Endpoint analytics data collection

Note

This information relates to a preview feature which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

For more information about changes to Endpoint analytics, see What's new in Endpoint analytics.

This article explains the data flow, data collection, and how to stop gathering data for Endpoint analytics. Our data handling policies are described in the Microsoft Intune Privacy Statement.

Data flow

Endpoint analytics is available in all Intune locations in global Azure. The following illustration shows how required functional data flows from individual devices through our data services, transient storage, and to your tenant.

User experience data flow diagram

  1. An Intune Service Administrator role starts gathering data.

  2. Devices send required functional data.

    • For Intune and co-managed devices with the assigned policy, devices send require functional data directly to the Microsoft Endpoint Management Service in the Microsoft public cloud where is processed in near real time. For more information, see Endpoints required for Intune-managed devices.

    • For Configuration Manager-managed devices, data flows to Microsoft Endpoint Management through the ConfigMgr connector. Devices don't need direct access to the Microsoft public cloud, but the ConfigMgr connector is cloud attached and requires connection to an Intune tenant. Devices send data to the Configuration Manager Server role every 24 hours, and the Configuration Manager connector sends data to the Gateway Service every hour.

  3. The Microsoft Endpoint Management service processes data for each device and publishes the results for both individual devices and organizational aggregates in the admin console using MS Graph APIs. The maximum latency end to end is 25 hours and is gated by the time it takes to do the daily processing of insights and recommendations.

Note

When you first setup Endpoint analytics, add new clients to the Intune data collection policy, or enable device upload for a new collection, the reports in endpoint analytics portal may not show complete data right away. The data required to compute the startup score for a device is generated during boot time. Depending on power settings and user behavior, it may take weeks after a device has been enrolled to show the startup score on the admin console.

Data collection

Currently, the basic functionality of Endpoint analytics collects information associated with boot performance records that falls into the required and optional categories. As we add additional functionality over time, the data collected will vary as needed. The main data points currently being collected are:

Required data

  • Hardware inventory information
    • make: Device manufacturer
    • model: Device model
    • deviceClass: The device classification. For example, Desktop, Server, or Mobile.
    • Country: The device region setting
  • Application inventory, like
    • name: Windows
    • ver: The version of the current OS.
  • Diagnostic, performance, and usage data tied to a user and/or device
    • logOnId
    • bootId: The system boot ID
    • coreBootTimeInMilliseconds: Time for core boot
    • totalBootTimeInMilliseconds: Total boot time
    • updateTimeInMilliseconds: Time for OS updates to complete
    • gpLogonDurationInMilliseconds: Time for Group policies to process
    • desktopShownDurationInMilliseconds: Time for desktop (explorer.exe) to be loaded
    • desktopUsableDurationInMilliseconds: Time for desktop (explorer.exe) to be usable
    • topProcesses: List of processes loaded during boot with name, with cpu usage stats and app details (Name, publisher, version). For example {"ProcessName":"svchost","CpuUsage":43,"ProcessFullPath":"C:\\Windows\\System32\\svchost.exe","ProductName":"Microsoft® Windows® Operating System","Publisher":"Microsoft Corporation","ProductVersion":"10.0.18362.1"}
  • Device data not tied to a device or user (if this data is tied to a device or user, Intune treats it as identified data)
    • ID: Unique device ID used by Windows Update
    • localId: A locally defined unique ID for the device. This ID isn't the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId.
    • aaddeviceid: Azure Active Directory device ID
    • orgId: Unique GUID representing the Microsoft 365 Tenant

Important

Our data handling policies are described in the Microsoft Intune Privacy Statement. We only use your customer data to provide you the services you signed up for. As described during the onboarding process, we anonymize and aggregate the scores from all enrolled organizations to keep the All organizations (median) baseline up-to-date.

Stop gathering data

  • If you're enrolling Intune managed devices only, unselect the Boot performance scope from the Intune data collection policy created during sign-up.

  • If you're enrolling devices that are managed by Configuration Manager, you’ll need to do the following steps to disable data upload in Configuration Manager:

    1. In the Configuration Manager console, go to Administration > Cloud Services > Co-management.
    2. Select CoMgmtSettingsProd then click Properties.
    3. On the Configure upload tab, uncheck the option to Enable Endpoint analytics for devices uploaded to Microsoft Endpoint Manager.
  • Disable Endpoint analytics data collection in Configuration Manager (optional):

    1. In the Configuration Manager console, go to Administration > Client Settings > Default Client Settings.
    2. Right-click and select Properties then select the Computer Agent settings.
    3. Set Enable Endpoint analytics data collection to No.

    Important

    If you have an existing custom client agent setting that's been deployed to your devices, you'll need to update the Enable Endpoint analytics data collection option in that custom setting then redeploy it to your machines for it to take effect.

Resources

For more information about related privacy aspects, see the following articles: