Q
Manage Learn to apply best practices and optimize your operations.

What risk do Windows 10 telemetry features pose enterprises?

Microsoft collects data using Windows 10 telemetry features. Expert Michael Cobb explains what type of data is collected, and whether enterprises need to be worried about it.

Microsoft revealed its Windows 10 telemetry practices involve user data sharing at four different levels: Security,...

Basic, Enhanced and Full. What type of data is collected at each level? What privacy concerns accompany each level of data collection?

Telemetry, an automated communications process that sends collated data back to a vendor, is at the heart of many software development programs. Developers want to know how often their software is used, which features are popular, which actions or drivers are causing crashes, and other insights.

Telemetry provides the necessary feedback and diagnostics to help fix problems and signpost where future development dollars should go. The Windows 10 operating system sends a variety of telemetry data back to Microsoft to help it keep Windows up to date, secure and operating properly. It is also used to guide future development initiatives, and to provide relevant tips and recommendations to tailor Microsoft products to users' needs.

Windows 10 telemetry is enabled by default, and the telemetry data is transferred to the Microsoft Data Management service using SSL on a schedule that is sensitive to event priority, battery use and network cost. Important, real-time events for programs like Windows Defender Advanced Threat Protection are sent immediately. The data is sent to Microsoft's secure cloud storage with strict access controls.

To help allay privacy concerns both from privacy advocates and the EU about the amount and type of telemetry information being collected by Microsoft, the Windows 10 Creators Update includes new and easier to use privacy settings and configuration options that give users and IT administrators additional control and visibility around the data Microsoft collects.

The three existing levels of data collection remain in Windows 10 telemetry, and they are cumulative.

  • Basic: Basic device info, including quality-related data, app compatibility, app usage data and data from the Security level.
  • Enhanced: Additional insights, including how Windows, Windows Server, System Center and apps are used; how they perform; advanced reliability data; and data from both the Basic and the Security levels. This is the default telemetry setting for Windows Server 2016.
  • Full: All data necessary to identify and help to fix problems, plus data from the Security, Basic and Enhanced levels. This also includes data relating to content consumption, browsing history, and search and query data -- information many users may not want to share, though the information collected at the Enhanced and Full levels is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels.

The new option, Security, is available only in Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core and Windows Server 2016. This option gathers only the telemetry info that is required to keep Windows, Windows Server and System Center protected with the latest security updates. It can be set using the Privacy option in Settings under the Group Policy option, or through mobile device management. The lowest setting supported through the Settings UI is Basic.

Security teams in regulated industries certainly need to review what data is being collected by Windows 10 telemetry and set an appropriate collection level. They must also ensure they are maintaining compliance, taking into account that the telemetry data used by Microsoft helps keep systems up and running, a key element of the CIA triad: confidentiality, integrity and availability.

While Microsoft does not recommend turning off telemetry entirely, that option is also available. Apart from a few high sensitivity situations where enterprises will want to turn it off, in most use cases, there are privacy issues of greater importance on which to focus. For example, users leak a lot of information each time they use a web browser, an online application or a service, while mobile phone apps track vast amounts of data about a user's every move and action.

Ask the expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)

Next Steps

Learn more about Windows 10 telemetry data collection

Find out why IT should virtualize Windows 10

Check out how to use the Windows Assessment and Deployment Kit

This was last published in September 2017

Dig Deeper on Data security strategies and governance

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What do you think about the telemetry practices Microsoft uses?
Cancel
The telemetry collected by Microsoft is wide open for abuse.

At the basic level of telemetry, Microsoft collects and stores IP addresses including IP addresses of virtual networks, whether Mac addresses are being randomized and detailed identifying information about phones and phone networks.  Storing information like this is not necessary in the update process, nor is it necessary for 'telemetry'.

Microsoft was the first to volunteer its services for the data collection program run by the NSA called 'prism'.  Microsoft's slogan at the time was "Your privacy is our priority".

The Patriot Act gives the NSA the right to bulk data collection at any time without any legal process.  The Patriot Act also gives the NSA the right to direct connections to the tech companies so that it can collect this information any time it wants to (which IMO will be all the time).

The Patriot Act is not in operation to gather data from Microsoft on how long batteries last for or how buggy an App is.

I wouldn't trust sensitive business or personal data to Microsoft, ever.
Cancel
The data collected by Microsoft on Windows 10 Pro despite attempting numerous times to control this, they do collect every thing. They are turning files they collect from our systems into their products, with no end in sight.

I have been trying to fight this since windows 8 with no luck. Most recently I finally bit the bullet and changed the logon account for services that I had previously disabled, yet somehow continue to trigger themselves. I have assigned my account logon rights for all remote services that something keeps triggering. I have followed paths viewed in process explorer and found that these computers appear to be "joined" to 2 domains, azure joined and even a stand alone domain controller... Really? I just thought they were our personal pcs (system32\en-US netmsg).

I have tried disabling tasks (doesn't work) I have followed as instructions for Group Policy settings to block these things (doesn't work) every file I create there is a dllhost.exe that pops up and disappears as soon as I click to save the file.. properties on it say it's OneDrive (I don't use Onedrive, and have even attempted removing it but still there it is).

I've not even mentioned the printservers or the .pbk file that is modified practically daily... The activity under "network other" that no one has been able to offer up an explanation on why it's there every time I boot up the machine even though the desktop has no internet connection. Or the random changes in my session number with all of these events that have no information on...

If they must collect our data, they should be held accountable for the theft and invasions of privacy they are forcing on everyone with windows device. They SHOULD NOT be able to just throw images they "collect" out as a wallpaper for their products, a texture for their games or anything else; they want us to respects their intellectual property and think nothing of ours? But under the law they should be!
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close