From ec7dca60da808fac6a5ed02efa580674e38dfd6b Mon Sep 17 00:00:00 2001 From: Albert Cabello Serrano Date: Thu, 13 Oct 2022 09:38:35 -0700 Subject: [PATCH] Update configure-windows-diagnostic-data-in-your-organization.md adding proxy contents --- ...ws-diagnostic-data-in-your-organization.md | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 54a53c7426..e140af91b8 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -88,6 +88,53 @@ The following table lists the endpoints related to how you can manage the collec | [Online Crash Analysis](/windows/win32/dxtecharts/crash-dump-analysis) | oca.telemetry.microsoft.com

oca.microsoft.com

kmwatsonc.events.data.microsoft.com

*-kmwatsonc.events.data.microsoft.com | |Settings | settings-win.data.microsoft.com



IMPORTANT: This endpoint is used to remotely configure diagnostics-related settings and data collection. For example, we use the settings endpoint to remotely block an event from being sent back to Microsoft. We do not recommend disabling this endpoint. This endpoint does not upload Windows diagnostic data. | +### Proxy server authentication + +If your organization uses proxy server authentication for internet access, make sure that it doesn't block the diagnostic data because of authentication. + +#### Bypass (recommended) + +Configure your proxy servers to not require proxy authentication for traffic to the diagnostic data endpoints. This option is the most comprehensive solution. It works for all versions of Windows 10 and newer. + +#### User proxy authentication + +Configure devices to use the signed-in user's context for proxy authentication. This method requires the following configurations: + +- Devices have the current quality update for a supported version of Windows + +- Configure user-level proxy (WinINET proxy) in **Proxy settings** in the Network & Internet group of Windows Settings. You can also use the legacy Internet Options control panel. + +- Make sure that the users have proxy permission to reach the diagnostic data endpoints. This option requires that the devices have console users with proxy permissions, so you can't use this method with headless devices. + +> [!IMPORTANT] +> The user proxy authentication approach is incompatible with the use of Microsoft Defender for Endpoint. This behavior is because this authentication relies on the **DisableEnterpriseAuthProxy** registry key set to `0`, while Microsoft Defender for Endpoint requires it to be set to `1`. For more information, see [Configure machine proxy and internet connectivity settings in Microsoft Defender for Endpoint](/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection). + +#### Device proxy authentication + +This approach supports the following scenarios: + +- Headless devices, where no user signs in, or users of the device don't have internet access + +- Authenticated proxies that don't use Windows Integrated Authentication + +- If you also use Microsoft Defender for Endpoint + +This approach is the most complex because it requires the following configurations: + +- Make sure devices can reach the proxy server through WinHTTP in local system context. Use one of the following options to configure this behavior: + + - The command line `netsh winhttp set proxy` + + - Web proxy autodiscovery (WPAD) protocol + + - Transparent proxy + + - Configure device-wide WinINET proxy using the following group policy setting: **Make proxy settings per-machine (rather than per-user)** (ProxySettingsPerUser = `1`) + + - Routed connection, or that uses network address translation (NAT) + +- Configure proxy servers to allow the computer accounts in Active Directory to access the diagnostic data endpoints. This configuration requires proxy servers to support Windows Integrated Authentication. + ### Data access The principle of least privileged access guides access to Windows diagnostic data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/en-US/privacystatement). Microsoft may share business reports with hardware manufacturers and third-party partners that include aggregated and deidentified diagnostic data information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.