Privacy statement for Windows Server 2012 R2 Essentials and Windows Server Essentials Experience

Last updated: August 2013

Microsoft is committed to helping to protect your privacy while delivering software that brings you the performance, power, and convenience that you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Windows Server 2012 R2Essentials, and Standard and DataCenter editions of Windows Server 2012 R2 with the Windows Server Essentials Experience role installed (all three products are referred to as the “Essentials Experience" in the rest of this document). This document focuses on features that communicate with the Internet. It does not apply to other online or offline Microsoft sites, products, or services.

The Essentials Experience is designed using 64-bit architecture, which provides simplicity, easier deployment and management, network protection, rich business productivity, and high performance. This solution is designed for small organizations to easily use, manage, and protect the data and apps most critical to their success. It can seamlessly integrate into online services to leverage the power of the cloud.

Collection and use of your information

The information we collect from you is used by Microsoft and its controlled subsidiaries and affiliates to turn on the features that you use and to provide the service(s) or carry out the transaction(s) you’ve requested or authorized. It may also be used to analyze and improve Microsoft products and services.

We may send certain mandatory service communications such as welcome letters, billing reminders, information about technical service issues, and security announcements. Some Microsoft services may send periodic member letters that are considered part of the service. We may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services that are available from Microsoft and its affiliates.

To offer you a more consistent and personalized experience in your interactions with Microsoft, information that is collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies, which enable us to derive a general geographic area based on your IP address, to customize certain services to your geographic area.

To access certain online services from the Essentials Experience, you’ll be asked to enter an email address and password, which we refer to as your Microsoft account. After you create your Microsoft account, you can use the same credentials to sign in to many Microsoft sites and services and to the sites of select Microsoft partners that display the Microsoft account logo. By signing in to one Microsoft site or service, you may automatically be signed in when you visit other Microsoft sites and services. To learn more about how your credential information is used when you sign in to participating sites, please read the Microsoft.com privacy statement.

Except as described in this statement, personal information that you provide will not be transferred to non-Microsoft parties without your consent. We occasionally hire companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will provide those companies only the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose.

Microsoft may access or disclose information about you, including the content of your communications, to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. We may also disclose personal information as part of a corporate transaction, such as a merger or sale of assets.

Information that is collected by or sent to Microsoft by the Essentials Experience may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland.

Collection and use of information about your computer

When you use software with Internet-enabled features, standard computer information is sent to the websites you visit and online services that you use. Microsoft uses standard computer information to provide you Internet enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information is also sent.

The privacy details for each feature, software, or service in the Essentials Experience that are listed in this privacy statement describe what additional information is collected and how it is used.

Security of your information

Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information that you provide on computer systems with limited access, which are located in controlled facilities.

Changes to this privacy statement

We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed about how Microsoft is protecting your information.

For more information

Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us by email at wseprivacy@microsoft.com, or by postal mail at:

Windows Server Essentials Privacy
Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052
USA

Specific features

The remainder of this document will address the following specific features:

Activation

What this feature does

We ask that you activate Windows Server 2012 R2Essentials so that we can verify that your installation is completed with a genuine Microsoft product. When you activate Windows Server 2012 R2Essentials, you are not required to send any contact information to Microsoft, such as your name or email address.

Information collected, processed, or transmitted

During activation, product key information is sent to Microsoft, such as:

  • The Microsoft product code, which is a five-digit code that identifies the product you are activating.

  • A channel ID or site code, which identifies where you obtained the product. For example, it identifies whether the product was sold at a retail store, is an evaluation copy, is subject to a volume licensing program, was preinstalled by the computer manufacturer, and so on.

  • The date of installation.

  • Information that helps confirm that the product key information has not been altered.

Activation also sends to Microsoft a hardware hash, which is a non-unique number generated from the computer's hardware configuration. The number does not represent any personal information or information about the software. The hardware hash cannot be used to determine the make or model of the computer and it cannot be calculated to determine any additional information about your computer. In addition to the standard computer information, some language settings are collected.

Use of information

Microsoft uses the information previously described to confirm that you have a licensed copy of the software, and then it is aggregated for statistical analysis. Microsoft does not use the information to identify you or contact you.

Choice and control

Activation is mandatory, and it must be completed within a predefined grace period. If you choose not to activate the software, you cannot use it after the grace period expires. After the grace period expires, you will start receiving warnings on your server. If the software is not correctly licensed, you will not be able to activate it.

Important information

Windows Server 2012 R2 Essentials can detect and tolerate changes to your computer configuration. Minor upgrades will not require reactivation. If you completely overhaul your computer, you may be required to activate Windows Server 2012 R2Essentials again.

Server Migration

What this feature does

The Server Migration feature enables migrating domain settings and data from a Source Server running a Windows Small Business Server operating system to a Destination Server running the Essentials Experience. The Source Server tool will be run to prepare the Source Server before migration. You can migrate a Source Server that is running the following operating systems:

  • Windows Small Business Server 2003

  • Windows Small Business Server 2008

  • Windows Small Business Server 2011 Standard

  • Windows Small Business Server 2011 Essentials

  • Windows Server 2008 Foundation

  • Windows Server  2008 R2 Foundation

  • Windows Server 2012 R2

Information collected, processed, or transmitted

The Source Server tool will not collect and send any information to Microsoft from the Source Server. During migration, the Source Server’s name and internal IP address is sent to locate and connect the Destination Server to the Source Server. The administrator account name and password is also sent to the Destination Server to enable it to access the information on the Source Server. None of this information is sent to Microsoft.

Choice and control

If you do not want the server migration process to collect the Source Server information and share it with the Destination Server during server deployment, select Clean install instead of Server Migration.

Launchpad

What this feature does

The Launchpad in the Essentials Experience is a client-side app that provides access on a secure network to the core set of server features, including client backup, remote access to your network, and easy access to centralized data. The Launchpad provides network administrators with real-time notifications, network status, and access to the management Dashboard. It also enables non-Microsoft parties to add features to the system running the Essentials Experience.

Information collected, processed, or transmitted

No data is collected or sent to Microsoft. The user name and password is not cached on the client computer, but they are sent through the network to the server running the Essentials Experience.

Choice and control

Users sign in to the Essentials Experience Launchpad by using their user name and password.

Connector software and computer backup

What this feature does

Connector software joins a client computer to the server running the Essentials Experience. It also installs and activates core and common components in the Essentials Experience, such as automatic client back up, health monitoring, and the Launchpad. In addition, .NET Framework 4.5 is installed if it is not present. The Connector software enables Remote Desktop and VPN on client computers running Windows 7 or Windows 8.

After you install and configure the Connector software for the Essentials Experience on a computer on your network, the Essentials Experience automatically backs up folders from the client computer to the server.

Information collected, processed, or transmitted

Folders on the client computer (including data files, system files, and apps) are backed up to the server running the Essentials Experience. Temporary files, such as the system cache and the temporary Internet files are not backed up.

Client computer setup log files are copied to the Connector software directory on the client computer. These files may contain information about the applications and the hardware that are installed on the client computer. None of this information is sent to Microsoft.

Use of information

The contents of backed up folders in the Essentials Experience are visible to all administrators. The backup can be used to restore lost or corrupted files or entire volumes.

Choice and control

  • Connector software: Users can run Connector software from client computers from http://<servername>/connect/. Backups automatically occur when the Connector software is configured.

  • Computer backup: All computers are configured by default for backup when the Connector software is installed and configured. Default configuration includes all available NTFS volumes on each computer system. Administrators can view and change what is being backed up from each computer that is connected to the server. Backup happens automatically if Connector software is installed and configured on the computer. The server administrator can turn off automatic backup for any computer that is connected to a server running the Essentials Experience by using the Devices tab on the Dashboard. Local users on a client computer can start manual backup of their computer using the Launchpad.

To start a manual backup, open the Launchpad, click Backup, open Backup Properties, and then click Start Backup. With the Essentials Experience, administrators can perform a single file restore or a full computer restore of a backed up client computer.

File History integration

What this feature does

If a user joins a computer running Windows 8 to the network running the Essentials Experience, File History is automatically turned on for this client computer. It backs up the user’s profile data (Desktop, Libraries, Contacts, and Favorites) to the server.

Information collected, processed, or transmitted

The profile data will be backed up to a folder that is by default only accessible to the user. The administrator could configure the backup frequency and retention. These settings will be pushed to all the computers running Windows 8 in the domain, if and only if File History management is turned on for this computer. None of this information is sent to Microsoft.

Use of information

The backup can be used to restore lost or corrupted files and the user could perform the restore from the client computer by using File Explorer.

Choice and control

The administrator is responsible for notifying the user about this backup. The administrator can turn off File History management for all the users, or turn off management for a specific user.

Dashboard

What this feature does

The Essentials Experience provides administrators with a management Dashboard that allows them to manage their server system. The administrator can view the status of all the servers or computers joined to the network running the Essentials Experience.

Information collected, processed, or transmitted

Some information from the client computers that will be collected and displayed in the Dashboard, include:

  • Computer name, operation system, online/offline status

  • Backup status, update status, security status (firewall and antivirus setting)

  • Alert information

No personal information is collected or sent to Microsoft.

Use of information

The data displayed in the Dashboard gives the administrator an overview of the computers in the network, their health, and their connection status.

Choice and control

The administrator can sign in to the Dashboard using the server administrator password that is configured during server setup.

Remote Connection Monitoring

What this feature does

Remote Connection Monitoring enables a system administrator to monitor the current remote user connections to the server, and to browse the history of remote connections to the server.

Information collected, processed, or transmitted

When a user is remotely connected to the server, the user name and password are sent to the server. The remote connection’s host computer name and IP address, application name, application version (if available), and publisher (if available), are also sent from the client to the server. None of the information is sent to Microsoft.

Use of information

The user name and password are used for authentication. The other information is available on the Dashboard for the administrator to monitor the connection. The data is saved on the server for six months, with administrator access only.

Choice and control

You cannot turn off the Remote Connection Monitoring functionality. If you don’t want to send this information from a client to the server, don’t configure Anywhere Access on the server, or don’t turn on Anywhere Access for the particular user.

Health alerts

What this feature does

The Essentials Experience can help detect when your server, client computers, or other servers in the domain are in poor health and alert you accordingly. An alert notification describes the condition, includes troubleshooting steps, and may include a repair function.

Information collected, processed, or transmitted

The Essentials Experience generates notifications when an alert condition is detected. The alert is sent to the administrator over a local area network, and it contains the following information: alert title, date/time generated, affected computer, description of the problem, and documented steps to resolve the problem. These are preserved on the system. If the administrator enables alert emails, the alerts are also sent to recipients as specified by the server administrator on the Alert Viewer page. These settings do not contain any Personally Identifiable Information. None of the information is sent to Microsoft.

Use of information

Information is used to notify the administrators, and others who they designate, that a problem has been detected on the server running the Essentials Experience, client computers, or other servers in the domain.

Choice and control

Users can turn off notifications locally. Administrators can choose to show alert notifications, only show local alerts, or show all network alerts. Alert presentation on the server running the Essentials Experience cannot be disabled. If you don’t want the client computers or other servers to report their health status, don’t connect the client computers or other servers to the server running the Essentials Experience.

Administrators can configure the server to send email alerts for specific alerts. The alert email is disabled by default. The administrator can enable alert emails by using the Set up email notification for alerts task on the Alert Viewer page. When alert emails are enabled, by default, the server running the Essentials Experience sends email for the server health alerts to the recipients provided by the server administrator.

Windows Internet Explorer Enhanced Security Configuration

What this feature does

Windows Internet Explorer Enhanced Security Configuration is a feature that is enabled by default. It configures WindowsInternet Explorer and your server running the Essentials Experience to help protect against potential attacks that can occur through web content and application scripts. As a result, some websites may not display or perform as expected. To provide a more streamlined user experience when installing and using some Microsoft products and services, such as MicrosoftOffice 365, the Essentials Experience may modify your server's trusted sites list in WindowsInternet Explorer.

Use of information

The Essentials Experience may add certain websites to your server’s trusted sites list in WindowsInternet Explorer. No data is sent to Microsoft.

Choice and control

To remove these websites in WindowsInternet Explorer:

  1. Click the Tools menu.

  2. Click Internet Options.

  3. On the Security tab, click Trusted Sites, and then click Sites.

  4. Select a website, and then click Remove.

Anywhere Access

What this feature does

Anywhere Access allows authorized users to access the contents of your server running the Essentials Experience from virtually anywhere in the world by using an Internet connection. Anywhere Access also allows authorized users to connect to the Dashboard or personal computers that are connected to your server through your network. This can be done through the Remote Desktop functionality in Remote Web Access or through the Windows Remote Desktop connection if a VPN connection is present while the user is outside of the local network.

Information collected, processed, or transmitted

Connection settings are stored in a Remote Desktop Protocol (RDP) file. These settings include domain and connection configuration settings such as color-bit depth. Credentials for these connections, in addition to the remote desktop proxy credentials, are stored by the credential manager in the Essentials Experience. A list of trusted Remote Desktop Gateway server names is stored in the registry. This list is stored permanently unless deleted by an administrator, and it is not shared with non-Microsoft parties or other Windows components. A cookie is used to store the user’s selection of views: Tablet or Desktop. None of this information is sent to Microsoft.

The Essentials Experience periodically verifies that Anywhere Access is available to receive connections to help you identify and resolve problems with your Internet connection. The IP address of your network is sent to Microsoft, and a connectivity diagnostics service that is hosted by Microsoft establishes a test connection to your server running the Essentials Experience only to verify connectivity. No additional information is sent to Microsoft. If you enable Anywhere Access, the diagnostic service that is hosted on the server validates the external IP address of the server every 15 minutes. This occurs if you use the Windows Server Solutions Custom Domains Service or if you partner with a vanity domain name provider. If you choose to opt out of the diagnostic service, you need to turn off Anywhere Access as explained previously.

Use of information

Data is collected on your server so you can connect via Anywhere Access with your desired settings. We use the IP address sent to us only for the connectivity diagnostics service that helps you verify connectivity between users and a server running the Essentials Experience.

Choice and control

Anywhere Access is off by default in the Essentials Experience, and it must be configured by an administrator before it can be used. Only users who have remote access rights on the server can use Anywhere Access.

To turn on Anywhere Access:

  1. Open the Dashboard.

  2. Click Settings, and then click the Anywhere Access tab.

  3. Click Configure … and follow the instructions to turn on Anywhere Access.

After Anywhere Access is turned on, the same procedure can be used to turn it off. The administrator can view the list of users who have access to Anywhere Access.

Important information

All data that is sent over the Internet to enable Anywhere Access or during the use of Anywhere Access is transmitted by using a Secure Socket Layer (SSL) connection. Users must be authorized to access the Essentials Experience server remotely, and they can gain access to only the client computers on which they have a user account.

Note

The Anywhere Access domain addresses on the server may be indexed by some search engines. Also, you are responsible for making sure that your use of Anywhere Access features complies with your broadband provider’s terms of service. You may need to add services from your broadband provider to use Anywhere Access features. For example, you will need certain ports to be open to use these features, and some broadband providers block those ports for customers on some service plans. Also, some broadband providers’ terms of service may limit or prohibit setting up and running servers on their networks by some customers on some service plans. Please contact your broadband provider if you have questions about their terms of service.

Windows Server Solutions Custom Domains Service

What this feature does

The Windows Server Solutions Custom Domains Service enables you to create an Internet domain name that you can use to connect remotely to your server running the Essentials Experience.

Information collected, processed, or transmitted

To set up a new domain name, you can get a domain name from Microsoft or purchase a professional domain name from a non-Microsoft domain name service provider.

To get a domain name from Microsoft, you must have a Microsoft account email address and password. The Set Up Your Domain Name Wizard prompts you to enter an existing Microsoft account or create a new one. You can register for a Microsoft account at the Microsoft account site. All the registration information that you provide is stored by the Microsoft account service in your Microsoft account profile. To learn more about the Microsoft account service, the information stored in the Microsoft account profile, and how Microsoft account uses and helps protect your personal information, please read the Microsoft account privacy statement.

When you set up the domain name from Microsoft, your Microsoft account email address and password are sent to Microsoft. The Microsoft account email address is stored on your local server. After you set up the domain name, the Microsoft account email is displayed in the Set Up Your Domain Name wizard. The account password is encrypted and stored on your local server. When you release the domain name, the Microsoft account email address and password are sent to Microsoft and used to automatically sign in to the Microsoft account service.

When you set up the domain name from a non-Microsoft domain name service provider, your registration account name and password are sent to the non-Microsoft domain name service provider. The registration account name is stored on your local server. After you set up the domain name, the registration account name is displayed in the Set Up Your Domain Name wizard. The registration password is encrypted and stored on your local server. When you release the domain name, the registration account name and password are sent to the non-Microsoft domain name service provider and used for authentication.

The Internet domain name you choose and the IP address of your network are also sent to Microsoft or the non-Microsoft domain name service provider to associate the domain name to your server running the Essentials Experience. No additional information is sent to Microsoft or the non-Microsoft domain name service provider.

Use of information

The registration data that is sent to Microsoft or the non-Microsoft domain name service provider will be used to create an Internet domain name and to associate the domain name to your server running the Essentials Experience.

Choice and control

The Custom Domains service is optional and off by default. You can end the service at any time by releasing your domain name and turning off Remote Web Access. You can change and/or release the domain name by:

  1. Open the Dashboard, and then click Settings.

  2. Click Anywhere Access.

  3. Click Set up … in the Domain Name section, or click Configure … on the Anywhere Access page to turn it off.

Server folders

What this feature does

Server folders allow you to store content on the server running the Essentials Experience. By default, server folders are accessible to other users, computers, and devices on your network. Server folders can also be accessed by Remote Web Access or VPN users. The administrator can also configure certain folders in Remote Web Access and other web services applications to be invisible. This helps protect these folders from being accessed outside of the network running the Essentials Experience.

Information collected, processed, or transmitted

The content in server folders is stored on your server running the Essentials Experience, and it can be accessed from other computers and devices. No server folder content is sent to Microsoft.

Use of information

This feature enables users to store and share content through the Essentials Experience. Users who are authorized by the administrator will have access to these folders.

Choice and control

In the Essentials Experience, the administrator has Read-Write access to all the content in server folders. The administrator can grant or revoke a user's access to specific server folders through the Dashboard. The default set of users who have access to a server folder varies by type of server folder. For example, by default, all users on your network have Read-Write access to server folders and no access to other users' personal server folders.

Windows Desktop Search

What this feature does

Windows Desktop Search automatically scans all files and folders stored on your server running the Essentials Experience, and it builds an index of this content. This index can then be searched to find specific files or folders, specific words within files and folders, or specific metadata associated with files and folders.

Information collected, processed, or transmitted

The index of your files and folders stored on your server running the Essentials Experience can be searched by any VPN user or by any Remote Web Access user through Remote Web Access in the Essentials Experience.

Use of information

The Windows Desktop Search index is stored locally on the server running the Essentials Experience, and no data is sent to Microsoft.

Choice and control

If you don’t want a folder to be indexed, open Control Panel, and search for “Indexing Options” in the upper right search box. In the search results, select Indexing Options. In the Indexing Options dialog, remove the folders from the Included Locations list.

On-premise Exchange Server integration

What this feature does

This feature allows administrators to connect a server running the Essentials Experience to a server running Exchange Server that is set up on the same network. After connecting to Exchange Server, the administrator can create mailboxes for new users, view and edit some mailbox properties for existing users, and delete users’ mailboxes when users are deleted. The administrator can also monitor the health of the server running Exchange Server from the Dashboard in the Essentials Experience through the alert viewer.

Information collected, processed, or transmitted

The mailbox properties and the Exchange Server health information are sent to the Essentials Experience. No information is sent to Microsoft.

Use of information

The feature shows the administrator the users’ mailbox properties and the health status of Exchange Server on the Essentials Dashboard, which enables the administrator of the server running the Essentials Experience to manage the users’ mailbox properties.

Choice and control

This feature is off by default. If you do not want administrators of the server running the Essentials Experience to view or manage the users’ mailbox properties in Exchange Server, do not turn on the on-premise Exchange Server Integration in the Essentials Experience.

Microsoft Office 365 integration

What this feature does

The Office 365 Integration Wizard helps the administrator integrate a new or existing subscription for Office 365 into the Essentials Experience. It pulls information from the Office 365 online service, and displays the information in the Essentials Dashboard.

Information collected, processed, or transmitted

The wizard asks for the administrator’s Microsoft Online Services ID and password. The ID and password are sent to Office 365 and cached on the local server. The wizard’s sign-in screen will remember the ID that the user inputs. For information about how this information is collected, processed, or transmitted, see the Microsoft Online Services Privacy Notice.

Use of information

Office 365 validates the administrator’s Microsoft Online Services ID and password. When it is authenticated, the account is also used to configure the server. The ID and password are encrypted and cached on the server running the Essentials Experience so that the administrator does not need to reenter them for future usage.

Choice and control

If you do not want to send or cache the Microsoft Online Services ID or password, do not use Office 365 Integration.

Password sync with Office 365

What this feature does

This feature synchronizes the password of an Office 365 account with the password of a local user account in the Essentials Experience. So a local user can use the same password to sign in to the local network and Office 365.

Information collected, processed, or transmitted

If the user is assigned an Office 365 account, the feature sends the user’s local account password (in an encrypted format) to Office 365 whenever the user sets a new local account password. For information about how this information is collected, processed, or transmitted, see the Microsoft Online Services Privacy Notice.

Use of information

Office 365 receives the local account and new password, and sets it as the MicrosoftOffice 365 account password.

Choice and control

If you do not want to synchronize the local password with Office 365, do not assign an Office 365 account to this user.

Assign a new or existing Office 365 account to a user; add multiple users to Office 365; and activate a user’s Office 365 account; import accounts from Office 365

What this feature does

These features provide different ways of enabling access to Office 365 for a local user on the server running the Essentials Experience. Specifically, they enable a local user to be assigned a new or existing Office 365 account.

Information collected, processed, or transmitted

The feature sends an Office 365 account name (email address) to Office 365 when a new account needs to be created. Or it imports an existing Office 365 account name (email address) from Office 365. After assigning an Office 365 account to a local user account, the Office 365 account name is also saved on the local server running the Essentials Experience. For information about how this information is collected, processed, or transmitted, see the Microsoft Online Services Privacy Notice.

Use of information

Office 365 will create an Office 365 account using the account name provided. The cached Office 365 account name in the Essentials Experience will be used to identify the Office 365 account that belongs to a particular user running the Essentials Experience.

Choice and control

If you do not want to send Office 365 account information or cache it on the server running the Essentials Experience, do not assign an Office 365 account to any user running the Essentials Experience.

Deactivate the user’s Office 365 account; Deactivate the user’s local account

What this feature does

These features deactivate the Office 365 account that is assigned to a local user account in the Essentials Experience. The user can no longer access the Office 365 account, and the licenses that are assigned to the Office 365 account are removed. The user’s data remains in Office 365 for certain period of time, which is defined by the Office 365 data retention policy.

Information collected, processed, or transmitted

The Office 365 account name (email address) is sent to Office 365. For information about how this information is collected, processed, or transmitted, see the Microsoft Online Services Privacy Notice.

Use of information

Office 365 receives the Office 365 account name and deactivates it.

Choice and control

If you do not want to send Office 365 account information to Office 365, do not assign an Office 365 account to any user.

Delete the Office 365 user

What this feature does

This feature deletes a local user account on Essentials Experience. If the user has been assigned an Office 365 account, this Office 365 account is also deleted.

Information collected, processed, or transmitted

The Office 365 account name (email address) is sent to Office 365. For information about how this information is collected, processed, or transmitted, see the Microsoft Online Services Privacy Notice.

Use of information

Office 365 receives the Office 365 account name and deletes it.

Choice and control

If you do not want to send Office 365 account information to Office 365, do not assign an Office 365 account to any user.

Link domain to Office 365

What this feature does

This feature configures an Internet domain to work with Office 365.

Information collected, processed, or transmitted

The domain name is sent to Office 365.

Use of information

Office 365 receives the domain name, verifies the ownership of the domain, and configures the domain for Office 365.

Choice and control

If you do not want to send the domain name to Office 365, do not use this feature.

Third Party Email Add-In Feature

What this feature does

Note: The email add-in feature is provided by third party companies, and Microsoft is not responsible for any information or data collected by such companies. To learn about any information collected by these companies, you should contact them directly. If you install an email add-in and are participating in CEIP and Windows Error Reporting, Microsoft may receive CEIP and Windows Error Reporting information to help us understand when this feature is used and to improve our products. To learn more about information we collect via CEIP and Windows Error Reporting, please see those sections in this privacy statement.

Windows Azure Backup

What this feature does

Windows Azure Backup for the Essentials Experience enables you to access the Windows Azure Backup service.

Information collected, processed, or transmitted

To integrate the Windows Azure Backup, you must register the local server that is running Windows Azure Backup with a certificate. A default certificate will be saved on the local server. You can use that certificate, or use a custom certificate. To learn about the specific features of the Windows Azure Backup and any associated privacy impact, please see the Windows Azure privacy statement.

Important information

The Restore feature in the Essentials Experience is known as the Recovery feature in Windows Azure Backup. This is the same feature.

Choice and control

This is an optional feature that must be installed by the administrator of the Essentials Experience prior to use of the service.

Best Practices Analyzer

What this feature does

Best Practices Analyzer (BPA) helps maintain a high level of system health by providing a report that identifies problems. Scan reports may direct users to online Knowledge Base articles and update publication sites on the Microsoft website to retrieve more information about specific problems.

Information collected, processed, or transmitted

BPA performs application and configuration-level verification against a set of rules by reading and reporting only. It does not modify any system settings. For more information, see this article.

Use of information

BPA does not send any scan results to Microsoft. Administrators can view a report of scan results from within the Server Manager.

Choice and control

Use of the tool is optional. If you do not want the tool to read any app and configuration settings, do not use the tool.

Web services

What this feature does

The Essentials Experience exposes web service APIs to allow the non-Microsoft applications to authenticate a user of the Essentials Experience, browse files and folders, provide media access, and perform server management tasks (which include managing network alerts, user accounts, and devices, in addition to connecting to multiple servers).

Information collected, processed, or transmitted

The web services only accept calls of their public interfaces if they are properly authenticated. Authenticated recipients can get the server name, GUID, external domain name, device information, media file streams, network health alerts, and user account information for the server running the Essentials Experience. None of this information is sent to Microsoft.

Use of information

The server name in the Essentials Experience and the user name and password information are used for authentication.

Choice and control

If you don't want to access the server running the Essentials Experience through web services, don't set up the domain.

Transmog

What this feature does

The Transmog command will upgrade your server that is running Windows Server 2012 R2Essentials to Windows Server 2012 R2 Standard. It will remove locks and limits, and add the packages that are missing. Packages for the edition you are running remain on the server, except for the Media feature (read the following description). Other settings that are shared between the editions remain unchanged. For more information, see the Windows 8.1 and Windows Server 2012 R2 privacy statement.

Information collected, processed, or transmitted

No information is collected or sent to Microsoft.

Choice and control

If you don’t want to upgrade the server to Windows Server 2012 R2 Standard, don’t run the Transmog command.

Media

What this feature does

The Media feature allows the users to use media devices, or allows Anywhere Access to play media files that are stored on the server. The administrator can configure shared folders that contain the media file, or configure the video streaming quality. The first time a user tries to stream media that is stored on a server from the web browser in another device, the user will be asked to install Silverlight if it is not already installed on their computer. The user can then choose to install Silverlight. A cookie is set to remember this choice, and the prompt will not appear again unless the user deletes the cookie cache.

Information collected, processed, or transmitted

When the Media feature is enabled, media files can be accessed by authorized users. If the user chooses to install Silverlight, the user is directed to the Silverlight website. If the user chooses to not install Silverlight, a default media playing tool on the user’s device will play the media. No information is collected or sent to Microsoft.

Use of information

A cookie is set to remember this choice, and the prompt will not appear again unless the user deletes the cookie cache. No information is collected or sent to Microsoft.

Choice and control

The Media feature is not installed by default. If you want to turn it on, download and install the media pack, then click Settings, click the Media tab, click Turn On, and then follow the instructions.

Windows Update Group Policy management

What this feature does

Windows Update Group Policy management provides easier security and user data protection management of computers running Windows 7 Professional, Windows 7 Enterprise, Windows 7 Ultimate, Windows 8 Pro, and Windows 8 Enterprise that are connected to the server running the Essentials Experience. Windows Update collects basic information about your computer to identify which updates your computer needs and to improve the updating service.

Windows Update Group Policy management sets the Group Policy to update the Windows Update settings on the client computer to enhance the security of the computer. The following Windows Update settings are modified on the client computers that are joined to the server running the Essentials Experience:

  • Automatic update for immediate installation is enabled.

  • Non-administrators on the client computer are allowed to receive update notifications.

  • Automatic updates are configured to be automatically downloaded and scheduled to get installed every day at 3:00 A.M.

  • Windows Power Options is configured to wake up the computer to install scheduled updates.

  • Automatic recommended updates installation is enabled.

Information collected, processed, or transmitted

For details about what information is collected and how it is used, see the Update Services privacy statement.

Choice and control

The administrator for the Essentials Experience can turn this feature on or off anytime as follows:

  1. Open the Essentials Dashboard.

  2. Click the Devices tab.

  3. Launch the Implement Group Policy Wizard and follow the instructions.

Windows Firewall Policy management

What this feature does

Windows Firewall Group Policy management provides easier security and user data protection management for computers running Windows 7 Professional, Windows 7 Enterprise, Windows 7 Ultimate, and Windows 8 that are connected to the server running the Essentials Experience. Windows Firewall helps protect against network attacks for computers on which it is enabled. Windows Firewall does this by checking all communications that cross the connection and selectively blocking communications according to the configuration settings you specify. Windows Firewall is considered a "stateful" firewall; that is, it monitors all aspects of the communications that cross its path and inspects the source and destination address of each message that it handles.

Windows Firewall Group Policy management modifies the following Windows Firewall settings on the computers running Windows 7 Professional, Windows 7 Enterprise, Windows 7 Ultimate, and Windows 8 that are connected to the server running the Essentials Experience:

  • For the domain profile, the firewall is turned on. Inbound connections are blocked, outbound connections are allowed.

  • For the private profile, the firewall is turned on. Inbound connections are blocked, outbound connections are allowed.

  • For the public profile, the firewall is turned on. Inbound connections are blocked, outbound connections are allowed.

  • For all profiles, the firewall notifications are turned on.

Information collected, processed, or transmitted

For details about what information is collected and how it is used, see Using Windows 7 and Windows Server 2008 R2: Controlling Communication with the Internet.

Choice and control

The administrator for the Essentials Experience can turn this feature on or off anytime as follows:

  1. Open the Essentials Dashboard.

  2. Click the Devices tab.

  3. Launch the Implement Group Policy Wizard and follow the instructions.

Windows Defender management

What this feature does

Windows Defender Group Policy management provides easier security and user data protection management for computers running Windows 7 Professional, Windows 7 Enterprise, Windows 7 Ultimate, and Windows 8 that are connected to the server running the Essentials Experience. Windows Defender is the antispyware program in the Windows operating system. It offers two ways to help protect your computer from spyware and other potentially unwanted software:

  • Real-time protection. Windows Defender alerts you when spyware or potentially unwanted software tries to install or run on your computer. It also notifies you when programs try to change important settings in Windows.

  • Scanning options. You can use Windows Defender to scan for spyware and other potentially unwanted software that might be installed on your computer, to schedule scans on a regular basis, and to automatically remove any malicious software that is detected during a scan.

Windows Defender Group Policy management enables Windows Defender to automatically check for new signatures before scheduled scans on computers running Windows 7 Professional, Windows 7 Enterprise, Windows 7 Ultimate, and Windows 8 that are connected to the server running the Essentials Experience.

Information collected, processed, or transmitted

For details about what information is collected and how it is used, see the Windows 8.1 and Windows Server 2012 R2 privacy statement.

Choice and control

This feature is off by default. The administrator for the Essentials Experience can turn this feature on or off anytime as follows:

  1. Open the Essentials Dashboard.

  2. Click the Devices tab.

  3. Launch the Implement Group Policy Wizard and follow the instructions.

Folder Redirection management

What this feature does

Folder Redirection Group Policy management provides easier security and user data protection management for computers running Windows 7 Professional, Windows 7 Enterprise, Windows 7 Ultimate, and Windows 8 that are connected to the server running the Essentials Experience. The Folder Redirection feature in the Windows operating system allows administrators to redirect users’ folders (such as Documents, Pictures, or Music) to shared folders that are hosted on servers. Folder Redirection is used in conjunction with the Offline Files technology to make sure that the users’ data is available when the network connection to the server that is hosting a redirected folder becomes latent or unavailable.

Folder Redirection Group Policy management allows the server administrator to redirect users’ folders on computers running Windows 7 Professional, Windows 7 Enterprise, Windows 7 Ultimate, and Windows 8 to the server running the Essentials Experience.

Information collected, processed, or transmitted

No information is collected or sent to Microsoft.

Use of information

For more information about Folder Redirection, see What's New in Folder Redirection and User Profiles.

Choice and control

This feature is off by default. The administrator for the Essentials Experience can turn this feature on or off anytime as follows:

  1. Open the Essentials Dashboard.

  2. Click the Devices tab.

  3. Launch the Implement Group Policy Wizard and follow the instructions.

Online Help

What this feature does

You can choose to have Help search online when you are connected to the Internet, giving you the most up-to-date content available.

Information collected, processed, or transmitted

When you use online Help, your request is sent to Microsoft, in addition to any rating or feedback that you choose to provide about the Help topics presented to you. If you enter any personal information into the search or feedback boxes, the information will be sent to Microsoft, but will not be used to identify or contact you.

Use of information

Online Help uses the information in your search and in your feedback to return the most relevant results, improve the existing content, and develop new content.

Choice and control

By default, online Help is disabled. When you click Help the first time, you are prompted with a message to let you know that you will be redirected to an external website through the Internet. You can choose to not open the Help website by clicking No. If online Help is turned off, results from online Help will not be included when you use Help. You can later change your selection by clicking Help again and accepting to open online Help.

Microsoft Update

What this feature does

Microsoft Update is a service that provides Windows updates and updates for other Microsoft software.

Information collected, processed, or transmitted

For details about what information is collected and how it is used, see the Update Services privacy statement.

Choice and control

During setup, the Essentials Experience performs a one-time, mandatory check with Windows Update to receive the latest important updates for your computer. If updates are found, the Essentials Experience automatically downloads and installs them so your computer is up to date the first time that you sign in or use it.

During setup, you are also prompted to choose whether to enable ongoing automatic updates from Windows Update. If you choose Use recommended settings or Install updates only on the Settings page in the Essentials Experience during the server setup, Windows Update automatically downloads and installs important and recommended updates.

You can also turn automatic updates from Windows Update on or off at any time.

To turn automatic updates on or off:

  1. In the Dashboard, click Settings.

  2. In the Windows Update section of the General page, turn Windows Update on or off, and then click OK.

When you install Connector software, you can choose to have updates applied to the Connector software automatically. If you choose to have updates installed automatically, they will be downloaded from your server running the Essentials Experience. You can choose to download and install Connector software updates manually when you install the Connector software. You can change your choice by reinstalling the Connector software and selecting Download and install the updates myself during the software setup.