From 630a9196f9b385060bd26148042200cfb688b810 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 16 Sep 2020 11:27:04 -0700 Subject: [PATCH 1/6] Create android-privacy.md --- .../microsoft-defender-atp/android-privacy.md | 125 ++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/android-privacy.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md new file mode 100644 index 0000000000..c3556182fd --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md @@ -0,0 +1,125 @@ +--- +title: Microsoft Defender ATP for Android - Privacy information +description: Privacy controls, how to configure policy settings that impact privacy and information about the diagnostic data collected in Microsoft Defender ATP for Android. +keywords: microsoft, defender, atp, android, privacy, diagnostic +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Microsoft Defender ATP for Android - Privacy information + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md) + + +icrosoft Defender ATP for Android collects and stores information from your +configured Android devices in the same customer dedicated and segregated tenant +specific to your Microsoft Defender ATP service for administration, tracking, +and reporting purposes. + +Information collected includes the below (but not limited to), to help keep +Microsoft Defender ATP for Android secure, up-to-date and perform as expected on +the device it’s installed and configured on. + +**\#\# Required Data** + +Data in the required category consists of data that is necessary to make +Microsoft Defender ATP for Android work as expected by the customer. This data +is tied to a user, device, network, or application and is essential to the +nature of management. All identifiable data is anonymized before collecting. +Identifiable data can include data related to end user, pseudonymized data with +a unique identifier generated by the system, used to deliver the enterprise +service to users, support data and account data. + +- App information + +> APKs on the device including (but not limited to) data about the APK such as + +- Install source + +- Storage location (file path) of the APK + +- Time of install, size of APK and permissions. + +- Web page / Network information + + - Full URL (on supported browsers), when clicked. + + - IP Address, Domain, sub-domain when background connections occur. + + - Protocol type (such as HTTP, HTTPS, etc.) + + - DNS record name + +- Device and account information + + - Device information such as date & time, Android version, OEM model, CPU + info, Device identifier + + - Device identifier is a anonymized value of one of the below (in order) + + - WiFi adapter Mac address + + - [Android + ID](https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID) + (as generated by Android at the time of first boot of the device) + + - Randomly generated global unique identifier + + - Tenant, Device and User information + + - Azure AD Device ID, Azure tenant ID, Azure User ID + + - Microsoft Defender ATP org ID + + - User Principal Name + +- Product and service usage data + +- App package info like name, version, app upgrade status + + - Actions performed in the app + + - Threat detection information such as threat name, category, etc. + + - Crash report logs generated by Android + +**\#\# Optional Data** + +Data in the optional category is not essential to the product or service +experience. Customers can control the collection of optional data. + +> **Diagnostic data** is used to keep Microsoft Defender ATP secure and +> up-to-date, detect, diagnose and fix problems, and also make product +> improvements. Below diagnostic data is collected only with the consent of +> the user as part of the feedback submission feature. + +- Device information such as Build Information, date & time, Android version, + OEM model, CPU info, Device identifier + +- App usage, CPU and network usage + +- State of the device from the app perspective like scan status, scan timings, + app permissions granted, Upgrade status + +- Features configured by the admin. + +- Basic information about the browsers on device + +> **Feedback Data** is collected thru in-app feedback provided user + +- User email address is optional to provide. + +- Feedback type (smile, frown, idea), Feedback comments submitted by user From 2acf4d83c7043d969595b6a8845c96f3c41f338d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 16 Sep 2020 12:56:57 -0700 Subject: [PATCH 2/6] add to toc --- windows/security/threat-protection/TOC.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ad69231636..8defabb96f 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -280,7 +280,8 @@ #### [Configure]() ##### [Configure Microsoft Defender ATP for Android features](microsoft-defender-atp/android-configure.md) - +#### [Privacy]() +##### [Microsoft Defender ATP for Android - Privacy information](microsoft-defender-atp/android-privary.md) ### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md) From f2bd3647d4c1d2150ab7c1270ad7214ff413df89 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 16 Sep 2020 13:03:24 -0700 Subject: [PATCH 3/6] formatting --- .../microsoft-defender-atp/android-privacy.md | 81 +++++++------------ 1 file changed, 30 insertions(+), 51 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md index c3556182fd..f46dab83d2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md @@ -33,7 +33,7 @@ Information collected includes the below (but not limited to), to help keep Microsoft Defender ATP for Android secure, up-to-date and perform as expected on the device it’s installed and configured on. -**\#\# Required Data** +## Required Data Data in the required category consists of data that is necessary to make Microsoft Defender ATP for Android work as expected by the customer. This data @@ -43,68 +43,48 @@ Identifiable data can include data related to end user, pseudonymized data with a unique identifier generated by the system, used to deliver the enterprise service to users, support data and account data. -- App information +### App information -> APKs on the device including (but not limited to) data about the APK such as +APKs on the device including (but not limited to) data about the APK such as: -- Install source +- Install source +- Storage location (file path) of the APK +- Time of install, size of APK and permissions. -- Storage location (file path) of the APK +### Web page / Network information -- Time of install, size of APK and permissions. +- Full URL (on supported browsers), when clicked. -- Web page / Network information +- IP Address, Domain, sub-domain when background connections occur. +- Protocol type (such as HTTP, HTTPS, etc.) +- DNS record name - - Full URL (on supported browsers), when clicked. +### Device and account information - - IP Address, Domain, sub-domain when background connections occur. - - - Protocol type (such as HTTP, HTTPS, etc.) - - - DNS record name - -- Device and account information - - - Device information such as date & time, Android version, OEM model, CPU +- Device information such as date & time, Android version, OEM model, CPU info, Device identifier +- Device identifier is a anonymized value of one of the below (in order) + - WiFi adapter Mac address + - [Android ID](https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID) (as generated by Android at the time of first boot of the device) + - Randomly generated global unique identifier - - Device identifier is a anonymized value of one of the below (in order) +- Tenant, Device and User information +- Azure AD Device ID, Azure tenant ID, Azure User ID +- Microsoft Defender ATP org ID +- User Principal Name - - WiFi adapter Mac address +### Product and service usage data +- App package info like name, version, app upgrade status +- Actions performed in the app +- Threat detection information such as threat name, category, etc. +- Crash report logs generated by Android - - [Android - ID](https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID) - (as generated by Android at the time of first boot of the device) - - - Randomly generated global unique identifier - - - Tenant, Device and User information - - - Azure AD Device ID, Azure tenant ID, Azure User ID - - - Microsoft Defender ATP org ID - - - User Principal Name - -- Product and service usage data - -- App package info like name, version, app upgrade status - - - Actions performed in the app - - - Threat detection information such as threat name, category, etc. - - - Crash report logs generated by Android - -**\#\# Optional Data** +## Optional Data Data in the optional category is not essential to the product or service experience. Customers can control the collection of optional data. -> **Diagnostic data** is used to keep Microsoft Defender ATP secure and -> up-to-date, detect, diagnose and fix problems, and also make product -> improvements. Below diagnostic data is collected only with the consent of -> the user as part of the feedback submission feature. +**Diagnostic data** is used to keep Microsoft Defender ATP secure andup-to-date, detect, diagnose and fix problems, and also make product improvements. Below diagnostic data is collected only with the consent of the user as part of the feedback submission feature. - Device information such as Build Information, date & time, Android version, OEM model, CPU info, Device identifier @@ -114,12 +94,11 @@ experience. Customers can control the collection of optional data. - State of the device from the app perspective like scan status, scan timings, app permissions granted, Upgrade status -- Features configured by the admin. +- Features configured by the admin - Basic information about the browsers on device -> **Feedback Data** is collected thru in-app feedback provided user +**Feedback Data** is collected thru in-app feedback provided user - User email address is optional to provide. - - Feedback type (smile, frown, idea), Feedback comments submitted by user From 0ddd8c2f97ac42c573672a09477d45fa300f5e57 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 16 Sep 2020 13:14:14 -0700 Subject: [PATCH 4/6] Update TOC.md --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 8defabb96f..fafb19e85a 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -281,7 +281,7 @@ ##### [Configure Microsoft Defender ATP for Android features](microsoft-defender-atp/android-configure.md) #### [Privacy]() -##### [Microsoft Defender ATP for Android - Privacy information](microsoft-defender-atp/android-privary.md) +##### [Microsoft Defender ATP for Android - Privacy information](microsoft-defender-atp/android-privacy.md) ### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md) From 0aca6d74947f2b65e0ea3a1aab592aa222232298 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 22 Sep 2020 08:48:57 -0700 Subject: [PATCH 5/6] Update android-privacy.md --- .../microsoft-defender-atp/android-privacy.md | 99 ++++++++++--------- 1 file changed, 53 insertions(+), 46 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md index f46dab83d2..e1b667b8bc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md @@ -24,81 +24,88 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md) -icrosoft Defender ATP for Android collects and stores information from your -configured Android devices in the same customer dedicated and segregated tenant -specific to your Microsoft Defender ATP service for administration, tracking, -and reporting purposes. +Microsoft Defender ATP for Android collects information from your configured +Android devices and stores it in the same tenant where you have Microsoft +Defender ATP. -Information collected includes the below (but not limited to), to help keep -Microsoft Defender ATP for Android secure, up-to-date and perform as expected on -the device it’s installed and configured on. +Information is collected to help keep Microsoft Defender ATP for Android secure, +up-to-date, performing as expected and to support the service. ## Required Data -Data in the required category consists of data that is necessary to make -Microsoft Defender ATP for Android work as expected by the customer. This data -is tied to a user, device, network, or application and is essential to the -nature of management. All identifiable data is anonymized before collecting. -Identifiable data can include data related to end user, pseudonymized data with -a unique identifier generated by the system, used to deliver the enterprise -service to users, support data and account data. +Required data consists of data that is necessary to make Microsoft Defender ATP +for Android work as expected. This data is essential to the operation of the +service and can include data related to the end user, organization, device, and +apps. Here's a list of the types of data being collected: ### App information -APKs on the device including (but not limited to) data about the APK such as: +Information about Android application packages (APKs) on the device including - Install source - Storage location (file path) of the APK -- Time of install, size of APK and permissions. +- Time of install, size of APK and permissions ### Web page / Network information -- Full URL (on supported browsers), when clicked. - -- IP Address, Domain, sub-domain when background connections occur. +- Full URL (on supported browsers), when clicked +- Connection information - Protocol type (such as HTTP, HTTPS, etc.) -- DNS record name + ### Device and account information - Device information such as date & time, Android version, OEM model, CPU - info, Device identifier -- Device identifier is a anonymized value of one of the below (in order) - - WiFi adapter Mac address - - [Android ID](https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID) (as generated by Android at the time of first boot of the device) - - Randomly generated global unique identifier + info, and Device identifier +- Device identifier is one of the below: + - Wi-Fi adapter MAC address + - [Android + ID](https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID) + (as generated by Android at the time of first boot of the device) + - Randomly generated globally unique identifier (GUID) - Tenant, Device and User information -- Azure AD Device ID, Azure tenant ID, Azure User ID -- Microsoft Defender ATP org ID -- User Principal Name + - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely + identifies the device, User respectively at Azure Active directory. + + - Azure tenant ID - GUID that identifies your organization within + Azure Active Directory + + - Microsoft Defender ATP org ID - Unique identifier associated with + the enterprise that the device belongs to. Allows Microsoft to + identify whether issues are impacting a select set of enterprises + and how many enterprises are impacted  + + - User Principal Name – Email ID of the user ### Product and service usage data -- App package info like name, version, app upgrade status -- Actions performed in the app -- Threat detection information such as threat name, category, etc. -- Crash report logs generated by Android +- App package info, including name, version, and app upgrade status + +- Actions performed in the app + +- Threat detection information, such as threat name, category, etc. + +- Crash report logs generated by Android ## Optional Data -Data in the optional category is not essential to the product or service -experience. Customers can control the collection of optional data. +Optional data includes diagnostic data and feedback data. Optional diagnostic +data is additional data that helps us make product improvements and provides +enhanced information to help us detect, diagnose, and fix issues. Optional +diagnostic data includes: -**Diagnostic data** is used to keep Microsoft Defender ATP secure andup-to-date, detect, diagnose and fix problems, and also make product improvements. Below diagnostic data is collected only with the consent of the user as part of the feedback submission feature. +- App, CPU, and network usage -- Device information such as Build Information, date & time, Android version, - OEM model, CPU info, Device identifier - -- App usage, CPU and network usage - -- State of the device from the app perspective like scan status, scan timings, - app permissions granted, Upgrade status +- State of the device from the app perspective, including scan status, scan + timings, app permissions granted, and upgrade status - Features configured by the admin -- Basic information about the browsers on device +- Basic information about the browsers on the device -**Feedback Data** is collected thru in-app feedback provided user +**Feedback Data** is collected through in-app feedback provided by the user -- User email address is optional to provide. -- Feedback type (smile, frown, idea), Feedback comments submitted by user +- The user’s email address, if they choose to provide it + +- Feedback type (smile, frown, idea) and any feedback comments submitted by + the user From 746fcd8c4436f3ff468517820ae1748614e91e8e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 22 Sep 2020 08:52:58 -0700 Subject: [PATCH 6/6] Update android-privacy.md --- .../microsoft-defender-atp/android-privacy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md index e1b667b8bc..800e262876 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md @@ -8,8 +8,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: dansimp -author: dansimp +ms.author: macapara +author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro