Desktop Analytics data privacy

Desktop Analytics is fully committed to customer data privacy, centering on these tenets:

  • Transparency: We fully document the Windows diagnostic events. Review them with your company's security and compliance teams. The Windows Diagnostic Data Viewer lets you see diagnostic data sent from a given device. For more information, see Diagnostic Data Viewer Overview.

  • Control: You control the level of diagnostic data to share with Microsoft. Windows 10, version 1709, adds a new policy to limit enhanced diagnostic data to the minimum required by Desktop Analytics.

  • Security: Microsoft protects your data with strong security and encryption.

  • Trust: Desktop Analytics supports the Microsoft Privacy Statement and Online Service Terms.

Diagnostic data flow

The following illustration shows how diagnostic data flows from individual devices through the Diagnostic Data Service, Azure Log Analytics storage, and to your Log Analytics workspace:

Diagram illustrating flow of diagnostic data from devices

  1. You sign in to the Azure portal, and onboard to Desktop Analytics. You create the Azure AD app to connect with Configuration Manager. When you set up Desktop Analytics, you create an Azure Log Analytics workspace in the location of your choice.

  2. You connect Configuration Manager and enroll devices

    1. You configure the Desktop Analytics cloud service in Configuration Manager with the Azure AD app details.

    2. Within 15 minutes, Configuration Manager synchronizes device collections and deployments plans with Desktop Analytics. It repeats this process every hour.

    3. Configuration Manager sets the commercial ID, diagnostic data level, and other settings for the devices in the target collection. This configuration specifies the devices to appear in your Desktop Analytics workspace.

    4. You deploy compatibility updates to all target devices.

  3. Devices send diagnostic data to the Microsoft Diagnostic Data Management service for Windows. This service is hosted in the United States.

  4. Each day, Microsoft produces a snapshot of IT-focused insights. This snapshot combines the diagnostic data from Windows with your input for the enrolled devices. This process happens in transient storage, which is only used by Desktop Analytics. The transient storage is hosted in Microsoft data centers in the United States. The snapshots are segregated by commercial ID.

  5. The snapshots are then copied to the appropriate Azure Log Analytics workspace.

  6. Desktop Analytics stores your input in Azure Log Analytics storage. These configurations include deployment plans, and asset decisions for upgrade and importance.

Other resources

For privacy-related frequently asked questions for Desktop Analytics, see Privacy FAQ.

For more information about related privacy aspects, see the following articles: