Enable data sharing for Desktop Analytics

Note

This information relates to a preview service which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

To enroll devices to Desktop Analytics, they need to send diagnostic data to Microsoft. If your environment uses a proxy server, use this information to help configure the proxy.

Diagnostic data levels

Diagram of diagnostic data levels for Desktop Analytics

When you integrate Configuration Manager with Desktop Analytics, you also use it to manage the diagnostic data level on devices. For the best experience, use Configuration Manager.

The basic functionality of Desktop Analytics works at the Basic diagnostic data level. You won't get usage or health data for your updated devices without enabling the Enhanced (Limited) level. Microsoft recommends that you enable the Enhanced (Limited) diagnostic data level. For more information, see Windows 10 enhanced diagnostic data events and fields used by Windows Analytics).

Important

Microsoft has a strong commitment to providing the tools and resources that put you in control of your privacy. As a result, Microsoft doesn't collect the following data from devices located in European countries (EEA and Switzerland):

  • Windows diagnostic data from Windows 8.1 devices
  • App usage data for Windows 7

For more information, see Desktop Analytics privacy.

The following articles are also good resources for better understanding Windows diagnostic data levels:

Note

At the Enhanced (Limited) level, when each client does the initial full scan, it sends approximately 2 MB of data to the Microsoft cloud. The daily delta varies between 250-400 KB per day.

The daily delta scan happens at 3:00 AM (device local time). Some events are sent at the first available time throughout the day. These times aren't configurable.

For more information, see Configure Windows diagnostic data in your organization.

Endpoints

To enable data sharing, configure your proxy server to allow the following endpoints:

Important

For privacy and data integrity, Windows checks for a Microsoft SSL certificate when communicating with the diagnostic data endpoints. SSL interception and inspection aren't possible. To use Desktop Analytics, exclude these endpoints from SSL inspection.

Endpoint Function
https://aka.ms Used to locate the service
https://v10c.events.data.microsoft.com Connected user experience and diagnostic component endpoint. Used by devices running Windows 10, version 1703 or later, with the 2018-09 cumulative update or later installed.
https://v10.events.data.microsoft.com Connected user experience and diagnostic component endpoint. Used by devices running Windows 10, version 1803, or later, without the 2018-09 cumulative update installed.
https://v10.vortex-win.data.microsoft.com Connected user experience and diagnostic component endpoint. Used by devices running Windows 10, version 1709 or earlier.
https://vortex-win.data.microsoft.com Connected user experience and diagnostic component endpoint. Used by devices running Windows 7 and Windows 8.1
https://settings-win.data.microsoft.com Enables the compatibility update to send data to Microsoft.
http://adl.windows.com Allows the compatibility update to receive the latest compatibility data from Microsoft.
https://watson.telemetry.microsoft.com Windows Error Reporting (WER). Required to monitor deployment health in Windows 10, version 1803 or earlier.
https://umwatsonc.events.data.microsoft.com Windows Error Reporting (WER). Required for device health reports in Windows 10, version 1809 or later.
https://ceuswatcab01.blob.core.windows.net
https://ceuswatcab02.blob.core.windows.net
https://eaus2watcab01.blob.core.windows.net
https://eaus2watcab02.blob.core.windows.net
https://weus2watcab01.blob.core.windows.net
https://weus2watcab02.blob.core.windows.net
Windows Error Reporting (WER). Required to monitor deployment health in Windows 10, version 1809 or later.
https://kmwatsonc.events.data.microsoft.com Online Crash Analysis. Required for device health reports in Windows 10, version 1809 or later.
https://oca.telemetry.microsoft.com Online Crash Analysis (OCA). Required to monitor deployment health in Windows 10, version 1803 or earlier.
https://login.live.com Required to provide a more reliable device identity for Desktop Analytics.

To disable end-user Microsoft account access, use policy settings instead of blocking this endpoint. For more information, see The Microsoft account in the enterprise.
https://graph.windows.net Used to automatically retrieve settings like CommercialId when attaching your hierarchy to Desktop Analytics (on Configuration Manager Server role only).
https://fef.msua06.manage.microsoft.com Used to synch device collection memberships, deployment plans, and device readiness status with Desktop Analytics (on Configuration Manager Server role only).

Proxy server authentication

Make sure that a proxy doesn't block the diagnostic data because of authentication. If your organization uses proxy server authentication for outbound traffic, use one or more of the following approaches:

  • Bypass (recommended): Configure your proxy servers to not require proxy authentication for traffic to the diagnostic data endpoints. This option is the most comprehensive solution. It works for all versions of Windows 10.

  • User proxy authentication: Configure devices to use the signed-in user's context for proxy authentication. This method requires the devices to run Windows 10, version 1703 or later. Make sure that the users have proxy permission to reach the diagnostic data endpoints. This option requires that the devices have console users with proxy permissions, so you can't use this method with headless devices.

  • Device proxy authentication:

    • Configure a system-level proxy server on the devices.
    • Configure these devices to use device-based outbound proxy authentication.
    • Configure proxy servers to allow the machine accounts to access the diagnostic data endpoints.