Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Windows 10: Stop Data Flow to Microsoft

In today’s Ask the Admin, I’ll look at how to stop various Windows 10 apps and OS components from sending or receiving data to and from Microsoft.

Telemetry

Windows 10 collects information about the OS and apps, such as performance and crash data, and then sends it back to Microsoft to improve future OS builds. You can control the amount of data sent by choosing from one of four telemetry levels: Security, Basic, Enhanced (default), and Full. For more information on managing telemetry in Windows 10, see Windows 10 Tip: Manage Telemetry Settings on the Petri IT Knowledgebase.

Cortana

While Cortana requires users to sign-in with a Microsoft Account, there have been concerns that even when disabled, Microsoft’s personal assistant could still be active in the background. Windows 10 contains several Group Policy settings, including Allow Cortana and Don’t search the web or display web results in Search, that allow system administrators to either disable Cortana completely or restrict her ability to perform web searches.

The policy settings are located under Computer Configuration > Administrative Templates > Windows Components > Search in Group Policy. Despite the availability of these settings, Microsoft recommends that if you want to completely disable communication with Bing, the search engine that powers Cortana, you should create a Windows Firewall rule to block all outbound traffic from SearchUI.exe to prevent traffic being sent to Bing to ensure Cortana components on the PC are up-to-date.

%windir%\systemapps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

For more information on working with Group Policy, see How to Create and Link a Group Policy Object in Active Directory on the Petri IT Knowledgebase.

Preinstalled Windows Store apps

Windows 10 comes with a set of preinstalled Windows Store apps, such as Finance and News, but are able to retrieve data before launch to provide a better user experience. The best way to prevent the transfer of data is to remove the apps, which is easily done using PowerShell as shown below for the News app:

Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $_.PackageName}

To remove other apps, simply swap out “Microsoft.BingNews” for “Microsoft.BingWeather” and “Microsoft.BingFinance” etc. Note that the above code should be run from an elevated PowerShell console and only removes the app for new user accounts. To remove apps for existing accounts, you’ll need to run the code as shown below for each user. The example that follows removes the News app for the currently logged in user.

Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage

Sync your settings

If you log in with a Microsoft Account, your settings are synchronized to the cloud. This can easily be disabled with a Group Policy setting:

Computer Configuration > Administrative Templates > Windows Components > Sync your settings > Do not sync

Or in the Accounts menu of the Settings app as shown in the figure below.

Turn off Sync your settings in the Windows 10 Settings app (Image Credit: Russell Smith)

Wi-Fi Sense

Another privacy issue that was blown out of all proportion is the Wi-Fi Sense feature that allows users to share Wi-Fi access point passwords with their contacts. This feature can be disabled in the UI by turning off Connect to suggested open hotspots and Connect to networks shared by my contacts, or via Group Policy by turning off Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services, which will prevent users from enabling the two UI settings mentioned above.

Computer Configuration > Administrative Templates > Network > WLAN Service > WLAN Settings

For more information on Wi-Fi Sense, see No, There Was Nothing Controversial About Wi-Fi Sense on Petri.

Windows Defender

If you want to opt out of the Microsoft Antimalware Protection Service feature in Windows Defender, which allows information to be sent about detected software to improve Defender definition files, set the Join Microsoft MAPS Group Policy setting to Disabled.

Computer Configuration > Administrative Templates > Windows Components > Windows Defender > MAPS

To prevent Windows from sending files to Microsoft for further analysis, you can either turn off Cloud-based Protection in the UPDATE & SECURITY page of the Windows 10 Settings app, or set the Send file samples when further analysis is required GPO setting to Never Send.

For a complete list of the privacy settings available in Windows 10, see Configure Windows 10 devices to stop data flow to Microsoft on TechNet.

by Russell Smith
May 24, 2016

Editorial Director at Petri IT Knowledgebase. Russell has more than 20 years' experience working in IT. From small business to large government IT infrastructure projects. Russell started his writing career for Windows IT Pro magazine in the early...

What is a Roaming User Profile on Windows?

Sep 1, 2023
Oct 24, 2023
Troubleshooting Guide: Fixing the “User Profile Service Failed The Sign-In” Error

Jul 19, 2023
Microsoft to Release Windows 11 LTSC in the Second Half of 2024

Apr 28, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.