microworks - Fotolia

Windows 10 telemetry data collection details revealed

Microsoft exposes Windows 10 telemetry practices just a week before Creators Update; may allay privacy concerns over Windows 10 data collection.

After nearly two years since its latest major update, Microsoft has finally released complete details of what Windows...

10 telemetry data will be collected by its latest Creators Update version.

Facing ongoing pressure from users, as well as the top EU privacy watchdog group over privacy issues related to Windows 10 telemetry data collection, Microsoft has been making an effort to improve its privacy stance, including the addition of new privacy settings and configuration options to allow individuals and enterprises greater control over what types of data are shared with it.

"Microsoft collects Windows diagnostic data to keep Windows up to date, secure and operating properly. It also helps us improve Windows and, for users who have turned on 'tailored experiences,' can be used to provide relevant tips and recommendations to tailor Microsoft products to the user's needs," Microsoft's Brian Lich wrote in a TechNet article that described all of the Windows 10 telemetry data collected, along with examples of that data.

Windows 10 data collection can be configured in four different levels, although one, the "Security level" for Windows 10 telemetry, is available only in Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core) and Windows Server 2016.

  • Security: This is the lowest level that allows sharing of data necessary for keeping Windows secure, "including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender," Lich wrote.
  • Basic: Includes basic device information such as application compatibility and usage data, as well as quality-related data; Security level data is also included.
  • Enhanced: Includes information about how Windows and applications are used, advanced reliability data; Basic and Security level data is also included.
  • Full: Includes "all data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels."

Most Windows 10 telemetry data includes Common Data, which incorporates diagnostic header information about which version of Windows is in use, UserID or Xbox UserID, device ID, information about the diagnostic event being collected, what diagnostic level (Basic or Full, for example) the device is opted into and more.

Other categories of data collected at higher levels include more device, connectivity and configuration data; product and service usage and performance data; browsing, search and query data; and more. Windows 10 data collection at the Full level may share more personal data than most users are comfortable with, including data relating to content consumption; browsing, search and query data; and "Inking, Typing, and Speech Utterance data," which can include just about any touchscreen, keyboard and audio speech entered into the system.

Even at the Basic level, a considerable amount of data is collected. For example, basic device data gathered includes device attributes ranging from the version of Internet Explorer and the capacity and type of battery in use, to key networking information, including the number and speed of network adapters, as well as the mobile operator network being used -- and even the IMEI (International Mobile Equipment Identity) number assigned to the device.

Other device network information that can be accessed through Windows 10 data collection at the Basic level includes proxy, gateway, DHCP and domain name system details and addresses, MAC addresses (and whether or not MAC address randomization is turned on). Device properties, also accessed at the Basic level include not just the OS version and edition but also subscription status, processor, firmware, memory, storage and battery information, as well as whether the system is a virtual machine -- even the color and form factor of the hardware in use.

At higher levels, much more data is accessed. For example, the browsing, search and query data that is collected can include most interactions using Microsoft browsers, including queries entered into the address bar and the search box, text chosen for an Ask Cortana search, URLs visited (including search terms) and more.

Windows 10 telemetry stream options are controlled using the Privacy option in Settings under the Group Policy option, or through mobile device management. While Microsoft does not recommend turning off telemetry entirely, that option is also available.

Next Steps

Find out more about how Windows 10 data collection improves the user experience

Learn about five often overlooked Windows 10 security risks

Read about three basic tips for Windows 10 security

Dig Deeper on Compliance