Configuration Manager 隱私權的其他資訊Additional information about privacy for Configuration Manager

適用於: Configuration Manager (最新分支)Applies to: Configuration Manager (current branch)

更新與服務Updates and servicing

Configuration Manager 會使用更新模型,利用最新的更新和功能來協助讓您的環境保持最新狀態。Configuration Manager uses an update model that helps keep your environment current with the latest updates and features. 此功能使用稱為服務連接點的站台系統角色。This feature uses a site system role called the service connection point. 您選擇安裝此角色的伺服器。You choose the server where to install this role.

如需所收集資訊及其使用方式的詳細資訊,請參閱使用方式資料For more information about collected information and how it's used, see Usage data.

使用方式資料Usage data

Configuration Manager 收集與其本身相關的診斷和使用方式資料,Microsoft 會使用這些資料來改進未來版本的安裝體驗、品質及安全性。Configuration Manager collects diagnostics and usage data about itself, which Microsoft uses to improve the installation experience, quality, and security of future releases. 系統會針對每個 System Center Configuration Manager 階層啟用診斷和使用方式資料。Diagnostics and usage data is enabled for each Configuration Manager hierarchy. 它是由每週在每個主要站台和管理中心網站上執行的 SQL Server 查詢所組成。It consists of SQL Server queries that run on a weekly basis on each primary site and at the central administration site. 當階層使用管理中心網站時,系統會從主要站台將資料複寫到該站台。When the hierarchy uses a central administration site, the data from primary sites is then replicated to that site. 在您階層的頂層站台,服務連接點會在檢查更新時提交此資訊。At the top-level site of your hierarchy, the service connection point submits this information when it checks for updates. 如果服務連接點處於離線模式,則會使用服務連線工具來傳送此資訊。If the service connection point is in offline mode, the information is transferred by using the service connection tool.

Configuration Manager 只會從站台的 SQL Server 資料庫收集資料,而不會直接從用戶端或站台伺服器收集資料。Configuration Manager collects data only from the site's SQL server database, and it doesn't collect data directly from clients or site servers.

系統管理員可以在 Configuration Manager 主控台的 [使用方式資料] 區段中,變更所收集資料的層級。Administrators can change the level of data that's collected by going to the Usage Data section of the Configuration Manager console.

如需使用方式資料層級和設定的詳細資訊,請參閱診斷和使用方式資料For more information about usage data levels and settings, see Diagnostics and usage data.

Log Analytics 連接器Log Analytics Connector

Log Analytics 連接器會將資料 (例如集合) 從 Configuration Manager 同步處理到 Azure 雲端服務。The Log Analytics Connector syncs data, such as collections, from Configuration Manager to the Azure cloud service. 當系統管理員設定功能時,Azure 訂用帳戶識別碼和祕密金鑰都會儲存於 Configuration Manager 資料庫中。The Azure subscription ID and secret key are stored in the Configuration Manager database when an admin configures the feature. Azure Active Directory 用戶端密碼和 Azure 工作區共用金鑰都會儲存於內部部署 Configuration Manager 資料庫中。Both the Azure Active Directory client secret and the Azure workspace shared key are stored in the on-premises Configuration Manager database. Configuration Manager 與 Azure 之間的所有通訊都會使用 HTTPS。All communications between Configuration Manager and Azure use HTTPS. 除了隨機的診斷和使用方式資料外,不會將有關集合的任何其他資訊提供給 Microsoft。No additional information about the collections is provided to Microsoft outside of randomized diagnostics and usage data.

如需 Log Analytics 所收集資訊的詳細資訊,請參閱 Log Analytics 資料安全性For more information about the information that Log Analytics collects, see Log analytics data security.

Asset IntelligenceAsset Intelligence

Asset Intelligence 可讓系統管理員定義、追蹤以及主動管理設定標準的符合度。Asset Intelligence lets administrators define, track, and proactively manage conformity with configuration standards. 針對部署進行測量與報告以及使用實體與虛擬應用程式,可協助組織對於軟體授權以及維護授權合約的履行做出更妥善的商業決策。Metering and reporting on the deployment and use of both physical and virtual applications helps organizations make better business decisions about software licensing and maintain compliance with licensing agreements. 從 Configuration Manager 用戶端收集使用方式資料之後,您就可以使用各種不同功能來檢視資料,包括收集、查詢與報告。After collecting usage data from Configuration Manager clients, you can use different features to view the data, including collections, queries, and reporting.

在各個同步處理期間,會從 Microsoft 下載已知軟體的類別目錄。During each synchronization, a catalog of known software is downloaded from Microsoft. 您可以選擇將有關組織中所發現之未分類軟體標題 (有待研究並新增至類別目錄) 的資訊傳送給 Microsoft。You can choose to send Microsoft information about uncategorized software titles that are discovered within your organization to be researched and added to the catalog. 上傳此資訊之前,會有對話方塊顯示要上傳的資料。Prior to uploading this information, a dialog box shows data that's going to be uploaded. 資料一旦上傳就無法回收。Uploaded data can't be recalled. Asset Intelligence 不會將有關使用者和電腦或授權使用方式的資訊傳送給 Microsoft。Asset Intelligence doesn't send information about users and computers or license usage to Microsoft.

在上傳軟體標題之後,Microsoft 研究人員會進行識別、分類,然後將該知識提供給所有其他使用此功能的客戶以及其他該類別目錄的客戶。After a software title is uploaded, Microsoft researchers identify, categorize, and then make that knowledge available to all other customers who use this feature and other consumers of the catalog. 任何上傳的軟體標題皆會公開。Any uploaded software title becomes public. 應用程式與其分類會成為類別目錄的一部分,並可供下載到類別目錄的其他取用者。The application and its categorization become part of the catalog and then can be downloaded to other consumers of the catalog. 在您設定 Asset Intelligence 資料收集並且決定是否將資訊提交給 Microsoft 之前,請考慮貴組織的隱私權需求。Before you configure Asset Intelligence data collection and decide whether to submit information to Microsoft, consider the privacy requirements of your organization.

Configuration Manager 中預設並未啟用 Asset Intelligence。Asset Intelligence isn't enabled by default in Configuration Manager. 上傳未分類標題絕不會自動發生,而且系統並未設計為自動完成此工作。Uploading uncategorized titles never occurs automatically, and the system isn't designed to automate this task. 您必須手動選取以及核准各個軟體標題的上傳。You must manually select and approve the upload of each software title.

Endpoint ProtectionEndpoint Protection

Microsoft 雲端保護服務的前稱為 Microsoft Active Protection Service 或 MAPS。Microsoft Cloud Protection Service was formerly known as Microsoft Active Protection Service or MAPS.

適用的產品有 System Center Endpoint Protection 和 Configuration Manager 的 Endpoint Protection 功能 (用於管理 System Center Endpoint Protection 和 Windows Defender for Windows 10)。The applicable products are System Center Endpoint Protection and the Endpoint Protection feature of Configuration Manager (to manage System Center Endpoint Protection and Windows Defender for Windows 10). 此功能並未針對 System Center Endpoint Protection for Linux 或 System Center Endpoint Protection for Mac 加以實作。This feature isn't implemented for System Center Endpoint Protection for Linux or System Center Endpoint Protection for Mac.

Microsoft 雲端保護服務反惡意程式碼社群是自發的全球線上社群,包括 System Center Endpoint Protection 使用者。The Microsoft Cloud Protection Service antimalware community is a voluntary worldwide online community that includes System Center Endpoint Protection users. 當您加入 Microsoft 雲端保護服務時,System Center Endpoint Protection 會自動將資訊傳送給 Microsoft。When you join Microsoft Cloud Protection Service, System Center Endpoint Protection automatically sends information to Microsoft. Microsoft 會使用此資訊來判斷要調查潛在威脅的軟體,並協助改善 System Center Endpoint Protection 的效益。Microsoft uses the information to determine software to investigate for potential threats and to help improve the effectiveness of System Center Endpoint Protection. 這個社群有助於阻止新惡意軟體感染的擴散。This community helps stop the spread of new malicious software infections. 如果 Microsoft 雲端保護服務報告中包含 Endpoint Protection 用戶端可能可以移除之惡意程式碼或潛在垃圾軟體的詳細資料,Microsoft 雲端保護服務會下載最新的特徵來處理該軟體。If a Microsoft Cloud Protection Service report includes details about malware or potentially unwanted software that the Endpoint Protection client may be able to remove, Microsoft Cloud Protection Service downloads the latest signature to address it. Microsoft 雲端保護服務也可以找出「誤判」情況並加以修正。Microsoft Cloud Protection Service can also find "false positives" and fix them. (誤判為原先識別為惡意程式碼但結果並非如此的情況)。(False positives are where something originally identified as malware turns out not to be.)

Microsoft 雲端保護服務報告包含潛在的惡意程式碼檔案資訊,例如檔案名稱、加密編譯雜湊、廠商、大小和日期戳記。Microsoft Cloud Protection Service reports include information about potential malware files, like file names, cryptographic hash, vendor, size, and date stamps. 此外,Microsoft 雲端保護服務可能會收集完整的 URL,以指出檔案的來源。In addition, Microsoft Cloud Protection Service might collect full URLs to indicate the origin of the file. 這些 URL 有時可能會有個人資訊,例如搜尋字詞或在表單中輸入的資料。These URLs might occasionally have personal information like search terms or data that was entered in forms. 報告也可能包含當 Endpoint Protection 通知您有垃圾軟體時,您所採取的動作。Reports might also include actions that you took when Endpoint Protection notified you about unwanted software. Microsoft 雲端保護服務報告包含此資訊以幫助 Microsoft 評估 Endpoint Protection 如何有效地偵測和移除惡意程式碼和潛在的垃圾軟體,並嘗試識別新的惡意程式碼。Microsoft Cloud Protection Service reports include this information to help Microsoft gauge how effectively Endpoint Protection can detect and remove malware and potentially unwanted software and to attempt to identify new malware.

如果您有基本或進階成員資格,即可加入 Microsoft 雲端保護服務。You can join Microsoft Cloud Protection Service if you have a basic or advanced membership. 基本成員報告具有前述資訊。Basic member reports have the information described previously. 進階成員報告較為完備,而且可包含 Endpoint Protection 偵測到之軟體的其他詳細資料,例如此類軟體的位置、檔案名稱、軟體的運作方式,以及它對您的電腦造成哪些影響。Advanced member reports are more comprehensive and may include additional details about the software that Endpoint Protection detects, like the location of such software, file names, how the software operates, and how it has affected your computer. 這些報告,和參與 Microsoft 雲端保護服務的其他 Endpoint Protection 使用者所提供的報告,將可幫助 Microsoft 研究人員更快發現新威脅。These reports and reports from other Endpoint Protection users who participate in Microsoft Cloud Protection Service help Microsoft researchers discover new threats more rapidly. 接著,研究人員將會建立符合分析準則之程式的惡意程式碼定義,並透過 Microsoft Update 將更新的定義提供給所有使用者。Malware definitions are then created for programs that meet the analysis criteria, and the updated definitions are made available to all users through Microsoft Update.

為了協助偵測及修正特定的惡意程式碼感染類型,產品會定期將有關電腦安全性狀態的資訊傳送給 Microsoft 雲端保護服務。To help detect and fix certain kinds of malware infections, the product regularly sends Microsoft Cloud Protection Service information about the security state of your PC. 這些資訊包括電腦安全性設定和記錄檔 (描述電腦開機時載入的驅動程式和其他軟體) 的相關資訊。This information includes information about your PC's security settings and log files that describe the drivers and other software that load while your PC boots.

也會傳送可唯一識別您電腦的編號。A number that uniquely identifies your PC is also sent. 此外,Microsoft 雲端保護服務可能也會收集潛在惡意程式碼檔案連線的目標 IP 位址。Also, Microsoft Cloud Protection Service may collect the IP addresses that the potential malware files connect to.

Microsoft 雲端保護服務報告可用來改善 Microsoft 軟體和服務。Microsoft Cloud Protection Service reports are used to improve Microsoft software and services. 這些報告也可用於統計或其他測試或分析用途,並用於產生定義。The reports might also be used for statistical or other testing or analytical purposes and to generate definitions. 只有具有相關業務需求的 Microsoft 員工、約聘人員、合作夥伴和廠商可以存取這些報告。Only Microsoft employees, contractors, partners, and vendors who have a business need to use the reports can access them.

Microsoft 雲端保護服務不會刻意收集個人資訊。Microsoft Cloud Protection Service does not intentionally collect personal information. 在 Microsoft 雲端保護服務收集任何個人資訊的情況下,Microsoft 不會利用這項資訊來識別您的身分或與您連絡。To the extent that Microsoft Cloud Protection Service collects any personal information, Microsoft does not use the information to identify you or contact you.

如需詳細資訊,請參閱 Endpoint ProtectionFor more information, see Endpoint Protection.

網站階層 – 使用 Bing 地圖服務進行地理檢視Site Hierarchy – Geographical View with Bing Maps

重要

從 2020 年 8 月開始,此功能已過時。Starting in August 2020, this feature is deprecated. 使用 [階層圖表] 選項。Use the Hierarchy Diagram option.

在 Configuration Manager 主控台中,移至 [監視]**** 工作區、選取 [站台階層]**** 節點,然後切換到 [地理檢視]****。In the Configuration Manager console, go to the Monitoring workspace, select the Site Hierarchy node, and switch to the Geographical View. 此檢視可讓您使用 Microsoft Bing 地圖服務所提供的地圖,來檢視您的 Configuration Manager 實體伺服器拓撲。This view lets you use maps that Microsoft Bing Maps provides to view your Configuration Manager physical server topology. 為了啟用此功能,您所提供的位置資訊會從您的伺服器傳送至 Bing 地圖服務的網路服務。To enable this feature, location information that you provide is sent from your server to the Bing Maps Web service.

Microsoft 使用此資訊來運作和改進 Microsoft Bing 地圖服務以及其他 Microsoft 網站和服務。Microsoft uses the information to operate and improve Microsoft Bing Maps and other Microsoft sites and services. 如需詳細資訊,請參閱 Microsoft 隱私權聲明For more information, see the Microsoft Privacy Statement.

您可以選擇不使用網站階層的地理檢視。You can choose not to use the Geographical View for the Site Hierarchy. 預設的「階層圖」檢視可讓您查看階層而不使用 Bing 地圖服務。The default Hierarchy Diagram view lets you see the hierarchy and doesn't use the Bing Maps service.