Windows 7, Windows 8 and Windows 10 Telemetry Updates (Diagnostic Tracking)
Dorian from the Emea Networking Team again, blogging about a hot toppic called "Windows 7, Windows 8 and Windows 10 Telemetry Updates (Diagnostic Tracking)". In the latest time we have seen multiple service requests where customers are inquiring about how to turn this off.
This article does address the supported way of turning this off.
We have introduced this in Windows 10 and have back ported the functionality to other Operating systems as well, among them Windows 7, Windows 8.1, Windows Server 2008 R2 Windows Server 2012 and Windows Server 2012 R2. The functionality has been deployed with KB3022345. Since then KB 3022345 has been superseded by KB 3068708 and the later has been superseded by KB 3080149.
The Diagnostic Tracking Service downloads manifests and uploads data that helps Microsoft improve the OS and application experience on Windows. Diagnostic Tracking does not upload data until the customer explicitly opts-in to do so. There are different opt-in UIs for different manifests. Here is an Overview: Windows 10 and privacy
We do no longer recommend that the telemetry data should be stopped by disabling the service. The official recommendation has shifted from Stopping the Service towards the disabling of the Telemetry data collection in the Control Panel or PC Settings.
We have also published a public Technet Article describing how to Configure telemetry and other settings in your organization
Manage your telemetry settings
You can manage your telemetry settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your telemetry levels through a management policy overrides any device-level settings.
You can set your organization’s devices to use 1 of 4 telemetry levels:
Security (only available on Windows 10 Enterprise, Windows 10 Education, and Windows 10 IoT Core editions)
These telemetry levels only apply to Windows components and apps that use the telemetry client. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these telemetry levels. App publishers must let people know about how they use their telemetry, ways to opt in or opt out, and they must separately document their privacy policies.
Use Group Policy to set the telemetry level
Use a Group Policy object to set your organization’s telemetry level.
From the Group Policy Management Console, go to Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds.
Double-click Allow Telemetry.
In the Options box, select the level that you want to configure, and then click OK.
Use MDM to set the telemetry level
Use the Policy Configuration Service Provider (CSP) to apply the System/AllowTelemetry MDM policy, using one of these telemetry values:
0. Maps to the Security level.
1. Maps to the Basic level.
2. Maps to the Enhanced level.
3. Maps to the Full level.
Use Windows Provisioning to set the telemetry level
Use Windows Provisioning and the Windows Imaging and Configuration Designer (Windows ICD) tool – part of the Windows Assessment and Deployment Kit (Windows ADK) toolkit - to create a provisioning package and runtime setting that sets your organization’s telemetry level.
After you create the provisioning package, you can email it to your employees, put it on a network share, or integrate the package directly into a custom image using Windows ICD.
To use Windows ICD to integrate your package into a custom image
Open Windows ICD, and then click New provisioning package.
In the Name box, type a name for the provisioning package, and then click Next.
Click Common to all Windows editions > Next > Finish.
Go to Runtime settings > Policies > System > AllowTelemetry to configure the policies. You can set it to one of the following:
Disabled [Enterprise SKU Only] . Maps to the Security level.
Basic. Maps to the Basic level.
Full. Maps to the Enhanced level
Diagnostic. Maps to the Full level.
After you've added all of your settings to the provisioning package, click Export > Provisioning package.
On the Describe the provisioning package step, in the Owner box, click IT Admin > Next.
On the Select security details for the provisioning package step, if you want to protect the package with a password, select the Encrypt package check box. If you'd like to sign the package with a certificate, select the Sign package check box and select the certificate to use. Click Next.
On the Select where to save the provisioning package step, if you want to save it somewhere other than the Windows ICD project folder, choose a new location, and then click Next.
On the Build the provisioning package step, click Build.
Use Registry Editor to set the telemetry level
Use Registry Editor to manually set the registry level on each device in your organization, or write a script to edit the registry.
If a management policy already exists (from Group Policy, MDM, or Windows Provisioning), it will override this registry setting.
Open Registry Editor, and go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection.
Right-click DataCollection, click New, and then click DWORD (32-bit) Value.
Type AllowTelemetry, and then press ENTER.
Double-click AllowTelemetry and set the value to one of the following levels, and the click OK.
Click File > Export, and then save the file as a .reg file, such as C:\AllowTelemetry.reg. You can run this file from a script on each device in your organization.
Additional telemetry controls
There are a few more settings that you can turn off that may send telemetry information:
To turn off Windows Update telemetry, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).
Turn off Windows Defender Cloud-based Protection and Automatic sample submission in Settings > Update & security > Windows Defender.
Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article 891716.
Turn off Linguistic Data Collection in Settings > Privacy. At telemetry levels Enhanced and Full, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary. For more info, see the Get to know me setting in the Speech, inking, & typing section of this article and the Send Microsoft info about how I write to help us improve typing and writing in the future setting in the General section of this article.
Microsoft doesn't intentionally gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.
How telemetry works
Windows uses telemetry information to analyze and fix software problems. It also helps Microsoft improve its software and provide updates that enhance the security and reliability of devices within your organization.
This section explains the different telemetry levels in Windows 10.
Security. Information that’s required to help keep Windows secure, including info about telemetry client settings, the Malicious Software Removal Tool, and Windows Defender. This level is available only on Windows 10 Enterprise and Windows 10 Education, and Windows 10 IoT Core.
Basic. Basic device info, including: quality-related info, app compat, and info from the Security level.
Enhanced Additional insights, including: how Windows and Windows apps are used, how they perform, advanced reliability info, and info from both the Basic and the Security levels.
Full. All info necessary to identify and help to fix problems, plus info from the Security, Basic, and Enhanced levels.
As a diagram:
The Security level gathers only telemetry info that’s required to keep Windows devices secure. This level is only available on Windows 10 Enterprise, Windows 10 Education, and Windows 10 IoT Core editions.
If your organization relies on Windows Update for updates, you shouldn’t use the Security level. Because no Windows Update information is gathered at this level, Microsoft can’t tell whether an update successfully installed.
You can continue to use Windows Server Update Services and System Center Configuration Manager while using the Security level.
Security level info includes:
Telemetry client settings. The telemetry client requests its settings file from Microsoft servers at regular intervals. This request includes operating system info, the device ID (used to identify what specific device is requesting settings), and the device class (for example, whether the device is a server or desktop).
Malicious Software Removal Tool (MSRT) MSRT requires to function, including: device info, such as IP address.
No MSRT information is included if MSRT is not used or if Windows Update is turned off.
Windows Defender. Windows Defender requires some info to function, including: anti-malware signatures, diagnostic information, User Account control settings, Unified Extensible Firmware Interface (UEFI) settings, and IP address. No Windows Defender info is included if a customer is using third-party anti-malware software or if Windows Defender has been turned off.
No user content, such as user files or communications, is gathered at the Security telemetry level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computer’s registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time.
To set the telemetry level to Security use a management policy (Group Policy or MDM) or by manually changing the setting in the registry. For more info, see the Manage your telemetry settings section of this article.
The Basic level gathers a limited set of info that’s critical for understanding the device and its configuration. This level also includes the Security level info. This level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version.
Basic level info includes:
Basic device info. Helps provide an understanding about the various types of devices in the Windows 10 ecosystem, including:
Device attributes, such as camera resolution and display type
Internet Explorer version
Battery attributes, such as capacity and type
Networking attributes, such as mobile operator network and IMEI number
Processor and memory attributes, such as number of cores, speed, and firmware
Operating system attributes, such as Windows edition and IsVirtualDevice
Storage attributes, such as number of drives and memory size
Telemetry client quality metrics. Helps provide an understanding about how the telemetry client is functioning, including uploaded events, dropped events, and the last upload time.
Quality-related information. Helps Microsoft develop a basic understanding of how a device and its operating system are performing. Some examples are the amount of time a connected standby device was able to fullsleep, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app.
App compat info. Helps provide understanding about which apps are installed on a device and to help identify potential compatibility problems.
General app info and app info for Internet Explorer add-ons. Includes a list of apps and Internet Explorer add-ons that are installed on a device and whether these apps will work after an upgrade. This app info includes the app name, publisher, version, and basic details about which files have been blocked from usage.
System info. Helps provide understanding about whether a device meets the minimum requirements to upgrade to the next version of the operating system. System information includes the amount of memory, as well as info about the processor and BIOS.
Accessory device info. Includes a list of accessory devices, such as printers or external storage devices, that are connected to Windows PCs and whether these devices will function after upgrading to a new version of the operating system.
Driver info. Includes specific driver usage that’s meant to help figure out whether apps and devices will function after upgrading to a new version of the operating system. This info can help to determine blocking issues and then help Microsoft and our partners apply fixes and improvements.
Store. Provides info about how the Windows Store performs, including app downloads, installations, and updates. It also includes Windows Store launches, page views, suspend and resumes, and obtaining licenses.
The Enhanced level gathers info about how Windows and apps are used and how they perform. This level also includes info from both the Basic and Security levels. This level helps to improve experiences by analyzing user interaction with the operating system and apps. Info from this level can be abstracted into patterns and trends that can help Microsoft determine future improvements.
Enhanced level info includes:
Operating system events. Helps to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, and other components.
Operating system app events. A set of events resulting from Microsoft apps that were downloaded from the Store or pre-installed with Windows, including Photos, Mail, and Microsoft Edge.
Device-specific events. Contains info about events that are specific to certain devices, such as Surface Hub and Microsoft HoloLens. For example, Microsoft HoloLens sends Holographic Processing Unit (HPU)-related events.
If the telemetry client detects a problem that requires gathering more detailed instrumentation, then the telemetry client will only gather info about the events associated with the specific issue, for no more than 2 weeks. Also, if the operating system or an app crashes or hangs, Microsoft will gather the memory contents of the faulting process only at the time of the crash or hang.
The Full level gathers info necessary to identify and to help fix problems, following the approval process described below. This level also includes info from the Basic, Enhanced, and Security levels.
Additionally, at this level, devices opted in to the Windows Insider Program will send events that can show Microsoft how pre-release binaries and features are performing. All devices in the Windows Insider Program are automatically set to this level.
If a device experiences problems that are difficult to identify or repeat using Microsoft’s internal testing, additional info becomes necessary. This info can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the Full telemetry level and have exhibited the problem.
However, before more info is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:
Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
Ability to get and set registry keys.
Ability to gather user content, such as documents, if they might have been the trigger for the issue.
How is telemetry information handled by Microsoft?
Information gathered by the telemetry client complies with Microsoft’s security and privacy policies, as well as international laws and regulations. Only those who can demonstrate a valid business need can access the telemetry info.
All telemetry info is encrypted during transfer from the device to the Microsoft Data Management Service.
Microsoft Data Management Service
The Microsoft Data Management Service routes information to internal cloud storage, where it's compiled into business reports for analysis and research. Sensitive info is stored in a separate data store that’s locked down to a small subset of Microsoft employees in the Windows Devices Group. The privacy governance team permits access only to people with a valid business justification.
Information is used by teams within Microsoft to provide, improve, and personalize experiences, and for security, health, quality, and performance analysis.
An example of personalization is to create individually tailored in-product messages.
Microsoft doesn’t share organization-specific customer information with third parties, except at the customer’s direction or for the limited purposes described in the privacy statement. However, we do share business reports with partners that include aggregated, anonymous telemetry information. Decisions to share info are made by an internal team that includes privacy, legal, and data management professionals.
Microsoft believes in and practices information minimization, so we only gather the info we need, and we only store it for as long as it’s needed to provide a service or for analysis. Much of the info about how Windows and apps are functioning is deleted within 30 days. Other info may be retained longer, particularly if there is a regulatory requirement to do so. Info is typically gathered at a fractional sampling rate, which for some client services, can be as low as 1%.
Microsoft is committed to your privacy, and it’s important to us to earn your trust and confidence. The above information is still work in progress and provided "as is". Please check the Microsoft Websites for News and Updates.