Much has been said about Windows 10 privacy and the way that Cortana collects personal information. For the most part, this is the press disseminating unnecessary FUD to generate a headline, and you can safely upgrade to Windows 10 and keep the default settings.
But to address some of the concerns, Microsoft has included new settings in the Windows 10 November Update to give organizations more granular control over telemetry, but it can’t be disabled completely. In this Ask the Admin, I’ll show you how to set the telemetry level in Windows 10 using Group Policy.
What is telemetry?
Windows collects information about the OS and apps, such as performance and crash information, and then sends it back to Microsoft in order to improve future OS builds. Without this information, Microsoft would rely on users providing crash reports manually, or use of special diagnostic tools to collect performance information on request, naturally not a practical option outside of specific support incidents.
Managing telemetry settings
Microsoft provides four ways to manage telemetry settings in Windows 10 build 10586 and later: Group Policy, registry setting, MDM or Windows provisioning. Telemetry settings are available in local or Group Policy, which is the way most organizations are likely to configure Windows devices.
Alternatively, Mobile Device Management can be used with a compatible Policy Configuration Service Provider (CSP), or you can configure telemetry as you deploy the OS using standard Windows provisioning tools, such as Windows Imaging and Configuration Designer (ICD).
The Windows telemetry client uses four levels of data collection:
- Enhanced (default)
The Security telemetry level is only available in Enterprise, Education, and IoT Core editions of Windows 10. While the level of data collection can be changed, it’s worth noting that these settings only apply to Windows and apps that use the telemetry client. Other apps and programs may still collect telemetry data independently of how the telemetry client is configured.
Configure telemetry client settings using Group Policy
For more information on creating a Group Policy Object (GPO), see How to Create and Link a Group Policy Object in Active Directory on the Petri IT Knowledgebase. To set the telemetry level:
- Locate the Allow Telemetry GPO setting under Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds.
- In the Allow Telemetry dialog, make sure that Enabled is checked.
- Under Options, select the desired telemetry level from the dropdown menu.
- Click OK.
- Link the GPO to an Organizational Unit in Active Directory.
Interestingly, Microsoft makes a point of saying that only the Security telemetry level doesn’t collect user content, such as user files or communications, or any other data that might identify a company or user, such as names and email addresses etc. A disclaimer is included to state that:
In rare circumstances, Malicious Software Removal Tool (MSRT) information may unintentionally contain personal information. For instance, some malware may create entries in a computer’s registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time.
I think we can assume that all the other telemetry levels are subject to the intentional collection of user content, although this is not explicitly stated by Microsoft. If the telemetry level is set to Full, which is only usually necessary in circumstances where more information is required to resolve a specific problem, Microsoft engineers must request access to the information collected, and receive approval from Microsoft’s privacy governance team.