Microsoft Details Windows Server 2016 Telemetry-Gathering Practices

New documentation sheds light on what the company will do with Windows Server 2016
and System Center 2016 telemetry data when the products ship this fall.

Windows Server 2016 and System Center 2016 will ship later this year, after the summer has come and gone in fact.

“We’re excited to deliver Windows Server 2016 and System Center 2016 to customers this fall,” confirmed Mike Schutz, general manager of Microsoft Cloud Platform Marketing, in an email responding to a request for comment from eWEEK.

By now, most customers know what to expect from the products in terms of features, but a big question mark hangs over the proceedings, at least for security-conscious IT personnel. What kind of information does Microsoft plan to gather from the products and what will the software giant do with it?

Microsoft’s handling of Windows telemetry data has become a touchy topic since the release of Windows 10 last summer, stoking privacy concerns. The operating system is the company’s most cloud-connected system software offering to date, featuring components like Cortana that routinely report back to Microsoft with system and app usage.

With the impending release of Windows Server 2016 and System Center 2016, products that will touch more sensitive and business-critical information for many organizations than the Windows 10 desktop OS, Microsoft appears to be heading off those concerns for enterprise customers.

The company released a new whitepaper May 6 that describes the type of data Microsoft collects from the new server OS and the new data center systems management software, along with how administrators can configure their telemetry settings.

Microsoft collects information using four telemetry levels: Security, Basic, Enhanced and Full. If they look familiar, that’s because Windows 10 and Windows Server 2016 share the same underlying infrastructure, according to the software maker.

As per the document:

Security: Collects Connected User Experience and Telemetry settings and data from the Malicious Software Removal Tool and Windows Defender
Basic: Builds on Security and collects basic device information regarding quality-related data, app compatibility and usage
Enhanced: Builds on both Security and Basic, providing reliability data and offering Microsoft additional insights on how the OS, System Center and apps are used and how they perform
Full: Includes the data from the previous levels and adds telemetry that enables Microsoft to identify problems and help fix them

A complete rundown is in the whitepaper, available here.

Administrators can configure their telemetry levels by using their Group Policy management tools or with a registry tweak. Telemetry collection can also be disabled completely, a practice Microsoft recommends against because “valuable functionality may be impacted,” claims the company.

For businesses that wish to share their telemetry data, Microsoft assures that it’s in good hands.

“We have taken a thoughtful and comprehensive approach to customer privacy and the protection of customer data,” wrote the Microsoft Windows Server team in a May 6 blog post. “For example, data transmission is encrypted and access to the data is based on the principle of least privilege. Only Microsoft personnel with a valid business need are permitted access to the telemetry data.”

In addition, collected data is for as long as Microsoft needs it for analysis or to provide service. Typically, OS and app data is deleted within 30 days. Error reporting data and other types of information may be held longer. When the company furnishes business reports to third-party partners and OEMs, they contain aggregated and anonymized telemetry information.