mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-27 20:57:23 +00:00
Merge remote-tracking branch 'refs/remotes/origin/master' into vs-7542905
This commit is contained in:
LizRoss
commit
d915ad634d
@ -422,11 +422,49 @@ There are no default locations included with EDP, you must add each of your netw
|
||||
|
||||
5. In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
|
||||
|
||||
|
||||
|
||||
|
||||
After you create and deploy your EDP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data.
|
||||
|
||||
For steps about how to create and verify an EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) DRA certificate](create-and-verify-an-efs-dra-certificate.md) topic. For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](http://go.microsoft.com/fwlink/p/?LinkId=761462) topic.
|
||||
For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](http://go.microsoft.com/fwlink/p/?LinkId=761462) topic.
|
||||
|
||||
#### Create and verify an Encrypting File System (EFS) DRA certificate for EDP
|
||||
If you don’t already have an EFS DRA certificate, you’ll need to create and extract one from your system before you can use EDP in your organization. For the purposes of this section, we’ll use the file name *EFSDRA*; however, this name can be replaced with anything that makes sense to you.
|
||||
|
||||
>**Important**<br>If you already have an EFS DRA certificate for your organization, you can skip creating a new one. Just use your current EFS DRA certificate in your policy.
|
||||
|
||||
**To manually create an EFS DRA certificate**
|
||||
1. On a computer without an EFS DRA certificate installed, open a command prompt with elevated rights, and then navigate to where you want to store the certificate.
|
||||
|
||||
2. Run this command:
|
||||
|
||||
`cipher /r:<EFSDRA>`<br>Where `<EFSDRA>` is the name of the .cer and .pfx files that you want to create.
|
||||
|
||||
3. When prompted, type and confirm a password to help protect your new Personal Information Exchange (.pfx) file.
|
||||
|
||||
The EFSDRA.cer and EFSDRA.pfx files are created in the location you specified in Step 1.
|
||||
|
||||
>**Important**<br>Because these files can be used to decrypt any EDP file, you must protect them accordingly. We highly recommend storing them as a public key (PKI) on a smart card with strong protection, stored in a secured physical location.
|
||||
|
||||
4. Add your EFS DRA certificate to your EDP policy by using Step 3 of the [Choose where apps can access enterprise data](#choose-where-apps-can-access-enterprise-data) section of this topic.
|
||||
|
||||
**To verify your data recovery certificate is correctly set up on an EDP client computer**
|
||||
1. Open an app on your protected app list, and then create and save a file so that it’s encrypted by EDP.
|
||||
|
||||
2. Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command:
|
||||
|
||||
`cipher /c <filename>`<br>Where `<filename>` is the name of the file you created in Step 1.
|
||||
|
||||
3. Make sure that your data recovery certificate is listed in the **Recovery Certificates** list.
|
||||
|
||||
**To recover your data using the EFS DRA certificate in a test environment**
|
||||
1. Copy your EDP-encrypted file to a location where you have admin access.
|
||||
|
||||
2. Install the EFSDRA.pfx file, using your password.
|
||||
|
||||
3. Open a command prompt with elevated rights, navigate to the encrypted file, and then run this command:
|
||||
|
||||
`cipher /d <encryptedfile.extension>`<br>Where `<encryptedfile.extension>` is the name of your encrypted file. For example, corporatedata.docx.
|
||||
|
||||
### Choose your optional EDP-related settings
|
||||
After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional EDP settings.
|
||||
|
||||
@ -440,13 +440,50 @@ There are no default locations included with EDP, you must add each of your netw
|
||||
- **Show the enterprise data protection icon overlay on your allowed apps that are EDP-unaware in the Windows Start menu and on corporate file icons in the File Explorer.** Click this box if you want the enterprise data protection icon overlay to appear on corporate files or in the Start menu, on top the tiles for your unenlightened protected apps.
|
||||
|
||||
5. In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
|
||||
|
||||
After you create and deploy your EDP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data.
|
||||
|
||||
For steps about how to create and verify an EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) DRA certificate](create-and-verify-an-efs-dra-certificate.md) topic. For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](http://go.microsoft.com/fwlink/p/?LinkId=761462) topic.
|
||||
|
||||
|
||||
|
||||
After you create and deploy your EDP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data.
|
||||
|
||||
For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](http://go.microsoft.com/fwlink/p/?LinkId=761462) topic.
|
||||
|
||||
#### Create and verify an Encrypting File System (EFS) DRA certificate for EDP
|
||||
If you don’t already have an EFS DRA certificate, you’ll need to create and extract one from your system before you can use EDP in your organization. For the purposes of this section, we’ll use the file name EFSDRA; however, this name can be replaced with anything that makes sense to you.
|
||||
|
||||
>**Important**<br>If you already have an EFS DRA certificate for your organization, you can skip creating a new one. Just use your current EFS DRA certificate in your policy.
|
||||
|
||||
**To manually create an EFS DRA certificate**
|
||||
1. On a computer without an EFS DRA certificate installed, open a command prompt with elevated rights, and then navigate to where you want to store the certificate.
|
||||
2. Run this command:
|
||||
|
||||
`cipher /r:<EFSDRA>`<br>Where `<EFSDRA>` is the name of the .cer and .pfx files that you want to create.
|
||||
|
||||
3. When prompted, type and confirm a password to help protect your new Personal Information Exchange (.pfx) file.
|
||||
|
||||
The EFSDRA.cer and EFSDRA.pfx files are created in the location you specified in Step 1.
|
||||
|
||||
>**Important**<br>Because these files can be used to decrypt any EDP file, you must protect them accordingly. We highly recommend storing them as a public key (PKI) on a smart card with strong protection, stored in a secured physical location.
|
||||
|
||||
4. Add your EFS DRA certificate to your EDP policy by using Step 3 of the [Choose where apps can access enterprise data](#choose-where-apps-can-access-enterprise-data) section of this topic.
|
||||
|
||||
**To verify your data recovery certificate is correctly set up on an EDP client computer**
|
||||
1. Open an app on your protected app list, and then create and save a file so that it’s encrypted by EDP.
|
||||
|
||||
2. Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command:
|
||||
|
||||
`cipher /c <filename>`<br>Where `<filename>` is the name of the file you created in Step 1.
|
||||
|
||||
3. Make sure that your data recovery certificate is listed in the **Recovery Certificates** list.
|
||||
|
||||
**To recover your data using the EFS DRA certificate in a test environment**
|
||||
1. Copy your EDP-encrypted file to a location where you have admin access.
|
||||
|
||||
2. Install the EFSDRA.pfx file, using your password.
|
||||
|
||||
3. Open a command prompt with elevated rights, navigate to the encrypted file, and then run this command:
|
||||
|
||||
`cipher /d <encryptedfile.extension>`<br>Where `<encryptedfile.extension>` is the name of your encrypted file. For example, corporatedata.docx.
|
||||
|
||||
### Choose your optional EDP-related settings
|
||||
After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional EDP settings.
|
||||
|
||||
|
||||
@ -6,6 +6,7 @@ ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
LocalizationPriority: High
|
||||
author: brianlic-msft
|
||||
---
|
||||
|
||||
@ -17,34 +18,118 @@ author: brianlic-msft
|
||||
- Windows 10 Mobile
|
||||
- Windows Server 2016 Technical Preview
|
||||
|
||||
Use this article to make informed decisions about how you can configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For the purpose of this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to keep Windows devices secure, and to help Microsoft improve the quality of Windows and Microsoft services.
|
||||
At Microsoft, we use Windows telemetry to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry gives users a voice in the operating system’s development. This guide describes the importance of Windows telemetry and how we protect that data. Additionally, it differentiates between telemetry and functional data. It also describes the telemetry levels that Windows supports. Of course, you can choose how much telemetry is shared with Microsoft, and this guide demonstrates how.
|
||||
|
||||
>**Note:** This article does not apply to System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager because those components use a different telemetry service than Windows and Windows Server.
|
||||
To frame a discussion about telemetry, it is important to understand Microsoft’s privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows telemetry system in the following ways:
|
||||
|
||||
It describes the types of telemetry we gather and the ways you can manage its telemetry. This article also lists some examples of how telemetry can provide you with valuable insights into your enterprise deployments, and how Microsoft uses the data to quickly identify and address issues affecting its customers.
|
||||
- **Control.** We offer customers control of the telemetry they share with us by providing easy-to-use management tools.
|
||||
- **Transparency.** We are provide information about the telemetry that Windows and Windows Server collects so our customers can make informed decisions.
|
||||
- **Security.** We encrypt telemetry in transit from your device and protect that data at our secure data centers.
|
||||
- **Strong legal protections.** We respect customers’ local privacy laws and fight for legal protection of their privacy as a fundamental human right.
|
||||
- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows telemetry system. Customer content inadvertently collected is kept confidential and not used for user targeting.
|
||||
- **Benefits to you.** We collect Windows telemetry to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all of our customers.
|
||||
|
||||
We understand that the privacy and security of our customers’ information is important and we have taken a thoughtful and comprehensive approach to customer privacy and the protection of their data with Windows 10, Windows Server 2016 Technical Preview, and System Center 2016.
|
||||
This article applies to Windows and Windows Server telemetry only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, telemetry controls, and so on. This article describes the types of telemetry we may gather, the ways you might manage it in your organization, and some examples of how telemetry can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
|
||||
|
||||
|
||||
Use this article to make informed decisions about how you might configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For the purpose of this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services.
|
||||
|
||||
## Overview
|
||||
|
||||
In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC) on Windows Server, and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016 Technical Preview, you can control telemetry streams by using Settings > Privacy, Group Policy, or MDM.
|
||||
|
||||
Microsoft is committed to improving customer experiences in a mobile-first and cloud-first world, and it all starts with our customers. Telemetry is one critical way Microsoft is using data to improve our products and services. Telemetry gives every enterprise customer a voice that helps us shape future versions of Windows, Windows Server and System Center, allowing us to respond quickly to your feedback and providing new features and improved quality to our customers.
|
||||
|
||||
Our goal is to leverage the aggregated data to drive changes in the product and ecosystem to improve our customer experiences. We are also partnering with enterprises to provide added value from the telemetry information shared by their devices. Some examples include identifying outdated patches and downloading the latest antimalware signatures to help keep their devices secure, identifying application compatibility issues prior to upgrades, and gaining insights into driver reliability issues affecting other customers.
|
||||
In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016 Technical Preview, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM.
|
||||
|
||||
For Windows 10, we invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows work better for your organization.
|
||||
|
||||
## Understanding Windows telemetry
|
||||
|
||||
Windows as a Service is a fundamental change in how Microsoft plans, builds, and delivers the operating system. Historically, we released a major Windows version every few years. The effort required to deploy large and infrequent Windows versions was substantial. That effort included updating the infrastructure to support the upgrade. Windows as a Service accelerates the cadence to provide rich updates more frequently, and these updates require substantially less effort to roll out than earlier versions of Windows. Since it provides more value to organizations in a shorter timeframe, delivering Windows as a Service is a top priority for us.
|
||||
|
||||
The release cadence of Windows may be fast, so feedback is critical to its success. We rely on telemetry at each stage of the process to inform our decisions and prioritize our efforts.
|
||||
|
||||
### What is Windows telemetry?
|
||||
Windows telemetry is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways:
|
||||
|
||||
- Keep Windows up to date
|
||||
- Keep Windows secure, reliable, and performant
|
||||
- Improve Windows – through the aggregate analysis of the use of Windows
|
||||
- Personalize Windows engagement surfaces
|
||||
|
||||
Here are some specific examples of Windows telemetry data:
|
||||
|
||||
- Type of hardware being used
|
||||
- Applications installed and usage details
|
||||
- Reliability information on device drivers
|
||||
|
||||
### What is NOT telemetry?
|
||||
|
||||
Telemetry can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not telemetry. For example, exchanging a user’s location for local weather or news is not an example of telemetry—it is functional data that the app or service requires to satisfy the user’s request.
|
||||
|
||||
There are subtle differences between telemetry and functional data. Windows collects and sends telemetry in the background automatically. You can control how much information is gathered by setting the telemetry level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.
|
||||
|
||||
If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services).
|
||||
|
||||
The following are specific examples of functional data:
|
||||
|
||||
- Current location for weather
|
||||
- Bing searches
|
||||
- Wallpaper and desktop settings synced across multiple devices
|
||||
|
||||
### Telemetry gives users a voice
|
||||
|
||||
Windows and Windows Server telemetry gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 and Windows Server 2016 behaves in the real world, focus on user priorities, and make informed decisions that benefit them. For our enterprise customers, representation in the dataset on which we will make future design decisions is a real benefit. The following sections offer real examples of these benefits.
|
||||
|
||||
### Drive higher app and driver quality
|
||||
|
||||
Our ability to collect telemetry that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Telemetry helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues.
|
||||
|
||||
A real-world example of how Windows telemetry helps us quickly identify and fix issues is a particular version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our telemetry, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on telemetry from the Windows Insiders’ devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Telemetry helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls.
|
||||
|
||||
### Improve end-user productivity
|
||||
|
||||
Windows telemetry also helps Microsoft better understand how customers use (or do not use) the operating system’s features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers’ experiences. Examples are:
|
||||
|
||||
- **Start menu.** How do people change the Start menu layout? Do they pin other apps to it? Are there any apps that they frequently unpin? We use this dataset to adjust the default Start menu layout to better reflect people’s expectations when they turn on their device for the first time.
|
||||
- **Cortana.** We use telemetry to monitor the scalability of our cloud service, improving search performance.
|
||||
- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later telemetry showed significantly higher usage of this feature.
|
||||
|
||||
**These examples show how the use of telemetry data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.**
|
||||
|
||||
<!--
|
||||
### Insights into your own organization
|
||||
|
||||
Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well. Microsoft is in the process of developing a set of analytics customized for your internal use. The first of these, called Windows 10 Upgrade Analytics, will be available in Summer 2016.
|
||||
|
||||
#### Windows 10 Upgrade Analytics
|
||||
|
||||
Upgrading to new operating system versions has traditionally been a challenging, complex, and slow process for many enterprises. Discovering applications and drivers and then testing them for potential compatibility issues have been among the biggest pain points.
|
||||
|
||||
To better help customers through this difficult process, Microsoft developed Upgrade Analytics to give enterprises the tools to plan and manage the upgrade process end to end and allowing them to adopt new Windows releases more quickly and on an ongoing basis.
|
||||
|
||||
With Windows telemetry enabled, Microsoft collects computer, application, and driver compatibility-related information for analysis. We then identify compatibility issues that can block your upgrade and suggest fixes when they are known to Microsoft.
|
||||
|
||||
Use Upgrade Analytics to get:
|
||||
|
||||
- A visual workflow that guides you from pilot to production
|
||||
- Detailed computer, driver, and application inventory
|
||||
- Powerful computer level search and drill-downs
|
||||
- Guidance and insights into application and driver compatibility issues with suggested fixes
|
||||
- Data driven application rationalization tools
|
||||
- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
|
||||
- Data export to commonly used software deployment tools
|
||||
|
||||
The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
|
||||
|
||||
-->
|
||||
## How is telemetry data handled by Microsoft?
|
||||
|
||||
### Data collection
|
||||
|
||||
Windows 10 and Windows Server 2016 Technical Preview includes the Connected User Experience and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology to gather and store telemetry events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
|
||||
Windows 10 and Windows Server 2016 Technical Preview includes the Connected User Experience and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores telemetry events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
|
||||
|
||||
1. Operating system features and some management applications are instrumented to publish events and data. Examples of management applications include Virtual Machine Manager (VMM), Server Manager, and Storage Spaces.
|
||||
2. Events are gathered using public operating system event logging and tracing APIs.
|
||||
3. You can configure the telemetry level by using an MDM policy, Group Policy, or registry settings.
|
||||
4. The Connected User Experience and Telemetry component transmits telemetry data over HTTPS to Microsoft and uses certificate pinning.
|
||||
4. The Connected User Experience and Telemetry component transmits the telemetry data.
|
||||
|
||||
Info collected at the Enhanced and Full levels of telemetry is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels.
|
||||
|
||||
@ -56,21 +141,21 @@ All telemetry data is encrypted using SSL and uses certificate pinning during tr
|
||||
|
||||
The Microsoft Data Management Service routes data back to our secure cloud storage. Only Microsoft personnel with a valid business justification are permitted access.
|
||||
|
||||
The Connected User Experience and Telemetry component connects to the Microsoft Data Management service at v10.vortex-win.data.microsoft.com.
|
||||
The following table defines the endpoints for telemetry services:
|
||||
|
||||
The Connected User Experience and Telemetry component also connects to settings-win.data.microsoft.com to download configuration information.
|
||||
|
||||
[Windows Error Reporting](http://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) connects to watson.telemetry.microsoft.com.
|
||||
|
||||
[Online Crash Analysis](http://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) connects to oca.telemetry.microsoft.com.
|
||||
| Service | Endpoint |
|
||||
| - | - |
|
||||
| Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com<br />settings-win.data.microsoft.com |
|
||||
| [Windows Error Reporting](http://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com |
|
||||
| [Online Crash Analysis](http://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com |
|
||||
|
||||
### Data use and access
|
||||
|
||||
Data gathered from telemetry is used by Microsoft teams primarily to improve our customer experiences, and for security, health, quality, and performance analysis. The principle of least privileged guides access to telemetry data. Only Microsoft personnel with a valid business need are permitted access to the telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the Privacy Statement. We do share business reports with OEMs and third party partners that include aggregated, anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.
|
||||
The principle of least privileged access guides access to telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement). Microsoft may share business reports with OEMs and third party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.
|
||||
|
||||
### Retention
|
||||
|
||||
Microsoft believes in and practices information minimization. We strive to gather only the info we need, and store it for as long as it’s needed to provide a service or for analysis. Much of the info about how Windows and apps are functioning is deleted within 30 days. Other info may be retained longer, such as error reporting data or Store purchase history.
|
||||
Microsoft believes in and practices information minimization. We strive to gather only the info we need, and store it for as long as it’s needed to provide a service or for analysis. Much of the info about how Windows and apps are functioning is deleted within 30 days. Other info may be retained longer, such as error reporting data or Windows Store purchase history.
|
||||
|
||||
## Telemetry levels
|
||||
|
||||
@ -81,19 +166,19 @@ The telemetry data is categorized into four levels:
|
||||
|
||||
- **Security**. Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
|
||||
|
||||
- **Basic**. Basic device info, including: quality-related data, app compat, app usage data, and data from the **Security** level.
|
||||
- **Basic**. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the **Security** level.
|
||||
|
||||
- **Enhanced**. Additional insights, including: how Windows, Windows Server, System Center, and apps are used, how they perform, advanced reliability data, and data from both the **Basic** and the **Security** levels.
|
||||
|
||||
- **Full**. All data necessary to identify and help to fix problems, plus data from the **Security**, **Basic**, and **Enhanced** levels.
|
||||
|
||||
The levels are cumulative and are illustrated in the following diagram. These levels apply to all editions of Windows Server 2016 Technical Preview.
|
||||
The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016 Technical Preview.
|
||||
|
||||
|
||||
|
||||
### Security level
|
||||
|
||||
The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests secure with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and IoT Core editions.
|
||||
The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windos IoT Core editions.
|
||||
|
||||
> **Note:** If your organization relies on Windows Update for updates, you shouldn’t use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
|
||||
|
||||
@ -103,7 +188,7 @@ Windows Server Update Services (WSUS) and System Center Configuration Manager fu
|
||||
|
||||
The data gathered at this level includes:
|
||||
|
||||
- **Connected User Experience and Telemetry component settings**. If data has been gathered and is queued to be sent, the Connected User Experience and Telemetry component downloads its settings file from Microsoft’s servers. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
|
||||
- **Connected User Experience and Telemetry component settings**. If general telemetry data has been gathered and is queued, it is sent to Microsoft. Along with this telemetry, the Connected User Experience and Telemetry component may download a configuration settings file from Microsoft’s servers. This file is used to configure the Connected User Experience and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
|
||||
|
||||
- **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address.
|
||||
|
||||
@ -126,11 +211,11 @@ No user content, such as user files or communications, is gathered at the **Secu
|
||||
|
||||
### Basic level
|
||||
|
||||
The Basic level gathers a limited set of data that’s critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. The Connected User Experience and Telemetry component does not gather telemetry data about System Center, but it can transmit telemetry for other non-Windows applications if they have user consent.
|
||||
The Basic level gathers a limited set of data that’s critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a particular hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. The Connected User Experience and Telemetry component does not gather telemetry data about System Center, but it can transmit telemetry for other non-Windows applications if they have user consent.
|
||||
|
||||
The data gathered at this level includes:
|
||||
|
||||
- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 Technical Preview instances in the ecosystem, including:
|
||||
- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 Technical Preview in the ecosystem. Examples include:
|
||||
|
||||
- Device attributes, such as camera resolution and display type
|
||||
|
||||
@ -156,7 +241,7 @@ The data gathered at this level includes:
|
||||
|
||||
- **General app data and app data for Internet Explorer add-ons**. Includes a list of apps that are installed on a native or virtualized instance of the OS and whether these apps function correctly after an upgrade. This app data includes the app name, publisher, version, and basic details about which files have been blocked from usage.
|
||||
|
||||
- **App usage data**. Includes how an app is used, including how long an app is used for, when the app has focus, and when the app is started
|
||||
- **App usage data**. Includes how an app is used, including how long an app is used, when the app has focus, and when the app is started
|
||||
|
||||
- **Internet Explorer add-ons**. Includes a list of Internet Explorer add-ons that are installed on a device and whether these apps will work after an upgrade.
|
||||
|
||||
@ -166,13 +251,13 @@ The data gathered at this level includes:
|
||||
|
||||
- **Driver data**. Includes specific driver usage that’s meant to help figure out whether apps and devices will function after upgrading to a new version of the operating system. This can help to determine blocking issues and then help Microsoft and our partners apply fixes and improvements.
|
||||
|
||||
- **Store**. Provides information about how the Windows Store performs, including app downloads, installations, and updates. It also includes Windows Store launches, page views, suspend and resumes, and obtaining licenses.
|
||||
- **Windows Store**. Provides information about how the Windows Store performs, including app downloads, installations, and updates. It also includes Windows Store launches, page views, suspend and resumes, and obtaining licenses.
|
||||
|
||||
### Enhanced level
|
||||
|
||||
The Enhanced level gathers data about how Windows and apps are used and how they perform. This level also includes data from both the **Basic** and **Security** levels. This level helps to improve the user experience with the operating system and apps. Data from this level can be abstracted into patterns and trends that can help Microsoft determine future improvements.
|
||||
|
||||
This is the default level, and the minimum level needed to quickly identify and address Windows, Windows Server, and System Center quality issues.
|
||||
This is the default level for Windows 10 Enterprise and Windows 10 Education editions, and the minimum level needed to quickly identify and address Windows, Windows Server, and System Center quality issues.
|
||||
|
||||
The data gathered at this level includes:
|
||||
|
||||
@ -202,6 +287,15 @@ However, before more data is gathered, Microsoft’s privacy governance team, in
|
||||
|
||||
- All crash dump types, including heap dumps and full dumps.
|
||||
|
||||
## Enterprise management
|
||||
|
||||
Sharing telemetry data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the telemetry level and managing specific components is the best option.
|
||||
|
||||
Customers can set the telemetry level in both the user interface and with existing management tools. Users can change the telemetry level in the **Diagnostic and usage data** setting. In the Settings app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic, Enhanced, and Full. The Security level is not available.
|
||||
|
||||
IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a telemetry level. If you’re using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security telemetry level is available when managing the policy. Setting the telemetry level through policy overrides users’ choices. The remainder of this section describes how to do that.
|
||||
|
||||
|
||||
### Manage your telemetry settings
|
||||
|
||||
We do not recommend that you turn off telemetry in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center.
|
||||
@ -210,7 +304,7 @@ We do not recommend that you turn off telemetry in your organization as valuable
|
||||
|
||||
You can turn on or turn off System Center telemetry gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center telemetry is turned on. However, setting the operating system telemetry level to **Basic** will turn off System Center telemetry, even if the System Center telemetry switch is turned on.
|
||||
|
||||
The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 Technical Preview is **Enhanced.**
|
||||
The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 Technical Preview is **Enhanced**.
|
||||
|
||||
### Configure the operating system telemetry level
|
||||
|
||||
@ -218,14 +312,13 @@ You can configure your operating system telemetry settings using the management
|
||||
|
||||
Use the appropriate value in the table below when you configure the management policy.
|
||||
|
||||
| Value | Level | Data gathered |
|
||||
|-------|----------|---------------------------------------------------------------------------------------------------------------------------|
|
||||
| **0** | Security | Security data only. |
|
||||
| **1** | Basic | Security data, and basic system and quality data. |
|
||||
| **2** | Enhanced | Security data, basic system and quality data, and enhanced insights and advanced reliability data. |
|
||||
| **3** | Full | Security data, basic system and quality data, enhanced insights and advanced reliability data, and full diagnostics data. |
|
||||
| Level | Data gathered | Value |
|
||||
| - | - | - |
|
||||
| Security | Security data only. | **0** |
|
||||
| Basic | Security data, and basic system and quality data. | **1** |
|
||||
| Enhanced | Security data, basic system and quality data, and enhanced insights and advanced reliability data. | **2** |
|
||||
| Full | Security data, basic system and quality data, enhanced insights and advanced reliability data, and full diagnostics data. | **3** |
|
||||
|
||||
|
||||
|
||||
### Use Group Policy to set the telemetry level
|
||||
|
||||
@ -277,19 +370,32 @@ There are a few more settings that you can turn off that may send telemetry info
|
||||
|
||||
>**Note:** Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.
|
||||
|
||||
|
||||
## Additional resources
|
||||
|
||||
## Examples of how Microsoft uses the telemetry data
|
||||
FAQs
|
||||
|
||||
- [Cortana, Search, and privacy](http://windows.microsoft.com/en-us/windows-10/cortana-privacy-faq)
|
||||
- [Windows 10 feedback, diagnostics, and privacy](http://windows.microsoft.com/en-us/windows-10/feedback-diagnostics-privacy-faq)
|
||||
- [Windows 10 camera and privacy](http://windows.microsoft.com/en-us/windows-10/camera-privacy-faq)
|
||||
- [Windows 10 location service and privacy](http://windows.microsoft.com/en-us/windows-10/location-service-privacy)
|
||||
- [Microsoft Edge and privacy](http://windows.microsoft.com/en-us/windows-10/edge-privacy-faq)
|
||||
- [Windows 10 speech, inking, typing, and privacy](http://windows.microsoft.com/en-us/windows-10/speech-inking-typing-privacy-faq)
|
||||
- [Windows Hello and privacy](http://windows.microsoft.com/en-us/windows-10/windows-hello-privacy-faq)
|
||||
- [Wi-Fi Sense](http://windows.microsoft.com/en-us/windows-10/wi-fi-sense-faq)
|
||||
- [Windows Update Delivery Optimization](http://windows.microsoft.com/en-us/windows-10/windows-update-delivery-optimization-faq)
|
||||
|
||||
### Drive higher application and driver quality in the ecosystem
|
||||
Blogs
|
||||
|
||||
Telemetry plays an important role in quickly identifying and fixing critical reliability and security issues in our customers’ deployments and configurations. Insights into the telemetry data we gather helps us to quickly identify crashes or hangs associated with a certain application or driver on a given configuration, like a particular storage type (for example, SCSI) or a memory size. For System Center, job usages and statuses can also help us enhance the job workload and the communication between System Center and its managed products. Microsoft’s ability to get this data from customers and drive improvements into the ecosystem helps raise the bar for the quality of System Center, Windows Server applications, Windows apps, and drivers. Real-time data about Windows installations reduces downtime and the cost associated with troubleshooting unreliable drivers or unstable applications.
|
||||
- [Privacy and Windows 10](https://blogs.windows.com/windowsexperience/2015/09/28/privacy-and-windows-10)
|
||||
|
||||
### Reduce your total cost of ownership and downtime
|
||||
Privacy Statement
|
||||
|
||||
Telemetry provides a view of which features and services customers use most. For example, the telemetry data provides us with a heat map of the most commonly deployed Windows Server roles, most used Windows features, and which ones are used the least. This helps us make informed decisions on where we should invest our engineering resources to build a leaner operating system. For System Center, understanding the customer environment for management and monitoring will help drive the support compatibilities matrix, such as host and guest OS. This can help you use existing hardware to meet your business needs and reduce your total cost of ownership, as well as reducing downtime associated with security updates.
|
||||
- [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement)
|
||||
|
||||
### Build features that address our customers’ needs
|
||||
TechNet
|
||||
|
||||
Telemetry also helps us better understand how customers deploy components, use features, and use services to achieve their business goals. Getting insights from that information helps us prioritize our engineering investments in areas that can directly affect our customers’ experiences and workloads. Some examples include customer usage of containers, storage, and networking configurations associated with Windows Server roles like Clustering and Web. Another example could be to find out when is CPU hyper-threading turned off and the resulting impact. We use the insights to drive improvements and intelligence into some of our management and monitoring solutions, to help customers diagnose quality issues, and save money by making fewer help calls to Microsoft.
|
||||
- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
|
||||
|
||||
Web Pages
|
||||
|
||||
- [Privacy at Microsoft](http://privacy.microsoft.com)
|
||||
|
||||
@ -5,7 +5,7 @@ ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86
|
||||
keywords: best practices, USB, device, boot
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: plan
|
||||
pagetype: mobility
|
||||
ms.pagetype: mobility
|
||||
ms.sitesec: library
|
||||
author: mtniehaus
|
||||
---
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user