Microsoft Telemetry Data

Question

I work at a large company and started digging through firewall logs to get my head around the network and what is going on. I noticed a HUGE amount of traffic going to 72.21.81.240. I cross-correlated this IP with one of our network monitor tools and it shows this IP as cs11.wpc.v0cdn.net. Based on research this looks to be some Microsoft telemetry data? I googled around and couldn't find any good info on how to stop our Windows servers (2012 R2 and 2016) from trying to call home.

Anyone else have this issue? It creates a huge amount of traffic on our firewalls (which we are dropping). Trying to get rid of some of the noise in our environment to make everyone's job a bit easier.

Looks like a Windows Update mirror. Are you sure the HUGE amount of traffic was going OUT, and not IN? — Michael Hampton, May 02 '19 at 00:34

yagmoth555 · Answer 1 · 2019-05-01T21:31:44.670

To disable it you can use that following GPO:

Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds/Allow telemetry, set it to 0.

Be advised you can on all Windows Server 2016+, but for Windows 10 only the enterprise\IoT version follow that setting.

For the 2012R2, please disable the Diagtrack service, it will remove the telemetry usage, as the GPO don’t target that OS (same tip if you have Windows 7/8 inside your corporation)

More data there; https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization

Microsoft Telemetry Data

1 Answers1