First published on CloudBlogs on Sep, 11 2014
Author: Craig Morris, Principal Program Manager, Enterprise Client and Mobility. As a Windows Intune customer, you have entrusted Microsoft to help protect your data. Microsoft values this trust, and the privacy and security of your data is one of our top concerns. The information presented below is intended to provide additional details about the shared data that is transmitted between and stored in Configuration Manager and Windows Intune when using the Windows Intune connector. The Windows Intune connector lets you use Configuration Manager to manage mobile devices with Windows Intune. The connector extends Configuration Manager by establishing a connection to the cloud-based Windows Intune service that manages mobile devices over the Internet. With this connection the IT Administrator is able to manage and provide services (such as application distribution) to the devices employees love to use. In order to accomplish this, the Windows Intune service needs a certain amount of information about the users, enrolled devices, security settings configured, and applications published through Windows Intune. The goal from the outset of this integration was to minimize the data needed to provide Windows Intune services to users and devices, without compromising on the quality of those services. The information below refers to the January 2014 releases of Windows Intune and System Center 2012 R2 Configuration Manager. You should read the System Center 2012 R2 Privacy Statement and the Windows Intune Privacy statement in conjunction with this article.
NOTE: For Windows Phone and Android devices, we maintain a cache of inventory data between device sessions to reduce bandwidth costs. It will be removed (within the 90-day data retention period described below under
Data Retention
) when the device is un-enrolled or the account is deleted.
--Craig Morris
Configuration Manager Resources
Documentation Library for System Center 2012 Configuration Manager
Configuration Manager 2012 Forums
System Center 2012 Configuration Manager Survival Guide
System Center Configuration Manager Support
This posting is provided "AS IS" with no warranties and confers no rights.
Author: Craig Morris, Principal Program Manager, Enterprise Client and Mobility. As a Windows Intune customer, you have entrusted Microsoft to help protect your data. Microsoft values this trust, and the privacy and security of your data is one of our top concerns. The information presented below is intended to provide additional details about the shared data that is transmitted between and stored in Configuration Manager and Windows Intune when using the Windows Intune connector. The Windows Intune connector lets you use Configuration Manager to manage mobile devices with Windows Intune. The connector extends Configuration Manager by establishing a connection to the cloud-based Windows Intune service that manages mobile devices over the Internet. With this connection the IT Administrator is able to manage and provide services (such as application distribution) to the devices employees love to use. In order to accomplish this, the Windows Intune service needs a certain amount of information about the users, enrolled devices, security settings configured, and applications published through Windows Intune. The goal from the outset of this integration was to minimize the data needed to provide Windows Intune services to users and devices, without compromising on the quality of those services. The information below refers to the January 2014 releases of Windows Intune and System Center 2012 R2 Configuration Manager. You should read the System Center 2012 R2 Privacy Statement and the Windows Intune Privacy statement in conjunction with this article.
Customer Data from Configuration Manager stored in Windows Intune
Configuration Manager connects to the Windows Intune service and the following customer data is sent to and stored in Windows Intune.Customer Data stored in Windows Intune | Examples |
Compliance settings, app information, and profile information |
|
Settings and application assignments for users and devices. |
|
Basic information about enrolled users that is used for single sign-on |
|
User application request information (for display in company portal) |
|
Basic information about enrolled devices for use in the company portal. |
|
Information used to distribute certs for Wi-Fi and VPN profiles |
|
Windows Intune Extension Installation status |
Windows Phone 8.1 extension (V1) is installed |
Configuration Manager Version Information |
Connector Build Version 5.0.7958.1000 |
Encrypted Side-loading key and assignment information |
N/A (this is encrypted data) |
Remote Connection Profile information for licensed Windows Intune users |
|
Customer Data retrieved from Windows Intune and stored in Configuration Manager
The below table reflects the customer data that is retrieved from Windows Intune and stored in the Configuration Manager database. This data is deleted from Windows Intune after it has been successfully downloaded by Configuration Manager.Type of Customer Data | Information |
Customer Data that Windows Intune relays from mobile devices |
|
End-user initiated commands |
|
Tenant, User, and Device error messages |
|
Windows Intune Extension Packages |
N/A (this is binary data) |
License status for Windows Intune Users |
GUID (generated per user) |
Application distribution status |
“Application content could not be uploaded to Windows Intune.” |
Customer Data temporarily stored in Windows Intune
Commands sent to and received from mobile devices are temporarily stored in the Windows Intune service while the device is actively connected to the service. This data is subsequently deleted within an hour of the device’s active session expiring.Microsoft’s commitment to customer data security and privacy
More information on Microsoft’s commitment can be found here: Windows Intune Trust Center Windows Intune’s privacy/security whitepaperData Security Area | Microsoft’s commitment |
Data Location | Microsoft has a regionalized data center strategy. The customer’s country or region, which the customer’s administrator inputs during initial setup of the online services account, determines the primary storage location for customer data. |
Data Retention | Microsoft believes that customers own their own data. When customers do not renew their Windows Intune subscriptions (i.e., they terminate or allow their subscriptions to expire), there is a 90-day data retention period with limited customer access. Thirty days after the end of the data retention period, customer data stored in the Windows Intune service is deleted. Customers who actively cancel their subscription may choose to disable their accounts and request deletion of their subscriber data. |
Published Sep 08, 2018
Version 1.0yvetteomeally
Microsoft
Joined August 30, 2016
Microsoft Security Community Blog
Follow this blog board to get notified when there's new activity