Microsoft has quietly rolled out a change in Windows 10 version 1909 – the latest version of Windows 10 – that allows enterprise customers to stop devices sending telemetry data to Microsoft’s servers.
That’s according to the findings of the Bavarian State Office for Data Protection Supervision, an influential data-protection authority in Germany, which a recent study showed was “strongly dependent” on the Redmond company for its software needs.
European data-protection authorities have raised numerous concerns about Microsoft’s telemetry data collection from Windows 10 devices, including the Netherlands’ recent efforts to limit Office 365 data collection to ensure the company’s practices complied with the EU’s General Data Protection Regulation (GDPR).
Microsoft recently changed its terms for Office 365 globally to fall in line with recommendations from the Dutch Ministry of Justice.
Microsoft has also made some changes to Windows 10 in version 1909, the November 2019 Update, as reported by German Windows-focused blogs Borncity and Deskmodder.
The Bavarian DPA recently released cautiously worded findings about the configurations in Windows 10 that suggest enterprise admins may be able to completely shut off Microsoft’s unwanted telemetry data collection.
The authority conducted a laboratory analysis on one Windows 10 workstation with an Enterprise version of Windows 10 version 1909 that had telemetry data completely deactivated and found that it doesn’t appear to be a data-protection threat.
Remember that Microsoft rolled out new tools in early 2018 to allow users to inspect and control what telemetry data Microsoft’s servers collected. Home and Pro users, for example, can set these to ‘basic’ or ‘full’, reducing but not stopping this type of data collection.
However, Enterprise and Education customers can put a stronger clamp on this data leakage to Microsoft. According to the Bavarian DPA, its initial tests suggest that telemetry data transmission to Microsoft can be totally shut off.
“As part of this laboratory analysis, it was found that the telemetry data from one Windows 10 computer with the Enterprise version can be completely deactivated,” wrote the Bavarian DPA.
However, the Bavarian DPA says although the controls now exist to cut off all telemetry transmissions, it warns that doing so could expose an organization to greater security risks.
“Only calls to (Microsoft) servers that deliver current cryptographic certificates could not be switched off with this configuration, as these are required to ensure that a Windows 10 system can be operated securely on a daily basis (for example, when a user calls back a valid SSL root certificate),” it said.
“These calls can also be prevented by targeted system configurations, although such a procedure is by no means recommended for reasons of security.”
The authority’s assessment is that telemetry data collection in Enterprise and Education editions of Windows 10 is no longer a reason to avoid adopting Windows 10. But it also warns that the finding must be confirmed on a production Windows 10 machine running version 1909.
Nonetheless, it optimistically wrote: “If this result is confirmed in real use of Windows 10 by companies, then at least the handling of telemetry data in Windows 10 Enterprise (even in managed environments) does not constitute a data-protection hindrance to the use of this operating system.”