James Thew - Fotolia

Manage Learn to apply best practices and optimize your operations.

What risk do Windows 10 telemetry features pose enterprises?

Microsoft collects data using Windows 10 telemetry features. Expert Michael Cobb explains what type of data is collected, and whether enterprises need to be worried about it.

Microsoft revealed its Windows 10 telemetry practices involve user data sharing at four different levels: Security, Basic, Enhanced and Full. What type of data is collected at each level? What privacy concerns accompany each level of data collection?

Telemetry, an automated communications process that sends collated data back to a vendor, is at the heart of many software development programs. Developers want to know how often their software is used, which features are popular, which actions or drivers are causing crashes, and other insights.

Telemetry provides the necessary feedback and diagnostics to help fix problems and signpost where future development dollars should go. The Windows 10 operating system sends a variety of telemetry data back to Microsoft to help it keep Windows up to date, secure and operating properly. It is also used to guide future development initiatives, and to provide relevant tips and recommendations to tailor Microsoft products to users' needs.

Windows 10 telemetry is enabled by default, and the telemetry data is transferred to the Microsoft Data Management service using SSL on a schedule that is sensitive to event priority, battery use and network cost. Important, real-time events for programs like Windows Defender Advanced Threat Protection are sent immediately. The data is sent to Microsoft's secure cloud storage with strict access controls.

To help allay privacy concerns both from privacy advocates and the EU about the amount and type of telemetry information being collected by Microsoft, the Windows 10 Creators Update includes new and easier to use privacy settings and configuration options that give users and IT administrators additional control and visibility around the data Microsoft collects.

The three existing levels of data collection remain in Windows 10 telemetry, and they are cumulative.

  • Basic: Basic device info, including quality-related data, app compatibility, app usage data and data from the Security level.
  • Enhanced: Additional insights, including how Windows, Windows Server, System Center and apps are used; how they perform; advanced reliability data; and data from both the Basic and the Security levels. This is the default telemetry setting for Windows Server 2016.
  • Full: All data necessary to identify and help to fix problems, plus data from the Security, Basic and Enhanced levels. This also includes data relating to content consumption, browsing history, and search and query data -- information many users may not want to share, though the information collected at the Enhanced and Full levels is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels.

The new option, Security, is available only in Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core and Windows Server 2016. This option gathers only the telemetry info that is required to keep Windows, Windows Server and System Center protected with the latest security updates. It can be set using the Privacy option in Settings under the Group Policy option, or through mobile device management. The lowest setting supported through the Settings UI is Basic.

Security teams in regulated industries certainly need to review what data is being collected by Windows 10 telemetry and set an appropriate collection level. They must also ensure they are maintaining compliance, taking into account that the telemetry data used by Microsoft helps keep systems up and running, a key element of the CIA triad: confidentiality, integrity and availability.

While Microsoft does not recommend turning off telemetry entirely, that option is also available. Apart from a few high sensitivity situations where enterprises will want to turn it off, in most use cases, there are privacy issues of greater importance on which to focus. For example, users leak a lot of information each time they use a web browser, an online application or a service, while mobile phone apps track vast amounts of data about a user's every move and action.

Ask the expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)

Next Steps

Learn more about Windows 10 telemetry data collection

Find out why IT should virtualize Windows 10

Check out how to use the Windows Assessment and Deployment Kit

This was last published in September 2017

Dig Deeper on Data security strategies and governance

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What do you think about the telemetry practices Microsoft uses?
The telemetry collected by Microsoft is wide open for abuse.

At the basic level of telemetry, Microsoft collects and stores IP addresses including IP addresses of virtual networks, whether Mac addresses are being randomized and detailed identifying information about phones and phone networks.  Storing information like this is not necessary in the update process, nor is it necessary for 'telemetry'.

Microsoft was the first to volunteer its services for the data collection program run by the NSA called 'prism'.  Microsoft's slogan at the time was "Your privacy is our priority".

The Patriot Act gives the NSA the right to bulk data collection at any time without any legal process.  The Patriot Act also gives the NSA the right to direct connections to the tech companies so that it can collect this information any time it wants to (which IMO will be all the time).

The Patriot Act is not in operation to gather data from Microsoft on how long batteries last for or how buggy an App is.

I wouldn't trust sensitive business or personal data to Microsoft, ever.
The data collected by Microsoft on Windows 10 Pro despite attempting numerous times to control this, they do collect every thing. They are turning files they collect from our systems into their products, with no end in sight.

I have been trying to fight this since windows 8 with no luck. Most recently I finally bit the bullet and changed the logon account for services that I had previously disabled, yet somehow continue to trigger themselves. I have assigned my account logon rights for all remote services that something keeps triggering. I have followed paths viewed in process explorer and found that these computers appear to be "joined" to 2 domains, azure joined and even a stand alone domain controller... Really? I just thought they were our personal pcs (system32\en-US netmsg).

I have tried disabling tasks (doesn't work) I have followed as instructions for Group Policy settings to block these things (doesn't work) every file I create there is a dllhost.exe that pops up and disappears as soon as I click to save the file.. properties on it say it's OneDrive (I don't use Onedrive, and have even attempted removing it but still there it is).

I've not even mentioned the printservers or the .pbk file that is modified practically daily... The activity under "network other" that no one has been able to offer up an explanation on why it's there every time I boot up the machine even though the desktop has no internet connection. Or the random changes in my session number with all of these events that have no information on...

If they must collect our data, they should be held accountable for the theft and invasions of privacy they are forcing on everyone with windows device. They SHOULD NOT be able to just throw images they "collect" out as a wallpaper for their products, a texture for their games or anything else; they want us to respects their intellectual property and think nothing of ours? But under the law they should be!
How about a solution for those of us who have home and professional versions? It is old news that Microsoft is STEALING our intellectual property, so if we are not currently enrolled in school or we do not have a company PC we have no right to our files? Who would like the debug file for wia which shows they have uploaded all of my photos and documents to some server?

How are people who use their personal devices for creativity or productivity supposed to protect their work? All of it's being sent back to the company who's program we're using, stored in the graphics cache (and uploaded by NVIDIA or AMD) sent to Microsoft's cloud.

Would you sit down and start coding tomorrow's next big thing on your personal pc knowing you have no right to your intellectual property? The average end user does not even realize this, they have no clue about intellectual property or the intellectual property and copyright laws that state it's your property, you have ALL RIGHTS TO IT! Oh but these companies know about these laws, they use them to threaten us mere mortals in those EULAS. They'll sue us if we alter or redistribute their property... But mere mortals can't afford attorneys brave enough to go after tech (Janet Reno may have been the last of the brave AGs).

We are throwing our money away on security programs that won't protect our property, what makes it any less valuable than some large corporations? These corporations can lay off people and rely solely on the items they've collected from people like me. Sure enough the design team for Microsoft hasn't got much to do, hey even NASA's not bothering to edit my designs that they're floating around as Mars and Jupiture, LG, Samsung, Apple, Sony not even so much as a touch on my textures all over their products.

Millions of people paying $49.99 a month for Adobe CC for the right to use any of my gradients, filters, brushes and textures. Adobe predicts another 12 million subscribers in 2018, if they sold just one of my files to 10,000 of those customers (who turn around and sell them on the numerous file selling sites) for $5 I just made them $50,000. But i have created 1.02 TBs (varying sizes and quality some single files larger than a billboard) of designs all of which have been collected over 200,000 files...

So why is my intellectual property less important than theirs? If they weren't STEALING from me, I might be able to upload my files to their very own sites for sale myself...

Oh well, what they're doing to us they've surely been doing to large companies maybe one will sue the pants off of them for infringing on or theft of their intellectual property.