Are you concerned? If you're planning to deploy Windows Server 2016 in your company, then yes, you should definitely get this document which talks about Windows Server 2016 Telemetry (aka “Windows phone home”) settings.
One would have thought that there wasn't enough noise when Windows 10 went out and many freeware apps were released to limit the amount of data sends back to Microsoft. We have blogged about one of those apps here – Windows 10 Privacy Freeware – Good Enough to Stop Microsoft? Now it seems that even upcoming Windows Server 2016 will have the same problem…. broadcast too many information back to Microsoft.
We think that we're definitely concerned about that. Clients are asking us to keep their infrastructure secure, but up to date, which brings challenge and a lot of testing before jumping with something into a production environment.
Microsoft says that all telemetry data are encrypted using SSL and uses certificate pinning during transfer via HTTPs. Events and data are gathered via public OS system event logging and tracing APIs. It may be true, but how to be sure that there is no leak once the data laying at Microsoft? Or that Microsoft one day sell those data to a third-party? Is that (even very low) a risk?
It's possible to configure the telemetry level by using:
- MDM Policy
- Registry settings
GPO is one of the most favorite way to deploy settings across Microsoft domains. The settings is available From the Group Policy Management Console:
Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds.
The different levels:
- Security: Information that’s required to help keep the OS and System Center secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool (MSRT), and Windows Defender.
- Basic: Basic device information, including: quality-related data, app compatibility, app usage data, and data from the Security
- Enhanced: Additional insights, including: how the OS, System Center, and apps are used, how they perform, advanced reliability data, and data from both the Basic and Security
- Full: All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced
This document provides our server and enterprise customers with the necessary information to make informed decisions about how to configure telemetry in their environments. It discusses telemetry as system data that is uploaded by the Connected User Experience and Telemetry component.
There is also some references to Windows 10 telemetry as W10 shares the same underlying infrastructure…
And another quote here:
We understand that the privacy and security of our customers’ information is very important. We have taken a thoughtful and comprehensive approach to customer privacy and the protection of customer data with Windows, Windows Server, and System Center. IT administrators have controls to customize features and privacy settings at any time. Our commitment to transparency and trust is clear:
- We are open with customers about the types of data we gather.
- We put enterprise customers in control—they can customize their own privacy settings.
- We put customer privacy and security first.
- We are transparent about how telemetry gets used.
- We use telemetry to improve customer experiences.
We will look into the details in one of our future posts as well, to do our own conclusion. Hopefully those settings will not change again in the future releases….
We just hope that we can shut most (if not all) telemetry settings without much administrative burden. And that the settings will not change over time as it was the case in Windows 10 where once those settings applied, those were reset (turned back on) after a Windows software update !!!