Windows 10 – Telemetry levels

Ahoy Pirate,

Windows 10 is one of the most or maybe the most communicative operating system ever released. As we all know it is important for Microsoft to collect this data to improve the future quality of the operating system. Maybe thats why it collects the data by default. Nevertheless there might be some cases where you need to reduce or disable the level of communication. Today I will tell you how.

So lets start up with the question what is telemetry?

Microsoft defines telemetry as “system data that is uploaded by the “Connect User Experience and Telemetry” Service. This data “is used by Microsoft teams primarily to improve our customer experiences, and for security, health, quality, and performance analysis.“. Microsoft does not share personal data with third parties. They do share business reports with OEMs and third party partners that includes aggregated anonymized telemetry data, according to their privacy statement. “Most of the data is deleted within 30 days” – is another statement referring to data retention. The default level is “Full” for Windows 10 Home and Professional and “Enhanced” for Enterprise edition. On a device that is running an Insider preview edition, this value is set to “Full” and can only be changed by installing a released version.

How does Windows 10 collect and transmit data?

There is a service called “Connected User Experience and Telemetry component settings”. Before Windows 10 we knew this service under the name “Diagnostics Tracking Service” “DiagTrack”. This service collects the telemetry data. The data is SSL encrypted and uses certificate pinning during its transfer to the Microsoft Data Management Service, which routes data back to the Microsoft cloud storage (v10.vortex-win.data.microsoft.com). The data is uploaded on a schedule which is sensitive to event priority, battery level and if you are in a costed network. Nevertheless real time events like Windows Defender Advanced Threat Protection are sent immediatly. The average size is 1.2K by the way.

You can even monitor the transfer of this data. You just need to find out the process ID (PID) of the “UtcSvc” service. I used that PID to watch the activity of the DiagTrack service over the period of several days, using the built-in Ressource Monitor tool on a virtual machine running Windows 10 Enterprise with a local account and the telemetry level set to Basic. I figured out that the DiagTrack component performs an initial performance measurement and then checks the contents of four log files.

Furthermore you should know that there are 4 telemetry levels:

Security
Basic
Enhanced
Full

where “Security” is only available on Windows 10 Enterprise, Windows 10 Education and Windows 10 IoT Core editions.

So let’s start with a diagram on the different telemetry levels:

What you can see here is that “Security” is the level which sends the least amount of information. So “Security” is the level I recommend to set up to all my customers in enterprise environments. At the same time the model is structured the way that with each level additional information is gathered. This means everything that is collected in Security, is also collected in “Basic”, “Enhanced” and “Full”. Moreover additional information is added depending on the level. This data will be sent to Microsoft, and in response it receives configuration information from Microsoft’s servers (settings-win.data.microsoft.com), so that the service can collect hardware / device specific information.

Let’s have a look on what each level collects and sends.

Security:

OS information (Windows edition)
device id information (used to identify what specific device is requesting settings)
device class information (for example, whether the device is server or desktop)
if you use the Malicious Software Removal Tool (MSRT), the infection report will be sent.
if you use Windows Defender, it will send diagnostic information

Basic:

everything in “Security” level
Basic device info:
- device attribute information (like screen resolution, etc.)
- Internet Explorer version
- Battery attributes (capacity and type)
- Networking attributes (mobile operator network and IMEI number)
- Processor and memory attributes, (number of cores, speed, and firmware)
- OS information
- Storage attributes, such as number of drives and memory size
quality related info:
- how is your operating system performing
- how long is the device in standby mode
- the number of crashes or hangs
list of Apps and drivers and additional information like which apps use how much processor time and memory and whats their total uptime

Enhanced:

Enhanced level includes data from “Basic” and “Security” levels. It focuses on analyzing user interaction with the operating system and apps.

Operating system events (gives insights in events caused by Hyper-V, Cortana, and other components)
Operating system app events (a set of events resulting from downloaded or pre- installed Microsoft apps)
Device-specific events (device specific information like Holographic Processing Unit (HPU)-related events for example)

Full:

Full includes Security, Basic and Enhanced data. It turns on advanced diagnostic features that collect additional data from your device. When telemetry reports a “device experiences problem that is difficult to identify or repeats using Microsoft’s internal testing”, and a Microsoft engineer deems “additional info becomes necessary”, they will make a “diagnostics request” to “Microsoft’s privacy governance team” and if approved they will have Microsoft’s permission so can then:

run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
get registry keys.
gather user content, such as documents, if they might have been the trigger for the issue.

As I’ve already said all devices in the Windows Insider Program are automatically set to this level.

I’ve tried to reduce the copy and pasting in this article to a minimum and to shorten the information as much as possible. If you need any further information my sources for this article:

TechNet:

ZDNet:

Windows 10 telemetry secrets: Where, when, and why Microsoft collects your data

If you miss something really necessary, please let me know.

*Captain

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Windows 10 – Telemetry levels

Submit a comment on “Windows 10 – Telemetry levels” Cancel reply