Azure Support

Microsoft  Endpoint Protection for Azure Customer Technology Preview Privacy Statement

Last updated: March 2012

Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft Endpoint Protection for Azure, CTP ("Azure EPP").  This is a preliminary disclosure that focuses on features that communicate with the Internet and is not intended to be an exhaustive list.

Microsoft Endpoint Protection for Azure provides antimalware protection to the Azure OS running Azure services in the cloud. an Azure SDK Import Module is provided for enabling and configuring antimalware protection as part of an Azure service deployment. During service deployment, antimalware is installed and updated in each Azure role virtual machine (VM).

Microsoft Endpoint Protection for Azure helps protect your virtual machine from malicious software (malware) such as viruses, spyware, and other potentially harmful software.

It offers three ways to help protect your virtual machine from malware and other potentially unwanted software:

• Real-time protection. Microsoft Endpoint Protection for Azure alerts you when malware, spyware, or potentially unwanted software attempts to install or run on your virtual machine. It also alerts you when programs attempt to change important Windows settings.
• Scanning options. You can use Microsoft Endpoint Protection for Azure to scan for threats, viruses, spyware, and other potentially unwanted software that might be installed on your virtual machine, to schedule scans on a regular basis, and to automatically remove any malicious software that is detected during a scan.
• Detection/Remediation. Should malicious software be detected on your virtual machine, certain actions will automatically be taken to, remove the malicious software and protect your virtual machine from potential further infection. Once the malicious software is removed, Microsoft Endpoint Protection for Azure may also reset some Windows settings (such as your home page and search provider).

Collection and Use of Your Information

The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized.  It may also be used to analyze and improve Microsoft products and services.

We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. Some Microsoft services may send periodic member letters that are considered part of the service. We may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services available from Microsoft and its affiliates.

In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area.

Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose.

Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public.  We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets.

Information that is collected by or sent to Microsoft by Azure EPP may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland. 

Collection and Use of Information about Your virtual machine

When you use software with Internet-enabled features, information about your virtual machine ("standard computer information") is sent to the Websites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well. 

Because this is a pre-release version of the software, some of these Internet-enabled features are turned on by default so that we can collect enough information about how the software is working in order to improve the commercially released software. The default settings in this pre-release software do not necessarily reflect how these features will be configured in the commercially released software.

The privacy details for each Azure EPP feature, software or service listed in this privacy statement describe what additional information is collected and how it is used.

Security of your information

Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure.

Changes to this privacy statement

We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information.

For More Information

Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us here. 

Microsoft Privacy

Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052 USA

Specific features

History

What this feature does: This feature provides a list of all malware or suspected malware that Microsoft Endpoint Protection for Azure detected on your virtual machine and the actions that were taken when these programs were detected. The information displayed in the History tab is for items detected for all users - not per user.

Information collected, processed, or transmitted: A list of all malware or suspected malware that Microsoft Endpoint Protection for Azure detected on your virtual machine and the actions taken on these items are stored on your virtual machine. These lists include Microsoft Endpoint Protection for Azure activity for all the local users on the virtual machine. The lists are sent to Microsoft as part of your basic membership in MAPS.

Choice and control: History lists may be deleted by the Azure virual machine administrator. By default, all items are displayed for all users. To allow only the virtual machine administrator to view all items, in the Settings tab, select the Advanced tab and clear the option "Allow all users to view the full History results."

Automatic scanning for malware

What this feature does: Microsoft Endpoint Protection for Azure includes an automatic scanning feature, which scans your virtual machine and alerts you if it detects malware. You can turn automatic scanning on or off and change the frequency and type of scans using the Microsoft Endpoint Protection for Azure Settings tab. You can also choose which actions are automatically applied to software that Microsoft Endpoint Protection for Azure detects during a scheduled scan.  For severe threats, certain actions will automatically be taken by default to remove the malicious software and protect your virtual machine from potential further infection. Once the malicious software is removed, Microsoft Endpoint Protection for Azure may also reset some Windows settings (such as your home page and search provider).

Information collected, processed, or transmitted: A list of all malware or suspected malware that Microsoft Endpoint Protection for Azure detected on your virtual machine and the actions taken on these items are stored on your virtual machine. These lists include Microsoft Endpoint Protection for Azure activity for all the local users on the virtual machine. The lists are sent to Microsoft as part of your basic membership in MAPS.

Choice and control: Automatic scanning is on by default.  While not recommended, you can turn off automatic scanning using the Microsoft Endpoint Protection for Azure Settings tab.

Real-time protection

What this feature does: Microsoft Endpoint Protection for Azure' real-time protection feature alerts you when viruses, spyware and other potentially unwanted software attempts to install itself or run on your virtual machine. You can choose which actions are automatically applied to software for low and medium threats that Microsoft Endpoint Protection for Azure detects.  For severe threats, certain actions will automatically be taken to remove the malicious software and protect your virtual machine from potential further infection. Once the malicious software is removed, Microsoft Endpoint Protection for Azure may also reset some Windows settings (such as your home page and search provider).

Information collected, processed, or transmitted: A list of all malware or suspected malware that Microsoft Endpoint Protection for Azure detected on your virtual machine and the actions taken on these items are stored on your virtual machine. These lists include Microsoft Endpoint Protection for Azure activity for all the local users on the virtual machine. The lists are sent to Microsoft as part of your basic membership in MAPS.

Choice and control: Real-time protection is on by default.  While not recommended, you can turn off real-time protection using the Microsoft Endpoint Protection for Azure Settings tab.

Shell extension

What this feature does: Shell extension is a scanning tool, which lets you select specific files and\or folders and scan them using Microsoft Endpoint Protection for Azure.

Information collected, processed, or transmitted: A list of all malware or suspected malware that Microsoft Endpoint Protection for Azure detected on your virtual machine and the actions taken on these items are stored on your virtual machine. These lists include Microsoft Endpoint Protection for Azure activity for all the local users on the virtual machine. These lists are sent to Microsoft if you have enrolled in the basic membership in MAPS.

Choice and control: The shell extension feature is a manual tool that you can choose to use or not.

Microsoft Active Protection Service (MAPS)

What this feature does: The Microsoft Active Protection Service (MAPS) antimalware community is a voluntary, worldwide community that includes Microsoft Endpoint Protection for Azure users. If Microsoft Endpoint Protection for Azure is turned on, MAPS can report malware and other forms of potentially unwanted software to Microsoft.  If a MAPS report includes details about malware or potentially unwanted software that Microsoft Endpoint Protection for Azure may be able to remove, MAPS will download the latest signature to address it.   MAPS can also find “false positives” (where something originally identified as malware turns out not to be) and fix them.

Information collected, processed, or transmitted: This feature sends reports about malware and potentially unwanted software to Microsoft. These reports include information about the files or apps in question, such as file names, cryptographic hash, vendor, size, and date stamps. In addition, MAPS might collect full URLs to indicate the origin of the file, which might occasionally contain personal information such as search terms or data entered in forms. Reports might also include the actions that you applied when Microsoft Endpoint Protection for Azure notified you that software was detected. MAPS reports include this information to help Microsoft gauge the effectiveness of Microsoft Endpoint Protection for Azure’ ability to detect and remove malware and potentially unwanted software.

If Microsoft Endpoint Protection for Azure and MAPS are both enabled on your virtual machine, MAPS reports will be automatically sent to Microsoft when:

• Microsoft Endpoint Protection for Azure detects software or changes to your virtual machine by software that hasn’t been analyzed for risks yet.
• Microsoft Endpoint Protection for Azure applies actions to malware (as part of its automatic remediation) upon detection.
• Microsoft Endpoint Protection for Azure completes a scheduled scan and automatically applies actions to software that it detects, according to your settings.

If MAPS reports new malware to Microsoft that Microsoft Endpoint Protection for Azure can remove, new signatures will be automatically downloaded to your virtual machine, helping to protect your machine more rapidly from potential threats.

You can join MAPS with a basic or an advanced membership. If you choose to enable MAPS (for example, when you choose the settings in Microsoft Endpoint Protection for Azure Setup), you join with a basic membership. Basic member reports contain the information described in this section. Advanced member reports are more comprehensive and might occasionally contain personal information from, for example, file paths and partial memory dumps. These reports, along with reports from other Microsoft Endpoint Protection for Azure users who are participating in MAPS, help our researchers discover new threats more rapidly. Malware definitions are then created for apps that meet the analysis criteria, and the updated definitions are made available to all users through Windows Update.

If you join MAPS with a basic or an advanced membership, Microsoft might request a sample submission report. This report contains specific files from your virtual machine that Microsoft suspects might be potentially unwanted software. The report is used for further analysis. You will be asked each time if you want to send this sample submission report to Microsoft.

To help protect your privacy, reports that are sent to Microsoft are encrypted.

Use of information: MAPS reports are used to improve Microsoft software and services. The reports might also be used for statistical or other testing or analytical purposes, and for generating definitions. Only Microsoft employees, contractors, partners, and vendors who have a business need to use the reports are provided access to them. MAPS does not intentionally collect personal information. To the extent that MAPS collects any personal information, Microsoft does not use the information to identify you or contact you.

Choice and control: The default MAPS membership for Microsoft Endpoint Protection for Azure is basic. After installation, you can change your MAPS membership or settings at any time by using the Tools menu in Microsoft Endpoint Protection for Azure in the desktop Control Panel. Please note that MAPS only operates if Microsoft Endpoint Protection for Azure has been enabled on your virtual machine.

Customer Experience Improvement Program

What This Feature Does: The Customer Experience Improvement Program (“CEIP”) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services. We won't collect your name, address, or other contact information.

Information Collected, Processed, or Transmitted: For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement.

Use of Information: We use this information to improve the quality, reliability, and performance of Microsoft software and services.

Choice/Control:  CEIP is on by default.  After installation, you can change turn off CEIP at any time by using the CEIP Opt-out run-time dialog. From the Help menu, open the link named “Customer Experience Improvement Program” and check the ‘Don’t Join’ radio button.