The German Federal Office for Information Security (orig., ger., Bundesamt für Sicherheit in der Informationstechnik – BSI) has published our report on Microsoft Office Telemetry.

Microsoft has released a set of privacy settings for Office, one of which enables users to configure the type and amount of diagnostic (i.e., telemetry) data that Office may send to Microsoft. When deployed, it is available in the form of a group policy setting. It allows users to configure one of the following diagnostic data levels: required, optional, or neither.  The report we produced:

  • analyzes the impact of the required, optional, and neither diagnostic data levels on the output of diagnostic data produced by Office; and
  • provides and evaluates approaches for partially or fully disabling the output of diagnostic data produced by Office.

The report is available here (in English).

While on the subject of telemetry, there are two relevant related documents that we, the Windows team at ERNW,  have produced:

  • An Analysis of Windows 10 Telemetry (in English) – this document provides a detailed overview of the Windows 10 logging functionalities for collecting telemetry data, an in-depth analysis of the collection and procession of telemetry data, and discussions on the network interfaces of Windows Telemetry;
  • An Analysis of Windows 10 Telemetry: Configuration and logging guidelines (in German) – this document provides detailed guidelines for configuring Windows Telemetry, with a focus on disabling or reducing Windows Telemetry activities.

The above documents have been created in the course of the SiSyPHus project, contracted by the German Federal Office for Information Security.  By sharing knowledge on Windows Telemetry, we aim to enable the Windows user community to assess potential privacy implications of Windows Telemetry in an informed and technically correct manner.

Best regards,

Aleksandar Milenkoski