Tenant attach data collection

Applies to: Configuration Manager (current branch) f

When you attach your Configuration Manager site with a Microsoft Intune tenant, the site sends more data to Microsoft. This article summarizes the data that's sent.

Tenant attach makes the Microsoft Intune admin center your console in the cloud. The architecture allows the Configuration Manager site to synchronize data about the device and the user to your Intune tenant. You can then query and present data from your on-premises environment in the cloud console in real time without active synchronization. It can fetch large volatile data from your on-premises site. Tenant attach uses a mixture of these methods to provide efficient up-to-date information in the cloud console.

Important

The Microsoft data handling policies are described in the Microsoft Intune Privacy Statement. We only use your customer data to provide you the services you signed up for.

We don't sell any data collected by our service to any third parties for any reason.

The data is all required service data that's needed for the tenant attach connected experience. Required service data includes the following information:

  • Customer content, which is content you create. For example, the name of your LOB application.
  • Functional data, which includes information needed by a connected experience to perform its task. For example, configuration information about the app.
  • Service diagnostic data, which is the data necessary to keep the service secure, up to date, and performing as expected. Because this data is strictly related to the connected experience, it's separate from required or optional diagnostic data levels.

The Microsoft Intune family of products collects information that falls into three categories:

  • Identified data: Most data that Microsoft Intune and Configuration Manager collect is identified data. This data is tied to a user, device, or application and is essential to the nature of management. Identified data is used to manage a user's device and applications.

  • Pseudonymized data: This data is associated with a unique identifier. It's typically a number generated by the system that on its own can't identify an individual person. The Microsoft Intune family of products use this data to deliver the enterprise service.

  • Aggregated data: This data is usage statistics such as the number of devices or which controls you use in the Microsoft Intune admin center.

The following sections provide examples of the types of data that tenant attach synchronizes to the cloud. They're grouped by functional entity, so you can review for specific features that you're using.

Applications

For each Windows Installer (msi) deployment type:

  • ProductName: The name of the application
  • Publisher: The entity that published the software
  • Version: The version of the application
  • ProductLanguage: The language code for the application
  • ProgramID: An identifier for the deployment type

Device sync

For each device:

  • SMSID: The unique identifier of your Configuration Manager hierarchy
  • AADTenantID: The unique identifier of your Microsoft Entra tenant
  • AADDeviceID: The unique identifier of the device in Microsoft Entra ID
  • Name: The device's host name
  • DeviceOS: The name of the device's operating system. For example, Microsoft Windows NT Server 6.3
  • DeviceOSBuild: The build version of the device's operating system. For example, 10.0.19041
  • AADPrimaryUserID: The unique identifier of the device's primary user in Microsoft Entra ID
  • Model: The device model
  • Manufacturer: The device manufacturer
  • SerialNumber: The device serial number
  • DomainNames: Any domain names for the device
  • SKU

Microsoft Defender for Endpoint

For any collection that you select for Endpoint policy deployment:

  • CollectionId: The unique identifier of the collection. For example, ABC00014
  • CollectionName: The name of the collection. For example, All Windows servers
  • CollectionType: Identifies whether it's a device or user collection.
  • CountTargeted: The count of devices that you target with this policy
  • CountCompliant: The count of devices that are compliant with this policy
  • CountNonCompliant: The count of devices that aren't compliant with this policy
  • CountFailed: The count of devices that failed to process this policy
  • CountActivated: The count of devices where the policy is activated
  • CountEnforced: The count of devices where the policy is enforced
  • TenantId: The unique identifier of your Microsoft Entra tenant
  • HierarchyId: The unique identifier of your Configuration Manager hierarchy
  • DeviceId: The unique identifier of the device in Microsoft Entra ID
  • ProductStatus: Provide the current state of the product
  • ComputerState: Provide the current state of the device
  • DefenderEnabled: Indicates whether the Windows Defender service is running
  • RtpEnabled: Indicates whether real-time protection is running
  • NisEnabled: Indicates whether network protection is running
  • QuickScanOverdue: Indicates whether a Windows Defender quick scan is overdue for the device
  • FullScanOverdue: Indicates whether a Windows Defender full scan is overdue for the device
  • SignatureOutOfDate: Indicates whether the Windows Defender signature is outdated
  • RebootRequired: Indicates whether a device reboot is needed
  • FullScanRequired: Indicates whether a Windows Defender full scan is required
  • EngineVersion: Version number of the current Windows Defender engine on the device
  • SignatureVersion: Version number of the current Windows Defender signatures on the device
  • DefenderVersion: Version number of Windows Defender on the device
  • QuickScanTime: Time of the last Windows Defender quick scan of the device
  • FullScanTime: Time of the last Windows Defender full scan of the device
  • QuickScanSigVersion: Signature version used for the last quick scan of the device
  • FullScanSigVersion: Signature version used for the last full scan of the device
  • TamperProtectionEnabled: Indicates whether the Windows Defender tamper protection feature is enabled
  • IsMdeSenseRunning: Indicates the Windows Defender Advanced Threat Protection Sense running state
  • MdeOnboardingState: Indicates Defender for Endpoint onboarding state for the device
  • IsVirtualMachine: Indicates whether the device is a virtual machine
  • LastUpdateTime: Time of the last Windows Defender signature update
  • ThreatID: The ID of a threat that has been detected by Windows Defender
  • ThreatName: The name of the specific threat
  • Category: Threat category ID
  • Severity: Threat severity ID
  • URL: URL link for additional threat information
  • CurrentStatus: Information about the current status of the threat
  • CurrentStatusID: Information about the current status of the threat
  • ExecutionStatus: Information about the execution status of the threat
  • LastThreatStatusChangeTime: The last time this particular threat was changed
  • InitialDetectionTime: The first time this particular threat was detected
  • NumberOfDetections: Number of times this threat has been detected on a particular client

For more details on data collected for Microsoft Defender for Endpoint, see Defender CSP.

Azure Application Insights

The site uploads data to the Azure Application Insights service. Application Insights detects issues for problem solving and continuous application improvement. The following data is sent to this service:

  • OS version information for the service connector point
  • Site version information
  • Site support ID, also known as the hierarchy ID
  • Language information
  • Azure tenant ID
  • Microsoft Entra client ID
  • Exceptions and errors that the service connector point generates
  • Status events for the service operation

For more information on this service, see Application Insights API for custom events and metrics. Configuration Manager currently uses the following API methods: TrackEvent, TrackException, TrackRequest, and TrackTrace.

See also

For more general information on the data that Configuration Manager collects, see Diagnostics and usage data for Configuration Manager.

For more information about related privacy aspects, see the following articles: