Windows 10 desktop apps and privacy

Desktop apps are a specific type of app that won’t ask for permission to access data associated with privacy settings in Windows 10 in the same way that a Microsoft Store app does. Some desktop apps may not even ask for permission to get access to personal data stored on your device. Desktop apps also won’t appear in the list of apps in the privacy settings pages that allows you to choose which apps can use data associated with that privacy setting.

What are desktop apps? They’re usually downloaded from the internet or installed with some type of media (such as a CD, DVD, or USB storage device). They’re launched using an .EXE or .DLL file, and they typically run on your device, unlike web-based apps (which run in the cloud).

Please read the privacy policies of any desktop app you install to learn more about how they might use personal data stored on your device. You should also check if the desktop apps you have installed have provided their own options to control access to personal data. To further reduce the risk that an app or service can access personal data when a privacy setting is off, you should only install apps and services from trusted sources.

There are varying degrees of exceptions to how a desktop app may access and use personal data on the device beyond the privacy controls available in Windows 10.

Location. Even when you’ve turned off the device location setting, some third-party apps and services could use other technologies (such as Bluetooth, Wi-Fi, cellular modem, etc.) to determine your device’s location with varying degrees of accuracy. Microsoft requires third-party software developers that develop apps for our Microsoft Store or develop apps using Microsoft tools to respect the Windows location settings unless you’ve provided any legally required consent to have the third-party developer determine your location. For more comprehensive protection of your location, you could consider disabling radio-based components of your device such as Wi-Fi, Bluetooth, cellular modem, and GPS components, which might be used by an app to determine your precise location. However, doing so will also impair other experiences such as calling (including emergency calling), messaging, internet connectivity, and connecting to peripheral devices like your headphones.

Camera, Microphone, and other privacy settings tied directly to a peripheral device. Some desktop apps may not be affected by turning off these privacy settings. For example, an app that also installs a driver could interact directly with your camera or microphone hardware, bypassing the ability of Windows to control the access. For more comprehensive protection of your personal data associated with these settings, you could consider disabling these devices, such as disconnecting or disabling your camera or microphone.

Other privacy settings. For other privacy settings not mentioned above, there are no steps you can take to ensure desktop apps do not access personal data without your awareness unless you choose not to install or use the app.

Windows 10 & Privacy Compliance:
A Guide for IT and Compliance Professionals

• Windows 10 Enterprise
• Windows 10 Education
• Windows Server 2016 and newer

Overview

Microsoft is increasing transparency by categorizing the data we collect as required or optional. Windows 10 is in the process of updating devices to reflect this new categorization, and during this transition Basic diagnostic data will be recategorized as Required diagnostic data and Full diagnostic data will be recategorized as Optional diagnostic data. For more information, see Changes to Windows diagnostic data.

At Microsoft, we are committed to data privacy across all our products and services. With this guide, we provide administrators and compliance professionals with data privacy considerations for Windows 10.

Microsoft collects data through multiple interactions with users of Windows 10 devices. This information can contain personal data that may be used to provide, secure, and improve Windows 10 services. To help users and organizations control the collection of personal data, Windows 10 provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article.

This information allows administrators and compliance professionals to work together to better manage personal data privacy considerations and related regulations, such as the General Data Protection Regulation (GDPR)

1. Windows 10 data collection transparency

Transparency is an important part of the data collection process in Windows 10. Comprehensive information about the features and processes used to collect data is available to users and administrators directly within Windows, both during and after device set up.

1.1 Device set up experience and support for layered transparency

When setting up a device, a user can configure their privacy settings. Those privacy settings are key in determining the amount of personal data collected. For each privacy setting, the user is provided information about the setting along with the links to supporting information. This information explains what data is collected, how the data is used, and how to manage the setting after the device setup is complete. When connected to the network during this portion of setup, the user can also review the privacy statement. A brief overview of the set up experience for privacy settings is described in Windows Insiders get first look at new privacy screen settings layout coming to Windows 10, a blog entry on Windows Blogs.

The following table provides an overview of the Windows 10 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information.

This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Windows 10, version 1809 and newer). For the full list of settings that involve data collection, see Manage connections from Windows operating system components to Microsoft services.

Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device and understand the device’s service issues and use patterns.

Diagnostic data is categorized into the following:

• Required diagnostic data
  Previously known as basic diagnostic data, required diagnostic data includes information about your device, its settings, capabilities, and whether it is performing properly, whether a device is ready for an update, and whether there are factors that may impede the ability to receive updates, such as low battery, limited disk space, or connectivity through a paid network. You can find out what is collected with required diagnostic data here.
• Optional diagnostic data
  Previously known as full diagnostic data, optional diagnostic data includes more detailed information about your device and its settings, capabilities, and device health. When you choose to send optional diagnostic data, required diagnostic data will always be included. You can find out the types of optional diagnostic data collected here.

Configure Windows diagnostic data in your organization

Cortana is Microsoft’s personal digital assistant, which helps busy people get things done, even while they’re at work. Cortana on Windows is available in certain regions and languages. Cortana learns from certain data about the user, such as location, searches, calendar, contacts, voice input, speech patterns, email, content and communication history from text messages. In Microsoft Edge, Cortana uses browsing history. The user is in control of how much data is shared.

Cortana has powerful configuration options, specifically optimized for a business. By signing in with an Azure Active Directory (Azure AD) account, enterprise users can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.

1.2 Data collection monitoring

Diagnostic Data Viewer (DDV) is a Microsoft Store app (available in Windows 10, version 1803 and newer) that lets a user review the Windows diagnostic data that is being collected on their Windows 10 device and sent to Microsoft in real-time. DDV groups the information into simple categories that describe the data that’s being collected.

An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The Diagnostic Data Viewer for PowerShell Overview provides further information.

2. Windows 10 data collection management

Windows 10 provides the ability to manage privacy settings through several different methods. Users can change their privacy settings using the Windows 10 settings (Start > Settings > Privacy). The organization can also manage the privacy settings using Group Policy or Mobile Device Management (MDM). The following sections provide an overview on how to manage the privacy settings previously discussed in this article.

2.1 Privacy setting options for users

Once a Windows 10 device is set up, a user can manage data collection settings by navigating to Start > Settings > Privacy. Administrators can control privacy settings via setting policy on the device (see Section 2.2 below). If this is the case, the user will see an alert that says Some settings are hidden or managed by your organization when they navigate to Start > Settings > Privacy. In this case, the user can only change settings in accordance with the policies that the administrator has applied to the device.

2.2 Privacy setting controls for administrators

Administrators can configure and control privacy settings across their organization by using Group Policy, Mobile Device Management (MDM), or Windows registry settings.

The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these policies. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting by using policy and suppress the Out-of-box Experience (OOBE) during device setup. If you’re interested in minimizing data collection, we also provide the recommended value to set.

This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, see Manage connections from Windows operating system components to Microsoft services.

Feature/Setting	Description	Supporting Content	Privacy Statement
Diagnostic Data	Privacy Statement
Inking and typing diagnostics	Microsoft collects optional inking and typing diagnostic data to improve the language recognition and suggestion capabilities of apps and services running on Windows.	Learn more	Privacy Statement
Speech	Use your voice for dictation and to talk to Cortana and other apps that use Windows cloud-based speech recognition. Microsoft collects voice data to help improve speech services.	Learn more	Privacy Statement
Location	Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services.	Learn more	Privacy Statement
Find my device	Use your device’s location data to help you find your device if you lose it.	Learn more	Privacy Statement
Tailored Experiences	Let Microsoft offer you tailored experiences based on the diagnostic data you choose to send. Tailored experiences include personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs.	Learn more	Privacy Statement
Advertising Id	Apps can use advertising ID to provide more personalized advertising in accordance with the privacy policy of the app provider.	Learn more	Privacy statement
Activity History/Timeline – Cloud Sync	If you want Windows Timeline and other Windows features to help you continue what you were doing, even when you switch devices, send Microsoft your activity history, which includes info about websites you browse and how you use apps and services.	Learn more	Privacy statement
Cortana

Feature/Setting	GP/MDM Documentation	Default State if the Setup experience is suppressed	State to stop/minimize data collection
Speech	Group Policy: Computer Configuration > Control Panel > Regional and Language Options > Allow users to enable online speech recognition services

MDM: Privacy/AllowInputPersonalization Off Off Location Group Policy:
Computer Configuration > Windows Components > App Privacy > Let Windows apps access location

MDM: Privacy/LetAppsAccessLocation Off (Windows 10, version 1903 and later) Off Find my device Group Policy:
Computer Configuration > Windows Components > Find My Device > Turn On/Off Find My Device

MDM: Experience/AllFindMyDevice Off Off Diagnostic Data Group Policy:
Computer Configuration > Windows Components > Data Collection and Preview Builds > Allow Telemetry

MDM: System/AllowTelemetry Desktop editions:
Required diagnostic data (Windows 10, version 1903 and later)

Server editions:
Required diagnostic data Security and block endpoints Inking and typing diagnostics Group Policy:
Computer Configuration > Windows Components > Text Input > Improve inking and typing recognition

MDM: TextInput/AllowLinguisticDataCollection Off (Windows 10, version 1809 and later) Off Tailored Experiences Group Policy:
User Configuration > Windows Components > Cloud Content > Do not use diagnostic data for tailored experiences

MDM: Experience/AllowTailoredExperiencesWithDiagnosticData Off Off Advertising ID Group Policy:
Computer Configuration > System > User Profile > Turn off the advertising Id

MDM: Privacy/DisableAdvertisingId Off Off Activity History/Timeline – Cloud Sync Group Policy:
Computer Configuration > System > OS Policies > Allow upload of User Activities

MDM: Privacy/EnableActivityFeed Off Off Cortana Group Policy:
Computer Configuration > Windows Components > Search > Allow Cortana

MDM: Experience/AllowCortana Off Off

2.3 Guidance for configuration options

This section provides general details and links to more detailed information, as well as instructions for administrators and compliance professionals. These instructions allow you to manage device settings to manage the compliance objectives of your organization. This information includes details about setting up a device, configuring the device’s settings after setup is complete to minimize data collection, and driving privacy-related user experiences.

2.3.1 Managing the device setup experience

Windows deployment can be configured using several different methods that provide an administrator with options for control, including how a device is set up, which options are enabled by default, and what the user is able to change on the device after they log on.

If you want the ability to fully control and apply restrictions on data being sent back to Microsoft, you can use Configuration Manager as a deployment solution. Configuration Manager can be used to deploy a customized boot image using a variety of deployment methods. You can further restrict any Configuration Manager-specific diagnostic data from being sent back to Microsoft by turning off this setting as outlined in the instructions here.

Alternatively, your administrators can also choose to use Windows Autopilot. Autopilot lessens the overall burden of deployment while allowing administrators to fully customize the out-of-box experience. However, since Windows Autopilot is a cloud-based solution, administrators should be aware that a minimal set of device identifiers are sent back to Microsoft during initial device boot up. This device-specific information is used to identify the device so that it can receive the administrator-configured Autopilot profile and policies.

You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows 10:

2.3.2 Managing connections from Windows components to Microsoft services

Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows components.

For more details, see Manage connections from Windows operating system components to Microsoft services. This topic includes the different methods available on how to configure each setting, the impact to functionality, and which versions of Windows that are applicable.

2.3.3 Managing Windows 10 connections

Some Windows components, apps, and related services transfer data to Microsoft network endpoints. An administrator may want to block these endpoints for their organization to meet their specific compliance objectives.

Manage connection endpoints for Windows 10, version 1903 provides a list of endpoints for the latest Windows 10 release, along with descriptions of any functionality that would be impacted by restricting data collection. Details for additional Windows versions can be found on the Windows Privacy site under the Manage Windows 10 connection endpoints section of the left-hand navigation menu.

2.3.4 Limited functionality baseline

An organization may want to further minimize the amount of data sent back to Microsoft or shared with Microsoft apps by managing the connections and configuring additional settings on their devices. Similar to Windows security baselines, Microsoft has released a limited functionality baseline focused on configuring settings to minimize the data sent back to Microsoft. However, the functionality of the device could be impacted by applying these settings. The Manage connections from Windows operating system components to Microsoft services article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators that don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization.

We recommend that you fully test any modifications to these settings before deploying them in your organization.

2.3.5 Diagnostic data: Managing notifications for change of level at logon

Starting with Windows 10, version 1803, if an administrator modifies the diagnostic data collection setting, users are notified of this change during the initial device sign in. For example, if you configure the device to send optional diagnostic data, users will be notified the next time they sign into the device. You can disable these notifications by using the Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure telemetry opt-in change notifications or the MDM policy ConfigureTelemetryOptInChangeNotification .

2.3.6 Diagnostic data: Managing end user choice for changing the setting

Windows 10, version 1803 and newer allows users to change their diagnostic data level to a lower setting than what their administrator has set. For example, if you have configured the device to send optional diagnostic data, a user can change the setting so that only required diagnostic data is sent by going into Settings > Privacy > Diagnostics & feedback. Administrators can restrict a user’s ability to change the setting using Setting > Privacy by setting the Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure telemetry opt-in setting user interface or the MDM policy ConfigureTelemetryOptInSettingsUx .

2.3.7 Diagnostic data: Managing device-based data delete

Windows 10, version 1809 and newer allows a user to delete diagnostic data collected from their device by using Settings > Privacy > Diagnostic & feedback and clicking the Delete button under the Delete diagnostic data heading. An administrator can also delete diagnostic data for a device using the Clear-WindowsDiagnosticData PowerShell cmdlet.

An administrator can disable a user’s ability to delete their device’s diagnostic data by setting the Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Disable deleting diagnostic data or the MDM policy DisableDeviceDelete .

3. The process for exercising data subject rights

This section discusses the different methods Microsoft provides for users and administrators to exercise data subject rights for data collected from a Windows 10 device.

3.1 Delete

Users can delete their device-based data by going to Settings > Privacy > Diagnostic & feedback and clicking the Delete button under the Delete diagnostic data heading. Administrators can also use the Clear-WindowsDiagnosticData PowerShell cmdlet.

3.2 View

The Diagnostic Data Viewer (DDV) provides a view into the diagnostic data being collected from a Windows 10 device. Administrators can also use the Get-DiagnosticData PowerShell cmdlet.

3.3 Export

The Diagnostic Data Viewer (DDV) provides the ability to export the diagnostic data captured while the app is running, by clicking the Export data button in the top menu. Administrators can also use the Get-DiagnosticData PowerShell cmdlet script.

3.4 Devices connected to a Microsoft account

If a user signs in to a Windows experience or app on their device with their Microsoft account, they can view, delete, and export data associated with their Microsoft account on the Privacy dashboard.

4. Cross-border data transfers

Microsoft complies with applicable law regarding the collection, use, and retention of personal information, including its transfer across borders

Microsoft’s Privacy Statement provides details on how we store and process personal data.

5. Related Windows product considerations

The following sections provide details about how privacy data is collected and managed across related Windows products.

5.1 Windows Server 2016 and newer

Windows Server follows the same mechanisms as Windows 10 for handling of personal data.

5.2 Surface Hub

Surface Hub is a shared device used within an organization. The device identifier collected as part of diagnostic data is not connected to a user. To delete the Windows diagnostic data sent to Microsoft for Surface Hub, you can use the Surface Hub Delete Diagnostic Data tool available in the Microsoft Store

Apps and services that run on Windows but are not considered part of Windows will manage data collection using their own controls. Please contact the publisher for further guidance on how to control the data collection and transmission of these apps and services.

An administrator can configure privacy-related settings, such as choosing to only send required diagnostic data. Surface Hub does not support Group Policy for centralized management. However, administrators can use MDM to apply these settings to Surface Hub. For more information about Surface Hub and MDM, see Manage settings with an MDM provider (Surface Hub).

5.3 Desktop Analytics

Desktop Analytics is a set of solutions for Azure Portal that provide you with extensive data about the state of devices in your deployment. Desktop Analytics is a separate offering from Windows 10 and is dependent on enabling a minimum set of data collection on the device to function.

5.4 Microsoft Managed Desktop

Microsoft Managed Desktop (MMD) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows 10 Enterprise edition, Office 365 ProPlus, and Microsoft security services.