Windows as a Service is a fundamental change to Microsoft’s previous system of planning, developing and releasing operating systems.
Microsoft released new Windows versions every few years in the past; Windows 7 in 2009 and Windows 8 in 2012 for instance, but that changed with the release of Windows 10 in the year 2015.
Microsoft realized that creating and deploying large Windows updates was a substantial effort in the past as it took three years of development to release a new version of Windows.
Windows as a Service changes the old release model by pushing out frequent updates – so called Feature Updates – instead. Main benefits of the new strategy are that development requires less resources, that it is less time consuming, and that new features and changes are pushed out faster to the existing customer base.
The company plans to release two feature updates per year for Windows 10; a much faster pace when compared to the classic release model.
The following feature updates have been released so far:
- July 29, 2015 – Windows 10 RTM (Release to Manufacturing)
- November 12, 2015 – Windows 10 November Update, version 1511
- August 2, 2016 – Windows 10 Anniversary Update, version 1607
- April 5, 2017 – The Windows 10 Creators Update, version 1703
- October 17, 2017 — The Windows 10 Fall Creators Update, version 1709
- April 30, 2018 — The Windows 10 April 2018 Update, version 1803
Telemetry is not a new concept; Microsoft did collect Telemetry data in previous versions of the company’s Windows operating system as well, for instance to check whether the installation of Windows updates was successful, or to gather reliability information through the CEIP (Windows Customer Experience Improvement Program).
Windows as a Service makes Telemetry data more important however in Windows 10. The shorter release cycle is one core reason for that, as the next Windows 10 feature update is just six months away and not three years anymore.
Microsoft has to prioritize decision making and development, and Telemetry data helps the company in that decision-making process.
What is Telemetry
Microsoft defines Telemetry in the following ways:
Windows telemetry is vital technical data from Windows devices about the device and how Windows and related software are performing.
Telemetry is system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to keep Windows devices secure, and to help Microsoft improve the quality of Windows and Microsoft services. It is used to provide a service to the user as part of Windows.
According to Microsoft, Telemetry is used for
- Keeping Windows up to date.
- Keeping Windows secure, reliable and performant.
- Improving Windows through the use of aggregate Windows use data.
- Personalizing the Windows engagement surface.
- Better understanding how customers use (or don’t) use operating system features and services.
Specific examples of Windows telemetry data that Microsoft provides include:
- The type of hardware that is being used.
- The applications that are installed, and usage information.
- Device driver reliability information.
- Monitoring the scalability of the Cortana cloud service.
- How users customize the Windows Start Menu.
Microsoft states that it uses Telemetry data to identify security and reliability issues in Windows 10, to analyze problems, to improve the quality of Windows, and for making future development decisions.
It needs to be noted that Telemetry is not a Windows-specific feature. Many companies, including Google, Mozilla or Tesla, collect Telemetry data.
Operational data, such as telemetry, enables us to provide you with core operating system services, such as Windows Update, and gives every enterprise customer a voice in helping shape future versions of Windows. We can provide quick responses to your feedback and your feedback helps us define new features and improve quality.
Functional data on the other hand is exchanged by Windows apps and components to provide users with information or functionality they require or provide. A basic example is the use of location data to look up weather information or display local news.
While Telemetry cannot be turned off completely, depending on the edition that is used it is either set to Security or Basic at a minimum, functional data can be blocked completely.
The blocking of functional data restricts some features of the Windows 10 operating system and applications that require the data to function properly.
Telemetry only applies to Windows, Windows Server, and System Center components, and apps that use Connected User Experience or Telemetry components.
There are four Telemetry levels in Windows 10 version 1803 which are described in detail below.
The lowest Telemetry level supported through Management Policies is Security, and only available in Enterprise editions of Windows 10 (see Telemetry Levels below for detailed information on editions).
The lowest Telemetry level supported through the Settings UI is Basic.
All Telemetry data is encrypted using SSL when it is transferred to the Microsoft Data Management Service. Microsoft’s implementation uses certificate pinning as well.
Telemetry data is uploaded on a schedule that into account event priority, battery use, and network costs.
With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately.
Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks.
How does Windows 10 collect Telemetry data
All Windows 10 editions come with the Connected User Experiences and Telemetry service. This service is run by the Connected User Experience and Telemetry component.
The service’s name is Connected User Experiences and Telemetry, its display name is DiagTrack, and its service name is utcsvc.
The service’s description reads:
The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences.
Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
Telemetry data is stored in the hidden system folder %ProgramData%\Microsoft\Diagnosis
Note that the data is encrypted, and that permissions make it difficult to access these folders.
Windows 10 connects to the Telemetry endpoints, listed in the following chapter, when it is time to transfer data to Microsoft.
The Telemetry client connects to settings-win.data.microsoft.com to download a settings file and provide a device ID and other basic information.
The settings file is parsed, and then used to connect to v10.vortex-win.data.microsoft.com, the Microsoft Data Management Service to upload the Telemetry data.
Telemetry levels Overview
Windows 10 supports the four Telemetry levels: Security, Basic, Enhanced and Full. Only two of those levels, Basic and Full, can be set in the Settings application by users of the operating system.
One level, Security, is only available in Windows 10 Enterprise, Windows 10 Server, and Education.
The fourth level, Enhanced, is available in all editions, but can only be set using the Group Policy or by making changes to the Windows Registry.
Security – Information required to help keep Windows secure. It collects data that is required to keep Windows secure and protected with the latest security updates. Not an option under Settings.
applies to: Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions
Basic – Basic includes all Security data, and data that Microsoft calls “critical for understanding the device and its configuration”.
applies to: all editions of Windows 10. Minimum setting for all editions that are not listed under Security above.
Enhanced – A Telemetry level of Enhanced includes all data that is sent on the Basic level, plus additional data on how apps, Windows, Windows Server, or System Center are used, and how they perform. Not an option under Settings, can only be set using policies or the Registry.
applies to: all editions of Windows 10.
Full – The Full level includes all basic and security data sets. Additionally,
applies to: all editions of Windows 10.
Default on: Windows 10 Insider Preview systems, on Windows 10 Pro and Home. Windows 10 Enterprise, Windows 10 Education, Windows 10 Server.
Note: Organizations should not use the Security telemetry level if they rely on Windows Update for updates according to Microsoft.
The main reason Microsoft gives for that is that Windows Update information is not gathered on this level, and that means that information about update failures is not submitted. Microsoft uses the data to repair issues that cause updates to fail, and to improve the quality of updates.
Organizations may want to use this Telemetry level for computer systems without Internet connectivity, as this stops the gathering of data that would not be transferred anyway.
Also, the level is suitable for machines which should not communicate with the outside world, and for environments where communication with outside servers needs to be kept to a minimum
Data gathered on this level
Security is the lowest Telemetry level. It is only available in Enterprise-editions of Windows 10 (see full compatibility list in the previous chapter).
Connected User Experience and Telemetry component settings
If general telemetry data has been gathered and is queued, it is sent to Microsoft. Along with this telemetry data, the Connected User Experience and Telemetry component may download a configuration settings file from Microsoft’s servers.
This file is used to configure the Connected User Experience and Telemetry component itself.
The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
Malicious Software Removal Tool (MSRT)
The MSRT infection report contains information, including device info and IP address.
Note: MSRT infection reports can be turned off. See Deploy Windows Malicious Software Removal Tool in an Enterprise environment for information: https://support.microsoft.com/en-us/help/891716/deploy-windows-malicious-software-removal-tool-in-an-enterprise-environment
Windows Defender / Endpoint Protection
Windows Defender and System Center Endpoint Protection requires some information to function, including: anti-malware signatures, diagnostic information, User Account Control settings, Unified Extensible Firmware Interface (UEFI) settings, and IP address.
Note: The reporting can be turned off: https://docs.microsoft.com/en-us/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender
Microsoft states that no user content is gathered at this level. User content includes user files or communication. Steps are taken to avoid the gathering of user or company identifying information such as email addresses, names, or account IDs.
It may happen unintentionally however through MSRT as reports may contain personal information.
MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computer’s registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time.
Basic is one of the two Telemetry levels that Microsoft lists during setup and in the Windows 10 Settings application.
It is not the default level however, and must be set by users or administrators.
Data gathered on this level
Basic is the second-lowest Telemetry level. It includes all data that is collected on the Security level (see description above), plus additional data.
This additional data can be divided into device information, quality related information, and inventory related information.
Basic Device Data
- Internet Explorer version
- Device attributes such as camera resolution and display type.
- Battery attributes.
- Networking attributes such as the number of network adapters or IMEI number.
- Processor and memory attributes such as number of cores, memory size, or architecture.
- Storage attributes such as the number of hard drives, type of drives, and size.
- Operating system attributes such as the Windows edition and virtualization state.
- Virtualization attributes, such as guest operating system or SLAT support.
Connected User Experience and Telemetry component quality metrics
This includes information on how Telemetry and Connected User Experience components function and work. Information that is transferred includes data on uploaded and dropped events, and the last upload time.
Quality related information
Data that provides Microsoft with information on how a device and Windows performs.
Data includes the number of crashes and hangs, application state change details such as how much memory and processor time were used, and characteristics of a Connected Standby device.
- List of installed applications including application names, publisher information, versions, as well as Internet Explorer add-ons.
- Data on how apps are used, how long individual apps are open, have focus, and when apps are started.
- System data that Microsoft uses to determine whether a device meets the minimum requirements to update to the next version of Windows. Also includes memory, as well as information on the processor and BIOS.
- List of accessory devices such as printers or external hard drives. Also, compatibility information to determine if they are compatible with the next version of Windows.
- Data on installed drivers, including whether these are compatible with the next version of Windows.
This set of data includes information on how Microsoft Store performs on the device.
Information includes the number of app downloads, installations and updates.
Also, Microsoft Store launches, page views, suspend and resume operations, and license obtaining.
The Enhanced Telemetry level can only be set using policies or the Registry. See the next chapter – Configuring Telemetry on Windows 10 – for instructions on changing the Telemetry level.
This level helps to improve the user experience with the operating system and apps.
Data from this level can be abstracted into patterns and trends that can help Microsoft determine future improvements.
Data gathered on this level
The enhanced level includes all data from the Security and Basic level.
- Operating system events including networking, Hyper-V, Cortana, storage, file system.
- Operating system app events that result from Microsoft applications and management tools download from Store, or that came pre-installed with the operating system (such as Microsoft Edge, Mail, or Photos).
- Device specific events such as Surface Hub or Microsoft HoloLens data (which is not part on regular computer systems).
- A selection of crash dump types.
Full data includes all data that is collected on the Security, Basic and Enhanced level, plus additional information listed below.
It is the default level on all non-Enterprise, Education and Server operating system editions of Windows 10.
Data gathered on this level
- App usage, input reaction, or how long each app runs.
- Browser usage, including browsing history and search terms.
- Samples (small according to Microsoft) of inking and typing support. Microsoft notes that the data is processed to remove identifiable information such as email addresses, names, or numeric values.
- Enhanced error reporting like the memory state of the device, when system or app crashes occurred.
- Status and logging information about the health of the operating system.
- Additional device data, connectivity information, and configuration data beyond that what is already collected on the Basic level.
Endpoints for Telemetry Services
Service — Endpoint
- Connected User Experience and Telemetry component — v10.vortex-win.data.microsoft.com and settings-win.data.microsoft.com
- Windows Error Reporting — watson.telemetry.microsoft.com
- Online Crash Analysis — oca.telemetry.microsoft.com
- OneDrive app for Windows 10 — vortex.data.microsoft.com/collect/v1
Configuring Windows 10 Telemetry settings
Windows 10 users and administrators have three options when it comes to setting the Telemetry level (switching to a level that is not the default).
The Settings application limits the levels to Basic and Full. You can set the Security and Enhanced levels only through other means, for instance by using the Group Policy or editing the Registry.
Note that you can set the Security level on non-Enterprise version through the Registry or Group Policy, but that the setting is changed to Basic automatically in that case.
The Settings Application
- Use the keyboard shortcut Windows-I to open the Settings application.
- Navigate to Privacy > Feedback & Diagnostics
- Locate the “Select how much data you send to Microsoft” section.
- You have the option to switch between Basic and Full levels there.
- Tap on the Windows-key, type gpedit.msc, and hit the Enter-key on the keyboard.
- Use the folder structure on the left to navigate to Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds
- Double-click on “Allow Telemetry”.
- Set the policy to Enabled.
- Select one of the available levels (Security, Basic, Enhanced, Full).
- Note that Security applies only to Enterprise, EDU and IoT. While you may set the level on other editions of Windows 10, this is then handled like Basic automatically. In other words, the lowest level you can set on Home and Pro editions of Windows 10 is Basic.
- Tap on the Windows-key, type regedit.exe, and hit the Enter-key on the keyboard.
- Navigate to the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection
- Right-click on DataCollection, and select New > Dword (32-bit) Value.
- Name it AllowTelemetry.
- Double-click on the new value AllowTelemetry, and set its value according to the table below. Again, Security is automatically changed to Basic on Home and Pro editions of Windows 10.
- Restart the PC afterwards.
|Security||Security data only.||0|
|Basic||Security data, and basic system and quality data.||1|
|Enhanced||Security data, basic system and quality data, and enhanced insights and advanced reliability data.||2|
|Full||Security data, basic system and quality data, enhanced insights and advanced reliability data, and full diagnostics data.||3|