From f66fd7447526eb3326d45e455af8df20e7c7f5c7 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Tue, 1 Aug 2023 12:22:47 -0700 Subject: [PATCH 1/7] Remove callout --- windows/privacy/windows-10-and-privacy-compliance.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index bf79b242af..9fdb2d172d 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -145,15 +145,12 @@ An administrator can disable a user’s ability to delete their device’s diagn #### _2.3.7 Diagnostic data: Enabling the Windows diagnostic data processor configuration_ -> [!IMPORTANT] -> There are some significant changes planned for the Windows diagnostic data processor configuration. To learn more, [review this information](changes-to-windows-diagnostic-data-collection.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration). - **Applies to:** - Windows 11 Enterprise, Professional, and Education editions - Windows 10 Enterprise, Professional, and Education, version 1809 with July 2021 update and newer -The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows devices that are Azure Active Directory (AAD)-joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing service-based capabilities. +The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows devices that are Azure Active Directory (AAD)-joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration). Windows diagnostic data does not include data processed by Microsoft in connection with providing service-based capabilities. The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific Azure Active Directory User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific Azure AD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific Azure AD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer. From bf6dcdef5fc89856be566dc2be81b5f9b7fb7522 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Wed, 2 Aug 2023 09:55:46 -0700 Subject: [PATCH 2/7] Remove text "Specific services" paragraph Update Compliance section --- windows/privacy/windows-10-and-privacy-compliance.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 9fdb2d172d..337f7b18e1 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -162,8 +162,6 @@ We recommend that IT administrators who have enabled the Windows diagnostic data >[!Note] >Tenant account closure will lead to the deletion of all data associated with that tenant. -Specific services that depend on Windows diagnostic data will also result in the enterprise becoming controllers of their Windows diagnostic data. These services include Update Compliance, Windows Update for Business reports, Windows Update for Business, and Microsoft Managed Desktop. For more information, see [Related Windows product considerations](#5-related-windows-product-considerations). - For more information on how Microsoft can help you honor rights and fulfill obligations under the GDPR when using Windows diagnostic data processor configurations, see [General Data Protection Regulation Summary](/compliance/regulatory/gdpr). ## 3. The process for exercising data subject rights @@ -231,10 +229,6 @@ An administrator can configure privacy-related settings, such as choosing to onl [Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows Enterprise edition, Office 365 ProPlus, and Microsoft security services. -### 5.4 Update Compliance - -[Update Compliance](/windows/deployment/update/update-compliance-monitor) is a service that enables organizations to monitor security, quality and feature updates for Windows Professional, Education, and Enterprise editions, and view a report of device and update issues related to compliance that need attention. Update Compliance uses Windows diagnostic data for all its reporting. - ### 5.5 Windows Update for Business reports [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview) is a cloud-based solution that provides information about an organization’s Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports uses Windows diagnostic data for all its reporting. From 14d816424a391972be789f32e61728d31c1fcbc3 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Wed, 2 Aug 2023 10:09:35 -0700 Subject: [PATCH 3/7] Renumber section --- windows/privacy/windows-10-and-privacy-compliance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 337f7b18e1..baa9c0f762 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -229,7 +229,7 @@ An administrator can configure privacy-related settings, such as choosing to onl [Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows Enterprise edition, Office 365 ProPlus, and Microsoft security services. -### 5.5 Windows Update for Business reports +### 5.4 Windows Update for Business reports [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview) is a cloud-based solution that provides information about an organization’s Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports uses Windows diagnostic data for all its reporting. From 6a89e276baae939b21e7e742f9b314f9e065de79 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 10 Aug 2023 09:44:09 -0700 Subject: [PATCH 4/7] Add Autopatch and Intune sections --- .../privacy/windows-10-and-privacy-compliance.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index baa9c0f762..623d508b5e 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -227,12 +227,22 @@ An administrator can configure privacy-related settings, such as choosing to onl ### 5.3 Microsoft Managed Desktop -[Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows Enterprise edition, Office 365 ProPlus, and Microsoft security services. +[Microsoft Managed Desktop (MMD)](/managed-desktop/overview/service-plan) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows Enterprise edition, Microsoft 365 Apps, and Microsoft security services. + +> [!NOTE] +> MMD will transition to end-of-life on July 31, 2024 and is no longer accepting new customers. ### 5.4 Windows Update for Business reports -[Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview) is a cloud-based solution that provides information about an organization’s Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports uses Windows diagnostic data for all its reporting. +[Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview) is a cloud-based solution that provides information about an organization’s Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports uses Windows diagnostic data for all of its reporting. +### 5.5 Windows Autopatch + +[Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview) is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. Windows Autopatch reports use Windows diagnostic data for their reporting. + +### 5.6 Windows updates reports on Microsoft Intune + +Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints. Microsoft Intune includes reports that help you prepare a Windows upgrade or update. For example, [App and driver compatibility reports](/mem/intune/protect/windows-update-compatibility-reports), [Windows driver updates](/mem/intune/protect/windows-driver-updates-overview), and [Autopilot](/autopilot/windows-autopilot). These reports use Windows diagnostic data for their reporting. ## Additional Resources From 7e887ae528990aaaf606ac0901cd888c38cf5cfd Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 10 Aug 2023 11:12:19 -0700 Subject: [PATCH 5/7] Updates to 5.# sections --- .../privacy/windows-10-and-privacy-compliance.md | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 623d508b5e..9af80ac4e0 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -225,22 +225,15 @@ An administrator can configure privacy-related settings, such as choosing to onl >[!Note] >The Windows diagnostic data processor configuration is not available for Surface Hub. -### 5.3 Microsoft Managed Desktop - -[Microsoft Managed Desktop (MMD)](/managed-desktop/overview/service-plan) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows Enterprise edition, Microsoft 365 Apps, and Microsoft security services. - -> [!NOTE] -> MMD will transition to end-of-life on July 31, 2024 and is no longer accepting new customers. - -### 5.4 Windows Update for Business reports +### 5.3 Windows Update for Business reports [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview) is a cloud-based solution that provides information about an organization’s Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports uses Windows diagnostic data for all of its reporting. -### 5.5 Windows Autopatch +### 5.4 Windows Autopatch [Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview) is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. Windows Autopatch reports use Windows diagnostic data for their reporting. -### 5.6 Windows updates reports on Microsoft Intune +### 5.5 Windows updates reports on Microsoft Intune Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints. Microsoft Intune includes reports that help you prepare a Windows upgrade or update. For example, [App and driver compatibility reports](/mem/intune/protect/windows-update-compatibility-reports), [Windows driver updates](/mem/intune/protect/windows-driver-updates-overview), and [Autopilot](/autopilot/windows-autopilot). These reports use Windows diagnostic data for their reporting. From 80fd4a1471401ba076d1214327d9c6cda2075533 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 10 Aug 2023 11:22:50 -0700 Subject: [PATCH 6/7] Update section heading --- windows/privacy/windows-10-and-privacy-compliance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 9af80ac4e0..2e702b33d8 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -233,7 +233,7 @@ An administrator can configure privacy-related settings, such as choosing to onl [Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview) is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. Windows Autopatch reports use Windows diagnostic data for their reporting. -### 5.5 Windows updates reports on Microsoft Intune +### 5.5 Windows updates reports (in Microsoft Intune) Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints. Microsoft Intune includes reports that help you prepare a Windows upgrade or update. For example, [App and driver compatibility reports](/mem/intune/protect/windows-update-compatibility-reports), [Windows driver updates](/mem/intune/protect/windows-driver-updates-overview), and [Autopilot](/autopilot/windows-autopilot). These reports use Windows diagnostic data for their reporting. From ddfff370627f487c6b804ca782560a9fe0a15a8c Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 10 Aug 2023 16:12:35 -0700 Subject: [PATCH 7/7] Update Windows Autopilot references --- windows/privacy/windows-10-and-privacy-compliance.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 2e702b33d8..71d3061064 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -99,9 +99,9 @@ Windows deployment can be configured using several different methods that provid If you want the ability to fully control and apply restrictions on data being sent back to Microsoft, you can use [Configuration Manager](/mem/configmgr/) as a deployment solution. Configuration Manager can be used to deploy a customized boot image using a variety of [deployment methods](/mem/configmgr/osd/get-started/prepare-for-operating-system-deployment). You can further restrict any Configuration Manager-specific diagnostic data from being sent back to Microsoft by turning off this setting as outlined in the instructions [here](/mem/configmgr/core/plan-design/diagnostics/frequently-asked-questions). -Alternatively, your administrators can also choose to use Windows Autopilot. Autopilot lessens the overall burden of deployment while allowing administrators to fully customize the out-of-box experience. However, since Windows Autopilot is a cloud-based solution, administrators should be aware that a minimal set of device identifiers are sent back to Microsoft during initial device boot up. This device-specific information is used to identify the device so that it can receive the administrator-configured Autopilot profile and policies. +Alternatively, your administrators can also choose to use Windows Autopilot. Windows Autopilot lessens the overall burden of deployment while allowing administrators to fully customize the out-of-box experience. However, since Windows Autopilot is a cloud-based solution, administrators should be aware that a minimal set of device identifiers are sent back to Microsoft during initial device boot up. This device-specific information is used to identify the device so that it can receive the administrator-configured Windows Autopilot profile and policies. -You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows: +You can use the following articles to learn more about Windows Autopilot and how to use Windows Autopilot to deploy Windows: - [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot) - [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process) @@ -235,7 +235,7 @@ An administrator can configure privacy-related settings, such as choosing to onl ### 5.5 Windows updates reports (in Microsoft Intune) -Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints. Microsoft Intune includes reports that help you prepare a Windows upgrade or update. For example, [App and driver compatibility reports](/mem/intune/protect/windows-update-compatibility-reports), [Windows driver updates](/mem/intune/protect/windows-driver-updates-overview), and [Autopilot](/autopilot/windows-autopilot). These reports use Windows diagnostic data for their reporting. +Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints. Microsoft Intune includes reports that help you prepare a Windows upgrade or update. For example, [App and driver compatibility reports](/mem/intune/protect/windows-update-compatibility-reports), [Windows driver updates](/mem/intune/protect/windows-driver-updates-overview), and [Windows Autopilot](/autopilot/windows-autopilot). These reports use Windows diagnostic data for their reporting. ## Additional Resources