All information here is from Microsoft's Technet Documentation about Windows 10 telemetry, under this section https://technet.microsoft.com/en-us/itpro/windows/manage/index
This document lists the main changes I've noticed in the latest version of Microsoft's telemetry documentation, which is dated 6th May 2016.
Disclaimer: I'm only human and also dyslexic. I try my best to read and write accurately but I make mistakes and my enthusiasm can sometimes cloud fact. This is also a hobby, not a job. Please do check documentation yourself to be sure I've got things right.
Disclaimer: I'm only human and also dyslexic. I try my best to read and write accurately but I make mistakes and my enthusiasm can sometimes cloud fact. This is also a hobby, not a job. Please do check documentation yourself to be sure I've got things right.
My Summary
There's new insight into how the telemetry client works in latest update. We know not only is HTTPS involved, but SSL and certificate pinning when data is transferred from us to Microsoft. More interestingly to me, it's stated that the client uses Event Tracing which will mean it's likely writing a log file somewhere. This is the same technology that they introduced for Windows Update in Windows 10 which requires a blooming powershell command to convert the log files into readable text!
There's a fair few nuggets for enterprise customers to chew over; unlike with Windows 10, Windows Server metered connections will continue to send telemetry as normal unless you've set telemetry level to lowest, which is the security level. It's stated that non-internet servers should be set to that level so they don't amass data that's going nowhere. At the same time they say that if you rely on Windows Update Services (and who doesn't?) you shouldn't use the security level as that level doesn't send telemetry on update success etc, meaning Microsoft can't improve quality of updates as they learn nothing. Regarding System Center telemetry, it says that at basic and security level, no system center telemetry is sent but makes it clear that the control for System Center telemetry is from within the product itself. Also worth noting is that the text suggests that the default telemetry level for Server OS is Enhanced. I'm not sure if that's new or if that's what consumer Windows is set to as well. I thought it was basic?
Consumer wise, the Retention section now suggests that a fair amount of data is retained longer than 30 days. Which makes sense in some respects as they do say they supply anonymised data to third parties and vendors. Would be hard to do that without keeping data longer than a month, right? Of course, they don't say what they do keep specifically.
Equally interesting to me, and somewhat expected I guess, is that if you run any virtual machines, they too will be sending telemetry back, including all the apps they have installed. They also make it clear about something I already suspected, which is that pretty much every aspect to the use of an app is recorded too. i.e. how long it's used, does it have focus and when was it started. You can bet they'll be more than those 3 aspects that they described here that they record.
Not a biggie, and somewhat also unsurprising, the text now says that they can take crash dump files too from your computer via telemetry client. This is done at Enhanced Telemetry Level.
The ability at enhanced telemetry level to take content that might include user sensitive information is now not in the documentation at all, but I'd be surprised if that means they don't do that anymore. Remember, this is only if the user files were involved in the issue they are investigating and they won't do anything with what they find. i.e. your info in a document are safe.
There's also mention that telemetry data is taken at a "fractional sampling rate" which can be as low as 1%. I don't really know what that means. Suggests that telemetry likely targets only specific devices perhaps? Also, doesn't say what the average sampling rate is, only what the minimum could be.
Actual list of changes:
Configure windows telemetry in your organisation
Overview
Section
- Makes it
clear that the article doesn’t apply to System Center products as they use
different telemetry service than Windows and Windows Server.
- Overview
section explains the forms of telemetry Microsoft used to take in previous
versions of windows and windows server; Defender Signature, Windows
Update, Reliability Analysis Service and using CEIP.
- Overview
section says Microsoft partnering with enterprises to provide added value
from the telemetry information shared from their devices; i.e. app capability
and driver reliability issues.
Data
Collection section:
- Completely
reworded section, now with additional information.
- NEW = Connected User Experience & Telemetry component in
Windows 10 and Windows Server 2016 uses Event Tracing for Windows trace
logging to gather and store telemetry events and data.
- NEW = The Connected User Experience and Telemetry Components
transmits over HTTPS and uses certificate pinning.
- NEW = Enhanced & Full levels of telemetry is gathered at a
fractional sampling rate, which can be as low as 1% of such devices
reporting data.
Data
Transfer section
- Section has
been renamed to ‘Data Transmission’.
- CHANGE = Now implicitly says telemetry data is encrypted using
SSL and uses certificate pinning during transfer. Before it just said data
was encrypted.
- CHANGE = The example it gives for real-time events that are sent
immediately is altered from ‘gaming achievements’ to ‘Windows Defender
Advanced Threat Protection’.
- CHANGE = After saying that normal events are not uploaded on
metered networks it now says that doesn’t apply if you are on a metered
server connection.
Microsoft
Data Management Service Section
- Section
title renamed to ‘Endpoints’
- CHANGE = Opening two sentences changed substantially:
- Used to say = “The Microsoft Data Management
Service routes information to internal cloud storage, where it's compiled
into business reports for analysis and research. Sensitive info is stored
in a separate data store that's locked down to a small subset of
Microsoft employees in the Windows Devices Group. The privacy governance
team permits access only to people with a valid business justification.”
- Now says = “The Microsoft Data Management Service
routes data back to our secure cloud storage. Only Microsoft personnel
with a valid business justification are permitted access.
- NEW = Two new endpoints now mentioned:
- Windows Error Reporting connects to Watson.telemetry.microsoft.com
- Online Crash Analysis connects to
oca.telemetry.microsoft.com
Usage
section
- Renamed
to ‘Data use and access’.
- Minor
wording changes to all sentences but essentially saying exactly the same
thing as before.
Retention
- Mostly
minor wording changes except last two sentences.
- CHANGE = “Other info may be
retained longer, particularly if there is a regulatory requirement to do
so.” Changed to “Much of the info about how Windows and apps are functioning is deleted within 30 days. Other info may be retained longer, such as error reporting data or Store purchase history.”
- NOT NEW (as I've subsequently realised but I'll keep it here anyway) = Added sentence here which was previously elsewhere “Info
is typically gathered at a fractional sampling rate, which for some client
services, can be as low as 1%.”
Telemetry Levels
Overview
·
CHANGE = Windows Server 2016 and System Center added to list of Oss
that this section applies to.
·
CHANGE = Windows Server 2016 added to list OS that have additional
Security telemetry level.
Security
Level
·
CHANGE = In first ‘Note’ where it says organisation that rely on
Windows Update shouldn’t use the Security level, it now says that because
Windows Update Information isn’t being sent at this level, Microsoft can’t use
that information to fix causes of any failures and improve quality of updates.
· NEW = Says that servers with default telemetry settings and no
·
NEW
= Says telemetry data about Windows Server features or System Center are not
gathered at this level.internet
connectivity should be set the telemetry level to Security to stop data
gathering for events that will never be
uploaded due to no internet connectivity.
Basic
Level
·
NEW
= Says “The Connected User Experience and Telemetry component does not gather
telemetry data about System Center, but it can transmit telemetry for other
non-Windows applications if they have user consent.”
·
NEW
= Added following to list of data that basic level gathers “Virtualization attribute, such as Second Level Address Translation
(SLAT) support and guest operating system.”
·
CHANGE = App compatibility section now says that apps that are
installed on a device or virtual machine will be gathered at this telemetry
level.
·
NEW
= Added following to list of data that basic level gathers “App usage Data.
Includes how an app is used, including how long it is used for, when the app
has focus and when the app is started.”
Enhanced Level
·
NEW
= “Says this is the default level and the minimum level needed to quickly
identify and address quality issues with Windows, Windows Server and System
Center”.
·
NEW
= Added following to list of data that enhanced level gathers “Some crash dump
types. All crash dumps, except for heap dumps and full dumps.”
·
REMOVED = Sentence that says what happens if more details are required
no longer says anything about how long it will gather info for that issue (was
2 weeks).
Full Level
·
Where
section says what capabilities Microsoft Engineers have to use the telemetry
client to gather more information ...
·
REMOVED = “Ability to gather user
content, such as documents, if they might have been the trigger for the issue.”
·
ADDED = “All crash dump types,
including heap dumps and full dumps.”
Manage your telemetry settings section
·
NEW
= “Says you can turn on and off system center telemetry gathering. The default
is on. Says setting telemetry level to Basic will turn off system center
telemetry even if system center telemetry switch is on”.
·
NEW
– Section on how to configure system center 2016 telemetry settings.
Examples of how Microsoft uses the telemetry
data section
·
This is
a new section.
·
Has
three paragraphs explaining how telemetry data is used, which have the headings
“Driver higher application and driver quality in the ecosystem”, “Reduce your
TCO and downtime”, “Build features that address our customers’ needs”
No comments:
Post a Comment