug-in started, to help ensure Windows is up to date. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. The following fields are available: - **CV** Correlation vector. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **GlobalEventCounter** Client side counter which indicates ordering of events. - **PackageVersion** Current package version of Remediation. - **PluginName** Name of the plugin specified for each generic plugin event. - **Result** This is the HRESULT for detection or perform action phases of the plugin. @@ -3315,15 +3279,17 @@ The following fields are available: - **Time** System timestamp the event was fired +## Sediment Launcher events + ### Microsoft.Windows.SedimentLauncher.Applicable -Indicates whether a given plugin is applicable. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. The following fields are available: - **CV** Correlation vector. - **DetectedCondition** Boolean true if detect condition is true and perform action will be run. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **GlobalEventCounter** Client side counter which indicates ordering of events. - **IsSelfUpdateEnabledInOneSettings** True if self update enabled in Settings. - **IsSelfUpdateNeeded** True if self update needed by device. - **PackageVersion** Current package version of Remediation. @@ -3333,98 +3299,43 @@ The following fields are available: ### Microsoft.Windows.SedimentLauncher.Completed -Indicates whether a given plugin has completed its work. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. The following fields are available: - **CV** Correlation vector. - **FailedReasons** Concatenated list of failure reasons. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **GlobalEventCounter** Client side counter which indicates ordering of events. - **PackageVersion** Current package version of Remediation. - **PluginName** Name of the plugin specified for each generic plugin event. - **Result** This is the HRESULT for detection or perform action phases of the plugin. - **SedLauncherExecutionResult** HRESULT for one execution of the Sediment Launcher. -### Microsoft.Windows.SedimentLauncher.Error - -Error occurred during execution of the plugin. - -The following fields are available: - -- **HResult** The result for the Detection or Perform Action phases of the plug-in. -- **Message** A message containing information about the error that occurred (if any). -- **PackageVersion** The version number of the current remediation package. - - -### Microsoft.Windows.SedimentLauncher.FallbackError - -This event indicates that an error occurred during execution of the plug-in fallback. - -The following fields are available: - -- **s0** Error occurred during execution of the plugin fallback. See [Microsoft.Windows.SedimentLauncher.wilResult](#microsoftwindowssedimentlauncherwilresult). -- **wilResult** Result from executing wil based function. See [wilResult](#wilresult). - - -### Microsoft.Windows.SedimentLauncher.Information - -This event provides general information returned from the plug-in. - -The following fields are available: - -- **HResult** This is the HRESULT for detection or perform action phases of the plugin. -- **Message** Information message returned from a plugin containing only information internal to the plugins execution. -- **PackageVersion** Current package version of Remediation. - - ### Microsoft.Windows.SedimentLauncher.Started -This event indicates that a given plug-in has started. +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep Windows up to date. The following fields are available: - **CV** Correlation vector. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **GlobalEventCounter** Client side counter which indicates ordering of events. - **PackageVersion** Current package version of Remediation. - **PluginName** Name of the plugin specified for each generic plugin event. - **Result** This is the HRESULT for detection or perform action phases of the plugin. -### Microsoft.Windows.SedimentLauncher.wilResult - -This event provides the result from the Windows internal library. - -The following fields are available: - -- **callContext** List of telemetry activities containing this error. -- **currentContextId** Identifier for the newest telemetry activity containing this error. -- **currentContextMessage** Custom message associated with the newest telemetry activity containing this error (if any). -- **currentContextName** Name of the newest telemetry activity containing this error. -- **failureCount** Number of failures seen within the binary where the error occurred. -- **failureId** Identifier assigned to this failure. -- **failureType** Indicates what type of failure was observed (exception, returned error, logged error or fail fast). -- **fileName** Source code file name where the error occurred. -- **function** Name of the function where the error occurred. -- **hresult** Failure error code. -- **lineNumber** Line number within the source code file where the error occurred. -- **message** Custom message associated with the failure (if any). -- **module** Name of the binary where the error occurred. -- **originatingContextId** Identifier for the oldest telemetry activity containing this error. -- **originatingContextMessage** Custom message associated with the oldest telemetry activity containing this error (if any). -- **originatingContextName** Name of the oldest telemetry activity containing this error. -- **threadId** Identifier of the thread the error occurred on. - +## Sediment Service events ### Microsoft.Windows.SedimentService.Applicable -This event indicates whether a given plug-in is applicable. +This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date. The following fields are available: - **CV** Correlation vector. - **DetectedCondition** Determine whether action needs to run based on device properties. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **GlobalEventCounter** Client side counter which indicates ordering of events. - **IsSelfUpdateEnabledInOneSettings** Indicates if self update is enabled in One Settings. - **IsSelfUpdateNeeded** Indicates if self update is needed. - **PackageVersion** Current package version of Remediation. @@ -3434,13 +3345,13 @@ The following fields are available: ### Microsoft.Windows.SedimentService.Completed -This event indicates whether a given plug-in has completed its work. +This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date. The following fields are available: - **CV** Correlation vector. - **FailedReasons** List of reasons when the plugin action failed. -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **GlobalEventCounter** Client side counter which indicates ordering of events. - **PackageVersion** Current package version of Remediation. - **PluginName** Name of the plugin specified for each generic plugin event. - **Result** This is the HRESULT for detection or perform action phases of the plugin. @@ -3454,41 +3365,9 @@ The following fields are available: - **SedimentServiceTotalIterations** Number of 5 second iterations service will wait before running again. -### Microsoft.Windows.SedimentService.Error - -This event indicates whether an error condition occurred in the plug-in. - -The following fields are available: - -- **HResult** This is the HRESULT for detection or perform action phases of the plugin. -- **Message** Custom message associated with the failure (if any). -- **PackageVersion** Current package version of Remediation. - - -### Microsoft.Windows.SedimentService.FallbackError - -This event indicates whether an error occurred for a fallback in the plug-in. - -The following fields are available: - -- **s0** Event returned when an error occurs for a fallback in the plugin. See [Microsoft.Windows.SedimentService.wilResult](#microsoftwindowssedimentservicewilresult). -- **wilResult** Result for wil based function. See [wilResult](#wilresult). - - -### Microsoft.Windows.SedimentService.Information - -This event provides general information returned from the plug-in. - -The following fields are available: - -- **HResult** This is the HRESULT for detection or perform action phases of the plugin. -- **Message** Custom message associated with the failure (if any). -- **PackageVersion** Current package version of Remediation. - - ### Microsoft.Windows.SedimentService.Started -This event indicates a specified plug-in has started. This information helps ensure Windows is up to date. +This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date. The following fields are available: @@ -3499,31 +3378,6 @@ The following fields are available: - **Result** This is the HRESULT for Detection or Perform Action phases of the plugin. -### Microsoft.Windows.SedimentService.wilResult - -This event provides the result from the Windows internal library. - -The following fields are available: - -- **callContext** List of telemetry activities containing this error. -- **currentContextId** Identifier for the newest telemetry activity containing this error. -- **currentContextMessage** Custom message associated with the newest telemetry activity containing this error (if any). -- **currentContextName** Name of the newest telemetry activity containing this error. -- **failureCount** Number of failures seen within the binary where the error occurred. -- **failureId** Identifier assigned to this failure. -- **failureType** Indicates what type of failure was observed (exception, returned error, logged error or fail fast). -- **fileName** Source code file name where the error occurred. -- **function** Name of the function where the error occurred. -- **hresult** Failure error code. -- **lineNumber** Line number within the source code file where the error occurred. -- **message** Custom message associated with the failure (if any). -- **module** Name of the binary where the error occurred. -- **originatingContextId** Identifier for the oldest telemetry activity containing this error. -- **originatingContextMessage** Custom message associated with the oldest telemetry activity containing this error (if any). -- **originatingContextName** Name of the oldest telemetry activity containing this error. -- **threadId** Identifier of the thread the error occurred on. - - ## Setup events ### SetupPlatformTel.SetupPlatformTelActivityEvent diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 945ae68322..1a5a1aa9c7 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -4208,6 +4208,222 @@ The following fields are available: - **userRegionCode** The current user's region setting +## Remediation events + +### Microsoft.Windows.Remediation.Applicable + +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. + +The following fields are available: + +- **ActionName** The name of the action to be taken by the plug-in. +- **AppraiserBinariesValidResult** Indicates whether plug-in was appraised as valid. +- **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check. +- **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid. +- **AppraiserTaskDisabled** Indicates the appraiser task is disabled. +- **AppraiserTaskValidFailed** Indicates the Appraiser task did not function and requires intervention. +- **CV** Correlation vector +- **DateTimeDifference** The difference between local and reference clock times. +- **DateTimeSyncEnabled** Indicates whether the datetime sync plug-in is enabled. +- **DaysSinceLastSIH** The number of days since the most recent SIH executed. +- **DaysToNextSIH** The number of days until the next scheduled SIH execution. +- **DetectedCondition** Indicates whether detect condition is true and the perform action will be run. +- **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed. +- **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed. +- **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed. +- **GlobalEventCounter** Client side counter that indicates ordering of events. +- **HResult** The HRESULT for detection or perform action phases of the plugin. +- **IsAppraiserLatestResult** The HRESULT from the appraiser task. +- **IsConfigurationCorrected** Indicates whether the configuration of SIH task was successfully corrected. +- **LastHresult** The HRESULT for detection or perform action phases of the plugin. +- **LastRun** The date of the most recent SIH run. +- **NextRun** Date of the next scheduled SIH run. +- **PackageVersion** The version of the current remediation package. +- **PluginName** Name of the plugin specified for each generic plugin event. +- **Reload** True if SIH reload is required. +- **RemediationNoisyHammerAcLineStatus** Event that indicates the AC Line Status of the machine. +- **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started. +- **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled. +- **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists. +- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task. +- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent hammer task ran. +- **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder. +- **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed. +- **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run. +- **RemediationNoisyHammerMeteredNetwork** TRUE if the machine is on a metered network. +- **RemediationNoisyHammerTaskEnabled** Indicates whether the Update Assistant Task (Noisy Hammer) is enabled. +- **RemediationNoisyHammerTaskExists** Indicates whether the Update Assistant Task (Noisy Hammer) exists. +- **RemediationNoisyHammerTaskTriggerEnabledCount** Indicates whether counting is enabled for the Update Assistant (Noisy Hammer) task trigger. +- **RemediationNoisyHammerUAExitCode** The exit code of the Update Assistant (Noisy Hammer) task. +- **RemediationNoisyHammerUAExitState** The code for the exit state of the Update Assistant (Noisy Hammer) task. +- **RemediationNoisyHammerUserLoggedIn** TRUE if there is a user logged in. +- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin. +- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled. +- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS. +- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager). +- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely. +- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix. +- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task. +- **RemediationTaskHealthChkdskProactiveScan** True/False based on the health of the Check Disk task. +- **RemediationTaskHealthDiskCleanup_SilentCleanup** True/False based on the health of the Disk Cleanup task. +- **RemediationTaskHealthMaintenance_WinSAT** True/False based on the health of the Health Maintenance task. +- **RemediationTaskHealthServicing_ComponentCleanupTask** True/False based on the health of the Health Servicing Component task. +- **RemediationTaskHealthUSO_ScheduleScanTask** True/False based on the health of the USO (Update Session Orchestrator) Schedule task. +- **RemediationTaskHealthWindowsUpdate_ScheduledStartTask** True/False based on the health of the Windows Update Scheduled Start task. +- **RemediationTaskHealthWindowsUpdate_SihbootTask** True/False based on the health of the Sihboot task. +- **RemediationUHServiceBitsServiceEnabled** Indicates whether BITS service is enabled. +- **RemediationUHServiceDeviceInstallEnabled** Indicates whether Device Install service is enabled. +- **RemediationUHServiceDoSvcServiceEnabled** Indicates whether DO service is enabled. +- **RemediationUHServiceDsmsvcEnabled** Indicates whether DSMSVC service is enabled. +- **RemediationUHServiceLicensemanagerEnabled** Indicates whether License Manager service is enabled. +- **RemediationUHServiceMpssvcEnabled** Indicates whether MPSSVC service is enabled. +- **RemediationUHServiceTokenBrokerEnabled** Indicates whether Token Broker service is enabled. +- **RemediationUHServiceTrustedInstallerServiceEnabled** Indicates whether Trusted Installer service is enabled. +- **RemediationUHServiceUsoServiceEnabled** Indicates whether USO (Update Session Orchestrator) service is enabled. +- **RemediationUHServicew32timeServiceEnabled** Indicates whether W32 Time service is enabled. +- **RemediationUHServiceWecsvcEnabled** Indicates whether WECSVC service is enabled. +- **RemediationUHServiceWinmgmtEnabled** Indicates whether WMI service is enabled. +- **RemediationUHServiceWpnServiceEnabled** Indicates whether WPN service is enabled. +- **RemediationUHServiceWuauservServiceEnabled** Indicates whether WUAUSERV service is enabled. +- **Result** This is the HRESULT for Detection or Perform Action phases of the plugin. +- **RunAppraiserFailed** Indicates RunAppraiser failed to run correctly. +- **RunTask** TRUE if SIH task should be run by the plug-in. +- **TimeServiceNTPServer** The URL for the NTP time server used by device. +- **TimeServiceStartType** The startup type for the NTP time service. +- **TimeServiceSyncDomainJoined** True if device domain joined and hence uses DC for clock. +- **TimeServiceSyncType** Type of sync behavior for Date & Time service on device. + + +### Microsoft.Windows.Remediation.Completed + +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy. + +The following fields are available: + +- **ActionName** Name of the action to be completed by the plug-in. +- **AppraiserTaskCreationFailed** TRUE if the appraiser task creation failed to complete successfully. +- **AppraiserTaskDeleteFailed** TRUE if deletion of appraiser task failed to complete successfully. +- **AppraiserTaskExistFailed** TRUE if detection of the appraiser task failed to complete successfully. +- **AppraiserTaskLoadXmlFailed** TRUE if the Appraiser XML Loader failed to complete successfully. +- **AppraiserTaskMissing** TRUE if the Appraiser task is missing. +- **AppraiserTaskTimeTriggerUpdateFailedId** TRUE if the Appraiser Task Time Trigger failed to update successfully. +- **AppraiserTaskValidateTaskXmlFailed** TRUE if the Appraiser Task XML failed to complete successfully. +- **branchReadinessLevel** Branch readiness level policy. +- **cloudControlState** Value indicating whether the shell is enabled on the cloud control settings. +- **CrossedDiskSpaceThreshold** Indicates if cleanup resulted in hard drive usage threshold required for feature update to be exceeded. +- **CV** The Correlation Vector. +- **DateTimeDifference** The difference between the local and reference clocks. +- **DaysSinceOsInstallation** The number of days since the installation of the Operating System. +- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in Megabytes. +- **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes. +- **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes. +- **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in. +- **GlobalEventCounter** Client-side counter that indicates ordering of events. +- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes. +- **hasRolledBack** Indicates whether the client machine has rolled back. +- **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS. +- **hResult** The result of the event execution. +- **HResult** The result of the event execution. +- **installDate** The value of installDate registry key. Indicates the install date. +- **isNetworkMetered** Indicates whether the client machine has uninstalled a later version of the OS. +- **LatestState** The final state of the plug-in component. +- **MicrosoftCompatibilityAppraiser** The name of the component targeted by the Appraiser plug-in. +- **PackageVersion** The package version for the current Remediation. +- **PageFileCount** The number of Windows Page files. +- **PageFileCurrentSize** The size of the Windows Page file, measured in Megabytes. +- **PageFileLocation** The storage location (directory path) of the Windows Page file. +- **PageFilePeakSize** The maximum amount of hard disk space used by the Windows Page file, measured in Megabytes. +- **PluginName** The name of the plug-in specified for each generic plug-in event. +- **RanCleanup** TRUE if the plug-in ran disk cleanup. +- **RemediationBatteryPowerBatteryLevel** Indicates the battery level at which it is acceptable to continue operation. +- **RemediationBatteryPowerExitDueToLowBattery** True when we exit due to low battery power. +- **RemediationBatteryPowerOnBattery** True if we allow execution on battery. +- **RemediationConfigurationTroubleshooterExecuted** True/False based on whether the Remediation Configuration Troubleshooter executed successfully. +- **RemediationConfigurationTroubleshooterIpconfigFix** TRUE if IPConfig Fix completed successfully. +- **RemediationConfigurationTroubleshooterNetShFix** TRUE if network card cache reset ran successfully. +- **RemediationDiskCleanSizeBtWindowsFolderInMegabytes** The size of the Windows BT folder (used to store Windows upgrade files), measured in Megabytes. +- **RemediationDiskCleanupBTFolderEsdSizeInMB** The size of the Windows BT folder (used to store Windows upgrade files) ESD (Electronic Software Delivery), measured in Megabytes. +- **RemediationDiskCleanupGetCurrentEsdSizeInMB** The size of any existing ESD (Electronic Software Delivery) folder, measured in Megabytes. +- **RemediationDiskCleanupSearchFileSizeInMegabytes** The size of the Cleanup Search index file, measured in Megabytes. +- **RemediationDiskCleanupUpdateAssistantSizeInMB** The size of the Update Assistant folder, measured in Megabytes. +- **RemediationDoorstopChangeSucceeded** TRUE if Doorstop registry key was successfully modified. +- **RemediationDoorstopExists** TRUE if there is a One Settings Doorstop value. +- **RemediationDoorstopRegkeyError** TRUE if an error occurred accessing the Doorstop registry key. +- **RemediationDRFKeyDeleteSucceeded** TRUE if the RecoveredFrom (Doorstop) registry key was successfully deleted. +- **RemediationDUABuildNumber** The build number of the DUA. +- **RemediationDUAKeyDeleteSucceeded** TRUE if the UninstallActive registry key was successfully deleted. +- **RemediationDuplicateTokenSucceeded** TRUE if the user token was successfully duplicated. +- **remediationExecution** Remediation shell is in "applying remediation" state. +- **RemediationHibernationMigrated** TRUE if hibernation was migrated. +- **RemediationHibernationMigrationSucceeded** TRUE if hibernation migration succeeded. +- **RemediationImpersonateUserSucceeded** TRUE if the user was successfully impersonated. +- **RemediationNoisyHammerTaskKickOffIsSuccess** TRUE if the NoisyHammer task started successfully. +- **RemediationQueryTokenSucceeded** TRUE if the user token was successfully queried. +- **RemediationRanHibernation** TRUE if the system entered Hibernation. +- **RemediationRevertToSystemSucceeded** TRUE if reversion to the system context succeeded. +- **RemediationShellHasUpgraded** TRUE if the device upgraded. +- **RemediationShellMinimumTimeBetweenShellRuns** Indicates the time between shell runs exceeded the minimum required to execute plugins. +- **RemediationShellRunFromService** TRUE if the shell driver was run from the service. +- **RemediationShellSessionIdentifier** Unique identifier tracking a shell session. +- **RemediationShellSessionTimeInSeconds** Indicates the time the shell session took in seconds. +- **RemediationShellTaskDeleted** Indicates that the shell task has been deleted so no additional sediment pack runs occur for this installation. +- **RemediationUpdateServiceHealthRemediationResult** The result of the Update Service Health plug-in. +- **RemediationUpdateTaskHealthRemediationResult** The result of the Update Task Health plug-in. +- **RemediationUpdateTaskHealthTaskList** A list of tasks fixed by the Update Task Health plug-in. +- **RemediationWindowsLogSpaceFound** The size of the Windows log files found, measured in Megabytes. +- **RemediationWindowsLogSpaceFreed** The amount of disk space freed by deleting the Windows log files, measured in Megabytes. +- **RemediationWindowsSecondaryDriveFreeSpace** The amount of free space on the secondary drive, measured in Megabytes. +- **RemediationWindowsSecondaryDriveLetter** The letter designation of the first secondary drive with a total capacity of 10GB or more. +- **RemediationWindowsSecondaryDriveTotalSpace** The total storage capacity of the secondary drive, measured in Megabytes. +- **RemediationWindowsTotalSystemDiskSize** The total storage capacity of the System Disk Drive, measured in Megabytes. +- **Result** The HRESULT for Detection or Perform Action phases of the plug-in. +- **RunResult** The HRESULT for Detection or Perform Action phases of the plug-in. +- **ServiceHealthPlugin** The nae of the Service Health plug-in. +- **StartComponentCleanupTask** TRUE if the Component Cleanup task started successfully. +- **systemDriveFreeDiskSpace** Indicates the free disk space on system drive in MBs. +- **systemUptimeInHours** Indicates the amount of time the system in hours has been on since the last boot. +- **TotalSizeofOrphanedInstallerFilesInMegabytes** The size of any orphaned Windows Installer files, measured in Megabytes. +- **TotalSizeofStoreCacheAfterCleanupInMegabytes** The size of the Windows Store cache after cleanup, measured in Megabytes. +- **TotalSizeofStoreCacheBeforeCleanupInMegabytes** The size of the Windows Store cache (prior to cleanup), measured in Megabytes. +- **uninstallActive** TRUE if previous uninstall has occurred for current OS +- **usoScanDaysSinceLastScan** The number of days since the last USO (Update Session Orchestrator) scan. +- **usoScanInProgress** TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans. +- **usoScanIsAllowAutoUpdateKeyPresent** TRUE if the AllowAutoUpdate registry key is set. +- **usoScanIsAllowAutoUpdateProviderSetKeyPresent** TRUE if AllowAutoUpdateProviderSet registry key is set. +- **usoScanIsAuOptionsPresent** TRUE if Auto Update Options registry key is set. +- **usoScanIsFeatureUpdateInProgress** TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans. +- **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network. +- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present. +- **usoScanIsUserLoggedOn** TRUE if the user is logged on. +- **usoScanPastThreshold** TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late). +- **usoScanType** The type of USO (Update Session Orchestrator) scan (Interactive or Background). +- **windows10UpgraderBlockWuUpdates** Event to report the value of Windows 10 Upgrader BlockWuUpdates Key. +- **windowsEditionId** Event to report the value of Windows Edition ID. +- **WindowsHyberFilSysSizeInMegabytes** The size of the Windows Hibernation file, measured in Megabytes. +- **WindowsInstallerFolderSizeInMegabytes** The size of the Windows Installer folder, measured in Megabytes. +- **WindowsOldFolderSizeInMegabytes** The size of the Windows.OLD folder, measured in Megabytes. +- **WindowsOldSpaceCleanedInMB** The amount of disk space freed by removing the Windows.OLD folder, measured in Megabytes. +- **WindowsPageFileSysSizeInMegabytes** The size of the Windows Page file, measured in Megabytes. +- **WindowsSoftwareDistributionFolderSizeInMegabytes** The size of the SoftwareDistribution folder, measured in Megabytes. +- **WindowsSwapFileSysSizeInMegabytes** The size of the Windows Swap file, measured in Megabytes. +- **WindowsSxsFolderSizeInMegabytes** The size of the WinSxS (Windows Side-by-Side) folder, measured in Megabytes. +- **WindowsSxsTempFolderSizeInMegabytes** The size of the WinSxS (Windows Side-by-Side) Temp folder, measured in Megabytes. +- **windowsUpgradeRecoveredFromRs4** Event to report the value of the Windows Upgrade Recovered key. + + +### Microsoft.Windows.Remediation.Started + +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep Windows up to date. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application. +- **PackageVersion** Current package version of Remediation application. +- **PluginName** Name of the plugin specified for each generic plugin event. +- **Result** This is the HRESULT for detection or perform action phases of the plugin. + + ## Sediment events ### Microsoft.Windows.Sediment.Info.DetailedState @@ -4272,6 +4488,88 @@ The following fields are available: - **Time** System timestamp when the event was started. +## Sediment Service events + +### Microsoft.Windows.SedimentService.Applicable + +This event sends simple device connectivity and configuration data about a service installed on the system that helps keep Windows up to date. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application. +- **PackageVersion** Current package version of Remediation application. +- **PluginName** Name of the plugin specified for each generic plugin event. +- **Result** This is the HRESULT for detection or perform action phases of the plugin. + + +### Microsoft.Windows.SedimentService.Completed + +This event sends simple device connectivity and configuration data about a service installed on the system that helps keep Windows up to date. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application. +- **PackageVersion** Current package version of Remediation application. +- **PluginName** Name of the plugin specified for each generic plugin event. +- **Result** This is the HRESULT for detection or perform action phases of the plugin. + + +### Microsoft.Windows.SedimentService.Started + +This event sends simple device connectivity and configuration data about a service installed on the system that helps keep Windows up to date. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application. +- **PackageVersion** Current package version of Remediation application. +- **PluginName** Name of the plugin specified for each generic plugin event. +- **Result** This is the HRESULT for detection or perform action phases of the plugin. + + +## Sediment Launcher events + +### Microsoft.Windows.SedimentLauncher.Applicable + +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep Windows up to date. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application. +- **PackageVersion** Current package version of Remediation application. +- **PluginName** Name of the plugin specified for each generic plugin event. +- **Result** This is the HRESULT for detection or perform action phases of the plugin. + + +### Microsoft.Windows.SedimentLauncher.Completed + +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep Windows up to date. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application. +- **PackageVersion** Current package version of Remediation application. +- **PluginName** Name of the plugin specified for each generic plugin event. +- **Result** This is the HRESULT for detection or perform action phases of the plugin. + + +### Microsoft.Windows.SedimentLauncher.Started + +This event sends simple device connectivity and configuration data about an application installed on the system that helps keep Windows up to date. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application. +- **PackageVersion** Current package version of Remediation application. +- **PluginName** Name of the plugin specified for each generic plugin event. +- **Result** This is the HRESULT for detection or perform action phases of the plugin. + + ## Setup events ### SetupPlatformTel.SetupPlatformTelActivityEvent diff --git a/windows/privacy/gdpr-it-guidance.md b/windows/privacy/gdpr-it-guidance.md index dd46e67249..d7673c5f3d 100644 --- a/windows/privacy/gdpr-it-guidance.md +++ b/windows/privacy/gdpr-it-guidance.md @@ -1,5 +1,5 @@ --- -title: Windows 10 and the GDPR for IT Decision Makers +title: Windows and the GDPR-Information for IT Administrators and Decision Makers description: Use this topic to understand the relationship between users in your organization and Microsoft in the context of the GDPR (General Data Protection Regulation). keywords: privacy, GDPR, windows, IT ms.prod: w10 @@ -11,12 +11,17 @@ author: danihalfin ms.author: daniha ms.date: 05/11/2018 --- -# Windows 10 and the GDPR for IT Decision Makers +# Windows and the GDPR: Information for IT Administrators and Decision Makers Applies to: +- Windows 10, version 1809 - Windows 10, version 1803 - Windows 10, version 1709 - Windows 10, version 1703 +- Windows 10 Team Edition, version 1703 for Surface Hub +- Windows Server 2019 +- Windows Server 2016 +- Windows Analytics This topic provides IT Decision Makers with a basic understanding of the relationship between users in an organization and Microsoft in the context of the GDPR (General Data Protection Regulation). You will also learn what role an IT organization plays for that relationship. @@ -35,7 +40,7 @@ Here are some GDPR fundamentals: * The European law establishes strict global data privacy requirements governing how organizations manage and protect personal data while respecting individual choice – no matter where data is sent, processed, or stored. * A request by an individual to an organization to take an action on their personal data is referred to here as a *data subject request*, or *DSR*. -Microsoft believes data privacy is a fundamental right, and that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We also recognize that the GDPR requires significant changes by organizations all over the world with regard to the discovery, management, protection, and reporting of personal data that is collected, processed, and stored within an organization. +Microsoft believes data privacy is a fundamental right, and that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We also recognize that the GDPR required significant changes by organizations all over the world with regard to the discovery, management, protection, and reporting of personal data that is collected, processed, and stored within an organization. ### What is personal data under the GDPR? @@ -87,7 +92,7 @@ It is important to differentiate between two distinct types of data Windows serv A user action, such as performing a Skype call, usually triggers the collection and transmission of Windows *functional data*. Some Windows components and applications connecting to Microsoft services also exchange Windows functional data to provide user functionality. Some other examples of Windows functional data: -* The Weather app which uses the device’s location to retrieve local weather or community news. +* The Weather app which can use the device’s location to retrieve local weather or community news. * Wallpaper and desktop settings that are synchronized across multiple devices. For more info on how IT Professionals can manage Windows functional data sent from an organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). @@ -100,10 +105,10 @@ Some examples of diagnostic data include: * The type of hardware being used, information about installed apps and usage details, and reliability data on drivers running on the device. * For users who have turned on “Tailored experiences”, it can be used to offer personalized tips, ads, and recommendations to enhance Microsoft products and services for the needs of the user. -To find more about what information is collected, how it is handled, and the available Windows diagnostic data levels, see [Understanding Windows diagnostic data](configure-windows-diagnostic-data-in-your-organization.md#understanding-windows-diagnostic-data) and [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). +Diagnostic data is categorized into the levels "Security", "Basic", "Enhanced", and "Full". For a detailed discussion about these diagnostic data levels please see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). To find more about what information is collected and how it is handled, see [Understanding Windows diagnostic data](configure-windows-diagnostic-data-in-your-organization.md#understanding-windows-diagnostic-data). >[!IMPORTANT] ->Other Microsoft services as well as 3rd party applications and drivers running on Windows devices may implement their own functionality, independently from Windows, to transport their diagnostic data to the respective publisher. Please contact them for further guidance on how to control the diagnostic data collection level and transmission of these publishers. +>Other Microsoft services as well as 3rd party applications and drivers running on Windows devices may implement their own functionality, independently from Windows, to transport their diagnostic data. Please contact the publisher for further guidance on how to control the diagnostic data collection level and transmission of these applications and services. ### Windows services where Microsoft is the processor under the GDPR @@ -123,7 +128,7 @@ As a result, in terms of the GDPR, the organization that has subscribed to Windo >The IT organization must explicitly enable Windows Analytics for a device after the organization subscribes. >[!IMPORTANT] ->Windows Analytics does not collect Windows Diagnostic data by itself. Instead, Windows Analytics only uses a subset of Windows Diagnostic data that is collected by Windows for a particular device. The Windows Diagnostic data collection is controlled by the IT department of an organization or the user of a device. +>Windows Analytics does not collect Windows Diagnostic data by itself. Instead, Windows Analytics only uses a subset of Windows Diagnostic data that is collected by Windows for an enrolled device. The Windows Diagnostic data collection is controlled by the IT department of an organization or the user of a device. #### Windows Defender ATP @@ -140,27 +145,43 @@ The following table lists in what GDPR mode – controller or processor – Wind | Service | Microsoft GDPR mode of operation | | --- | --- | -| Windows Functional data | Controller | +| Windows Functional data | Controller or Processor* | | Windows Diagnostic data | Controller | | Windows Analytics | Processor | | Windows Defender Advanced Threat Detection (ATP) | Processor | *Table 1: Windows 10 GDPR modes of operations for different Windows 10 services* -## Recommended diagnostic data level settings +*/*Depending on which application/feature this is referring to.* -Windows diagnostic data collection level can be set by a user in Windows (*Start > Settings > Privacy > Diagnostics & feedback*) or by the IT department of an organization, using Group Policy or Mobile Device Management (MDM) techniques. +## Windows diagnostic data and Windows 10 -* For Windows 10, version 1803, Microsoft recommends setting the Windows diagnostic level to “Enhanced”. This enables organizations to get the full functionality of [Windows Analytics](#windows-analytics). Those organizations who wish to share the smallest set of events for Windows Analytics can use the “Limit Enhanced diagnostic data to the minimum required by Windows Analytics” filtering mechanism that Microsoft introduced in Windows 10, version 1709. When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to the smallest set of data required by Windows Analytics. + +### Recommended Windows 10 settings + +Windows diagnostic data collection level for Windows 10 can be set by a user in Windows (*Start > Settings > Privacy > Diagnostics & feedback*) or by the IT department of an organization, using Group Policy or Mobile Device Management (MDM) techniques. + +* For Windows 10, version 1803 and version 1809, Microsoft recommends setting the Windows diagnostic level to “Enhanced”. This enables organizations to get the full functionality of [Windows Analytics](#windows-analytics). >[!NOTE] >For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). * For Windows 10, version 1709, and Windows 10, version 1703, the recommended Windows diagnostic level configuration for EEA and Switzerland commercial users is “Basic”. -* For Windows 7, Microsoft recommends configuring enterprise devices for Windows Analytics to facilitate upgrade planning to Windows 10. +>[!NOTE] +>For Windows 7, Microsoft recommends [configuring enterprise devices for Windows Analytics](/windows/deployment/update/windows-analytics-get-started) to facilitate upgrade planning to Windows 10. -## Controlling the data collection and notification about it +### Additional information for Windows Analytics + +Some Windows Analytics solutions and functionality, such as Update Compliance, works with “Basic” as minimum Windows diagnostic level. Other solutions and functionality of Windows Analytics, such as Device Health, require “Enhanced”. + +Those organizations who wish to share the smallest set of events for Windows Analytics and have set the Windows diagnostic level to “Enhanced” can use the “Limit Enhanced diagnostic data to the minimum required by Windows Analytics” setting. This filtering mechanism was that Microsoft introduced in Windows 10, version 1709. When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to the smallest set of data required by Windows Analytics. + +>[!NOTE] +>Additional information can be found at [Windows Analytics and privacy](/windows/deployment/update/windows-analytics-privacy +). + +## Controlling Windows 10 data collection and notification about it Windows 10 sends diagnostic data to Microsoft services, and some of that data can contain personal data. Both the user and the IT organization have the ability to control the transmission of that data to Microsoft. @@ -200,10 +221,38 @@ IT Professionals that are interested in this configuration, see [Windows 10 pers To find out more about the network connections that Windows components make to Microsoft as well as the privacy settings that affect data shared with either Microsoft or apps, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) and [Manage Windows 10 connection endpoints](manage-windows-endpoints.md). These articles describe how these settings can be managed by an IT Professional. -## At-a-glance: the relationship between an IT organization and the GDPR +### At-a-glance: the relationship between an IT organization and the GDPR Because Microsoft is a controller for data collected by Windows 10, the user can work with Microsoft to satisfy GDPR requirements. While this relationship between Microsoft and a user is evident in a consumer scenario, an IT organization can influence that relationship in an enterprise scenario. For example, the IT organization has the ability to centrally configure the Windows diagnostic data level by using Group Policy or MDM settings. +## Windows Server + +Windows Server follows the same mechanisms as Windows 10 for handling of personal data – for example, when collecting Windows diagnostic data. + +More detailed information about Windows Server and the GDPR is available at Beginning your General Data Protection Regulation (GDPR) journey for Windows Server. + +### Windows diagnostic data and Windows Server + +The lowest diagnostic data setting level supported on Windows Server 2016 and Windows Server 2019 through management policies is “Security”. The lowest diagnostic data setting supported through the Settings UI is “Basic”. The default diagnostic data level for all Windows Server 2016 and Windows Server 2019 editions is “Enhanced”. + +IT administrators can configure the Windows Server diagnostic data settings using familiar management tools, such as Group Policy, MDM, or Windows Provisioning. IT administrators can also manually change settings using Registry Editor. Setting the Windows Server diagnostic data levels through a management policy overrides any device-level settings. + +### Backups and Windows Server + +Backups, including live backups and backups that are stored locally within an organization or in the cloud, can contain personal data. + +- Backups an organizations creates, for example by using Windows Server Backup (WSB), are under its control. For example, for exporting personal data contained in a backup, the organization needs to restore the appropriate backup sets to facilitate the respective data subject request (DSR). +- The GDPR also applies when storing backups in the cloud. For example, an organization can use Microsoft Azure Backup to backup files and folders from physical or virtual Windows Server machines (located on-premises or in Azure) to the cloud. The organization that is subscribed to this backup service also has the obligation to restore the data in order to exercise the respective DSR. + +## Windows 10 Team Edition, Version 1703 for Surface Hub + +Surface Hub is a shared device used within an organization. The device identifier collected as part of diagnostic data is not connected to a user. For removing Windows diagnostic data sent to Microsoft for a Surface Hub, Microsoft created the Surface Hub Delete Diagnostic Data tool available in the Microsoft Store. + +>[!NOTE] +>Additional apps running on the device, that are not delivered as part of the in-box experience of Surface Hub, may implement their own diagnostic data collection and transmission functionality independently to collect and process personal data. Please contact the app publisher for further guidance on how to control this. + +An IT administrator can configure privacy- related settings, such as setting the Windows diagnostic data level to Basic. Surface Hub does not support group policy for centralized management; however, IT administrators can use MDM to apply these settings to Surface Hub. For more information about Surface Hub and MDM, please see [Manage settings with an MDM provider](https://docs.microsoft.com/surface-hub/manage-settings-with-mdm-for-surface-hub). + ## Further reading ### Optional settings / features that further improve the protection of personal data @@ -215,11 +264,11 @@ Personal data protection is one of the goals of the GDPR. One way of improving p ### Windows Security Baselines -Microsoft has created Windows Security Baselines to efficiently configure Windows 10. For more information, please visit [Windows Security Baselines](/windows/security/threat-protection/windows-security-baselines). +Microsoft has created Windows Security Baselines to efficiently configure Windows 10 and Windows Server. For more information, please visit [Windows Security Baselines](/windows/security/threat-protection/windows-security-baselines). ### Windows Restricted Traffic Limited Functionality Baseline -To make it easier to deploy settings that restrict connections from Windows 10 to Microsoft, IT Professionals can apply the Windows Restricted Traffic Limited Functionality Baseline, available [here](https://go.microsoft.com/fwlink/?linkid=828887). +To make it easier to deploy settings that restrict connections from Windows 10 and Windows Server to Microsoft, IT Professionals can apply the Windows Restricted Traffic Limited Functionality Baseline, available [here](https://go.microsoft.com/fwlink/?linkid=828887). >[!IMPORTANT] >Some of the settings of the Windows Restricted Traffic Limited Functionality Baseline will reduce the functionality and security configuration of a device in the organization and are therefore not recommended. diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index dcda5f43d8..9366ed298f 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -113,4 +113,4 @@ To effectively build queries that span multiple tables, you need to understand t ## Related topic - [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md) -- [Advanced hunting query language best practices](/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) \ No newline at end of file +- [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md index 11611c7741..f5f0d320e5 100644 --- a/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 09/13/2018 +ms.date: 11/09/2018 --- # Use basic permissions to access the portal @@ -79,9 +79,10 @@ For more information see, [Manage Azure AD group and role membership](https://te 6. Select **Manage** > **Directory role**. -7. Under **Directory role**, select **Limited administrator**, then **Security Reader** or **Security Administrator**. +7. Select **Add role** and choose the role you'd like to assign, then click **Select**. - ![Image of Microsoft Azure portal](images/atp-azure-ui-user-access.png) + + ![Image of Microsoft Azure portal](images/atp-azure-assign-role.png) ## Related topic - [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-assign-role.png b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-assign-role.png new file mode 100644 index 0000000000..93e294ec2b Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-assign-role.png differ