Detections
Analytics
18.10.15.1 (L1) Ensure 'Allow Diagnostic Data' is set to 'Enabled: Diagnostic data off (not recommended)' or 'Enabled: Send required diagnostic data'
Information
This policy setting determines the amount of diagnostic and usage data reported to Microsoft:-
A value of (0) Diagnostic data off (not recommended) Using this value, no diagnostic data is sent from the device. This value is only supported on Enterprise, Education, and Server editions. If you choose this setting, devices in your organization will still be secure.
-
A value of (1) Send required diagnostic data This is the minimum diagnostic data necessary to keep Windows secure, up to date, and performing as expected. Using this value disables the
Optional diagnostic data
control in the Settings app.
-
A value of (3) Send optional diagnostic data Additional diagnostic data is collected that helps us to detect, diagnose and fix issues, as well as make product improvements. Required diagnostic data will always be included when you choose to send optional diagnostic data. Optional diagnostic data can also include diagnostic log files and crash dumps. Use the
Limit Dump Collection
and the
Limit Diagnostic Log Collection
policies for more granular control of what optional diagnostic data is sent.
Windows telemetry settings apply to the Windows operating system and some first party apps. This setting does not apply to third party apps running on Windows 10/11.
The recommended state for this setting is: Enabled: Diagnostic data off (not recommended) or Enabled: Send required diagnostic data
Note: If your organization relies on Windows Update, the minimum recommended setting is Required diagnostic data Because no Windows Update information is collected when diagnostic data is off, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of updates.
Note #2: The
Configure diagnostic data opt-in settings user interface
group policy can be used to prevent end users from changing their data collection settings.
Note #3: Enhanced diagnostic data setting is not available on Windows 11 and Windows Server 2022 and has been replaced with policies that can control the amount of optional diagnostic data that is sent. For more information on these settings visit
Manage diagnostic data using Group Policy and MDM
Sending any data to a third-party vendor is a security concern and should only be done on an as needed basis.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled: Diagnostic data off (not recommended) or Enabled: Send required diagnostic data :Computer Configuration\Policies\Administrative Templates\Windows Components\Data Collection and Preview Builds\Allow Diagnostic Data
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template DataCollection.admx/adml that is included with the Microsoft Windows 10 RTM (Release 1507) Administrative Templates (or newer).
Note #2: In older Microsoft Windows Administrative Templates, this setting was initially named
Allow Telemetry
, but it was renamed to
Allow Diagnostic Data
starting with the Windows 11 Release 21H2 Administrative Templates.
Impact:
Note that setting values of 0 or 1 will degrade certain experiences on the device.
See Also
Item Details
Category: SYSTEM AND INFORMATION INTEGRITY
References: 800-53|SI-4, CSCv7|9.2
Plugin: Windows
Control ID: 029d5d9e84694f9c95d626308d0c11ff15d7d968928a2f04f29ef3d250928860