Export (0) Print
Expand All

Privacy Information for Azure Backup

Published: April 4, 2013

Updated: April 7, 2014

Applies To: Windows Server 2008 R2 with SP1, Windows Server 2012

Information that is collected by or sent to Microsoft by the Service, including your Data, may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland.

The following section provides more information on privacy impacting features of Azure Backup.

What This Feature Does:

Collect the user ID and password from customer and authenticate the user for the same.

Information Collected, Processed, or Transmitted:

For more information on information collected, processed or transmitted refer Microsoft Online Services Privacy Statement at http://go.microsoft.com/fwlink/p/?LinkId=251468.

What This Feature Does:

You can use this feature to register your server with the Service. Registration will help establish a trust relationship between your server and the Service in order for the Service to back-up your Data.

Information Collected, Processed, or Transmitted:

After registering a server, the Service collects, processes, and transmits the following information:

  1. Passport Unique Identification (“PUID”) for the user ID that Microsoft provides to you for the purpose of registering for this Service;

  2. A certificate generated on your server designated for back-up by the Service; and

  3. Name of the server being registered.

Use of Information:

The Service uses the above information in the following manner:

  1. PUID for user ID for your organization: This is used to validate that the self-signed certificate (item 2 below) being received is from a trusted source (i.e. your registered server). When using the pre-release version of this Service (e.g., during a Microsoft Technical Adoption Program), the Service will be pre-provisioned with the PUIDs for the user IDs that are being provided for your organization.

  2. Certificate: This is used to help identify and authenticate a registered server to access the Service. The Service uses the public key portion of the certificate to secure a token that only the registered server can gain access to. The server will need to use this token to gain access to the Service’s features.

  3. Name of the server: The server name is required in using the Service’s recovery feature described below. When you decide to recover your backed-up data, you will be presented with a list of all of your registered servers by name so that you can correctly identify which backed-up data you want to recover and restore.

Choice/Control:

This information is an essential part of the Service’s registration process because it helps you and the Service identify which Data you want to restore as well as identify the correct registered server. If you do not wish to send this information to the Service, do not use this Service. If you register your server and then later wish to unregister it, then you may do so by using the commandlets as described in the Early Adopter’s Guide. However, by unregistering your server from the Service, you will not be able to keep your backup up to date or restore your Data to the correct registered server.

What This Feature Does:

This feature allows user to diagnose the issue. It allows user to view more information regarding recommended actions or resolution when encounters the error. The link would launch internet explorer which would open technet wiki with relevant information.

Information Collected, Processed, or Transmitted:

The Service collects, processes, and transmits the following information as part of its P2W links feature:

  • Agent name.

  • Version of the agent.

  • Event ID.

  • LCID

Use of Information:

The Service uses the above information in the following manner:Agent name, Version of agent, Event ID, LCID (locale ID) would uniquely identify the relevant wiki article to be shown or search the results from Bing.

Choice/Control:

If you do not want this information sent to the Service, do not use this Service.

What This Feature Does:

This Service helps you back-up Data located in your server‘s files and folders that you designate to be backed up by the Service. “Data” includes all text, sound, images, and files that you upload to or back-up using the Service.

Information Collected, Processed, or Transmitted:

The Service collects, processes, and transmits the following information as part of its backup feature:

  • Metadata for the backup which includes registered server names, volume of data, the time when the data was backed up from the registered server, file names, folder names, and file attributes such as Access Control List (“ACL”), file sizes and modified times, as well as alternate streams.

  • Customer Data and file content is encrypted with an auto-generated key created by your Windows Server software.

  • Encrypted form of the key that is auto-generated on the registered server.

Use of Information:

The Service uses the above information in the following manner:

  1. Metadata is used to enable recovery operations such as browsing for file/folder data prior to recovery, or searching for file/folder data prior to recovery;

  2. A token signed with the certificate that was generated during the server registration step. This allows the Service to authenticate your server uniquely.

  3. The encrypted form of the auto-generated encryption key is transferred and stored along with your backed-up Data. When you restore your Data, this encrypted key is restored first and unencrypted on your registered server. Then, the encrypted data is downloaded as a part of the restore feature, and unencrypted locally before restoring your Data to the registered server.

Choice/Control:

If you do not want this information sent to the Service, do not use this Service.

Important Information:

When you designate Data to be sent to the Service, the Data is encrypted on your registered server prior to being sent to the Service. While you may be required to specify an encryption passphrase at the time your data is restored, it is not transmitted to the Service. In other words, only you know your encryption passphrase, and it is not shared with Microsoft. Once the Service recovers and restores your data to your designated, registered server, your encryption passphrase will be required to help unencrypt the recovered Data.

All Data on a server, including files from connected PCs, can be accessed and backed up by the server administrator. This access is a feature of the server and not the Service. It is up to you whether to notify PC users of such administrator access.

The encryption passphrase allows for data to be encrypted and isolated but the metadata, which includes the file and folder properties like names, security streams, etc., can be accessed by other admins of the same company.

The User name and proxy password would be stored on local machine. The password may be visible to others admins on the machine. Please ensure that you use an appropriate credential for the same.

What This Feature Does:

This feature helps recover the backed-up Data stored in the Service to one of your registered servers that you designate as the target location.

Information Collected, Processed, or Transmitted:

The recovery feature collects processes and transmits the following information as part of recovery:

  1. Your server name where the backup was performed;

  2. The volume of the Data to be recovered;

  3. The time when the Data was backed up to the Service;

  4. The name of the files and folders to recovery, and

  5. The target location within your registered server for the Service to restore your Data.

Use of Information:

The Service uses the above information in the following manner:

  1. Details like the server name, volume, file and folder names, and back-up time help the Service identify which backed-up/stored Data you would like to restore;

  2. The target location is required in order to determine where the recovered Data should be sent to on your registered server.

Choice/Control:

If you do not want this Data sent to the Service, do not use this feature.

Important Information:

  1. An encryption passphrase is required to help unencrypt the recovered Data once it is restored on your registered server. While you may be required to specify an encryption passphrase at the time your Data is restored, it is not transmitted to the Service.

  2. All Data sent by the Service to Azure™ occurs over HTTP/HTTPS. For more information, see the Azure Platform Privacy Statement at http://www.microsoft.com/online/legal/en-us/Azure_privacy_statement.htm

What This Feature Does:

When you designate your Data for back-up by this Service, your server’s IP address, along with your Data, is sent to Azure for storage.

Information Collected, Processed, or Transmitted:

The Service collects, processes, and transmits your registered server’s IP address where your Data is located.

Use of Information:

The Service uses your registered server’s IP address to identify the server where your Data is located in order to help the Service back-up the correct Data. It also uses your server’s IP address to help locate your Data while being stored in Azure in order to identify your Data and then restore your Data to the correct server.

Choice/Control:

If you do not want your server’s IP address to be sent to the Service, do not use this feature.

What This Feature Does:

We collect basic information about your hardware configuration; how you use our software and Service; the type and number of errors you encounter; Service, software and hardware performance; and the speed of services in order to identify trends and usage patterns. The information is collected for the following purposes:

  1. Analyzing the data to understand the customers’ use of the Service in order to provide, operate, maintain, and/or improve the quality, reliability and performance of the Service.

  2. Auditing of actions as part of our SLA and compliance program.

Information Collected, Processed, or Transmitted:

The telemetry reporting service gathers the following information from all customers:

  1. Usage of the Service

  2. Customer PUID, Machine ID, Company ID for all of the operations below:

    1. Subscriptions to the Service;

    2. Registration of servers with the Service and identification of the customer’s SKU;

    3. Machine ID and company ID (both are generated by the Service) to understand the typical distribution of servers across the service customers;

    4. Backup configuration and settings changed (Add/Update/Delete) on customer servers;

    5. Backup analytics – the following details are captured by Service per server: the date and time of backup; the amount of data backed up; number of files backed-up; the change rate of data backed up; the time taken for backup operation (and individual components within the backup);

    6. Restore analytics – the following details are captured by Service per server: the date and time of restore; the amount of data restored; number of files restored; the change rate of data restored; the time taken for restore operation (and individual components within the restore operation), and type of restore (same server or alternate server); and

    7. Use of Service feature (e.g., frequency of backup/restore operations, Service being used for the backup or restore features, or both).

  3. Reliability of the service

    1. Information about Failures and Warnings encountered during Agent operations along with Error Code, operating system version, and Agent version.

  4. Usage of web portal

    1. Browser type, Page load time, Page request time, Location of the request and other information which would identify the speed reliability and performance of the web request.

Use of Information:

The Service uses the above information in the following manner:

  1. Understanding the subscription patterns across Service customer, distribution of servers and server SKU details across Service customers;

  2. Understanding the policy and configurations setting on services help provide backup and restore patterns around backup operations -- e.g. the number of backups that occur per day or week -- helps Microsoft improve the Service’s scale.

  3. Understanding the distribution of the amount of Data transferred (backed up / restored) during typical Backup/Restore and individual customer’s usage patterns. This information will allow Microsoft to properly maintain the service, improve the Service’s capacity planning and scale, and identify potential misuse of the service that could be result in other customers getting affected.

  4. Understanding typical usage of features by customer, frequently encountered failure and error scenarios helps improving the reliability of the service and identify general areas of improvement across the entire service.

  5. Identify general areas of improvement for the web portal.

  6. To identify demand for the service in different regions and contact customers for service-related and/or support scenarios

  7. Meet Auditing compliance requirements for updates that cause changes to the Service state.

Choice/Control:

This feature is turned on by default and cannot be turned off for this Service. If you do not want the above listed data sent to the Service, do not use this Service.

What This Feature Does:

Microsoft Error Reporting provides a service that allows you to report problems you may be having with this Service to Microsoft and to receive information that may help you avoid or solve such problems.

Information Collected, Processed, or Transmitted:

For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at http://oca.microsoft.com/en/dcp20.asp.

Use of Information:

We use the error reporting data to solve customer problems and improve our software and the Service.

Choice/Control:

The Service will honor the Microsoft Error Reporting settings on each computer that is backed-up by the Service. It does not change these settings.

Important Information:

Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at http://msdn.microsoft.com/en-us/library/bb513638(v=VS.85).aspx.

What This Feature Does:

You can choose to have online Help search when you are connected to the Internet, giving you the most up-to-date content available.

Information Collected, Processed, or Transmitted:

When you use online Help, your request is sent to Microsoft. If you type any personal information into the search box, the information will be sent to Microsoft, but will not be used to identify or contact you.

Use of Information:

Online Help uses the information in your search to return the most relevant results, improve the existing content, and develop new content.

Choice/Control:

If you do not wish to send this data to Microsoft, do not use the online help feature.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft