Privacy statement

Microsoft is committed to protecting your privacy while delivering software and services that bring you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft Forefront Threat Management Gateway (Forefront TMG). This is a preliminary disclosure that focuses on features that communicate with the Internet and is not intended to be an exhaustive list. It does not apply to other Microsoft Web sites, products, or services.

The personal information that we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates in order to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized. It may also be used to request additional information on feedback that you provide about the product or service that you are using, to provide critical updates and notifications regarding the pre-release software, or to improve the product or service (for example, bug and survey form inquiries).

Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as answering customer questions about products or services or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose.

Microsoft may disclose personal information about you if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Microsoft or the site; (b) protect and defend the rights or property of Microsoft and its family of Web sites; or (c) act in urgent circumstances in order to protect the personal safety of Microsoft employees, users of Microsoft products or services, or members of the public.

This software contains Internet-enabled features that collect certain standard information from your computer (standard computer information) and send it to Microsoft. Microsoft uses standard computer information in order to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information includes certain information about your computer software and hardware, such as your IP address, operating system, and Web browser software and version. The privacy details for each feature listed in this privacy statement describe what additional information is collected and how it is used.

Information that is collected by or sent to Microsoft may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or agents maintain facilities, and by using this software, you consent to any such transfer of information outside of your country. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union.

The following data collection and use for Forefront TMG is described below in specific features descriptions:

  • Alerts, event log, and Microsoft System Center Operations Manager
  • Cache
  • Customer Experience Improvement Program
  • Logging
  • Microsoft Telemetry Service
  • Tracing
  • Update Center
  • Windows error reporting

Microsoft is committed to protecting the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, and these systems are located in controlled facilities.

We will occasionally update this privacy statement in order to reflect customer feedback and changes in our products and services. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement in order to be informed of how Microsoft is protecting your information.

Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe we have not adhered to it, please contact us at, or:

TMG Privacy

Microsoft Corporation

One Microsoft Way

Redmond, Washington 98052 USA

The following sections contain information on Forefront TMG features and their impact on privacy.

Alerts, event log, and Microsoft System Center Operations Manager

What this feature does

Forefront TMG notifies you when specified events and/or conditions occur by triggering an alert for the event. For example, attacks detected by Forefront TMG, service issues, log failures, and various certificate issues will trigger alerts. These alerts are not sent to Microsoft unless you choose to do so by using Microsoft System Center Operations Manager.

The Forefront TMG Management Pack for Operations Manager monitors Forefront TMG events and alerts.

Information collected, processed, or transmitted

The following may contain IP addresses:

  • Forefront TMG alerts
  • Events written by Forefront TMG to the Windows Server event log
  • Forefront TMG events Microsoft System Center Operations Manager

Choice and control

Events are not user-controlled. Alerts can be configured through Forefront TMG Management. Optionally, you can also configure System Center Operations Manager with Forefront TMG. If you do so, System Center Operations Manager will reflect the alert definitions of Forefront TMG, and you can choose to send alerts to Microsoft.

For more information about Microsoft System Center Operations Manager, see the Microsoft System Center Privacy Statement.


What this feature does

Forefront TMG implements a cache feature in order to help improve performance and response times for Web requests made to your server. You can configure the cache to contain Web objects that are frequently requested by users. When a user makes a request, the caching mechanism serves the requested object directly from the cache instead of making a request to the Internet. Forefront TMG provides two types of caching:

Forward caching—Forward caching provides cached Web objects to internal users making Web requests to the Internet.

Reverse caching—Reverse caching provides cached content to external Internet clients making requests to internal Web servers published by ISA Server.

Information collected, processed or transmitted

The Forefront TMG cache does not typically contain personal information, unless you select the option Content requiring user authentication for retrieval in the properties for a cache rule. In this case, personal information, such as user names and any personal information that is included in the cached pages, is stored in the cache. The information in the cache can only be viewed by a Forefront TMG administrator.

Choice and control

The Forefront TMG cache is not enabled by default. The administrator can enable or disable the cache and configure its properties through Forefront TMG Management.

For more information about Forefront TMG administrator permissions, see Managing roles and permissions.

Customer Experience Improvement Program

What this feature does

If you choose to participate, basic information about your computer and how you use Forefront TMG is collected in Customer Experience Improvement Program (CEIP) reports. Some limited information about the software you run might also be collected in order to help improve how our products interact with that software. These reports are sent to Microsoft, where we use them to help improve the features our customers use most often and to create solutions to common problems.

Information collected, processed or transmitted

CEIP reports generally include information about the following:

  • Configuration—Such as how many processors are in your computer, the number of network connections in use, screen resolutions for display devices, and which version of Windows is running. Reports can also include configuration information, such as the strength of the signal between your computer and a wireless or Bluetooth enabled device, and if some features are turned on, such as high-speed USB connections.
  • Performance and reliability—Such as how quickly a program responds when you click a button, how many problems you experience with a program or a device, and how quickly information is sent or received over a network connection.
  • Program use—Such as the Forefront TMG features that you use the most often and how often you use them.

This information is sent to Microsoft when you are connected to the Internet. CEIP reports do not contain personal information, such as your name, address, or phone number; however, some reports may unintentionally contain individual identifiers, such as a serial number for a device that is connected to your computer. Microsoft filters the information contained in CEIP reports in order to try to remove any individual identifiers that they might contain. To the extent that individual identifiers are received, Microsoft does not use them to identify you or contact you.

CEIP also generates a globally unique identifier (GUID) that is stored on your computer and sent with CEIP reports to uniquely identify your computer. The GUID is a randomly generated number that does not contain personal information.

Use of information

Microsoft uses CEIP information to improve our software. We use the GUID in order to assess how widespread the feedback we receive is and how to prioritize it. For example, the GUID allows Microsoft to distinguish between one customer experiencing a problem one hundred times and other customers experiencing the same problem once. Microsoft does not use the information collected by CEIP reports to identify you or contact you. Although the IP address through which you access the Internet is sent to Microsoft with each CEIP report, Microsoft does not use it to identify you or contact you.

Choice and control

This feature is turned off by default. If you choose to participate, CEIP will collect the information described above for all users on your computer. Administrators can stop all users from participating in the Customer Experience Improvement Program under Problem Reports and Solutions in Control Panel.

  • To enable or disable participation in CEIP, click Control Panel, click System and Maintenance, click Problem Reports and Solutions and then, in the left pane, under See also, click Customer Experience Improvement Settings.

For more information, see the frequently asked questions about the Microsoft Customer Experience Program.


What this feature does

The Forefront TMG log stores information, such as computer name, user name, and URLs, which may contain personal information.

Information collected, processed or transmitted

You may configure which fields the Forefront TMG log will store by using the Forefront TMG Management tool.

To configure what fields a Forefront TMG log records
  1. In the Forefront TMG Management console tree, click Monitoring.

  2. In the details pane, click the Logging tab.

  3. On the Tasks tab, select the appropriate task:

    • Configure Firewall Logging—To configure the Firewall log.
    • Configure Web Proxy Logging—To configure the Web Proxy log.
  4. On the Fields tab, do one of the following:

    • To select specific fields, select the appropriate check box.
    • To clear all the check boxes in the field list, click Clear All.
    • To select all the check boxes in the field list, click Select All.
    • To select a default set of fields in the Forefront TMG log file, click Restore Defaults.

Microsoft Telemetry Service Reports

What this feature does

When Forefront TMG identifies potential malware, it reports information about the potential attack to Microsoft. Microsoft stores this information and analyzes it in order to help identify attack patterns and to improve precision and efficiency of threat mitigations. Microsoft uses this analyzed information to report on top potential threats in the global network. The information collected is not used to identify or contact you.

Information collected, processed, or transmitted

The information collected by Microsoft includes the traffic triggering the potential threat and the potential threat identified, such as protocol information, file names, cryptographic hash, vendor, size, and date stamps. In addition, if you choose advanced membership, Microsoft will collect full URLs to help indicate the origin of the file or traffic. These URLs may inadvertently contain personal information such as search terms or data entered in forms, but this information will not be used to identify or contact you. We may also collect a record of the actions (deny or permit) you applied when a potential threat was detected. Microsoft collects this information in order to help Microsoft gauge the effectiveness of Forefront TMG’s ability to mitigate malware attempts and to provide you and other users information on top potential threats.

Forefront TMG will also send a report to Microsoft automatically when:

  • Forefront TMG detects software or changes to your computer by software that has not yet been analyzed for risks.
  • You apply actions to software that Forefront TMG has detected.
  • Forefront TMG completes a scheduled scan and automatically applies actions to software that it detect, according to your settings.

You can join Microsoft Telemetry Service with a basic or an advanced membership.

Basic membership

As a basic member, reports collected by Microsoft from you include standard computer information as well as threat identifier, source and destination IP and port, URLs truncated to the fully qualified domain name (e.g.,, a one-way hash of the traffic data, and a globally unique identifier (GUID) to uniquely identify your computer.

The GUID is a randomly generated number; it does not contain any personal information.

Advanced membership

In addition to the information in the basic membership, if you are an advanced member, the reports collected from you by Microsoft include additional data, such as full URL strings and Internet traffic samples captured by Forefront TMG.

Reports may unintentionally contain personal information. To the extent that any personal information is included in a report, Microsoft does not use the information to identify you or contact you.

To help protect your privacy, Microsoft Telemetry Service reports that are sent to Microsoft are encrypted by using SSL.

Use of information

These reports, along with reports from other Forefront TMG users who are participating in Microsoft Telemetry Service, help Microsoft researchers discover new threats more rapidly and optimize known threat mitigations.

The reports may also be used for statistical or other testing or analytical purposes, trending, and anti-malware definition generation.

Choice and control

You can update or cancel your Microsoft Telemetry Service membership at any time. To change your Microsoft Telemetry membership, use the options provided in the on the Join Microsoft Telemetry Service tab, which can be accessed by right-clicking any array name and clicking Properties.

Microsoft Update Center

What this feature does

Forefront TMG uses Microsoft Update technology and the Microsoft Update Center (Update Center) to provide you with centralized management of software and anti-malware definition updates for ISA Server as well as other products on your server. It also allows you to configure the frequency of automatic software and definition updates for ISA Server. The Update Center agent contacts Microsoft Update to download updated definition files automatically.  Standard computer is information will be sent.  This information will be used for customizing software updates and definition files for you, and will not be used to identify or contact you. 

Information collected, processed, or transmitted

The Update Center provides standard computer information to Microsoft Update in order to deliver updates to you. For more information about Microsoft Update, see the Microsoft Update Privacy Statement.

Choice and control

You can access the Update Center and change your update settings at any time through Forefront TMG. You can also change your Microsoft Update settings through Windows; however, we recommend that you access the Update Center from within Forefront TMG to change update settings for Forefront TMG. If you change your Microsoft Update settings from Windows, Forefront TMG may not be able to provide you with anti-malware definition file updates. Please note that you must have joined Microsoft Update and have configured updates in the Forefront TMG Update Center in order to receive anti-malware definition file updates for Forefront TMG.


What this feature does

Forefront TMG can be configured to enable tracing within its code in order to provide detailed failure and debugging information. Tracing results are compiled into a binary file that contains the tracing data.

Information collected, processed or transmitted

Passwords that are identified in Forefront TMG tracing data are removed before the tracing data output is created. However, personally identifiable information, such as user names, URLs, and web content, is included in the trace. The trace information can only be viewed by a Forefront TMG administrator. For more information about Forefront TMG administrator permissions, see Managing roles and permissions.

Choice and control

Tracing is not installed with Forefront TMG. It is provided by Customer Support Services as a troubleshooting tool when necessary.

Windows Error Reporting

What this feature does

Many Microsoft software programs, including Windows Server 2008 and Windows Vista, are designed to work with the Microsoft Error Reporting Service. If a problem occurs in one of these software programs, you are asked if you want to send a report so you can check for a solution. You can view the details of the report before sending it, although some files might not be in a readable format.

The Microsoft Error Reporting Service helps Microsoft and Windows partners diagnose problems in the software you use and provide solutions. Not all problems have solutions, but when solutions are available, they are offered as steps to solve a problem you’ve reported or as updates to install.

In Windows Server 2008 and Windows Vista, you can report problems automatically instead of having Windows ask for your consent each time a problem occurs. If you use automatic reporting, you are not typically prompted to review the information in a report before it is sent. However, no information is sent unless you choose to report problems. You can choose to stop reporting problems at any time.

Information collected, processed or transmitted

Windows problem reporting can collect information about problems that interrupt you while you work and about errors that occur behind the scenes. Reports might unintentionally contain personal information, but Microsoft does not use the information to identify you or contact you. For example, a report that contains a snapshot of computer memory might include your name, part of a document you were working on, or data that you recently submitted to a website. Personal information that Forefront TMG is aware of, such as passwords, will be encrypted in the report, so it is not readable. However, other personal information, such as information that may be contained in web content, will not be encrypted and will be readable in the report. If you are concerned that a report might contain personal or confidential information, you should not send the report. If a report is likely to contain this type of information, Windows will ask if you want to send it, even if you have turned on automatic reporting. This gives you the opportunity to review the report before sending it to Microsoft.

Reports that you have not yet sent to Microsoft, including files and data attached to those reports, may be stored on your computer until you have an opportunity to review and send them. Reports that you have already sent, including files and data attached to those reports, may also be stored on your computer.

For more information about what data may be contained in error reports, see the Privacy Statement for the Microsoft Error Reporting Service.

Use of information

Microsoft uses information about errors and problems in order to improve Windows and the software and hardware designed for use with Windows operating systems. Microsoft employees, contractors, vendors, and partners may be provided access to information collected by the reporting service. However, they may use the information only to repair or improve the products that they publish or manufacture. For more information about how error report data is used, see the Privacy Statement for the Microsoft Error Reporting Service.

Choice and control

To view your problem history, check for new solutions, or delete problem reports and solutions, go to Problem Reports and Solutions in Control Panel. For more information, see Windows Help and Support.