Windows Server 2016 and System Center 2016 Telemetry: Data Collection and Control, Study Guides, Projects, Research of Construction

An overview of telemetry data collection in Windows Server 2016 and System Center 2016, including the different telemetry levels and how to control data transmission. It also explains how Microsoft uses the collected data to improve customer experiences, security, and performance analysis.

Typology: Study Guides, Projects, Research

2021/2022

Uploaded on 07/04/2022

vidar_fu
vidar_fu 🇳🇴

5

(6)

339 documents

1 / 12

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
WINDOWS SERVER 2016 AND SYSTEM
CENTER 2016 TELEMETRY
Technical Overview White Paper
May, 2016
Applies to Windows Server 2016 Technical Preview
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Windows Server 2016 and System Center 2016 Telemetry: Data Collection and Control and more Study Guides, Projects, Research Construction in PDF only on Docsity!

WINDOWS SERVER 2016 AND SYSTEM

CENTER 2016 TELEMETRY

Technical Overview White Paper

May, 2016

Applies to Windows Server 2016 Technical Preview

Contents

  • Summary
  • Overview
  • How does Microsoft protect the security of the data?
    • Data collection
    • Data transmission
    • Data use and access
    • Data retention...........................................................................................................................................
  • What data is gathered at different telemetry levels?
    • Security level
    • Basic level
    • Enhanced level
    • Full level
  • How can enterprises manage telemetry collection?
    • Configure the operating system telemetry level
      • Use Group Policy to set the telemetry level
      • Use MDM to set the telemetry level
    • Turn off telemetry collection in System Center 2016 for the enterprise
    • Additional telemetry controls
  • Examples of how Microsoft uses the telemetry data
    • Drive higher apps and driver quality in the ecosystem
    • Reduce your total cost of ownership and downtime
    • Build features that address our customers’ needs

Page 2 Windows Server 2016 and System Microsoft Corporation

Our goal is to leverage the aggregated data to drive changes in the product and ecosystem to improve our customer experiences. We are also partnering with enterprises to provide added value from the telemetry information that is shared by their devices. Some examples include identifying outdated patches and downloading the latest antimalware signatures to help keep their devices secure, identifying application compatibility issues prior to upgrades, and gaining insights into driver reliability issues affecting other customers.

How does Microsoft protect the security of the data?

Data collection

Windows 10 and Windows Server 2016 include the Connected User Experience and Telemetry component, which uses the Event Tracing for Windows (ETW) trace logging^1 technology to gather and store telemetry events and data. The operating system and some Microsoft management solutions like System Center use the same logging technology.

  1. Operating system features and some management applications are instrumented to publish events and data. Examples of management applications include Virtual Machine Manager (VMM), Server Manager, and Storage Spaces.
  2. Events are gathered by using public operating system event logging and tracing APIs.
  3. You can configure the telemetry level by using an MDM policy, Group Policy, or registry settings.
  4. The Connected User Experience and Telemetry component transmits telemetry data over HTTPS to Microsoft and uses certificate pinning.

Data transmission

All telemetry data is encrypted using SSL and uses certificate pinning during transfer from the device to Microsoft.

Endpoints

The Microsoft Data Management service routes data back to our protected cloud storage. Only Microsoft personnel with a valid business justification are permitted access.

The Connected User Experience and Telemetry component connects to the Microsoft Data Management service at v10.vortex-win.data.microsoft.com.

The Connected User Experience and Telemetry component also connects to settings- win.data.microsoft.com to download configuration information.

Windows Error Reporting connects to watson.telemetry.microsoft.com.

Online Crash Analysis connects to oca.telemetry.microsoft.com.

(^1) About TraceLogging - https://msdn.microsoft.com/en-us/library/dn904632(v=vs.85).aspx

Page 3 Windows Server 2016 and System Microsoft Corporation

Data use and access

Data gathered from telemetry is used by Microsoft teams primarily to improve our customer experiences, and for security, health, quality, and performance analysis. The principle of least privileged guides access to telemetry data. Only Microsoft personnel with a valid business need are permitted access to the telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the Privacy Statement^2. We do share business reports with OEMs and third party partners that include aggregated, anonymized telemetry information. Data sharing decisions are made by an internal team including privacy, legal, and data management.

Data retention

Microsoft believes in and practices information minimization. We strive to gather only the information that we need, and we store it for as long as it’s needed to provide a service or for analysis. Much of the information about how the operating system and apps are functioning is deleted within 30 days. Other information, such as error reporting data, may be retained longer.

What data is gathered at different telemetry levels?

This section illustrates and explains the different telemetry levels in Windows 10 and Windows Server

  1. These levels are available on all editions of Windows Server 2016. The following figure shows a comparison of the telemetry levels:

The telemetry levels are cumulative and can be categorized into four levels:

(^2) Windows Server prerelease: http://windows.microsoft.com/en-us/windows/preview-privacy-statement

System Center prerelease: http://go.microsoft.com/fwlink/?LinkID=623851&clcid=0x

Page 5 Windows Server 2016 and System Microsoft Corporation

Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as WSUS, System Center Configuration Manager, or a third party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates.

For servers with default telemetry settings and no Internet connectivity, you should set the telemetry level to Security. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity.

No user content, such as user files or communications, is gathered at the Security telemetry level, and we avoid gathering any information that directly identifies a company or user, such as a name or email address. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computer’s registry that include information such as a username, which would cause it to be gathered. MSRT reporting is optional and can be turned off at any time.

Basic level

The Basic level gathers a limited set of data that is critical for understanding the system and its configuration. This level includes the Security level information. This level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or a particular network driver version. The Connected User Experience and Telemetry component does not gather telemetry data about System Center, but it can transmit telemetry for non-Windows apps if they have user consent.

The data gathered at this level includes:

  • Basic device information : Helps provide an understanding about the types and configurations of native and virtualized Windows Server 2016 instances in the ecosystem, including: o Machine attributes, such as the OEM, model, and BIOS date o Networking attributes, such as the number and speed of network adapters o Processor and memory attributes, such as the number of cores, architecture, memory size, and firmware version o Virtualization attributes, such as Second Level Address Translation (SLAT) support and the guest operating system o OS attributes, such as the edition and virtualization state o Storage attributes, such as the number of drives, type, speed, and size
  • Connected User Experience and Telemetry component quality metrics : Helps provide an understanding about how the Connected User Experience and Telemetry component is functioning, including percent of uploaded events, dropped events, and the last upload time.
  • Quality-related information : Helps Microsoft develop a basic understanding of how a device and its operating system are performing. An example is the count of crashes in the operating system on a particular hardware configuration or with a specific driver version.

Page 6 Windows Server 2016 and System Microsoft Corporation

  • Compatibility data : Helps provide an understanding about which apps are installed on a system and virtual machine, and identifies potential compatibility problems. o General app data : Includes a list of apps that are installed on a native or virtualized instance of the OS and whether these apps function correctly after an upgrade. This app data includes the app name, publisher, version, and basic details about which files have been blocked from usage. o App usage data : Includes how an app is used, including how long an app is used for, when the app has focus, and when the app is started. o System data : Helps provide an understanding about whether a system meets the minimum requirements to upgrade to the next OS version. System information includes the amount of memory, as well as information about the processor and BIOS. o Accessory device data : Includes a list of accessory devices, such as external storage devices, that are connected to Windows systems and whether these devices will function after upgrading to a new version of the OS. o Driver data : Includes specific driver usage that is meant to help figure out whether apps and systems will function after upgrading to a new version of the OS. This data can help determine blocking issues and then help Microsoft and our partners apply fixes and improvements.

Enhanced level

The Enhanced level gathers data about how the OS and apps are used and how they perform. This level also includes data from the Security and Basic levels. This level helps to improve the user experience with the OS and apps. Data from this level can be abstracted into patterns and trends that can help Microsoft determine future development improvements.

This is the default level on all Windows Server 2016 and System Center 2016 editions. It is the minimum level that is required to quickly identify and address OS and System Center customer quality issues.

The data gathered at this level includes:

  • OS events : Help to gain insights into different areas of the OS, including networking, Hyper-V, storage, file system, and other components.
  • OS app events : Result from Microsoft applications and management tools that were installed with or on Windows Server (for example, Server Manager and System Center).
  • Some crash dump types. All crash dump types, except for heap dumps and full dumps.

Full level

The Full level gathers data necessary to identify and help fix problems. This level also includes data from the Security , Basic , and Enhanced levels.

If systems experience problems that are difficult to identify or repeat using Microsoft’s internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem. It is gathered from a small randomly selected set of systems that have both opted into the Full telemetry level and have exhibited the problem. Data sharing decisions are made by an internal team including privacy, legal, and data management.

Page 8 Windows Server 2016 and System Microsoft Corporation

  1. Double-click Allow Telemetry.
  2. In the Options box, select the level that you want to configure, and then click OK.

Use MDM to set the telemetry level

Use the Policy Configuration Service Provider (CSP)^5 to apply the System/AllowTelemetry MDM policy.

Use Registry Editor to set the telemetry level

Use Registry Editor to manually set the registry level on each device in your organization, or write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting.

  1. Open Registry Editor, and go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection.
  2. Right-click DataCollection , click New , and then click DWORD (32-bit) value.
  3. Type AllowTelemetry , and then press ENTER.
  4. Double-click AllowTelemetry and set the desired value from the table above, and then click OK.
  5. Click File > Export , and then save the file as a .reg file, such as C:\AllowTelemetry.reg. You can run this file from a script on each device or virtual machine (VM) in your organization.

Turn off telemetry collection in System Center 2016 for the enterprise

For System Center 2016 Technical Preview 4, IT administrators can reduce the flow of System Center telemetry to zero by following these steps:

  • Turn off telemetry by going into the System Center UI Console settings workspace.
  • For Service Management Automation and Service Provider Foundation instructions on how to turn off telemetry, see Microsoft Knowledge Base article# 3096505^6.

Additional telemetry controls

In Windows Server 2016, there are additional telemetry controls to reduce the flow of Windows telemetry data:

  • Change the default telemetry level from Enhanced to Security.
  • Turn off Windows Update, or set the machines to be managed by an on premise update server such as WSUS^7 or System Center Configuration Manager^8.
  • Turn off Windows Defender Cloud based Protection and Automatic sample submission in Settings > Update & Security > Windows Defender. If a third-party antimalware service is installed, Windows Defender (and its telemetry) should automatically shut off.

(^5) Configuration Service Provider: https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx (^6) Microsoft KB: 3096505 How to disable telemetry for Service Management Automation and Service Provider

Foundation (https://support.microsoft.com/en-us/kb/3096505) (^7) About Windows Server Update Services (WSUS): https://technet.microsoft.com/library/hh852345.aspx (^8) System Center Configuration Manager: https://technet.microsoft.com/en-us/library/dn965439.aspx

Page 9 Windows Server 2016 and System Microsoft Corporation

  • Turn off the MSRT infection report as described in the Microsoft Knowledge Base article “Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment.”^9

Note : Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information. We guard against such events by using technologies to identify and remove sensitive information before it is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete it.

Examples of how Microsoft uses the telemetry data

Drive higher apps and driver quality in the ecosystem

Telemetry plays an important role in helping us quickly identify and fix critical reliability and security issues in our customers’ deployments and configurations. Insights into the telemetry data that we gather help us quickly identify crashes or hangs associated with a certain application or driver on a given configuration, like a particular storage type (for example, SCSI) or a memory size.

For System Center, job usages and statuses can also help us enhance the job workload and the communication between System Center and its managed products. Microsoft’s ability to get this data from customers and drive improvements into the ecosystem helps raise the bar for the quality of System Center, Windows Server applications, Windows apps, and drivers. Real-time data about Windows Server and Windows installations reduces downtime and the cost associated with troubleshooting unreliable drivers or unstable applications

Reduce your total cost of ownership and downtime

Telemetry provides a view of which features and services customers use most. For example, the telemetry data provides us with a heat map of the most commonly deployed Windows Server roles, most used Windows features, and which ones are used the least. This helps us make informed decisions about where we should invest our engineering resources to build a leaner operating system.

For System Center, understanding the customer environment for management and monitoring will help drive the support compatibilities matrix, such as host and guest OS. This can help you use existing hardware to meet your business needs and reduce your total cost of ownership. It can also help to reduce the downtime that is associated with security updates.

Build features that address our customers’ needs

Telemetry also helps Microsoft to better understand how customers deploy components, use features, and use services to achieve their business goals. Getting insights from that data helps us prioritize our engineering investments in areas that can directly impact our customers’ experiences and workloads.

Some examples include customer usage of containers, storage, and networking configurations that are associated with Windows Server roles like Clustering and Web. Another example is to find out when CPU hyper-threading is turned off and what the resulting impact is. We use the insights to drive

(^9) Microsoft KB: 891716 Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise

environment. (http://support.microsoft.com/kb/891716/)