Microsoft Intune Privacy Statement
Microsoft is committed to protecting your privacy. This privacy statement applies to the data collected by Microsoft through Microsoft Intune (the “Services”); it does not apply to other online or offline Microsoft sites, products, or services.
Microsoft Intune provides enterprise IT Administrators with cloud-based security, management tools and reports, and an upgrade license to the latest version of the Windows operating system, helping them to keep their Windows based PCs up-to-date and secure from virtually anywhere.
Notice to End Users: All references to “you” or “your” in this privacy statement are to the customers who contract with Microsoft for the Services. Microsoft’s customers, in turn, may use the Services to develop, provide and host services for their end users. Any information Microsoft collects or handles through the Services is processed for our customers. End users should direct privacy-related requests to the entity providing services to the end user. Microsoft is not responsible for the privacy practices of our customers or other third parties except as specifically provided in your agreement(s) with Microsoft.
We will use Customer Data (as defined in your agreement(s) with Microsoft) only to provide you the Services. This may include troubleshooting aimed at preventing, detecting or repairing problems affecting the operation of those services and the improvement of features that involve the detection of, and protection against, emerging and evolving threats to users (such as malware or spam).
Our personnel will not process Customer Data without authorization. Our personnel are obligated to maintain the confidentiality of any Customer Data and this obligation continues even after their engagement ends.
Administrator Data is the contact information of Services purchasers and administrators collected as part of purchasing or administering the Services. For example, Administrator Data includes the name, address, phone and email of the account owner and the email of IT Administrators, whether collected at initial purchase or later during administration of the Services.
Administrator Data will be used to complete the transactions you have requested, for service improvement, and for the detection and prevention of fraud. In limited circumstances, Microsoft may share Administrator Data with third parties for purposes of fraud prevention.
We may contact Administrators to provide information about new subscriptions, billing and important updates about your Services, including information about security or other technical issues regarding the Services. We may also contact administrators regarding a third-party inquiry we receive regarding your use of the Services. You will not be able to unsubscribe from these communications, as they are considered an essential part of the Services.
With permission, we may also contact administrators regarding information and offers about products and services offered by Microsoft or its affiliates, or to request your feedback. If you do not wish to receive these communications, you may stop them by editing My Profile from the Account Portal to change your Contact Preference settings. Administrators may also click the appropriate link at the bottom of any email to stop receiving emails of that type (other than service emails).
Payment Instrument Information
When you make online purchases, you will be asked to provide payment information, which may include your payment instrument number (e.g., credit card, PayPal), your name and billing address, and the security code associated with your payment instrument (e.g., the CSV). This section provides additional information regarding the collection and use of your payment information.
The payment information you provide will be used to complete your transaction, as well as for the detection and prevention of fraud. In support of these uses, Microsoft may share information with banks and other entities that process payment transactions, and for fraud prevention and credit risk reduction.
The payment instrument information you provide while logged in to your work or school account will be available to you to complete future transactions without your having to provide the information again. We do not, however, retain the security code associated with your payment instrument (e.g., the CSV) in this manner.
You may update or remove the payment instrument information associated with your Microsoft Account by logging in with your Microsoft Account at www.commerce.microsoft.com. To remove a payment instrument associated with your work or school account, please contact Customer Support. After you close your account or remove a payment instrument, however, Microsoft may retain your payment instrument data for as long as reasonably necessary to complete your existing transaction and for the detection and prevention of fraud.
The Microsoft Commerce Platform complies with the Payment Card Industry Data Security Standards (PCI DSS), a global standard for the safe handling of payment data. Please note, however, that the Service does not support PCI compliance for Customer Data stored or process within the Service.
Sharing Your Information
In addition to any sharing by Microsoft set forth in your agreement(s) with Microsoft, or in this Privacy Statement, Microsoft may share or disclose your information:
With your permission or with permission from the Services administrator or end user.
With other Microsoft controlled subsidiaries and affiliates, or as part of a corporate transaction such as a merger or sale of assets.
With vendors or agents. Specifically, we may share it with companies we've hired to provide the services on our behalf. We only share the information these other companies need to provide the Services, and they are not allowed to use it for any other purpose and must keep it confidential.
To comply with the law.
We will not disclose Customer Data to a third party (including law enforcement, other government entity or civil litigant; excluding our vendors or subcontractors) except as you direct or as required by law. Should a third party contact us with a demand for Customer Data, we will attempt to redirect the third party to request it directly from you. As part of that, we may provide basic administrator contact information to the third party. If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited from doing so. Microsoft may share Administrator Data or Payment Instrument with third parties for purposes of fraud prevention or to process payment transactions, as further described above. Please note the Services may include links to third-party services whose privacy practices may differ from those of Microsoft. Your use of such services, and any information you provide to a third party, is governed by their privacy statements. We encourage you to review these third-party privacy statements.
Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities.
This section contains important privacy information about specific features of Microsoft Intune. This is not a complete list of all features.
Impact of enrolling a Windows RT, Windows Phone 8, iOS Device, or other Mobile Device: IT Administrators are granted certain control and access rights to managed mobile devices and may apply policies to manage certain behaviors of that Mobile Device, up to and including erasing all data on that Mobile Device and returning it to its default state.
Impact of enrolling a Windows XP, Windows Vista, Windows 7 and Windows 8 Enterprise and Professional Computer:
During enrollment, Microsoft Intune automatically installs certain agents, applications, and components onto the Computer.
In some cases, previously installed anti-malware may be removed.
IT Administrators are granted certain control and access rights to Managed Computers and may apply policies to manage certain behaviors of these Computers. For more information, please refer to Help secure Windows PCs with Endpoint Protection for Microsoft Intune.
Any software installed on a Managed Computer may be inventoried, regardless of when that software is installed. This may include Software Titles of a personal nature.
On an ongoing basis, the Software critical for operating the Service will be automatically updated by Microsoft on all Managed Computers.
IT Administrators are granted access to wipe targeted data on the Managed Computer, or to wipe the entire hard drive.
The consequences of enrolling a Windows XP, Windows Vista, Windows 7 and Windows 8 Enterprise and Professional Computer are as follows:
Impact of removing Windows XP, Windows Vista, Windows 7 and Windows 8 Enterprise and Professional Computer: Upon removal, Software used by the Services will be uninstalled from the computer. As a result, in those cases where the previously installed anti-malware was removed during the enrollment, the Computer may be left without any active anti-malware programs. Learn more about these and other consequences of removing a device.
Impact of removing a Windows RT, Windows Phone 8, iOS Device, or other Mobile Device: Removing a Mobile Device will result in disassociating the user’s Mobile Device with its electronic mail server. As a result, users will no longer be able to sync their e-mail or install software from the Company Portal experiences. In some cases, the applications that were installed from the Company Portal experiences will be uninstalled, and any data associated with those applications will be removed. In some cases, the policies and settings that were applied on the device through Microsoft Intune will no longer be in effect. Learn more about these and other consequences of removing a device.
Endpoint Protection. The Services use the same malware engine as Forefront Endpoint Protection, and the privacy statement for Forefront Endpoint Protection applies.
Remote Assistance via Microsoft Easy Assist: End users can request assistance by using the Remote Assistance feature available on Windows XP, Windows Vista, and Windows 7 computers. Some of the information transmitted to Microsoft may be viewed by other session participants, and personal information on the user’s desktop or in the user’s application may also be transmitted to Microsoft as part of the Easy Assist sessions. Learn more. Use of Easy Assist is governed by the Microsoft Easy Assist Service Agreement and the Microsoft Online Services Privacy Statement for Microsoft Office Live Meeting 2007 and Microsoft Easy Assist.
Service Improvement Program: Microsoft collects telemetry data from the various Company Portal experiences and the Intune Administrator Console. Telemetry data includes standard web tracking information, including session cookies, last web page visited, next web page visited and actions taken on the Services. This data is used in aggregated form to analyze and improve the service.
Use Exchange Connector to manage devices through Exchange Active Sync: When using on-premise Exchange, IT Administrators are prompted to enter their Exchange administrator credentials which are then only stored locally where the Exchange connector is installed. If using hosted Exchange (through Office365), both the Exchange administrator credentials and proxy server information is stored locally.
License Management: IT Administrators can track certain Microsoft volume licensing agreements against actual software installations. IT Administrators can also track certain Microsoft retail software licenses, Original Equipment Manufacturer (OEM) licenses for Microsoft software, and third-party software licenses. This feature is provided for convenience only and accuracy of the licensing is not guaranteed. You should not rely on it to confirm compliance with Microsoft or third-party licensing agreements. The information sent to the Services includes a Computer’s globally unique identifier (GUID) and volume license agreement numbers. This information is anonymized and used to improve the Service. We will not use the information collected to investigate potential violations of or compliance with other agreements you may have with us, our affiliates or third party software licensors.
Learn More about:
Data may be transferred to and stored and processed in the United States or any other country where Microsoft or its affiliates, subsidiaries or service providers maintain facilities. Microsoft abides by the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Economic Area, and Switzerland. To learn more about the Safe Harbor program, and to view our certification, please visit http://www.export.gov/safeharbor/.
Usage Data and Analytics
We may use aggregated statistical data, trends and usage information derived from your use of the Services for the purpose of providing, operating, maintaining or improving the Services as well as any Microsoft products and services used to deliver the Services.
Microsoft’s support for the Services is subject to the privacy statement.
You may configure a work or school account to allow you and end users to authenticate to the Services, as well as other Microsoft or third party services or web properties. Use of those other services or web properties is subject to the privacy statement for those other services and web properties.
By signing into one Microsoft service, you may be automatically signed into other services that use these credentials.
Changes to this Privacy Statement
We will occasionally update our privacy statements to reflect customer feedback and changes in our Services. When we post changes to a statement, we will revise the "last updated" date at the top of the statement. If there are material changes to the statement or in how Microsoft will use your information, we will notify you either by posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review the privacy statements for the products and services you use to learn how Microsoft is protecting your information.
How to Contact Us
Microsoft welcomes your comments. If you believe that Microsoft is not adhering to its privacy or security commitments, please contact us by using this email address firstname.lastname@example.org. If you have a technical or other customer support question please click to learn more about Microsoft Intune Support offerings.
Microsoft Intune Privacy
Microsoft Corporation Microsoft Way Redmond, Washington, 98052-6399 USA
Cookies and Other Technologies
Storing Users’ Preferences and Settings. When a user enters a city or postal code to get local news or weather information on a Microsoft site, we may store that city or postal code in a cookie. This can save time by eliminating the need to repeatedly enter the same information.
Some of the cookies we commonly use are listed in the following chart. This list is not exhaustive, but it is intended to illustrate some of the reasons we set cookies. If users visit one of our web sites, the site may set some or all of the following cookies:
|Cookie name|Description| |-------------------|-------------------| |MUID|Identifies unique browsers to Microsoft sites. It is used for site analytics and other operational purposes.| |TenantId|Cookie for Storing the Tenant ID.| |SessID|Sets a unique ID identifying the user session. It is used for site analytics and other operational purposes.| |CC|Contains a country code as determined by reverse IP address lookup.| |work or school account authentication|Authentication cookies (e.g., IntuneID, wsresult, ) used when a user signs in with a work or school account.| |RedirectToFullSite|Cookie that stores if the user would like to view the full site instead of the mobile site.| In addition to the cookies Microsoft may set when users visit our web sites, third parties may also set certain cookies on users’ hard drive when users visit Microsoft sites. In some cases, that is because we have hired the third party to provide certain services on our behalf, such as site analytics.
How to Control Cookies
Browser Controls to Block Cookies. Most web browsers automatically accept cookies, but users can usually modify their browser settings to block cookies.
For example, in Internet Explorer 9, users may block cookies by taking the following steps:
Click "Tools" and then select "Internet Options"
Click the "Privacy" tab at the top of the window
Move the slider up or down to select the types of cookies the user wishes to block
Instructions for blocking cookies in other browsers are available at http://www.allaboutcookies.org/manage-cookies/.
Please be aware that users who choose to block cookies may not be able to sign in or use other interactive features of Microsoft sites and services that depend on cookies.
Browser Controls to Delete Cookies. If users accept cookies, users can delete them later.
For example, in Internet Explorer 9, users may delete cookies by taking the following steps:
Click "Tools" and then select "Internet Options"
On the "General" tab, under "Browsing History," click the "Delete" button
On the pop-up, select the box next to “Cookies”
Click the "Delete" button
Instructions for deleting cookies in other browsers are available at http://www.allaboutcookies.org/manage-cookies/.
Please be aware that if users choose to delete cookies, any settings and preferences controlled by those cookies, including advertising preferences, will be deleted and may need to be recreated.
Browser Controls for “Do Not Track” and Tracking Protection. Some newer browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the web sites users visit indicating that the user does not wish to be tracked. Those sites may continue to engage in activities users might view as tracking even though users have expressed this preference, depending on the sites’ privacy practices.
Internet Explorer 9 and later versions have a feature called Tracking Protection that helps prevent the web sites users go to from automatically sending details about the user’s visit to third-party content providers. When users add a Tracking Protection List, Internet Explorer will block third-party content, including cookies, from any site that is listed as a site to be blocked. By limiting calls to these sites, Internet Explorer will limit the information these third-party sites can collect about users. And when users have a Tracking Protection List enabled, Internet Explorer will send a Do Not Track signal or preference to the web sites users visit. For more information about Tracking Protection Lists and how to find them, please see the Internet Explorer privacy statement or Internet Explorer Help.
Our Use of Web Beacons
Microsoft web pages may contain electronic images known as web beacons - sometimes called single-pixel gifs - that may be used for fraud detection, to help deliver cookies on our sites, let us count users who have visited those pages and deliver co-branded services. We may include web beacons in our promotional email messages or newsletters to determine whether messages have been opened and acted upon.
Finally, Microsoft sites may contain web beacons from third parties to help us compile aggregated statistics. These web beacons may allow the third parties to set or read a cookie on the user’s computer. We prohibit third parties from using web beacons on our sites to collect or access your personal information.
Other Similar Technologies
In addition to standard cookies and web beacons, web sites can use other technologies to store and read data files on the user’s computer. This may be done to maintain user preferences or to improve speed and performance by storing certain files locally. But, like standard cookies, these other technologies can also be used to store a unique identifier for the user’s computer, which can then be used to track behavior. These technologies include Local Shared Objects (or "Flash cookies") and Silverlight Application Storage.
To manage or block Flash cookies, go to http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html.
To learn how to manage or block Sliverlight Application Storage, visit Silverlight