James Thew - Fotolia

What risk do Windows 10 telemetry features pose enterprises?

Microsoft collects data using Windows 10 telemetry features. Expert Michael Cobb explains what type of data is collected, and whether enterprises need to be worried about it.

Microsoft revealed its Windows 10 telemetry practices involve user data sharing at four different levels: Security, Basic, Enhanced and Full. What type of data is collected at each level? What privacy concerns accompany each level of data collection?

Telemetry, an automated communications process that sends collated data back to a vendor, is at the heart of many software development programs. Developers want to know how often their software is used, which features are popular, which actions or drivers are causing crashes, and other insights.

Telemetry provides the necessary feedback and diagnostics to help fix problems and signpost where future development dollars should go. The Windows 10 operating system sends a variety of telemetry data back to Microsoft to help it keep Windows up to date, secure and operating properly. It is also used to guide future development initiatives, and to provide relevant tips and recommendations to tailor Microsoft products to users' needs.

Windows 10 telemetry is enabled by default, and the telemetry data is transferred to the Microsoft Data Management service using SSL on a schedule that is sensitive to event priority, battery use and network cost. Important, real-time events for programs like Windows Defender Advanced Threat Protection are sent immediately. The data is sent to Microsoft's secure cloud storage with strict access controls.

To help allay privacy concerns both from privacy advocates and the EU about the amount and type of telemetry information being collected by Microsoft, the Windows 10 Creators Update includes new and easier to use privacy settings and configuration options that give users and IT administrators additional control and visibility around the data Microsoft collects.

The three existing levels of data collection remain in Windows 10 telemetry, and they are cumulative.

  • Basic: Basic device info, including quality-related data, app compatibility, app usage data and data from the Security level.
  • Enhanced: Additional insights, including how Windows, Windows Server, System Center and apps are used; how they perform; advanced reliability data; and data from both the Basic and the Security levels. This is the default telemetry setting for Windows Server 2016.
  • Full: All data necessary to identify and help to fix problems, plus data from the Security, Basic and Enhanced levels. This also includes data relating to content consumption, browsing history, and search and query data -- information many users may not want to share, though the information collected at the Enhanced and Full levels is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels.

The new option, Security, is available only in Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core and Windows Server 2016. This option gathers only the telemetry info that is required to keep Windows, Windows Server and System Center protected with the latest security updates. It can be set using the Privacy option in Settings under the Group Policy option, or through mobile device management. The lowest setting supported through the Settings UI is Basic.

Security teams in regulated industries certainly need to review what data is being collected by Windows 10 telemetry and set an appropriate collection level. They must also ensure they are maintaining compliance, taking into account that the telemetry data used by Microsoft helps keep systems up and running, a key element of the CIA triad: confidentiality, integrity and availability.

While Microsoft does not recommend turning off telemetry entirely, that option is also available. Apart from a few high sensitivity situations where enterprises will want to turn it off, in most use cases, there are privacy issues of greater importance on which to focus. For example, users leak a lot of information each time they use a web browser, an online application or a service, while mobile phone apps track vast amounts of data about a user's every move and action.

Ask the expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)

Next Steps

Learn more about Windows 10 telemetry data collection

Find out why IT should virtualize Windows 10

Check out how to use the Windows Assessment and Deployment Kit

This was last published in September 2017

Dig Deeper on Data security and privacy