Implement privacy control
Users across organizations are becoming more informed about the importance of their data. They have a right to know who is using their data and why, but they also must be able to control and manage the data that is collected about them. Here are some of the measures you can take to control privacy and help protect your users and organization. Each of these contribute to a stronger security posture, which we'll enable with Intune.
Support transparency
Educating users in your organization about the Microsoft Privacy dashboard will enable them to view, export, and delete data that Microsoft might collect based on their Microsoft account activities across Microsoft products like Windows, Microsoft Teams, and Office.
Additionally, it's recommended to keep up with the Microsoft Privacy Report, which is released twice a year. It summarizes important new developments for privacy at Microsoft, such as information on data that is collected, how it might be used, and what you can do to control your data. Consider this dashboard and report some of those nuts and bolts that facilitate servicing.
Manage Windows diagnostic data
There are new options to help you manage Windows diagnostic data. For example, privacy regulations in the European Union require you to be in control of diagnostic data. To help meet these regulations, you can set your organization as the data controller for diagnostics data, and Microsoft as the data processor, to process the data on your behalf. In Intune, use the following custom setting configuration to deploy the Windows diagnostic data processor configuration to your supported devices:
- Name: System/AllowCommercialDataPipeline
- OMA-URI: ./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline
- Data type: Integer (Note: The default value is 0, meaning disabled; use 1 to enable the service)
This also means that you’re able to use familiar tools to manage, export, and delete data to help you meet your compliance obligations. Bookmark Windows Privacy Compliance: A guide for IT and Compliance Professionals for further information.
Windows diagnostic data is data that is collected about Windows devices. It’s used by important services like Update Compliance to help monitor and provide reports about updates on devices. To begin, view Windows diagnostic data and then configure standard Windows diagnostic data collection using settings catalog (illustrated below). If you receive security and quality updates through Windows Update, the minimum recommended setting is Basic.
Configure additional diagnostic data for Windows update compliance and Endpoint Analytics using a Windows health monitoring admin template in Intune (see image).
Control resource access
Resources like a user’s location services, camera, and microphone on a device are critical for some applications are addressed in monthly updates. For example, Microsoft Teams calls rely on microphone access, or a streaming app might rely on location information to provide appropriate content. But these same resources could be targeted by malware to compromise the privacy of users. This could harm your users as they could be recorded or tracked without their consent.
Use the settings catalog in Intune to control resource access on your organization’s devices. See the image below for an example of how you can mass-manage your users’ privacy controls.
On the user end, Windows displays prominent notifications in the system tray, along with description of which app is using a resource whenever a resource is accessed or used. To protect your users and your organization, you would do well to educate your users on how to control and manage access to these resources on their devices using the built-in settings in Windows: Start > Settings > Privacy & security.
