啟用電腦分析的資料共用Enable data sharing for Desktop Analytics

若要向電腦分析註冊裝置,裝置便需要傳送診斷資料給 Microsoft。To enroll devices to Desktop Analytics, they need to send diagnostic data to Microsoft. 若您的環境使用 Proxy 伺服器,請使用此資訊協助設定 Proxy。If your environment uses a proxy server, use this information to help configure the proxy.

診斷資料層級Diagnostic data levels

電腦分析診斷資料層級圖表

當您將電腦分析與 Configuration Manager 整合時,您也會使用 Configuration Manager 管理裝置上的診斷資料層級。When you integrate Configuration Manager with Desktop Analytics, you also use it to manage the diagnostic data level on devices. 如需最佳體驗,請使用 Configuration Manager。For the best experience, use Configuration Manager.

重要

在大多數情況下,只會使用 Configuration Manager 來進行這些設定。In most circumstances, only use Configuration Manager to configure these settings. 請不要將這些設定也套用到網域群組原則物件。Don't also apply these settings in domain group policy objects. 如需詳細資訊,請參閱衝突解決For more information, see Conflict resolution.

電腦分析的基本功能會在 [必要] 診斷資料層級上運作。The basic functionality of Desktop Analytics works at the Required diagnostic data level. 若您沒有在 Configuration Manager 中設定 [選用 (有限)] 層級,您將無法取得電腦分析的下列功能:If you don't configure the Optional (limited) level in Configuration Manager, you won't get the following features of Desktop Analytics:

Microsoft 建議您搭配電腦分析啟用 [選用 (有限)] 診斷資料層級,以最大化您從其中獲得的好處。Microsoft recommends that you enable the Optional (limited) diagnostic data level with Desktop Analytics to maximize the benefits you get from it.

提示

Configuration Manager 中的 [選用 (有限)] 設定,與執行 Windows 10 1709 版及更新版本的裝置上所提供的 [將增強診斷資料限制在 Windows Analytics 所需要的最低程度] 原則是相同的設定。The Optional (Limited) setting in Configuration Manager is the same setting as Limit Enhanced diagnostic data to the minimum required by Windows Analytics policy available on devices running Windows 10, version 1709 and later.

執行 Windows 10 版本 1703 及更早版本、Windows 8.1 或 Windows 7 的裝置沒有此原則設定。Devices running Windows 10, version 1703 and earlier, Windows 8.1, or Windows 7 don't have this policy setting. 當您在 Configuration Manager 中設定 [選用 (有限)] 設定時,這些裝置會回復為 [必要] 層級。When you configure the Optional (limited) setting in Configuration Manager, these devices fall back to the Required level.

執行 Windows 10 版本 1709 的裝置則包含此原則設定。Devices running Windows 10, version 1709 have this policy setting. 不過,當您在 Configuration Manager 中設定 [選用 (有限)] 設定時,這些裝置也會回復為 [必要] 層級。However, when you configure the Optional (limited) setting in Configuration Manager, these devices also fall back to the Required level.

在 Configuration Manager 2002 版和更早版本中,這些設定具有不同的名稱:In Configuration Manager version 2002 and earlier, the settings had different names:

2006 版和更新版本Version 2006 and later 2002 版和更早版本Version 2002 and earlier
必要Required 基本Basic
選用 (有限)Optional (limited) 增強 (有限)Enhanced (Limited)
N/AN/A 增強Enhanced
選擇性Optional 完整Full

如果您先前已在 [增強] 層級設定任何裝置,則當您升級至 2006 版時,其將還原為 [選用 (有限)]。If you previously configured any devices at the Enhanced level, when you upgrade to version 2006, they'll revert to Optional (limited). 其將會傳送較少的資料給 Microsoft。They will then send less data to Microsoft. 此變更應該不會影響您在電腦分析中所看到的內容。This change shouldn't impact what you see in Desktop Analytics.

如需使用 [選用 (有限)] 與 Microsoft 共用的診斷資料詳細資訊,請參閱 Windows 10 增強診斷資料事件與欄位For more information about diagnostic data shared with Microsoft with Optional (limited), see Windows 10 enhanced diagnostic data events and fields.

重要

Microsoft 堅決致力於提供可讓您掌控隱私權的工具和資源。Microsoft has a strong commitment to providing the tools and resources that put you in control of your privacy. 因此,雖然電腦分析支援 Windows 8.1 裝置,Microsoft 不會從位於歐洲國家/地區 (EEA 與瑞士) 的 Windows 8.1 裝置收集 Windows 診斷資料。As a result, while Desktop Analytics supports Windows 8.1 devices, Microsoft doesn't collect Windows diagnostic data from Windows 8.1 devices located in European countries (EEA and Switzerland).

如需詳細資訊,請參閱電腦分析隱私權For more information, see Desktop Analytics privacy.

下列文章也是進一步了解 Windows 診斷資料層級的良好資源:The following articles are also good resources for better understanding Windows diagnostic data levels:

注意

設定為傳送 [選用 (有限)] 診斷資料的用戶端,將會在初次完整掃描後,傳送約 2 MB 的資料到 Microsoft 雲端。Clients configured to send Optional (limited) diagnostic data will send approximately 2 MB of data to the Microsoft cloud on the initial full scan. 每天的每日差異介於 250 至 400 KB。The daily delta varies between 250-400 KB per day.

每日差異掃描會在裝置當地時間的上午 3:00 進行。The daily delta scan happens at 3:00 AM (device local time). 有些事件會在一整天中的第一個可用時間內進行傳送。Some events are sent at the first available time throughout the day. 您無法設定這些時間。These times aren't configurable.

如需詳細資訊,請參閱在組織中設定 Windows 診斷資料For more information, see Configure Windows diagnostic data in your organization.

端點Endpoints

若要啟用資料共用,請設定 Proxy 伺服器,以允許下列網際網路端點。To enable data sharing, configure your proxy server to allow the following internet endpoints.

重要

針對隱私權和資料完整性,Windows 會在與診斷資料端點通訊時,檢查 Microsoft SSL 憑證 (憑證關聯)。For privacy and data integrity, Windows checks for a Microsoft SSL certificate (certificate pinning) when communicating with the diagnostic data endpoints. 無法進行 SSL 攔截和檢查。SSL interception and inspection aren't possible. 若要使用電腦分析,請從 SSL 檢查中排除這些端點。To use Desktop Analytics, exclude these endpoints from SSL inspection.

從 2002 版開始,如果 Configuration Manager 站台無法連線至雲端服務的必要端點,就會引發重大狀態訊息識別碼 11488。Starting in version 2002, if the Configuration Manager site fails to connect to required endpoints for a cloud service, it raises a critical status message ID 11488. 當無法連線至服務時,SMS_SERVICE_CONNECTOR 元件狀態會變更為重大。When it can't connect to the service, the SMS_SERVICE_CONNECTOR component status changes to critical. 在 Configuration Manager 主控台的 元件狀態 節點中,查看詳細狀態。View detailed status in the Component Status node of the Configuration Manager console.

注意

如需 Microsoft IP 位址範圍的詳細資訊,請參閱 Microsoft 公用 IP 空間 (英文)。For more information on the Microsoft IP address ranges, see Microsoft Public IP Space. 這些位址會定期更新。These addresses update regularly. 服務沒有任何細微性,您可以使用這些範圍中的任何 IP 位址。There's no granularity by service, any IP address in these ranges could be used.

伺服器連線端點Server connectivity endpoints

服務連接點必須與下列端點進行通訊:The service connection point needs to communicate with the following endpoints:

端點Endpoint 函式Function
https://aka.ms 用來找出服務Used to locate the service
https://graph.windows.net 用來在將您的階層附加到電腦分析 (於 Configuration Manager 伺服器角色上) 時,自動擷取如 CommercialId 等設定。Used to automatically retrieve settings like CommercialId when attaching your hierarchy to Desktop Analytics (on Configuration Manager Server role). 如需詳細資訊,請參閱為站台系統伺服器設定 ProxyFor more information, see Configure the proxy for a site system server.
https://*.manage.microsoft.com 用來與電腦分析同步裝置集合成員資格、部署計劃和裝置整備程度狀態 (僅限在 Configuration Manager 伺服器角色上)。Used to synch device collection memberships, deployment plans, and device readiness status with Desktop Analytics (on Configuration Manager Server role only). 如需詳細資訊,請參閱為站台系統伺服器設定 ProxyFor more information, see Configure the proxy for a site system server.
https://dc.services.visualstudio.com 針對來自內部部署服務連接器的診斷資料,以獲取有關雲端連結服務健康情況的見解。For diagnostic data from on-premises service connector to gain insights about the health of cloud-connected services.

使用者體驗和診斷元件端點User experience and diagnostic component endpoints

用戶端裝置必須與下列端點進行通訊:Client devices need to communicate with the following endpoints:

端點Endpoint 函式Function
https://v10c.events.data.microsoft.com 已連線的使用者體驗和診斷元件端點。Connected user experience and diagnostic component endpoint. 由執行 Windows 10 版本 1809 或更新版本,或是安裝了 2018-09 累積更新的版本 1803 或更新版本裝置使用。Used by devices running Windows 10, version 1809 or later, or version 1803 with the 2018-09 cumulative update or later installed.
https://v10.events.data.microsoft.com 已連線的使用者體驗和診斷元件端點。Connected user experience and diagnostic component endpoint. 由執行「並未」安裝 2018-09 累積更新的 Windows 10 版本 1803 裝置使用。Used by devices running Windows 10, version 1803 without the 2018-09 cumulative update installed.
https://v10.vortex-win.data.microsoft.com 已連線的使用者體驗和診斷元件端點。Connected user experience and diagnostic component endpoint. 由執行 Windows 10 版本 1709 或更早版本的裝置使用。Used by devices running Windows 10, version 1709 or earlier.
https://vortex-win.data.microsoft.com 已連線的使用者體驗和診斷元件端點。Connected user experience and diagnostic component endpoint. 由執行 Windows 7 和 Windows 8.1 的裝置使用Used by devices running Windows 7 and Windows 8.1

用戶端連線端點Client connectivity endpoints

用戶端裝置必須與下列端點進行通訊:Client devices need to communicate with the following endpoints:

索引Index 端點Endpoint 函式Function
11 https://settings-win.data.microsoft.com 啟用相容性更新,傳送資料至 Microsoft。Enables the compatibility update to send data to Microsoft.
22 http://adl.windows.com 允許相容性更新從 Microsoft 接收最新的相容性資料。Allows the compatibility update to receive the latest compatibility data from Microsoft.
33 https://watson.telemetry.microsoft.com Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1803 或更早版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1803 or earlier.
44 https://umwatsonc.events.data.microsoft.com Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中提供裝置健康情況報告。Required for device health reports in Windows 10, version 1809 or later.
55 https://ceuswatcab01.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
66 https://ceuswatcab02.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
77 https://eaus2watcab01.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
88 https://eaus2watcab02.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
99 https://weus2watcab01.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
1010 https://weus2watcab02.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
1111 https://kmwatsonc.events.data.microsoft.com 線上當機分析 (OCA)Online Crash Analysis (OCA). 需要用來在 Windows 10 版本 1809 或更新版本中提供裝置健康情況報告。Required for device health reports in Windows 10, version 1809 or later.
1212 https://oca.telemetry.microsoft.com 線上當機分析 (OCA)Online Crash Analysis (OCA). 需要用來在 Windows 10 版本 1803 或更早版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1803 or earlier.
1313 https://login.live.com 需要用來為電腦分析提供更可靠的裝置身分識別。Required to provide a more reliable device identity for Desktop Analytics.

若要停用終端使用者 Microsoft 帳戶存取,請使用原則設定,而非封鎖此端點。To disable end-user Microsoft account access, use policy settings instead of blocking this endpoint. 如需詳細資訊,請參閱企業中的 Microsoft 帳戶For more information, see The Microsoft account in the enterprise.
1414 https://v20.events.data.microsoft.com 已連線的使用者體驗和診斷元件端點。Connected user experience and diagnostic component endpoint.

Proxy 伺服器驗證Proxy server authentication

如果您的組織使用 Proxy 伺服器驗證來存取網際網路,請確定其不會因為驗證而封鎖診斷資料。If your organization uses proxy server authentication for internet access, make sure that it doesn't block the diagnostic data because of authentication. 如果您的 Proxy 不允許裝置傳送這項資料,裝置就不會顯示在電腦分析中。If your proxy doesn't allow devices to send this data, they won't show in Desktop Analytics.

設定您的 Proxy 伺服器,使其不會向前往診斷資料端點的流量要求 Proxy 驗證。Configure your proxy servers to not require proxy authentication for traffic to the diagnostic data endpoints. 此選項是最全面的解決方案。This option is the most comprehensive solution. 適用於所有 Windows 10 版本。It works for all versions of Windows 10.

使用者 Proxy 驗證User proxy authentication

設定裝置,以使用登入使用者的內容進行 Proxy 驗證。Configure devices to use the signed-in user's context for proxy authentication. 此方法需要下列設定:This method requires the following configurations:

  • 裝置具有受支援 Windows 版本的最新品質更新Devices have the current quality update for a supported version of Windows

  • 在 Windows 設定的 [網路與網際網路] 群組中的 [Proxy 設定] 內,設定使用者層級 Proxy (WinINET Proxy)。Configure user-level proxy (WinINET proxy) in Proxy settings in the Network & Internet group of Windows Settings. 您也可以使用舊版的 [網際網路選項] 控制台。You can also use the legacy Internet Options control panel.

  • 請確認使用者具備觸達診斷資料端點的 Proxy 權限。Make sure that the users have proxy permission to reach the diagnostic data endpoints. 此選項需要裝置具備擁有 Proxy 權限的主控台使用者,因此您無法搭配無周邊裝置使用此方法。This option requires that the devices have console users with proxy permissions, so you can't use this method with headless devices.

重要

使用者 Proxy 驗證方法與使用 Microsoft Defender 進階威脅防護不相容。The user proxy authentication approach is incompatible with the use of Microsoft Defender Advanced Threat Protection. 此行為是因為此驗證依賴將 DisableEnterpriseAuthProxy 登錄機碼設為 0,但 Microsoft Defender ATP 需要將其設為 1This behavior is because this authentication relies on the DisableEnterpriseAuthProxy registry key set to 0, while Microsoft Defender ATP requires it to be set to 1. 如需詳細資訊,請參閱在 Microsoft Defender ATP 中設定電腦 Proxy 及網際網路連線能力設定For more information, see Configure machine proxy and internet connectivity settings in Microsoft Defender ATP.

裝置 Proxy 驗證Device proxy authentication

此方法支援下列案例:This approach supports the following scenarios:

  • 無周邊裝置,沒有使用者登入,或裝置的使用者無法存取網際網路Headless devices, where no user signs in, or users of the device don't have internet access

  • 未使用 Windows 整合式驗證的已驗證 ProxyAuthenticated proxies that don't use Windows Integrated Authentication

  • 如果您也使用 Microsoft Defender 進階威脅防護If you also use Microsoft Defender Advanced Threat Protection

這個方法是最複雜的,因為其需要下列設定:This approach is the most complex because it requires the following configurations:

  • 確認裝置可在本機系統內容中,透過 WinHTTP 觸達 Proxy 伺服器。Make sure devices can reach the proxy server through WinHTTP in local system context. 使用下列任一選項設定此行為:Use one of the following options to configure this behavior:

    • 命令列 netsh winhttp set proxyThe command line netsh winhttp set proxy

    • Web Proxy 自動探索 (WPAD) 通訊協定Web proxy auto-discovery (WPAD) protocol

    • 透明 ProxyTransparent proxy

    • 請使用下列群組原則設定來設定全裝置的 WinINET Proxy:讓 Proxy 設定依每部電腦來設定 (而不是依每位使用者) (ProxySettingsPerUser = 1)Configure device-wide WinINET proxy using the following group policy setting: Make proxy settings per-machine (rather than per-user) (ProxySettingsPerUser = 1)

    • 路由連線,或是使用網路位址轉譯 (NAT) 的連線Routed connection, or that uses network address translation (NAT)

  • 設定 Proxy 伺服器,允許 Active Directory 中的電腦帳戶存取診斷資料端點。Configure proxy servers to allow the computer accounts in Active Directory to access the diagnostic data endpoints. 此設定需要 Proxy 伺服器支援 Windows 整合式驗證。This configuration requires proxy servers to support Windows Integrated Authentication.