Windows 10 and 11 ship with extensive telemetry enabled by default. Every search query, app launch, and hardware event can be transmitted to Microsoft. If you manage client machines or simply value privacy on your own PC, understanding and controlling this data flow is essential.

What does Windows telemetry actually collect?

Microsoft groups telemetry into three levels:

  • Diagnostic data (Required) — Basic device info, update compatibility data, and crash logs. This is the minimum level and cannot be fully disabled on Home editions through the Settings UI.
  • Diagnostic data (Optional) — Everything in Required, plus app usage patterns, browsing history in Edge, inking and typing data, and enhanced error reports.
  • Tailored experiences — Uses your diagnostic data to personalize tips, ads, and recommendations across Windows and Microsoft services.

Beyond these tiers, several standalone features also transmit data:

  • Advertising ID — A per-user identifier shared with third-party apps for targeted ads
  • Copilot — Cloud-processed AI queries that send your prompts and context to Microsoft servers
  • Recall — Periodic screenshots of your activity, indexed locally but tied to your Microsoft account
  • Activity History — A timeline of apps and documents you open, synced across devices

The registry keys that matter

Telemetry behavior is controlled under HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection and related paths:

  • AllowTelemetry (DWORD) — Set to 0 for Security level (Enterprise/Education only), 1 for Required, or 3 for Optional
  • DisableAdvertisingId (DWORD under HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo) — Set to 0 to disable
  • DisabledAIDataAnalysis (DWORD) — Controls Recall snapshot collection
  • AllowCopilotIntegration (DWORD) — Set to 0 to prevent Copilot from loading

Editing these keys manually works, but it is tedious and error-prone across multiple machines.

Generate your privacy script with BaseConf

The BaseConf Privacy Configurator lets you toggle each telemetry and privacy setting individually, then generates a clean PowerShell script you can audit line by line. Every toggle shows the exact registry key it modifies — no hidden changes.

  1. Select your privacy preferences — disable telemetry, advertising ID, Copilot, Recall, and more
  2. Review the generated script in the live preview pane
  3. Copy or download the .ps1 file
  4. Run as Administrator on the target machine
  5. Revert anytime using the matching undo script

Who benefits from this?

  • MSP technicians deploying a standard privacy baseline across client environments
  • Enterprise admins enforcing GDPR or internal compliance policies
  • Power users who want full transparency over what leaves their machine

Beyond privacy

BaseConf also generates scripts for Windows Update control, debloating preinstalled apps, visual and UI tweaks, and power settings. Use the Build Config page to combine everything into a single deployment script.