Say I have a PDF file on my desktop and in the windows explorer I mark this PDF file and click on the 'Share' button in the explorer ribbon ('Choose an app to share your selected files') -it will open the Share-charm (is it still called that?) on the right side and there only the Windows 10 Mail app is offered - if I click on it - I can setup. To use Remote Desktop on Windows 10, enable it within the computer's settings; this action will then allow other computers to remotely connect to your computer to gain access. After Remote Desktop is enabled, verify that your user account has permission to access the computer.
-->To enroll devices to Desktop Analytics, they need to send diagnostic data to Microsoft. Configuration Manager provides an integrated experience for managing and deploying settings to clients. Use Configuration Manager to manage the diagnostic data level and help configure proxy servers. For the best experience, use Configuration Manager.
Important
In most circumstances, only use Configuration Manager to configure these settings. Don't also apply these settings in domain group policy objects. For more information, see Conflict resolution.
Diagnostic data levels
The basic functionality of Desktop Analytics works at the Requireddiagnostic data level. If you don't configure the Optional (limited) level in Configuration Manager, you won't get the following features of Desktop Analytics:
- App usage
Microsoft recommends that you enable the Optional (limited) diagnostic data level with Desktop Analytics to maximize the benefits you get from it.
Tip
The Optional (Limited) setting in Configuration Manager is the same setting as Limit Enhanced diagnostic data to the minimum required by Windows Analytics policy available on devices running Windows 10, version 1709 and later.
Devices running Windows 10, version 1703 and earlier, Windows 8.1, or Windows 7 don't have this policy setting. When you configure the Optional (limited) setting in Configuration Manager, these devices fall back to the Required level.
Devices running Windows 10, version 1709 have this policy setting. However, when you configure the Optional (limited) setting in Configuration Manager, these devices also fall back to the Required level.
For more information about diagnostic data shared with Microsoft with Optional (limited), see Windows 10 enhanced diagnostic data events and fields.
Important
When you configure the diagnostic data level, you set the upper boundary for the device. By default in Windows 10, version 1803 and later, users can choose to set a lower level. You can control this behavior using the group policy setting, Configure telemetry opt-in setting user interface.
Important
Microsoft has a strong commitment to providing the tools and resources that put you in control of your privacy. As a result, while Desktop Analytics supports Windows 8.1 devices, Microsoft doesn't collect Windows diagnostic data from Windows 8.1 devices located in European countries (European Economic Area [EEA], Switzerland, and the United Kingdom).
For more information, see Desktop Analytics privacy.
The following articles are also good resources for better understanding Windows diagnostic data levels:
Note
Clients configured to send Optional (limited) diagnostic data will send approximately 2 MB of data to the Microsoft cloud on the initial full scan. The daily delta varies between 250-400 KB per day.
The daily delta scan happens at 3:00 AM (device local time). Some events are sent at the first available time throughout the day. These times aren't configurable.
For more information, see Configure Windows diagnostic data in your organization.
Support for new Windows 10 diagnostic data levels
Microsoft is increasing transparency by categorizing the diagnostic data that Windows 10 collects:
- Basic diagnostic data is recategorized as Required
- Full is recategorized as Optional
Starting in Configuration Manager current branch version 2006, the Diagnostic Data tab of the Desktop Analytics service in the Configuration Manager console uses these new labels. In Configuration Manager version 2002 and earlier, the settings had different names:
| Version 2006 and later | Version 2002 and earlier |
|---|---|
| Required | Basic |
| Optional (limited) | Enhanced (Limited) |
| N/A | Enhanced |
| Optional | Full |
If you previously configured any devices at the Enhanced level, when you upgrade to version 2006, they'll revert to Optional (limited). They'll then send less data to Microsoft. This change shouldn't affect what you see in Desktop Analytics.
In an upcoming release of Windows 10, devices configured for Enhanced or Enhanced (Limited) diagnostic data will revert to the Required level. This change may affect the functionality of Desktop Analytics. Use Configuration Manager current branch version 2010, to properly configure these devices to Optional (limited). If you're using another mechanism to configure these policies on devices, you may need to make changes for the upcoming new behavior. For more information, see Changes to Windows diagnostic data collection.
You can test the behavioral changes now in Windows 10 Insider Preview build 19577 and later. After you enroll Windows Insider devices to Desktop Analytics, it may take up to 48 hours to appear on the Desktop Analytics portal or the new configurations to take effect. Use the Configuration Manager console to look for issues or configuration alerts as you Monitor connection health.
Endpoints
To enable data sharing, configure your proxy server to allow the following internet endpoints.
Important
For privacy and data integrity, Windows checks for a Microsoft SSL certificate (certificate pinning) when communicating with the diagnostic data endpoints. SSL interception and inspection aren't possible. To use Desktop Analytics, exclude these endpoints from SSL inspection.
Starting in version 2002, if the Configuration Manager site fails to connect to required endpoints for a cloud service, it raises a critical status message ID 11488. When it can't connect to the service, the SMS_SERVICE_CONNECTOR component status changes to critical. View detailed status in the Component Status node of the Configuration Manager console.
Starting in version 2010, the service connection point validates important internet endpoints for Desktop Analytics. These checks help make sure that the cloud service is available. It also helps you troubleshoot issues by quickly determining if network connectivity is a problem. For more information, see Validate internet access.
Note
For more information on the Microsoft IP address ranges, see Microsoft Public IP Space. These addresses update regularly. There's no granularity by service, any IP address in these ranges could be used.
Server connectivity endpoints
The service connection point needs to communicate with the following endpoints:
| Endpoint | Function |
|---|---|
https://aka.ms | Used to locate the service |
https://graph.windows.net | Used to automatically retrieve settings like CommercialId when attaching your hierarchy to Desktop Analytics (on Configuration Manager Server role). For more information, see Configure the proxy for a site system server. |
https://*.manage.microsoft.com | Used to synch device collection memberships, deployment plans, and device readiness status with Desktop Analytics (on Configuration Manager Server role only). For more information, see Configure the proxy for a site system server. |
https://dc.services.visualstudio.com | For diagnostic data from on-premises service connector to gain insights about the health of cloud-connected services. |
User experience and diagnostic component endpoints
Client devices need to communicate with the following endpoints:
Sharing Desktop Windows 10 Home
| Endpoint | Function |
|---|---|
https://v10c.events.data.microsoft.com | Connected user experience and diagnostic component endpoint. Used by devices running Windows 10, version 1809 or later, or version 1803 with the 2018-09 cumulative update or later installed. |
https://v10.events.data.microsoft.com | Connected user experience and diagnostic component endpoint. Used by devices running Windows 10, version 1803 without the 2018-09 cumulative update installed. |
https://v10.vortex-win.data.microsoft.com | Connected user experience and diagnostic component endpoint. Used by devices running Windows 10, version 1709 or earlier. |
https://vortex-win.data.microsoft.com | Connected user experience and diagnostic component endpoint. Used by devices running Windows 7 and Windows 8.1 |
Client connectivity endpoints
Client devices need to communicate with the following endpoints:
| Index | Endpoint | Function |
|---|---|---|
| 1 | https://settings-win.data.microsoft.com | Enables the compatibility update to send data to Microsoft. |
| 2 | http://adl.windows.com | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
| 3 | https://watson.telemetry.microsoft.com | Windows Error Reporting (WER). Required to monitor deployment health in Windows 10, version 1803 or earlier. |
| 4 | https://umwatsonc.events.data.microsoft.com | Windows Error Reporting (WER). Required for device health reports in Windows 10, version 1809 or later. |
| 5 | https://ceuswatcab01.blob.core.windows.net | Windows Error Reporting (WER). Required to monitor deployment health in Windows 10, version 1809 or later. |
| 6 | https://ceuswatcab02.blob.core.windows.net | Windows Error Reporting (WER). Required to monitor deployment health in Windows 10, version 1809 or later. |
| 7 | https://eaus2watcab01.blob.core.windows.net | Windows Error Reporting (WER). Required to monitor deployment health in Windows 10, version 1809 or later. |
| 8 | https://eaus2watcab02.blob.core.windows.net | Windows Error Reporting (WER). Required to monitor deployment health in Windows 10, version 1809 or later. |
| 9 | https://weus2watcab01.blob.core.windows.net | Windows Error Reporting (WER). Required to monitor deployment health in Windows 10, version 1809 or later. |
| 10 | https://weus2watcab02.blob.core.windows.net | Windows Error Reporting (WER). Required to monitor deployment health in Windows 10, version 1809 or later. |
| 11 | https://kmwatsonc.events.data.microsoft.com | Online Crash Analysis (OCA). Required for device health reports in Windows 10, version 1809 or later. |
| 12 | https://oca.telemetry.microsoft.com | Online Crash Analysis (OCA). Required to monitor deployment health in Windows 10, version 1803 or earlier. |
| 13 | https://login.live.com | Required to provide a more reliable device identity for Desktop Analytics. To disable end-user Microsoft account access, use policy settings instead of blocking this endpoint. For more information, see The Microsoft account in the enterprise. |
| 14 | https://v20.events.data.microsoft.com | Connected user experience and diagnostic component endpoint. |
Proxy server authentication
If your organization uses proxy server authentication for internet access, make sure that it doesn't block the diagnostic data because of authentication. If your proxy doesn't allow devices to send this data, they won't show in Desktop Analytics.
Bypass (recommended)
Configure your proxy servers to not require proxy authentication for traffic to the diagnostic data endpoints. This option is the most comprehensive solution. It works for all versions of Windows 10.
User proxy authentication
Configure devices to use the signed-in user's context for proxy authentication. This method requires the following configurations:
Devices have the current quality update for a supported version of Windows
Configure user-level proxy (WinINET proxy) in Proxy settings in the Network & Internet group of Windows Settings. You can also use the legacy Internet Options control panel.
Make sure that the users have proxy permission to reach the diagnostic data endpoints. This option requires that the devices have console users with proxy permissions, so you can't use this method with headless devices.
Important
The user proxy authentication approach is incompatible with the use of Microsoft Defender Advanced Threat Protection. This behavior is because this authentication relies on the DisableEnterpriseAuthProxy registry key set to 0, while Microsoft Defender ATP requires it to be set to 1. For more information, see Configure machine proxy and internet connectivity settings in Microsoft Defender ATP.
Device proxy authentication
This approach supports the following scenarios:
Headless devices, where no user signs in, or users of the device don't have internet access
Authenticated proxies that don't use Windows Integrated Authentication
If you also use Microsoft Defender Advanced Threat Protection
Show Desktop Windows 10
This approach is the most complex because it requires the following configurations:
Sharing Desktop Windows 7
Make sure devices can reach the proxy server through WinHTTP in local system context. Use one of the following options to configure this behavior:
The command line
netsh winhttp set proxyWeb proxy autodiscovery (WPAD) protocol
Transparent proxy
Configure device-wide WinINET proxy using the following group policy setting: Make proxy settings per-machine (rather than per-user) (ProxySettingsPerUser =
1)Routed connection, or that uses network address translation (NAT)
Configure proxy servers to allow the computer accounts in Active Directory to access the diagnostic data endpoints. This configuration requires proxy servers to support Windows Integrated Authentication.
Sharing Video From Remote Desktop Windows 10
Next steps