Microsoft Enterprise and Developer Privacy Statement

Last Updated: September 2016

Your privacy is important to us. This privacy statement explains what data we collect from you and how we use it. The product-specific details sections provide additional information relevant to particular Microsoft developer and enterprise products. This statement applies to the Microsoft products listed, as well as other Microsoft products that display this statement. References to Microsoft products in this statement include Microsoft applications, software and devices.

Microsoft participates in the EU-U.S. Privacy Shield framework. To learn more visit https://go.microsoft.com/fwlink/?LinkID=822639.

  • Cookies
    Most Microsoft Sites use "cookies," small text files that can be read by a web server in the domain that put the cookie on your hard drive. We may use cookies to store your preferences and settings; help with sign-in; provide targeted ads; and analyze site operations. Click here to learn more.

  • Data We Collect

    Microsoft collects data to operate effectively and provide you the best experiences with our products. You provide some of this data directly, such as when you choose to send error reports to Microsoft to help diagnose a performance issue. We get some of it by receiving usage data from software running on your device.

    You have choices about personal data we collect. Personal data does not include data that is tied solely to your organization and not to an individual. When you are asked to provide personal data, you may decline. But if you choose not to provide personal data that is necessary to provide a product or feature, you may not be able to use that product or feature.

    The data we collect depends on the products and features you use and how the product is configured on your device. But, our collection is generally limited to usage data:

    Usage data. We collect data about how you and your devices interact with Microsoft and our products. For example, we may collect:

    • Product use data. We collect data about the features you use, how often you use them, and how you use them.
    • Device data. We collect data about your device and the network you use to connect to our products. This could include data about the operating systems and other software installed on your device, including version information. It also includes IP address, device identifiers (such as the IMEI number for phones), and regional and language settings.
    • Error reports and performance data. We collect data about the performance of the products and any problems you experience with them. This data helps us improve our products and services, to diagnose problems in the products you use, and provide solutions. Depending on your product and settings, error reports can include data such as the type or severity of the problem, details of the software or hardware related to an error, contents of files you were using when an error occurred, and data about other software on your device.
    • Support data. When you engage Microsoft for support, we collect data about you and your hardware, software, and other details related to the support incident. Such data includes contact or authentication data, the content of your chats and other communications with Microsoft support, diagnostic data about the condition of the device and the application when the error occurred and system and registry data about software installations and hardware configurations.

    Product-specific sections and product documentation further describe data collection practices applicable to use of those products.

    Top of page

  • How We Use Data

    Microsoft uses the data we collect to operate our business, to provide product functionalities and experiences, and improve the products and services we offer. This includes operating the products, maintaining and improving the performance of the products and services, including developing new features, and providing customer support. Microsoft does not use this data for advertising purposes.

    Examples of such uses include the following:

    • Providing the products. We use data to provide our products' functionalities and user experiences that enhance productivity. It may also help us personalize your product experience.
    • Customer support. We use data to diagnose product problems, help repair customers' devices, and provide other customer care and support services.
    • Product activation. We use data to activate and properly register the software and devices that require activation.
    • Product improvement. We use data to continually improve our products and services, including adding new features or capabilities, such as using error reports to improve security features, or using usage information to prioritize future feature development.
    • Security, safety and dispute resolution. We use data to protect the security and safety of our products and our customers, detect and prevent fraud, confirm the validity of software licenses, resolve disputes, and enforce our agreements. Our security features and products can disrupt the operation of malicious software and notify users if malicious software is found on their devices.
    • Business operations. We use data to develop aggregated analytics and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.

    Product-specific sections and product documentation further describe data collection practices applicable to use of those products.

    Top of page

  • Reasons We Share Personal Data

    We share your personal data with your consent or as necessary to complete any transaction or provide any product you have requested or authorized. For example, we share your content with third parties when you tell us to do so, such as when you link your product with a service.

    In addition, we share personal data among Microsoft-controlled affiliates and subsidiaries. We also share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we've hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal data in order to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets.

    Finally, we will access, transfer, disclose, and preserve personal data when we have a good faith belief that doing so is necessary to:

    • comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
    • protect our customers, for example to prevent spam or attempts to defraud users of our products, or to help prevent the loss of life or serious injury of anyone;
    • operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks;
    • protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer's private content ourselves, but we may refer the matter to law enforcement.

    For more information about data we disclose in response to requests from law enforcement and other government agencies, please see our Law Enforcement Transparency Report, available at http://microsoft.com/about/corporatecitizenship/en-us/reporting/transparency

    Please note that some of our products include links to services of third parties whose privacy practices differ from Microsoft's. If you provide data to any of those services, your data is governed by their privacy statements.

    Top of page

  • Cookies & Similar Technologies

    Our products may enable you to access a Microsoft website or launch an application that uses cookies, web beacons and similar technologies. Web beacons and cookies could be from Microsoft or third-party service providers.

    To learn more about cookies, please visit the “ Cookies & Similar Technologies” section of the Microsoft Privacy Statement including how to manage them on your devices.

    Top of page

  • Microsoft account

    With a Microsoft account, you can sign into Microsoft products, as well as those of select Microsoft partners. When you create your own Microsoft account, we refer to that account as a personal Microsoft account. When you sign into products that use Microsoft Azure Active Directory (AAD) with an email address from your employer or school, we refer to that account as a work or school account.

    If your employer or school uses AAD to issue and manage the account it provides you, you can use your work or school account to sign into Microsoft products that use AAD. If required by your organization, you will also be asked to provide a phone number or an alternative email address for additional security verification. If you sign into Microsoft products with a work or school account, the owner of the domain associated with your email address may control and administer your account, and access and process your data, including the contents of your communications and files. Your use of the products may be subject to your organization's policies, if any. Microsoft is not responsible for the privacy or security practices of these organizations, which may differ from those of Microsoft. If your organization is administering your use of Microsoft products, please direct your privacy inquiries to your administrator.

    To learn more about data handling for your Microsoft account and AAD, please read the “Microsoft account” section of the Microsoft Privacy Statement here.

    Top of page

  • Other Important Privacy Information

    Below you will find additional privacy information you may find important. You can also find more information on Microsoft's commitment to protecting your privacy at https://privacy.microsoft.com.

    Top of page

  • Security of Personal Data

    Microsoft is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit highly confidential data (such as a password) over the Internet, we protect it through the use of encryption.

    Top of page

  • Where We Store and Process Personal Data

    Personal data collected by Microsoft may be stored and processed in your region, in the United States or in any other country where Microsoft or its affiliates, subsidiaries or service providers maintain facilities. We take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located. When we transfer personal data from the European Economic Area to other countries, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data. Microsoft participates in the EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor frameworks, regarding the collection, use, and retention of data from the European Economic Area and Switzerland. To learn more about the Safe Harbor program, and to view our certification, please visit http://www.export.gov/safeharbor.

    Top of page

  • Our Retention of Personal Data

    Microsoft retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.

    Top of page

  • Collection of Data From Children

    When a Microsoft product collects a user's age, it will either block users under 13 or will ask them to provide consent from a parent or guardian before they can use it. We will not knowingly ask children under 13 to provide more data than is necessary to provide the product.

    Once parental consent is granted, the child's account is treated like any other account. The child may have access to communication services like email, instant messaging and online message boards and may be able to communicate freely with other users of all ages.

    Parents can change or revoke the consent choices previously made, and review, edit or request the deletion of their children's personal data. For example, parents can access their personal Microsoft account and click on "Permissions."

    Top of page

  • Preview and Free-of-Charge Products

    Microsoft offers preview, free-of-charge or other optional features and products that will enable you to use them while providing feedback and usage data to Microsoft. As a result, these releases can automatically collect additional data, provide fewer controls, and otherwise employ different privacy and security measures than those typically present in our products. If you participate in previews or pre-release programs, we may contact you about your feedback or your interest in continuing to use the product after general release.

    Top of page

  • Changes to This Privacy Statement

    We will update this privacy statement when necessary to reflect customer feedback and changes in our products. When we post changes to this statement, we will revise the "last updated" date at the top of the statement and describe the changes on the Change History page. If there are material changes to the statement or in how Microsoft will use your personal data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Microsoft is protecting your information.

    Top of page

  • How to Contact Us

    If you have a technical or support question, please visit http://support.microsoft.com to learn more about Microsoft Support offerings. If you have a personal Microsoft account password question, please visit Microsoft account support.

    If you have a privacy concern or a question for the Chief Privacy Officer of Microsoft, please contact us by using our Web form. We will respond to questions or concerns within 30 days.

    Our address is Microsoft Privacy, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. Telephone: (+1) 425-882-8080.

    Microsoft Ireland Operations Limited is our data protection representative for the European Economic Area and Switzerland. The data protection officer of Microsoft Ireland Operations Limited can be reached at the following address: Microsoft Ireland Operations, Ltd., Attn: Data Protection, Carmenhall Road, Sandyford, Dublin 18, Ireland.

    To find the Microsoft subsidiary in your country or region, see http://www.microsoft.com/worldwide/.

    Top of page

  • Windows Server

    Windows Server brings Microsoft’s experience delivering global-scale cloud services into your infrastructure. Windows Server provides a wide range of new and enhanced features and capabilities including virtualization, storage, software-defined networking, server management and automation, web and application platform, access and information protection, and more.

    Key components of Windows Server are cloud-based, and both cloud and local elements of Windows are updated regularly, providing you with the latest improvements and features. In order to provide this computing experience, we collect data about you, your device, and the way you use Windows. We give you choices about the data we collect and how we use it. Note that if your Windows device is managed by your organization (such as your employer or school), your organization may use centralized management tools provided by Microsoft or others to control device settings, device policies, software updates, data collection by us or the organization, or other aspects of your device. For more information about data collection and privacy in Windows Server, go to https://aka.ms/winserverdata. Legacy versions of Windows Server, Windows Storage Server and Windows Server Essentials (including Windows Server, Windows Storage Server 2008, 2008 R2, 2012 and 2012 R2; Windows Server Essentials 2011, 2012 and 2012 R2) are subject to their own privacy statements.

    Refer to product documentation for more information on product features:

    Top of page

  • Activation

    When you activate Windows, a specific product key is associated with the device on which your software is installed. The product key and data about the software and your device is sent to Microsoft to help validate your license to the software. This data may be sent again if there is a need to re-activate or validate your license.

    Top of section

  • Advertising ID

    Windows generates a unique advertising ID for each user on a device. When the advertising ID is enabled, apps can access and use the advertising ID in much the same way that websites can access and use a unique identifier stored in a cookie. Thus, your advertising ID can be used by app developers (and the advertising networks they work with) to provide more relevant advertising and other personalized experiences across their apps. You can turn off access to this identifier at any time in the device Settings. If you choose to turn it on again, the advertising ID will be reset and a new identifier will be generated. When a third-party app accesses the advertising ID, its use of the advertising ID will be subject to its own privacy policy. For more information on Microsoft’s use of data for advertising, see the How We Use Data section of this statement.

    Top of section

  • Location Services

    Windows location service. Microsoft operates a location service that helps determine the precise geographic location of a specific Windows device. Depending on the capabilities of the device, location is determined using satellite global positioning service (GPS), detecting nearby cell towers and/or Wi-Fi access points and comparing that information against a database that Microsoft maintains of cell towers and Wi-Fi access points whose location is known, or deriving location from your IP address. When the location service is active on a Windows device, data about cell towers and Wi-Fi access points and their locations is collected by Microsoft and added to the location database after removing any data identifying the person or device from which it was collected. Microsoft may also share this de-identified location data with third parties to provide and improve location and mapping services.

    Windows services and features (such as browsers), applications running on Windows, and websites opened in Windows browsers can access the Windows location service to determine precise location if you allow them to do so. Some features and apps request precise location permission when you first install Windows, some ask the first time you use the app, and others ask every time you access the location service. For information about certain Windows apps that use the location service, see the Windows Apps section.

    When the location service is accessed, your Windows device will also upload its location to Microsoft, and we will retain only the last known location (each new location replaces the previous one) to improve the efficiency and operation of our services. Data about a Windows device's recent location history is stored on the device, and certain apps and Windows features can access this location history. You can clear your device's location history at any time in the device's Settings menu.

    In Settings, you can also view which applications have access to the location service or your device's location history, turn off or on access to the location service for particular applications, or turn off the location service. You can also set a default location, which will be used when the location service can’t detect a more exact location for your device.

    General Location. If you turn on the General Location feature, apps that cannot use your precise location will have access to your general location, such as your city, postal code, or region.

    Top of section

  • Security and Safety Features

    Device encryption. Device encryption helps protect the data stored on your device by encrypting it using BitLocker Drive Encryption technology. When device encryption is on, Windows automatically encrypts the drive Windows is installed on and generates a recovery key. The BitLocker recovery key for your personal device is automatically backed up online in your personal Microsoft OneDrive account. Microsoft doesn't use your individual recovery keys for any purpose.

    Malicious Software Removal Tool. The Malicious Software Removal Tool (MSRT) runs on your device at least once per month as part of Windows Update. MSRT checks devices for infections by specific, prevalent malicious software ("malware") and helps remove any infections found. When the MSRT runs, it will remove the malware listed on the Microsoft Support website if the malware is on your device. During a malware check, a report will be sent to Microsoft with specific data about malware detected, errors, and other data about your device. If you do not want MSRT to send this data to Microsoft, you can disable MSRT's reporting component.

    SmartScreen. SmartScreen helps protect you when using our services by checking downloaded files and web content for malicious software, potentially unsafe web content, and other threats to you or your device. When checking a file, data about that file is sent to Microsoft, including the file name, a hash of the file's contents, and the file's digital certificates. If SmartScreen identifies the file as unknown or potentially unsafe, you will see a warning prior to opening the file. When checking web content, data about the content is sent to Microsoft, including the full web address of the content. If SmartScreen detects that content is potentially unsafe, you will see a warning in place of the content. SmartScreen can be turned on or off in Settings.

    Windows Defender. Windows Defender looks for malware and other unwanted software on your device. Windows Defender is automatically turned on to help protect your device if no other antimalware software is actively protecting your device. If Windows Defender is turned on, it will monitor the security status of your device. When Windows Defender is turned on, or is running because Limited Periodic Scanning is enabled, it will automatically send reports to Microsoft that contain data about suspected malware and other unwanted software, and it may also send files that could contain malware. If a report is likely to contain personal data, the report is not sent automatically and you'll be prompted before it is sent. You can configure Windows Defender not to send reports and suspected malware to Microsoft.

    Top of section

  • Diagnostic and Usage Information. & Error Reporting

    Microsoft automatically collects diagnostic and usage information over the internet, and uses it to help improve your installation, upgrade, and user experience, and the quality and security of Microsoft products and services. Consistent with these purposes, the information may be associated with your organization. Windows Server 2016 has four (4) information collection settings (Security, Basic, Enhanced, and Full), and uses the “Enhanced” setting by default. This level includes information required to: (i) run our antimalware and diagnostic and usage information technologies; (ii) understand device quality, and application usage and compatibility; and (iii) identify quality issues in the use and performance of the operating system and applications.

    Choice and Control: Administrators can change the level of information collection through Settings. For more information on diagnostic and usage information, see ( https://aka.ms/winserverdata).

    Windows error reports help Microsoft and Microsoft partners diagnose problems in the software you use and provide solutions. We provide limited portions of error report information to partners (such as OEMs) to help them troubleshoot products and services which work with Windows and other Microsoft products and services. They are only permitted to use this information to repair or improve those products and services.

    Top of section

  • Update Services

    Update Services for Windows includes Windows Update and Microsoft Update. Windows Update is a service that provides you with software updates for Windows software and other supporting software, such as drivers and firmware supplied by device manufacturers. Microsoft Update is a service that provides you with software updates for other Microsoft software such as Office.

    Windows Update automatically downloads Windows software updates to your device. You can configure Windows Update to automatically install these updates as they become available (recommended) or have Windows notify you when a restart is required to finish installing updates.

    Top of section

  • Web Browsers: Internet Explorer

    Whenever you use a web browser to access the Internet, data about your device ("standard device data") is sent to the websites you visit and online services you use. Standard device data includes your device's IP address, browser type and language, access times, and referring website addresses. This data might be logged on those websites' web servers. Which data is logged and how that data is used depends on the privacy practices of the websites you visit and web services you use.

    Additionally, data about how you use your browser, such as your browsing history, web form data, temporary Internet files, and cookies, is stored on your device. You can delete this data from your device using Delete Browsing History.

    Internet Explorer uses your search queries and browsing history to provide you with faster browsing and more relevant search results. These features include:
    • AutoSearch and Search Suggestions in Internet Explorer automatically sends the information you type into the browser address bar to your default search provider (such as Bing) and offer search recommendations as you type each character.
    • Page Prediction sends your browsing history to Microsoft and uses aggregated browsing history data to predict which pages you are likely to browse to next and proactively loads those pages in the background for a faster browsing experience.
    • Suggested Sites recommends web contents that you might be interested in based on your search and browsing history.

    Browsing data collected in connection with these features is used in the aggregate and you can turn off any of these features at any time. These features will not collect browsing history while you have InPrivate Browsing enabled.

    In order to provide search results, Internet Explorer sends your search queries, standard device information, and location (if you have location enabled) to your default search provider. If Bing is your default search provider, we use this data as described in the Bing section of the Microsoft Privacy Statement.

    Top of section

  • Connected Services, Azure and Office 365

    Some Windows Server products and features can be configured to work with other services such as Microsoft Azure and Office 365 which have their own privacy policies. Refer to the privacy policies for those services for more information.

    Top of section