14. Telemetry
These services either do user data tracking, or are an unnecessary performance hit. See Telemetry Info.
Danger
After every major windows update, verify these settings.
Note
As of 20H2, only GPO’s are covered, unless the value0 cannot be set or enforced via GPO. A reference link is provided to determine the appropriate Registry value to use.
Disable Connected User Experiences and Telemetry Service
Windows 10 collects user data and sends it to Microsoft.
See Diagnostics & Feedback to restrict data collection.
⌘ › services.msc › Connected User Experiences and Telemetry › General
Service name
DiagTrack
Startup type
DISABLED
Service status
STOPPED
Updated: 2021-02-19 Reference
Disable application telemetry
Windows 10 collect information on application usage.
Computer Configuration › Administrative Templates › Windows Components › Application Compatibility › Turn off Application Telemetry
☑
ENABLED
Updated: 2021-02-19 Reference
Disable customer experience improvement program
Windows 10 devices send hardware and software usage information to Microsoft via customer experience improvement program.
Computer Configuration › Administrative Templates › System › Internet Communication Management › Internet Communication settings › Turn off Windows Customer Experience Improvement Program
☑
ENABLED
Disable sending browser history for Edge
Edge browser automatically reports browser history to Microsoft.
GPO
Computer Configuration › Administrative Templates › Windows Components › Data Collection and Preview Builds › Configure collection of browsing data for Desktop Analytics
☑
DISABLED
Updated: 2021-02-19 Reference
GPO
User Configuration › Administrative Templates › Windows Components › Data Collection and Preview Builds › Configure collection of browsing data for Desktop Analytics
☑
DISABLED
Updated: 2021-02-19 Reference
Disable Malicious Software Removal Tool infection reporting
Windows 10 Malicious Software Removal Tool automatically uploads file metadata for infection reporting.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
DontReportInfectionInformation
DWORD
1
Updated: 2021-02-19 Reference
Disable inventory collector
Windows 10 Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft.
Computer Configuration › Administrative Templates › Windows Components › Application Compatibility › Turn off Inventory Collector
☑
ENABLED
Updated: 2021-02-19 Reference
Disable program compatibility assistant
The Program Compatibility Assistant detects known compatibility issues in older programs. After you have run an older program in this version of Windows, it notifies you if there is a problem and offers to fix it the next time you run the program. If the compatibility issue is serious, the Program Compatibility Assistant might warn you or block the program from running.
Computer Configuration › Administrative Templates › Windows Components › Application Compatibility › Turn off Program Compatibility Assistant
☑
ENABLED
Updated: 2021-02-19 Reference
Disable steps recorder
Steps Recorder automatically capture steps you take on a PC, including a text description of what you did and a picture of the screen during each step.
Computer Configuration › Administrative Templates › Windows Components › Application Compatibility › Turn off Steps Recorder
☑
ENABLED
Updated: 2021-02-19 Reference
Force desktop analytics to honor telemetry settings
Desktop Analytics will report additional telemetry information if enabled.
Computer Configuration › Administrative Templates › Windows Components › Data Collection and Preview Builds › Limit Enhanced diagnostic data to the minimum required by Windows Analytics
☑
DISABLED
Updated: 2021-02-19 Reference
14.1. Firewall
Endpoints for telemetry may change. Peridiocally verify these have not changed. See references for additional documentation.
Warning
These endpoints should be blocked or routed to a blackhole. See Pi-Hole and DNAT for Captive DNS.
Connected User Experiences and Telemetry endpoints
Microsoft Defender Advanced Threat Protection is country specific and the prefix changes by country, e.g.: de.vortex-win.data.microsoft.com
Release |
Diagnostic Endpoint |
Functional Endpoint |
Settings Endpoint |
|---|---|---|---|
1703 with 2018-09 cumulative update |
v10c.vortex-win.data.microsoft.com |
v20.vortex-win.data.microsoft.com |
settings-win.data.microsoft.com |
1803 without 2018-09 cumulative update |
v10.events.data.microsoft.com |
v20.vortex-win.data.microsoft.com |
settings-win.data.microsoft.com |
1709 or earlier |
v10.vortex-win.data.microsoft.com |
v20.vortex-win.data.microsoft.com |
settings-win.data.microsoft.com |
Diagnostic data services endpoints
Service |
Endpoint |
|---|---|
Windows Error Reporting |
watson.telemetry.microsoft.com |
› |
ceuswatcab01.blob.core.windows.net |
› |
ceuswatcab02.blob.core.windows.net |
› |
eaus2watcab01.blob.core.windows.net |
› |
eaus2watcab02.blob.core.windows.net |
› |
weus2watcab01.blob.core.windows.net |
› |
weus2watcab02.blob.core.windows.net |
Online Crash Analysis |
oca.telemetry.microsoft.com |
OneDrive app for Windows 10 |
|
› |
vortex.data.microsoft.com/collect/v1 |
Microsoft Defender Advanced Threat Protection |
|
› |
References