






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An overview of telemetry data collection in Windows Server 2016 and System Center 2016, including the different telemetry levels and how to control data transmission. It also explains how Microsoft uses the collected data to improve customer experiences, security, and performance analysis.
Typology: Study Guides, Projects, Research
1 / 12
This page cannot be seen from the preview
Don't miss anything!







Applies to Windows Server 2016 Technical Preview
Page 2 Windows Server 2016 and System Microsoft Corporation
Our goal is to leverage the aggregated data to drive changes in the product and ecosystem to improve our customer experiences. We are also partnering with enterprises to provide added value from the telemetry information that is shared by their devices. Some examples include identifying outdated patches and downloading the latest antimalware signatures to help keep their devices secure, identifying application compatibility issues prior to upgrades, and gaining insights into driver reliability issues affecting other customers.
Windows 10 and Windows Server 2016 include the Connected User Experience and Telemetry component, which uses the Event Tracing for Windows (ETW) trace logging^1 technology to gather and store telemetry events and data. The operating system and some Microsoft management solutions like System Center use the same logging technology.
All telemetry data is encrypted using SSL and uses certificate pinning during transfer from the device to Microsoft.
The Microsoft Data Management service routes data back to our protected cloud storage. Only Microsoft personnel with a valid business justification are permitted access.
The Connected User Experience and Telemetry component connects to the Microsoft Data Management service at v10.vortex-win.data.microsoft.com.
The Connected User Experience and Telemetry component also connects to settings- win.data.microsoft.com to download configuration information.
Windows Error Reporting connects to watson.telemetry.microsoft.com.
Online Crash Analysis connects to oca.telemetry.microsoft.com.
(^1) About TraceLogging - https://msdn.microsoft.com/en-us/library/dn904632(v=vs.85).aspx
Page 3 Windows Server 2016 and System Microsoft Corporation
Data gathered from telemetry is used by Microsoft teams primarily to improve our customer experiences, and for security, health, quality, and performance analysis. The principle of least privileged guides access to telemetry data. Only Microsoft personnel with a valid business need are permitted access to the telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the Privacy Statement^2. We do share business reports with OEMs and third party partners that include aggregated, anonymized telemetry information. Data sharing decisions are made by an internal team including privacy, legal, and data management.
Microsoft believes in and practices information minimization. We strive to gather only the information that we need, and we store it for as long as it’s needed to provide a service or for analysis. Much of the information about how the operating system and apps are functioning is deleted within 30 days. Other information, such as error reporting data, may be retained longer.
This section illustrates and explains the different telemetry levels in Windows 10 and Windows Server
The telemetry levels are cumulative and can be categorized into four levels:
(^2) Windows Server prerelease: http://windows.microsoft.com/en-us/windows/preview-privacy-statement
System Center prerelease: http://go.microsoft.com/fwlink/?LinkID=623851&clcid=0x
Page 5 Windows Server 2016 and System Microsoft Corporation
Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as WSUS, System Center Configuration Manager, or a third party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates.
For servers with default telemetry settings and no Internet connectivity, you should set the telemetry level to Security. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity.
No user content, such as user files or communications, is gathered at the Security telemetry level, and we avoid gathering any information that directly identifies a company or user, such as a name or email address. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computer’s registry that include information such as a username, which would cause it to be gathered. MSRT reporting is optional and can be turned off at any time.
The Basic level gathers a limited set of data that is critical for understanding the system and its configuration. This level includes the Security level information. This level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or a particular network driver version. The Connected User Experience and Telemetry component does not gather telemetry data about System Center, but it can transmit telemetry for non-Windows apps if they have user consent.
The data gathered at this level includes:
Page 6 Windows Server 2016 and System Microsoft Corporation
The Enhanced level gathers data about how the OS and apps are used and how they perform. This level also includes data from the Security and Basic levels. This level helps to improve the user experience with the OS and apps. Data from this level can be abstracted into patterns and trends that can help Microsoft determine future development improvements.
This is the default level on all Windows Server 2016 and System Center 2016 editions. It is the minimum level that is required to quickly identify and address OS and System Center customer quality issues.
The data gathered at this level includes:
The Full level gathers data necessary to identify and help fix problems. This level also includes data from the Security , Basic , and Enhanced levels.
If systems experience problems that are difficult to identify or repeat using Microsoft’s internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem. It is gathered from a small randomly selected set of systems that have both opted into the Full telemetry level and have exhibited the problem. Data sharing decisions are made by an internal team including privacy, legal, and data management.
Page 8 Windows Server 2016 and System Microsoft Corporation
Use the Policy Configuration Service Provider (CSP)^5 to apply the System/AllowTelemetry MDM policy.
Use Registry Editor to manually set the registry level on each device in your organization, or write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting.
For System Center 2016 Technical Preview 4, IT administrators can reduce the flow of System Center telemetry to zero by following these steps:
In Windows Server 2016, there are additional telemetry controls to reduce the flow of Windows telemetry data:
(^5) Configuration Service Provider: https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx (^6) Microsoft KB: 3096505 How to disable telemetry for Service Management Automation and Service Provider
Foundation (https://support.microsoft.com/en-us/kb/3096505) (^7) About Windows Server Update Services (WSUS): https://technet.microsoft.com/library/hh852345.aspx (^8) System Center Configuration Manager: https://technet.microsoft.com/en-us/library/dn965439.aspx
Page 9 Windows Server 2016 and System Microsoft Corporation
Note : Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information. We guard against such events by using technologies to identify and remove sensitive information before it is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete it.
Telemetry plays an important role in helping us quickly identify and fix critical reliability and security issues in our customers’ deployments and configurations. Insights into the telemetry data that we gather help us quickly identify crashes or hangs associated with a certain application or driver on a given configuration, like a particular storage type (for example, SCSI) or a memory size.
For System Center, job usages and statuses can also help us enhance the job workload and the communication between System Center and its managed products. Microsoft’s ability to get this data from customers and drive improvements into the ecosystem helps raise the bar for the quality of System Center, Windows Server applications, Windows apps, and drivers. Real-time data about Windows Server and Windows installations reduces downtime and the cost associated with troubleshooting unreliable drivers or unstable applications
Telemetry provides a view of which features and services customers use most. For example, the telemetry data provides us with a heat map of the most commonly deployed Windows Server roles, most used Windows features, and which ones are used the least. This helps us make informed decisions about where we should invest our engineering resources to build a leaner operating system.
For System Center, understanding the customer environment for management and monitoring will help drive the support compatibilities matrix, such as host and guest OS. This can help you use existing hardware to meet your business needs and reduce your total cost of ownership. It can also help to reduce the downtime that is associated with security updates.
Telemetry also helps Microsoft to better understand how customers deploy components, use features, and use services to achieve their business goals. Getting insights from that data helps us prioritize our engineering investments in areas that can directly impact our customers’ experiences and workloads.
Some examples include customer usage of containers, storage, and networking configurations that are associated with Windows Server roles like Clustering and Web. Another example is to find out when CPU hyper-threading is turned off and what the resulting impact is. We use the insights to drive
(^9) Microsoft KB: 891716 Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise
environment. (http://support.microsoft.com/kb/891716/)