Last Updated: September 2016
Your privacy is important to us. This privacy statement explains what data we collect from you and how we use it. The product-specific details sections provide additional information relevant to particular Microsoft developer and enterprise products. This statement applies to the Microsoft products listed, as well as other Microsoft products that display this statement. References to Microsoft products in this statement include Microsoft applications, software and devices.Microsoft participates in the EU-U.S. Privacy Shield framework. To learn more visit https://go.microsoft.com/fwlink/?LinkID=822639.
Microsoft collects data to operate effectively and provide you the best experiences with our products. You provide some of this data directly, such as when you choose to send error reports to Microsoft to help diagnose a performance issue. We get some of it by receiving usage data from software running on your device.
You have choices about personal data we collect. Personal data does not include data that is tied solely to your organization and not to an individual. When you are asked to provide personal data, you may decline. But if you choose not to provide personal data that is necessary to provide a product or feature, you may not be able to use that product or feature.
The data we collect depends on the products and features you use and how the product is configured on your device. But, our collection is generally limited to usage data:
Usage data. We collect data about how you and your devices interact with Microsoft and our products. For example, we may collect:
Product-specific sections and product documentation further describe data collection practices applicable to use of those products.Top of page
Microsoft uses the data we collect to operate our business, to provide product functionalities and experiences, and improve the products and services we offer. This includes operating the products, maintaining and improving the performance of the products and services, including developing new features, and providing customer support. Microsoft does not use this data for advertising purposes.
Examples of such uses include the following:
Product-specific sections and product documentation further describe data collection practices applicable to use of those products.Top of page
With a Microsoft account, you can sign into Microsoft products, as well as those of select Microsoft partners. When you create your own Microsoft account, we refer to that account as a personal Microsoft account. When you sign into products that use Microsoft Azure Active Directory (AAD) with an email address from your employer or school, we refer to that account as a work or school account.
If your employer or school uses AAD to issue and manage the account it provides you, you can use your work or school account to sign into Microsoft products that use AAD. If required by your organization, you will also be asked to provide a phone number or an alternative email address for additional security verification. If you sign into Microsoft products with a work or school account, the owner of the domain associated with your email address may control and administer your account, and access and process your data, including the contents of your communications and files. Your use of the products may be subject to your organization's policies, if any. Microsoft is not responsible for the privacy or security practices of these organizations, which may differ from those of Microsoft. If your organization is administering your use of Microsoft products, please direct your privacy inquiries to your administrator.To learn more about data handling for your Microsoft account and AAD, please read the “Microsoft account” section of the Microsoft Privacy Statement here. Top of page
Microsoft is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit highly confidential data (such as a password) over the Internet, we protect it through the use of encryption.Top of page
Microsoft retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.Top of page
When a Microsoft product collects a user's age, it will either block users under 13 or will ask them to provide consent from a parent or guardian before they can use it. We will not knowingly ask children under 13 to provide more data than is necessary to provide the product.
Once parental consent is granted, the child's account is treated like any other account. The child may have access to communication services like email, instant messaging and online message boards and may be able to communicate freely with other users of all ages.Parents can change or revoke the consent choices previously made, and review, edit or request the deletion of their children's personal data. For example, parents can access their personal Microsoft account and click on "Permissions." Top of page
Microsoft offers preview, free-of-charge or other optional features and products that will enable you to use them while providing feedback and usage data to Microsoft. As a result, these releases can automatically collect additional data, provide fewer controls, and otherwise employ different privacy and security measures than those typically present in our products. If you participate in previews or pre-release programs, we may contact you about your feedback or your interest in continuing to use the product after general release.Top of page
Our address is Microsoft Privacy, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. Telephone: (+1) 425-882-8080.
Microsoft Ireland Operations Limited is our data protection representative for the European Economic Area and Switzerland. The data protection officer of Microsoft Ireland Operations Limited can be reached at the following address: Microsoft Ireland Operations, Ltd., Attn: Data Protection, Carmenhall Road, Sandyford, Dublin 18, Ireland.To find the Microsoft subsidiary in your country or region, see http://www.microsoft.com/worldwide/. Top of page
Windows Server brings Microsoft’s experience delivering global-scale cloud services into your infrastructure. Windows Server provides a wide range of new and enhanced features and capabilities including virtualization, storage, software-defined networking, server management and automation, web and application platform, access and information protection, and more.Key components of Windows Server are cloud-based, and both cloud and local elements of Windows are updated regularly, providing you with the latest improvements and features. In order to provide this computing experience, we collect data about you, your device, and the way you use Windows. We give you choices about the data we collect and how we use it. Note that if your Windows device is managed by your organization (such as your employer or school), your organization may use centralized management tools provided by Microsoft or others to control device settings, device policies, software updates, data collection by us or the organization, or other aspects of your device. For more information about data collection and privacy in Windows Server, go to https://aka.ms/winserverdata. Legacy versions of Windows Server, Windows Storage Server and Windows Server Essentials (including Windows Server, Windows Storage Server 2008, 2008 R2, 2012 and 2012 R2; Windows Server Essentials 2011, 2012 and 2012 R2) are subject to their own privacy statements. Refer to product documentation for more information on product features: Top of page
When you activate Windows, a specific product key is associated with the device on which your software is installed. The product key and data about the software and your device is sent to Microsoft to help validate your license to the software. This data may be sent again if there is a need to re-activate or validate your license.Top of section
Windows location service. Microsoft operates a location service that helps determine the precise geographic location of a specific Windows device. Depending on the capabilities of the device, location is determined using satellite global positioning service (GPS), detecting nearby cell towers and/or Wi-Fi access points and comparing that information against a database that Microsoft maintains of cell towers and Wi-Fi access points whose location is known, or deriving location from your IP address. When the location service is active on a Windows device, data about cell towers and Wi-Fi access points and their locations is collected by Microsoft and added to the location database after removing any data identifying the person or device from which it was collected. Microsoft may also share this de-identified location data with third parties to provide and improve location and mapping services.Windows services and features (such as browsers), applications running on Windows, and websites opened in Windows browsers can access the Windows location service to determine precise location if you allow them to do so. Some features and apps request precise location permission when you first install Windows, some ask the first time you use the app, and others ask every time you access the location service. For information about certain Windows apps that use the location service, see the Windows Apps section.
When the location service is accessed, your Windows device will also upload its location to Microsoft, and we will retain only the last known location (each new location replaces the previous one) to improve the efficiency and operation of our services. Data about a Windows device's recent location history is stored on the device, and certain apps and Windows features can access this location history. You can clear your device's location history at any time in the device's Settings menu.
In Settings, you can also view which applications have access to the location service or your device's location history, turn off or on access to the location service for particular applications, or turn off the location service. You can also set a default location, which will be used when the location service can’t detect a more exact location for your device.
General Location. If you turn on the General Location feature, apps that cannot use your precise location will have access to your general location, such as your city, postal code, or region.Top of section
Device encryption. Device encryption helps protect the data stored on your device by encrypting it using BitLocker Drive Encryption technology. When device encryption is on, Windows automatically encrypts the drive Windows is installed on and generates a recovery key. The BitLocker recovery key for your personal device is automatically backed up online in your personal Microsoft OneDrive account. Microsoft doesn't use your individual recovery keys for any purpose.
Malicious Software Removal Tool. The Malicious Software Removal Tool (MSRT) runs on your device at least once per month as part of Windows Update. MSRT checks devices for infections by specific, prevalent malicious software ("malware") and helps remove any infections found. When the MSRT runs, it will remove the malware listed on the Microsoft Support website if the malware is on your device. During a malware check, a report will be sent to Microsoft with specific data about malware detected, errors, and other data about your device. If you do not want MSRT to send this data to Microsoft, you can disable MSRT's reporting component.
SmartScreen. SmartScreen helps protect you when using our services by checking downloaded files and web content for malicious software, potentially unsafe web content, and other threats to you or your device. When checking a file, data about that file is sent to Microsoft, including the file name, a hash of the file's contents, and the file's digital certificates. If SmartScreen identifies the file as unknown or potentially unsafe, you will see a warning prior to opening the file. When checking web content, data about the content is sent to Microsoft, including the full web address of the content. If SmartScreen detects that content is potentially unsafe, you will see a warning in place of the content. SmartScreen can be turned on or off in Settings.
Windows Defender. Windows Defender looks for malware and other unwanted software on your device. Windows Defender is automatically turned on to help protect your device if no other antimalware software is actively protecting your device. If Windows Defender is turned on, it will monitor the security status of your device. When Windows Defender is turned on, or is running because Limited Periodic Scanning is enabled, it will automatically send reports to Microsoft that contain data about suspected malware and other unwanted software, and it may also send files that could contain malware. If a report is likely to contain personal data, the report is not sent automatically and you'll be prompted before it is sent. You can configure Windows Defender not to send reports and suspected malware to Microsoft.Top of section
Microsoft automatically collects diagnostic and usage information over the internet, and uses it to help improve your installation, upgrade, and user experience, and the quality and security of Microsoft products and services. Consistent with these purposes, the information may be associated with your organization. Windows Server 2016 has four (4) information collection settings (Security, Basic, Enhanced, and Full), and uses the “Enhanced” setting by default. This level includes information required to: (i) run our antimalware and diagnostic and usage information technologies; (ii) understand device quality, and application usage and compatibility; and (iii) identify quality issues in the use and performance of the operating system and applications.Choice and Control: Administrators can change the level of information collection through Settings. For more information on diagnostic and usage information, see ( https://aka.ms/winserverdata).
Windows error reports help Microsoft and Microsoft partners diagnose problems in the software you use and provide solutions. We provide limited portions of error report information to partners (such as OEMs) to help them troubleshoot products and services which work with Windows and other Microsoft products and services. They are only permitted to use this information to repair or improve those products and services.Top of section
Windows Update automatically downloads Windows software updates to your device. You can configure Windows Update to automatically install these updates as they become available (recommended) or have Windows notify you when a restart is required to finish installing updates.Top of section
Whenever you use a web browser to access the Internet, data about your device ("standard device data") is sent to the websites you visit and online services you use. Standard device data includes your device's IP address, browser type and language, access times, and referring website addresses. This data might be logged on those websites' web servers. Which data is logged and how that data is used depends on the privacy practices of the websites you visit and web services you use.Additionally, data about how you use your browser, such as your browsing history, web form data, temporary Internet files, and cookies, is stored on your device. You can delete this data from your device using Delete Browsing History. Internet Explorer uses your search queries and browsing history to provide you with faster browsing and more relevant search results. These features include:
Browsing data collected in connection with these features is used in the aggregate and you can turn off any of these features at any time. These features will not collect browsing history while you have InPrivate Browsing enabled.In order to provide search results, Internet Explorer sends your search queries, standard device information, and location (if you have location enabled) to your default search provider. If Bing is your default search provider, we use this data as described in the Bing section of the Microsoft Privacy Statement. Top of section
Some Windows Server products and features can be configured to work with other services such as Microsoft Azure and Office 365 which have their own privacy policies. Refer to the privacy policies for those services for more information.Top of section