In this article, we will explain how to configure Windows diagnostic data using Intune for your organization. We will use a device restriction policy in Intune to set Telemetry level as Required for Windows devices.
Broadly, there are two ways to manage Windows diagnostic data in an organization: Group Policy and Intune (MDM). If your Windows devices are managed by Intune, you can choose the telemetry level and configure how the diagnostic data is sent to Microsoft.
On Windows devices, Telemetry refers to the process of collecting and transmitting diagnostic data from a user’s device to Microsoft’s servers for a variety of purposes. This information assists Microsoft in improving its products and services, troubleshooting issues, and making informed decisions about future updates and features.
What is Windows Diagnostic Data?
Microsoft collects Windows diagnostic data to solve problems and to keep Windows up to date, secure, and operating properly. It also helps us improve Windows and related Microsoft products and services and, for customers who have turned on the Tailored experiences setting. It provides more relevant tips and recommendations to enhance Microsoft and third-party products and services for each customer’s needs.
If your device is currently running Windows 10 version 1903 or earlier and its Diagnostic setting is set to enhanced, upgrading to Windows 10 version 1903 or later will automatically change it to Required diagnostic data.
How to Check the Diagnostic Data on Windows Devices
On Windows 10 devices, you can view the Diagnostic data by selecting Settings > Privacy > Diagnostics and Feedback. On Windows 11 devices, navigate to Settings > Privacy and Security > Diagnostics and Feedback to check the diagnostic data configuration.
In the screenshot below, we see the diagnostic data on Windows devices is set to Optional diagnostic data. We will configure Windows Diagnostic Data using Intune and set the diagnostic data from Optional to Required.
Configure Telemetry with Device Restriction policy
One of the prerequisites for managing Windows driver updates using Intune is to have the Telemetry turned on, with minimum setting of Required on Windows devices. Microsoft recommends configuring telemetry level for Windows devices using device restriction policy.
In the device restriction profile, under Reporting and Telemetry, configure the Share usage data with a minimum value of Required. Values of Enhanced (1903 and earlier) or Optional are also supported.
Using OMA-URI for Telemetry configuration
In Intune, you can either use device restriction policy or OMA-URI settings for configuring Telemetry level. The most preferred method out of the two is using a device restriction policy. The OMA-URI method for setting telemetry level is not covered in this article.
In case you want to use OMA-URI, you must create a custom device configuration profile and specify the values. Use the appropriate value in the table below when you configure the telemetry level for Windows devices using Intune.
|Diagnostic Data Level
|Turn Diagnostic data off (Security)
Windows Diagnostic data collection settings
According to Microsoft, there are four diagnostic data collection settings available for Windows devices. Each of the diagnostic data collection level defines what data is being sent to Microsoft.
- Diagnostic data off (Security): No Windows diagnostic data sent.
- Required diagnostic data (Basic): Minimum data required to keep the device secure, up to date, and performing as expected.
- Enhanced: Additional data about the websites you browse, how Windows and apps are used and how they perform, and device activity. The additional data helps Microsoft to fix and improve products and services for all users.
- Optional diagnostic data (Full): Additional data about the websites you browse, how Windows and apps are used and how they perform. This data also includes data about device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users.
Configure Windows Diagnostic Data using Intune
In this section, we will create a device restriction policy in Intune that will set telemetry data setting to Required.
- Sign in to Microsoft Intune admin center.
- Go to Devices > Windows > Configuration Profiles.
- To create a new profile, select Create Profile.
On Create a profile page, choose the following:
- Platform: Windows 10 and later
- Profile Type: Templates
- Template Name: Device Restrictions
On the Basics tab of Device restrictions, specify the name for the profile and add a brief description. You may specify the profile name as “Configure Windows Diagnostic Data using Intune“. Click Next.
On the Configuration Settings tab, you see a list of categories. From the list of categories, scroll down and select Reporting and Telemetry. The first option that you see is Share usage data, where you select level of diagnostic data submission. Click on the drop-down and select Required.
The other options include:
- Send Microsoft Edge browsing data to Microsoft 365 analytics
- Telemetry proxy server: If your organization uses proxy server authentication for internet access, specify the details here. Make sure that it doesn’t block the diagnostic data because of authentication.
Once you have configured the settings, click Next.
Select an Entra AD Security group containing devices where this Device configuration profile must be deployed on the Assignments tab. If you want to ensure that this setting applies to all devices in your organisation, simply click on the + Add all devices option in the Assignments tab and then click Next to proceed.
On the Applicability Rules page, you can specify how to apply this profile within an assigned group. Based on the rules that you defined, Intune will apply the profile only to those devices that meet the rule criteria.
In the screenshot below, we have defined an applicability rule specifying the following conditions.
- Rule: Assign profile if
- Property: OS Edition
- Value: Windows 10/11 Enterprise
The above rule states that the device restriction policy will apply only to those devices whose OS edition is either Windows 10/11 Enterprise.
Click Next to continue.
On the Review+Create tab, review the settings you have configured for Windows diagnostic data and click Create.
After you create a device restriction policy in Intune, a notification appears, “Profile created successfully“. This confirms the profile is created and is being applied to groups that we selected.
You must wait for the policy to apply to the targeted groups and once the devices check-in with the Intune service they will receive your settings. You can also force sync Intune policies on your Windows devices.
Furthermore, you can also restart the device first, which will initiate the device check-in process. Manual sync is not required on user devices because the device check-in process occurs automatically. However, if you are testing this setting on pilot devices, it can speed up your testing and save your time.
Monitor the Windows Diagnostic Data Policy in Intune
After you configure windows diagnostic data using Intune using device restriction policy, the next is to monitor the devices that have received the settings. To monitor the devices that have received the settings, select the policy and review the Device and user check-in status.
The devices in the screenshot below have successfully received the diagnostic data settings that we applied in the previous step. If you notice any errors here, you must examine the error code to determine why the diagnostic data settings did not take effect. You can also use Intune to collect logs and send them to the support team for troubleshooting.
Confirm Diagnostic Data Change from Optional to Required
In this step, we will manually verify if the diagnostic data is set to ‘Required‘ on Windows devices. On Windows 10 devices, to view the Diagnostic data, go to Settings > Privacy > Diagnostics and Feedback.
In the screenshot below, we see the diagnostic data on Windows 10 devices is changed from Optional to Required. The optional diagnostic data option is greyed out because the device restriction policy assigned by Intune prevents changing the diagnostic data level.
On Windows 11 devices, navigate to Settings > Privacy and Security > Diagnostics and Feedback to check the diagnostic data configuration. From the screenshot below, we see the diagnostic data is now set to Required as per the device restriction policy.
In this article, we covered how to set the Telemetry level on devices to Required, which is required for managing device drivers on Windows devices with Intune. Intune makes it simple to configure Windows diagnostic data on Windows devices. With a device restriction policy, you can customise the diagnostic data settings to meet the needs of your business. It is critical for any organisation to understand diagnostic data settings and the data sent to Microsoft from Windows devices.
Microsoft intends to collect diagnostic data from Windows devices in order to improve Windows and related Microsoft products. However, not all organisations prefer to share diagnostic data with Microsoft. In such cases, organisations can use Intune to disable data sharing.