You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When users enroll their corporate or personal devices using Intune, Intune collects, processes, and shares some personal data to support business operations, conduct business with the customer and to support the service. Intune collects personal data from the following sources:
34
+
When users enroll their corporate or personal devices with Intune, Intune collects, processes, and shares some personal data to support business operations, conduct business with the customer and to support the service. Intune collects personal data from the following sources:
35
35
36
36
- The administrators use of the Intune in the Microsoft Endpoint Manager admin center.
37
37
- End-user devices (when devices are enrolled for Intune management and during usage).
38
38
- Customer accounts at third party services (per admin's instructions).
39
39
- Diagnostic, performance, and usage information.
40
40
41
-
From these sources, Intune collects information that falls into the following two categories: [required](#required-data), [optional](#optional-data). In each of the categories, data is further broken down by customer data, personal data, diagnostic data, and service-generated data.
41
+
From these sources, Intune collects information that falls into the following two categories: [required](#required-data), [optional](#optional-data). Each category is divided into customer data, personal data, diagnostic data, and service-generated data.
42
42
43
43
> [!NOTE]
44
44
> We do not sell any data collected by our service to any third parties for any reason.
45
45
46
46
## Required data
47
47
48
-
Data in the required category consists of data that is necessary to make our service work as expected by the customer. Most of the data collected by Intune is required data. This data is tied to a user, device, or application and is essential to the nature of management. The data collected contains both personal data and non-personal data. Personal data includes identifiable data, which may directly identify the end user, or pseudonymized data with a unique identifier generated by the system, used to deliver the enterprise service to users, support data and account data. Non-personal data includes service-generated system metadata and organizational/tenant information. Intune also collects access control data to manage access to administrative roles and functions through features like [Role Based Access Control](../fundamentals/role-based-access-control.md).
49
-
50
-
Required data collected by Intune may include, but is not limited to:
51
-
52
-
- User information
53
-
- Owner name/user display (the Azure-registered name of the user as identified by AzureUserID)
54
-
- User Principal Name or email address
55
-
- Phone number
56
-
- Third-party user identifies (like AppleID)
57
-
- Hardware inventory information
58
-
- Device name
59
-
- Manufacturer
60
-
- Operating system
61
-
- Serial number
62
-
- IMEI number
63
-
- IP address
64
-
- Wi-Fi MacAddress
65
-
- ICCID
66
-
- Audit log information, including data about the following activities
67
-
- Manage
68
-
- Create
69
-
- Update (edit)
70
-
- Delete
71
-
- Assign
72
-
- Remote tasks
73
-
- Support information
74
-
- Contact information (name, phone number, email address)
75
-
- Email discussions with Microsoft support, product, and/or customer experience team members
76
-
- Access control information
77
-
- Static authenticators (customer's password)
78
-
- Privacy keys for certificates
79
-
- Admin and account information
80
-
- Admin user first name and last name
81
-
- Admin user name
82
-
- UPN (email)
83
-
- Phone number
84
-
- Email address of account owner
85
-
- Active Directory ID of each customer IT admin
86
-
- Payment data for customer billing
87
-
- Subscription key
88
-
- Admin created data, like
89
-
- Profile names
90
-
- Compliance policies
91
-
- Group policy
92
-
- PowerShell scripts
93
-
- Line-of-Business (LOB) application
94
-
- Application inventory, like
95
-
- app name
96
-
- version
97
-
- app ID
98
-
- size
99
-
- installation location
100
-
- Application inventory data is only collected when marked by the Admin as a corporate-owned device or the compliant app feature is turned on.
101
-
- Customer third party tenant IDs (like Apple ID)
102
-
- Device data
103
-
- Intune device ID
104
-
- Azure Active Directory device ID
105
-
- Intune device management ID
106
-
- Tenant ID
107
-
- Account ID
108
-
- EAS device ID
109
-
- Platform-specific IDs
110
-
- AppleID for iOS/iPadOS devices
111
-
- Mac Address for Mac devices
112
-
- Windows ID for Windows devices
113
-
- Managed application information
114
-
- Managed application ID
115
-
- Managed application device tag
116
-
- Intune device management ID
117
-
- Azure Active Directory device ID
118
-
- Encryption keys
119
-
- Admin usage data from across all Intune tenants (for example, admin controls selected when interacting with the Admin console)
120
-
- Tenant account information (this data is available from the Intune blade)
121
-
- Number of devices or users enrolled
122
-
- Number of identified device platforms
123
-
- Number of installed devices
124
-
- installedDeviceCount: The number of devices on which the application is installed.
125
-
- notApplicableDeviceCount: The number of devices for which the application is not applicable.
126
-
- notInstalledDeviceCount: The number of devices for which the application is applicable but not installed.
127
-
- pendingInstallDeviceCount: The number of devices for which the application is applicable and installation is pending.
48
+
Data in the required category consists of data that is necessary to make our service work as expected by the customer. Most of the data collected by Intune is required data. This data is tied to a user, device, or application and is essential to the nature of management. The data collected contains both personal data and non-personal data. Personal data includes identifiable data that may directly identify the end user, or pseudonymized data with a unique identifier generated by the system that's used to deliver the enterprise service to users, support data, and account data. Non-personal data includes service-generated system metadata and organizational/tenant information. Intune also collects access control data to manage access to administrative roles and functions through features like [Role Based Access Control](../fundamentals/role-based-access-control.md).
49
+
50
+
Required data collected by Intune may include, but isn't limited to:
51
+
52
+
|Category | Data | MAM workload |
53
+
|-------- |:------------ |---------------|
54
+
|**Access control information**| Privacy keys for certificates | No |
55
+
|| Static authenticators (customer's password) | No |
56
+
|**Admin and account information**| Active Directory ID of each customer IT admin | Yes |
57
+
|| Admin user first name and last name | Yes |
58
+
|| Admin user name | Yes |
59
+
|| Email address of account owner | Yes |
60
+
|| Payment data for customer billing | Yes |
61
+
|| Phone number | Yes |
62
+
|| Subscription key | Yes |
63
+
|| UPN (email) | Yes |
64
+
|**Admin created data**, like: | Compliance policies | No |
65
+
|| Group policy | No |
66
+
|| Line-of-Business (LOB) application | Yes |
67
+
|| PowerShell scripts | No |
68
+
|| Profile names | Yes |
69
+
|**Admin usage data from across all Intune tenants** (for example, admin controls selected when interacting with the Admin console) || Yes |
||**Note**: Application inventory data is only collected when marked by the Admin as a corporate-owned device or the compliant app feature is turned on. ||
76
+
|**Audit log information, including data about the following activities**| Assign | Yes |
77
+
|| Create | Yes |
78
+
|| Delete | Yes |
79
+
|| Manage | Yes |
80
+
|| Remote tasks | Yes |
81
+
|| Update (edit) | Yes |
82
+
|**Customer third party tenant IDs** (like Apple ID) || No |
83
+
|**Device Data**| Account ID | Yes |
84
+
|| AppleID for iOS/iPadOS devices | No |
85
+
|| Azure Active Directory device ID | Yes (If device is Azure Active Directory (Azure AD) joined) |
86
+
|| Intune device ID | Yes (If device is MDM enrolled with Intune) |
87
+
|| Device storage space | No |
88
+
|| EAS device ID | No |
89
+
|| Intune device management ID | Yes (If device is MDM enrolled with Intune) |
|**Managed application information**| Azure Active Directory device ID | Yes (If device is Azure AD joined) |
108
+
|| Device enrollment status | Yes |
109
+
|| Device health status (jailbroken) | Yes |
110
+
|| Encryption keys | Yes |
111
+
|| Intune device management ID | Yes (If device is MDM enrolled with Intune) |
112
+
|| Last application check in date/time | Yes |
113
+
|| Managed application device tag | Yes |
114
+
|| Managed application ID | Yes |
115
+
|| Managed application SDK version | Yes |
116
+
|| Managed application version | Yes |
117
+
|| MAM enrollment data/time | Yes |
118
+
|| MAM enrollment status | Yes |
119
+
|**Support information**| Contact information (name, phone number, email address) | No |
120
+
|| Email discussions with Microsoft support, product, and/or customer experience team members | No |
121
+
|**Tenant account information** (this data is available from the Microsoft Endpoint Manager admin console | installedDeviceCount: The number of devices on which the application is installed. | Yes |
122
+
|| Number of devices or users enrolled | No |
123
+
|| Number of identified device platforms | No |
124
+
|| Number of installed devices | No |
125
+
|| notApplicableDeviceCount: The number of devices for which the application isn't applicable. | No |
126
+
|| notInstalledDeviceCount: The number of devices for which the application is applicable but not installed. | No |
127
+
|| pendingInstallDeviceCount: The number of devices for which the application is applicable and installation is pending. | No |
128
+
|**User information**| Owner name/user display (the Azure-registered name of the user as identified by AzureUserID) | Yes |
129
+
|| Phone number | No |
130
+
|| Third-party user identifies (like AppleID) | No |
131
+
|| User Principal Name or email address | Yes |
132
+
128
133
129
134
## Optional data
130
135
131
-
Data in the optional category is not essential to the product or service experience. Customers can control the collection of optional data. Intune enables customers to opt-in or opt-out of optional data collection. Examples of the optional data consist of data Intune collects for diagnostics and telemetry. Please note that we think there are compelling reasons for people to share this optional data as it creates opportunities for new and richer experiences but we understand the importance to provide users the opportunity to make these choices for themselves.
136
+
Data in the optional category isn't essential to the product or service experience. Customers can control the collection of optional data. Intune enables customers to optin or opt-out of optional data collection. Examples of the optional data consist of data Intune collects for diagnostics and telemetry. We think there are compelling reasons for people to share this optional data as it creates opportunities for new and richer experiences but we understand the importance to provide users the opportunity to make these choices for themselves.
132
137
133
-
Examples of the optional diagnostic data may include application usage data, error, and performance data. All diagnostic data Microsoft collects during the use of any Microsoft 365 Apps for enterprise applications and services is pseudonymized as defined in the ISO/IEC 19944-1:2020 (section 8.3.3) standard.
138
+
Examples of the optional diagnostic data may include application usage data, error, and performance data. All diagnostic data Microsoft collects during the use of any Microsoft 365 Apps for enterprise applications and services is pseudonymized as defined in the *ISO/IEC 19944-1:2020 (section 8.3.3)* standard.
134
139
135
140
## Certain End User Data or Content is never Collected
136
141
137
-
Intune does not collect nor allow an Admin to see an end users’ calling or web browsing history, personal email, text messages, contacts, passwords to personal accounts, calendar events or photos, including those in a photo app or camera. See [Getting started enrolling devices](../enrollment/device-enrollment.md).
142
+
Intune doesn't collect nor allow an Admin to see the following data:
143
+
- An end users’ calling or web browsing history
144
+
- Personal email
145
+
- Text messages
146
+
- Contacts
147
+
- Passwords to personal accounts
148
+
- Calendar events
149
+
- Photos, including those in a photo app or camera.
150
+
151
+
For more information, see [Getting started enrolling devices](../enrollment/device-enrollment.md) and
138
152
139
-
See [How Microsoft categorizes data for online services](https://www.microsoft.com/trust-center/privacy/customer-data-definitions) for more information on the data types and definition.
153
+
For more information on the data types and definition, see [How Microsoft categorizes data for online services](https://www.microsoft.com/trust-center/privacy/customer-data-definitions).
140
154
141
155
## Next steps
142
156
143
-
Find out more about how Intune [stores and processes](privacy-data-store-process.md) and [shares](privacy-data-secure-share.md) personal data.
157
+
Learn more about how Intune [stores and processes](privacy-data-store-process.md) and [shares](privacy-data-secure-share.md) personal data.
0 commit comments