19.7.8.3 (L2) Ensure 'Do not use diagnostic data for tailored experiences' is set to 'Enabled'

Information

This setting determines if Windows can use diagnostic data to provide tailored experiences to the user.

The recommended state for this setting is: Enabled

Tracking, collection and utilization of personalized data is a privacy and security issue that is of concern to many organizations.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

User Configuration\Policies\Administrative Templates\Windows Components\Cloud Content\Do not use diagnostic data for tailored experiences

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template CloudContent.admx/adml that is included with the Microsoft Windows 10 Release 1703 Administrative Templates (or newer).

Impact:

Windows will not use diagnostic data from this device (this data may include browser, app and feature usage, depending on the 'Diagnostic and usage data' setting value) to customize content shown on the lock screen, Windows tips, Microsoft consumer features and other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less personalized.

See Also

https://workbench.cisecurity.org/benchmarks/17971

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv7|9.2

Plugin: Windows

Control ID: bab65681fffee2f200bb48e3b4d3b3a3bb698240150f55bed4af59f4b949b2ec