First published on CLOUDBLOGS on Sep 11, 2014
Craig Morris, Principal Program Manager, Enterprise Client and Mobility.
As a Windows Intune customer, you have entrusted Microsoft to help protect your data. Microsoft values this trust, and the privacy and security of your data is one of our top concerns.
The information presented below is intended to provide additional details about the shared data that is transmitted between and stored in Configuration Manager and Windows Intune when using the Windows Intune connector.
The Windows Intune connector lets you use Configuration Manager to manage mobile devices with Windows Intune. The connector extends Configuration Manager by establishing a connection to the cloud-based Windows Intune service that manages mobile devices over the Internet. With this connection the IT Administrator is able to manage and provide services (such as application distribution) to the devices employees love to use. In order to accomplish this, the Windows Intune service needs a certain amount of information about the users, enrolled devices, security settings configured, and applications published through Windows Intune.
The goal from the outset of this integration was to minimize the data needed to provide Windows Intune services to users and devices, without compromising on the quality of those services.
“Application content could not be uploaded to Windows Intune.”
NOTE: For Windows Phone and Android devices, we maintain a cache of inventory data between device sessions to reduce bandwidth costs. It will be removed (within the 90-day data retention period described below under
) when the device is un-enrolled or the account is deleted.
Customer Data temporarily stored in Windows Intune
Commands sent to and received from mobile devices are temporarily stored in the Windows Intune service while the device is actively connected to the service. This data is subsequently deleted within an hour of the device’s active session expiring.
Microsoft’s commitment to customer data security and privacy
Microsoft has a regionalized data center strategy. The customer’s country or region, which the customer’s administrator inputs during initial setup of the online services account, determines the primary storage location for customer data.
Microsoft believes that customers own their own data. When customers do not renew their Windows Intune subscriptions (i.e., they terminate or allow their subscriptions to expire), there is a 90-day data retention period with limited customer access. Thirty days after the end of the data retention period, customer data stored in the Windows Intune service is deleted.
Customers who actively cancel their subscription may choose to disable their accounts and request deletion of their subscriber data.