User Privacy and Azure AD Seamless Single Sign-On

Note

This article provides steps for how to delete personal data from the device or service and can be used to support your obligations under the GDPR. If you’re looking for general info about GDPR, see the GDPR section of the Service Trust portal.

Overview

Azure AD Seamless SSO creates the following log type, which can contain Personal Data:

  • Azure AD Connect trace log files.

Improve user privacy for Seamless SSO in two ways:

  1. Upon request, extract data for a person and remove data from that person from the installations.
  2. Ensure no data is retained beyond 48 hours.

We strongly recommend the second option as it is easier to implement and maintain. See following instructions for each log type:

Delete Azure AD Connect trace log files

Check the contents of %ProgramData%\AADConnect folder and delete the trace log contents (trace-*.log files) of this folder within 48 hours of installing or upgrading Azure AD Connect or modifying Seamless SSO configuration, as this action may create data covered by GDPR.

Important

Don’t delete the PersistedState.xml file in this folder, as this file is used to maintain the state of the previous installation of Azure AD Connect and is used when an upgrade installation is done. This file will never contain any data about a person and should never be deleted.

You can either review and delete these trace log files using Windows Explorer or you can use the following PowerShell script to perform the necessary actions:

$Files = ((Get-Item -Path "$env:programdata\aadconnect\trace-*.log").VersionInfo).FileName 
 
Foreach ($file in $Files) { 
    {Remove-Item -Path $File -Force} 
}

Save the script in a file with the ".PS1" extension. Run this script as needed.

To learn more about related Azure AD Connect GDPR requirements, see this article.

Note about Domain controller logs

If audit logging is enabled, this product may generate security logs for your Domain Controllers. To learn more about configuring audit policies, read this article.

Next steps