In recent years, Windows 10 and Windows 11 have been filled with connected featuresAssistants, cloud backups, and "smart" tools, while useful, also mean your system sends a lot of data to Microsoft. If you're worried your PC is revealing too much about you, it's a good idea to take a moment to consider this. check configuration and make the system a little more discreet.
The good news is that You don't need to be a computer expert to strengthen privacy in Windows. nor install rare versions of the system: practically everything is possible Adjust from the Settings app Or, in professional environments, with group policies and MDM. In this guide, we'll take a step-by-step look at what data Windows collects, what can be disabled, and how to make the system as "inquisitive" as possible without losing essential functions.
What data do Windows 10 and 11 collect and why does it affect your privacy?
The first thing is to understand that Windows will always collect a minimal amount of information.Microsoft distinguishes between required (mandatory) diagnostic data and optional diagnostic data (which you can choose to send or not). According to Microsoft, required data is used to keep the system up to date, check hardware compatibility, and ensure basic security.
Within that mandatory part, The data collected is primarily technical information about the device and the systemHardware model, Windows version, installed components, update status, potential critical errors, etc. In theory, it's about anonymized information which shouldn't directly identify you, and There is no setting to completely disable it in both home and professional editions.
The real privacy problem arises with the optional data and connected functions and services that reside on top of the system: online searches, cloud services, cross-device synchronization, personalized suggestions, advertising based on your activity, etc. This includes, for example, your browsing history in Edge, your app usage preferences, typing and voice data, precise location, and device activity history.
Windows also relies on a good number of cloud-based applications and services (Windows Search, Windows Spotlight, Mobile Link, Windows Insider, custom dictionary, OneDrive, among others). Many of these require additional data to function: authentication, certificates, network information, advanced device settings, or fairly detailed usage data. In particular, some cloud services require special handling of metadata and regulatory compliance, as explained in guides on managing metadata in Office and Windows.
It is good to know that Windows 10 from version 1903 onwards and Windows 11 share the same basic collection policySo, simply upgrading from one version to another doesn't inherently constitute a greater invasion of privacy. What makes the difference is how you configure those options and to what extent you accept personalized experiences and optional telemetry.
Difference between required data and optional data
To properly organize the adjustments, it's incredibly helpful to have a clear distinction between what Windows considers it essential to function and what are extras of telemetry and customization.
On one hand we have required diagnostic dataThis includes compatibility information for updates, system status, critical failures, and basic details of the installed hardware and software. It's used to detect problems, release patches, and ensure that updates don't break your PC. They cannot be disabled from the standard settings. And, in principle, they aren't the most sensitive privacy issue for the average user; if you need more context on how to protect your device, consult guides on How to protect your privacy in Windows 10.
On the other hand, there are optional diagnostic dataThis includes much more detailed information: app usage, advanced performance, deeper device settings, browsing history if you use Edge, usage patterns of Microsoft products and services, handwriting, typing and voice data used to improve suggestions, and even metrics to refine ads and recommendations.
This optional data Yes, they can be deactivated with a few clicks. And unless you absolutely need the highest level of diagnostics for a highly controlled corporate environment, the most sensible approach at home is to limit access: you gain privacy and barely lose any relevant functionality. For practical adjustments to permissions and apps that affect this telemetry, see how change app permissions.
In addition to the required/optional distinction, Some connected experiences have their own data requirements You can't be too granular: either you accept those conditions and use the service, or you forgo the feature altogether. This is the case with certain cloud tools, Windows Autopatch, advanced reports from Windows Update for Business, or some advanced compatibility components in enterprise environments.
How to check privacy settings from Windows Settings
The most direct way for a normal user to adjust what you share with Microsoft It's about checking the Settings app. The menu changes slightly between Windows 10 and 11, but the idea is the same.
In Windows 10 you can go to Home > Settings > PrivacyIn Windows 11, the typical path is Home > Settings > Privacy and securityFrom there you will see several sections: General, Voice, Handwriting and typing customization, Activity history, Feedback and diagnostics, App permissions (location, camera, microphone, etc.), among others.
In the part of Comments and diagnoses (or “Diagnostics and Comments”) you have the core of the telemetry. There you can disable the sending of optional diagnostic dataPersonalized experiences based on that data, improved handwriting/typing, and the Diagnostic Data Viewer (if you don't need it) are also included. To better understand the impact of telemetry and how to protect your team from data leaks, it's advisable to read material on [topic missing]. Online security and how to protect your Windows.
If you ever activated that viewer, It is advisable to use the option to delete saved diagnostic data.It's a small detail, but it helps minimize the historical data that has already accumulated on Microsoft servers; in practical examples, you'll see steps to eliminate and fix privacy problems.
When you use Settings to adjust privacy, also check if the message appears “Your organization manages or hides some options”This means that the device is under the policies of a company or educational institution and that there are things that only the administrator can change, either with Group Policy, MDM or tools like Configuration Manager and Intune.
Turn off location and app permissions panel
One of the first sections to review is the device locationEspecially if you use a laptop or tablet that you take everywhere. Windows can use your location to show the weather, maps, or find your device if you lose it, but many users prefer not to leave a constant trail of their movements.
In Windows 10 and 11 you can go to Settings > Privacy and security > App permissions > Location. From there, You can completely turn off location services of the system with a simple switch. If you prefer a less radical approach, you can keep location services active but disable access for specific apps that you don't clearly need to know your location.
In the same application permissions block you will find settings for camera, microphone, contacts, calendar, calls, emails, or notificationsEach of these sections allows you to decide which apps can use that resource and which cannot. For privacy, the recommended setting is... grant access only to trusted applications and revoke it from the rest, especially from apps you never use; if you handle chats or communications, check guides on Privacy in messaging on Windows.
Another function to consider is "Find my device"This can be useful if you lose your laptop, as it uses location data to try to show you where it is. However, this means the system periodically saves the location when there's an internet connection. You can disable this feature from [link to settings]. Settings > Privacy & Security > Find My Device If you prefer not to take that risk; for general advice on privacy practices, it's advisable to review articles with essential online privacy tips.
In corporate environments, access to location and other sensors may be blocked or limited centrally using group policies or MDM, so that the user can only choose within a range controlled by the administrator.
Activity history and timeline synchronization
Windows activity history is responsible for Record which applications you use, which files you open, and which websites you visit. (when integrated with Microsoft browsers and services). This information can be used for features like the old Timeline, which let you return to past tasks or sync activities across devices.
If you prefer the system Don't keep track of everything you doYou can disable this feature. Go to Settings > Privacy & security > Activity history and uncheck the option “Store my activity history on this device”. Take this opportunity to press the button of Delete history and that what had already been saved up to that moment disappears.
In versions that still allow cloud synchronization of these activities, there is also a specific policy for prevent the device from uploading the activity history to the online profile. From Group Policy it is controlled with "Allow user activity uploads", and via MDM with the option to enable or disable the activity feed.
The result of these measures is that Windows stops building a kind of "log" of your computer usagereducing the amount of metadata that could be exploited by both Microsoft and an attacker who gains access to the device.
Advertising, ad identifier, and personalized experiences
Like many other systems, Windows associates your profile a unique advertising identifierThis is designed to allow apps to show more relevant ads based on your activity. Optional diagnostic data is also used to deliver personalized experiences: suggestions, app recommendations, in-system promotional content, and more.
If you want to reduce this tracking, go to Settings > Privacy and security > Windows permissions > General. There you can Uncheck the option that allows apps to use your advertising identifier to show personalized ads. You'll still see ads, but they'll be less targeted to your interests because they won't be based on your usage history within Windows.
On that same screen you will see other boxes related to Suggestions based on how you use the system and recommendations within the Settings app. Disabling anything you don't consider essential reduces the amount of data Microsoft uses to build usage profiles.
Meanwhile, in the diagnostics section you can disable the option to Use diagnostic data for personalized experiencesso that this data isn't used to show you ads or content tailored to your activity. At the corporate level, there's even a specific group policy to prevent these personalized experiences based on telemetry.
All of this won't eliminate advertising completely, but It breaks part of the correlation between your behavior and the ads you receive.which is an important step for those trying to reduce tracking.
Diagnostic data: fine-tuning and monitoring tools
At the heart of the privacy settings is the section on diagnostic data and commentsFrom here, the level of telemetry is defined, it is decided whether to send optional data, and some transparency tools are controlled.
For the average user, the key step is disable the sending of optional diagnostic data from the Settings app. This limits what is sent to Microsoft to the minimum set considered necessary for Windows to function, receive updates, and maintain a basic level of security.
You can also turn off the option improve handwriting input and writingThis prevents samples of your typing or handwriting from being collected to improve algorithms. Similarly, you can disable the Diagnostic Data Viewer if you are not actively using it, as it may reserve around 1 GB of storage for saving local copies.
If you want to go a little further, you can use the Diagnostic Data Viewer (DDV), available from the Microsoft Store. This application It shows you what diagnostic data is being recorded and sent in real time, organized by category. This is useful for getting a clear picture of what kind of information is coming out of your computer.
System administrators, for their part, can Consult and manage diagnostic data using PowerShellThis allows organizations to use specific commands to view, export, or delete information collected from specific devices. This is essential for organizations that must comply with regulations such as the GDPR and require much stricter traceability and control.
Voice recognition, handwriting and handwriting input
Windows' "smart" voice and typing features rely on the compilation of fragments of what you dictate or write to further refine the models that generate suggestions and improve language recognition. It's convenient, but it still means that some of your content passes through Microsoft's servers.
If you don't like it, you can disable it from Settings > Privacy and security > Voicewhere you have the option to Turn off online voice recognitionYou will still be able to use basic local recognition in some cases, but your complete dictations will not be sent to the Microsoft cloud for processing.
Regarding handwritten and keyboard input, the settings usually appear in the section of Writing or Handwritten Entry Within the privacy settings, disabling the collection of linguistic data prevents samples of your writing style, common errors, and corrections from being saved to feed the algorithms.
In business environments, these functions can be control with group policies Specific measures are in place to prevent the collection of write data at the organizational level. This prevents potentially sensitive information from ending up in training datasets.
Aside from the improved experience, the reality is that Few people rely critically on these functions for their daily workTherefore, turning them off is usually an acceptable trade-off if you prioritize the confidentiality of what you type or dictate.
Microsoft account, synchronization, and shared experiences
One of the major privacy decisions in Windows 10 and 11 involves Use a Microsoft account or a local accountWith a cloud account you get synchronized settings, automatic access to OneDrive, Microsoft Store and other services, but at the same time much more information is centralized on the company's servers.
In Windows 11, especially in the Home editions, It is becoming increasingly difficult to create a local account during installation.The assistant pushes you to sign in with Microsoft, and there have even been automatic changes, such as enabling OneDrive folder backups by default without making it very clear. In Pro and Enterprise, you can still use local accounts, although the option is better hidden.
In addition to the account itself, there are features such as shared experiences and synchronization between devicesThese features allow you to transfer activities between devices, share applications, and quickly send files and links. They use your Microsoft account and generate additional data about your activity on each associated device.
If you prefer to limit it, you can go to Settings > Apps > Advanced app settings > Share between devices and use the button Deactivate To disable that integration, you should also review your account sync options in Settings > Accounts, disabling anything you don't need (theme, passwords, history, etc.).
In organizations where the Windows diagnostic data processor configurationIt goes a step further: the administrator can assume the role of data controller according to the GDPR, associating telemetry with Microsoft Entra user IDs (formerly Azure AD) and managing requests for access, export or deletion of data for specific employees.
Microsoft Privacy Dashboard and control over data already collected
Even if you adjust everything now, it's likely that Microsoft has already gathered a good amount of information Linked to your account: browsing history in Edge, search activity, locations used, Cortana data, app usage, etc. To keep this under control, there is the Microsoft Privacy Dashboard on the web.
From your browser, access the Microsoft Privacy DashboardSign in with your account and you'll see several sections: location activity, browsing history, search history, app and service activity, and even data from products like Xbox or Office if you use them.
In each category you can Review, delete specific entries, or clear the entire history.It's a good habit to log in occasionally, take a look, and delete anything you don't want stored. This doesn't prevent data from being generated in the future, but it does reduce the historical data volume associated with your account.
This web panel complements the options within Windows, such as the button of “Delete diagnostic data” From the diagnostics and comments section, which deletes the telemetry sent from the device. Together they allow you to act both on the device and in the cloud account.
For advanced users or administrators, Microsoft also offers diagnostic data export tools and formal mechanisms to address data subject rights (DSR) under GDPR or CCPA, such as exporting what is stored about a specific user or requesting deletion linked to the closure of corporate accounts.
Windows editions and privacy limits by version
Not all editions of Windows are in the same league when we talk about to fully control telemetry and advanced security featuresThe Home version, which is the most common in home computers, falls short in some key options.
For instance, Enterprise editions are the only ones that allow the most restrictive level of data sent to Microsoft through telemetry. They also add features such as advanced device management options, centralized privacy controls, and more aggressive security templates to limit connections to Microsoft services.
Windows Pro is, in practice, the most balanced option for demanding usersIt incorporates almost all the security features that are of interest (BitLocker, Hyper-V, Windows Sandbox, etc.), and although it does not allow the extreme telemetry cut-off of Enterprise, it does offer much more leeway than Home to adjust configurations through local group policies.
Students and teachers can Obtain Education licenses (equivalent to Enterprise or Pro, as applicable) through their educational institution, typically via portals like OnTheHub or Azure for Education. In terms of privacy and security, these editions are no worse than the commercial ones; on the contrary, they give the administrator more leeway to limit data transmission.
What is not recommended at all is betting on modified versions of Windows created by third partiesThese programs promise "zero telemetry" at the cost of disabling updates and offering weaker defenses against current threats. The result is often an increasingly vulnerable system with outdated antivirus software and unpatched security holes.
Further reduce telemetry with commands and policies
If you want to go a step beyond graphical configuration, there are specific Windows services related to telemetry which can be disabled using commands. One common approach is to disable the DiagTrack and dmwappushservice services.
To do this, open the Start menu, search for “CMD”, and right-click on it. Symbol of the system and select “Run as administrator”. In the window that opens, you can use commands to Change the startup settings for those services to disabledLater on, if needed, you could simply revert the value to enabled.
In environments with many machines, the ideal solution is to use Group Policy (GPO), MDM, or tools such as Configuration Manager to apply these and other privacy settings centrally. Microsoft even offers a “limited functionality baseline” that groups recommendations for minimizing connections to its services, at the cost of sacrificing certain features.
That baseline and other reference documents explain which Windows connection points are usedWhat happens if they get blocked (for example, loss of compatibility reports, disabled suggestions, problems with some connected experiences) and how to configure every detail according to the organization's needs.
The key is to find a reasonable balance between privacy and functionalityIn a home environment, you might be able to be aggressive in blocking, while in a business that relies on compatibility reports from Windows Update, Autopatch, or Intune, it's advisable to keep certain connections active.
Connected services, Windows in the cloud, and related products
Beyond Windows itself, there are a number of Microsoft services that live around the system and that also use diagnostic data: Windows Update for Business, update reports in Intune, Surface Hub, Windows Autopatch, among others.
Windows Server, from 2016 onwards, largely shares the same personal data management mechanisms Windows 10 and 11, so many of the privacy guidelines apply directly to servers. On special devices like the Surface Hub, the device identifier is collected for diagnostics, but It is not linked to individual users., and privacy options are managed primarily through MDM rather than classic GPOs.
Windows Update reports for businesses, Windows Autopatch, and update dashboards in Intune They pull data from Windows diagnostics to build metrics compatibility, patch status, or driver issues. Minimizing this telemetry means sacrificing some reporting capabilities and a certain degree of convenience in remote management.
From a legal standpoint, Microsoft claims to comply with applicable data protection laws and regulate international transfers according to the framework of its Privacy Statement. In the case of devices configured with the diagnostic data processor option, the administrator gains the ability to enforce user rights (access, rectification, deletion, export) with respect to this specific data.
If you manage a large environment, it's worth delving deeper into the official documentation on managing connections from Windows components to Microsoft services, which details what is sent to each connection point, how to restrict it, and what effects doing so has on daily functionality.
With all these adjustments thoroughly reviewed, Windows 10 and 11 can become considerably less intrusive while remaining fully functionalDisabling optional telemetry, reducing personalized advertising, turning off unnecessary location tracking, clearing your activity history, and controlling what you sync with your Microsoft account makes a significant difference. Furthermore, choosing the right edition of Windows and, in professional environments, taking advantage of advanced management policies and tools allows you to strike a reasonable balance between convenience and privacy, letting your PC do its job without intruding unnecessarily on your life.
