Privacy
Windows Autopatch is a cloud service for enterprise customers designed to keep Windows devices updated. This article provides details about data platform and privacy compliance for Windows Autopatch.
Windows Autopatch data sources and purpose
Autopatch collects and stores data according to the Microsoft Privacy Statement.
When you use Windows Autopatch features, data from various sources is used to properly administer enrolled devices and monitor that the service is working properly.
The sources include Microsoft Entra ID, Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages.
| Data source | Purpose |
|---|---|
| Microsoft Windows 10/11 Enterprise | Management of device setup experience, managing connections to other services, and operational support for IT pros. |
| Microsoft Intune | Device management and to keep your data secure. The following endpoint management data sources are used:
|
| Windows Autopatch |
|
| Microsoft 365 Apps for enterprise | Management of Microsoft 365 Apps. |
Windows Autopatch data process
Windows Autopatch relies on data from multiple Microsoft products and services to provide its service to enterprise customers. To protect and maintain enrolled devices, we process and copy data from these services to Windows Autopatch. When we process data, we follow the documented directions you provide as referenced in the Online Services Terms and Microsoft Privacy Statement.
Processor duties of Windows Autopatch include ensuring appropriate confidentiality, security, and resilience. Windows Autopatch employs additional privacy and security measures to ensure proper handling of personal identifiable data.
Windows Autopatch data storage
Data obtained by Windows Autopatch and other services are required to keep the service operational. If a device is removed from Windows Autopatch, we keep data for a maximum of 30 days. For more information on data retention, see Data retention, deletion, and destruction in Microsoft 365.
Feature, quality, and driver update policy data is stored in only two regions, either in Azure's North American or European data center.
Windows Autopatch groups and Windows Autopatch Client Broker stores its data in the Azure data centers based on your data residency. For more information, see Microsoft 365 data center locations.
Microsoft Windows 10/11 diagnostic data
Windows Autopatch uses Windows diagnostic data to keep Windows secure, up to date, and fix problems.
To take advantage of the unique deployment scheduling controls and protections tailored to your population, devices must share diagnostic data with Microsoft. For these features, at minimum, the deployment service requires devices to send diagnostic data at the Required level for these features.
Windows Autopatch only processes and stores system-level data from Windows 10/11 optional diagnostic data that originates from enrolled devices. Windows Autopatch doesn't process and store customers' data such as chat and browser history, voice, text, or speech data.
For more information about the diagnostic data collection of Microsoft Windows 10/11, see the Where we store and process data section of the Microsoft Privacy Statement.
For more information about how Windows diagnostic data is used, see:
Microsoft Entra ID
Identifying data used by Windows Autopatch is stored by Microsoft Entra ID in a geographical location. The geographical location is based on the location provided by the organization upon subscribing to Microsoft online services, such as Microsoft Apps for Enterprise and Azure. For more information on where your Microsoft Entra data is located, see Microsoft Entra ID - Where is your data located?
Microsoft Intune
Microsoft Intune collects, processes, and shares data to Windows Autopatch to support business operations and services. For more information about the data collected in Intune, see Data collection in Intune.
For more information on Microsoft Intune data locations, see Where your Microsoft 365 customer data is stored. Intune respects the storage location selections made by the administrator for customer data.
Microsoft 365 Apps for enterprise
Microsoft 365 Apps for enterprise collects and shares data with Windows Autopatch to ensure those apps are up to date with the latest version. These updates are based on predefined update channels managed by Windows Autopatch. For more information on Microsoft 365 Apps's data collection and storage locations, see Microsoft Defender for Endpoint data storage and privacy.
Major data change notification
We notify customers through the Microsoft 365 message center, and the Windows Autopatch admin center about security incidents and major changes to the service.
Changes to the types of data gathered and storage are considered a material change. We provide a minimum of 30 days advanced notice of this change as it's standard practice for Microsoft 365 products and services.
Data subject requests
Windows Autopatch follows General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) privacy regulations, which give data subjects specific rights to their data.
These rights include:
- Obtaining copies of data
- Requesting corrections to it
- Restricting the processing of it
- Deleting it
- Receiving it in an electronic format so it can be moved to another controller
For more general information about Data Subject Requests (DSRs), see Data Subject Requests and the GDPR and CCPA.
To exercise data subject requests on data collected by the Windows Autopatch case management system, see the following data subject requests:
| Data subject requests | Description |
|---|---|
| Data from Windows Autopatch support requests | Your IT administrator can request deletion, or extraction of data related support requests by submitting a report request in the admin center. Provide the following information:
|
For Data Subject Requests from other products related to the service, see the following articles:
Legal
The following is Microsoft's privacy notice to end users of products provided by organizational customers.
The Microsoft Privacy Statement notifies end users that when they sign into Microsoft products with a work account:
- Their organization can control and administer their account (including controlling privacy-related settings), and access and process their data.
- Microsoft might collect and process the data to provide the service to the organization and end users.