Complete Privacy Settings Guide for Windows 11

Introduction

Let’s talk about Windows 11 and privacy. I know you’ve heard the concerns—Microsoft collects data, telemetry is everywhere, Windows is spying on you. Some of that is true. Some of it is overblown.

Here’s the thing about Windows 11 privacy: yes, Microsoft collects data by default. Diagnostic information, app usage patterns, location data, even typing habits if you let them. But here’s what the privacy alarmists won’t tell you: you have significant control over what gets shared. You just need to know where to look.

I’ve spent 10+ years in cybersecurity, and I’ll give you my honest assessment: Windows 11 can be configured for reasonable privacy without breaking functionality. You don’t need to be paranoid, but you should be informed.

This guide is part of our Windows Security & Protection Guide, covering privacy controls, malware defense, and comprehensive security strategies.

What you’ll learn in this guide:

• What data Windows 11 actually collects (and why)
• How to configure every major privacy setting in the Settings app
• Which settings to disable (and which are actually useful)
• My personal privacy configuration (balanced but protective)
• Advanced options for technically inclined users

Time commitment: Initial privacy configuration takes approximately 30-45 minutes to complete thoroughly. You’ll need to review multiple Settings pages and make thoughtful decisions about each privacy category.

Privacy doesn’t mean locking everything down—it means making informed choices about what you share. Let me show you how to take back control of your Windows 11 privacy settings without sacrificing the features that make Windows useful.

---

Understanding Windows 11 Data Collection

Before we start changing settings, let’s understand what we’re dealing with. Microsoft collects several categories of data through Windows 11:

Diagnostic and telemetry data includes basic device information like your Windows version and hardware specs, crash reports when applications fail, system performance metrics, and optional data about app usage patterns and browsing history if you use Edge.

Personalization data tracks your activity history—a chronological record of apps opened, websites visited, and files accessed. It powers features like Timeline (which most people don’t use) and syncs your settings across devices.

Advertising data includes an advertising ID that apps can use to track you for personalized ads, plus information about which apps you use to serve “relevant” advertisements.

Cloud sync data covers OneDrive file storage, settings synchronization across your devices, clipboard sync, and language preferences.

Why Microsoft Collects This Data

Look, I don’t believe Microsoft is malicious, but I do believe in sharing only what’s necessary. Here’s the reality:

Legitimate uses exist. Crash reports help Microsoft identify and fix bugs that affect stability. Typing data improves predictive text and autocorrect. Security threat detection relies on analyzing patterns across millions of devices. Some data collection genuinely makes Windows better.

Privacy concerns are valid. That data lives on Microsoft’s servers. While they claim to anonymize much of it, you’re trusting them with your usage patterns, browsing habits, and activity history. They have the encryption keys to your OneDrive data. There’s potential for advertising use, and limited (but existing) third-party data sharing.

My philosophy: Share only what benefits features you actually use. Disable everything else. That’s the approach we’ll take in this guide.

---

Essential Privacy Settings (General)

Let’s start with the most important privacy configurations. These settings alone will significantly reduce data collection.

Diagnostic Data Settings

This is your first and most important stop.

1. Open Settings (Win + I)
2. Navigate to Privacy & security > Diagnostics & feedback
3. Set Diagnostic data to “Required diagnostic data” (the minimum option)
4. Disable “Send optional diagnostic data”
5. Disable “Improve inking and typing” (this sends everything you type to Microsoft for AI training)
6. Disable “Tailored experiences” (uses your diagnostic data to show personalized tips)

What “Required” diagnostic data includes:

• Basic device information (Windows version, hardware specifications)
• Critical crash reports needed for system stability
• Essential error logs

What “Optional” diagnostic data adds:

• Detailed app usage patterns
• Browser history if you use Microsoft Edge
• Performance metrics beyond what’s needed for stability
• Data used for product improvements and feature development

My recommendation: Set to “Required” and disable all optional toggles. Windows needs some diagnostic data to function properly and maintain security, but optional data sharing provides minimal benefit to you while sending significantly more information to Microsoft.

Activity History

Activity history is one of those features that sounds useful but rarely gets used in practice.

1. Go to Settings > Privacy & security > Activity history
2. Uncheck “Store my activity history on this device”
3. Uncheck “Send my activity history to Microsoft”
4. Click “Clear activity history” to delete existing data

What activity history tracks:

• Every app you open
• Websites you visit
• Documents and files you access
• Timeline of all computer activity

Note: The Timeline feature was removed in Windows 11. Activity history is primarily used for cloud sync across devices and Task View. If you don’t use multiple Windows devices or Task View, there’s no reason to keep activity history enabled.

Performance note: Activity history runs background processes to track your usage. For performance optimization tips, see our guide on how to disable background apps for better system responsiveness.

---

App Permissions

Windows 11 apps can access your camera, microphone, location, contacts, files, and more. Let’s lock that down on a need-to-know basis.

Location Services

1. Navigate to Settings > Privacy & security > Location
2. Toggle off “Location services” entirely if you don’t use location features
3. OR keep it on but review the list under “Let apps access your location”
4. Disable location for any app that doesn’t legitimately need it

Maps app needs location. Weather app benefits from it. Random game or utility app? No reason for location access.

Camera and Microphone

1. Go to Privacy & security > Camera
2. Review which apps have camera access
3. Disable for apps that don’t need it
4. Repeat for Microphone

Video conferencing apps like Zoom and Teams need camera and mic access—granted. Screenshot tool wants microphone access—denied.

Mike’s permission philosophy: Grant permissions on a need-to-know basis. If you can’t think of a legitimate reason an app needs a permission, it doesn’t get it. Windows will prompt you when apps request access, and you can always enable it later if needed.

Contacts, Calendar, Email, and Files

Review each category under Privacy & security:

• Contacts: Only messaging and email apps need this
• Calendar: Calendar apps and scheduling tools only
• Email: Email clients only
• Files: Be selective—many apps request broad file access when they only need specific folders

My approach: I disable globally and enable per-app only when necessary. This is more restrictive but significantly more private.

---

Advertising and Personalization

Let’s turn off the tracking Microsoft uses for advertising.

1. Go to Settings > Privacy & security > General
2. Disable “Let apps show me personalized ads by using my advertising ID”
3. Disable “Let websites show me locally relevant content by accessing my language list”
4. Disable “Let Windows improve Start and search results by tracking app launches”
5. Disable “Show me suggested content in the Settings app”

What disabling advertising ID does:

• Prevents apps from tracking you across sessions using a unique identifier
• Reduces targeted advertising (you still see ads, just generic ones)
• Removes suggested content from Windows itself

The tradeoff: Ads become less “relevant.” I put relevant in quotes because “personalized ads” is just a nicer way of saying “we’re tracking you.” I disable advertising ID on every system I set up. Generic ads are fine—I don’t need to be tracked to be sold things.

---

Cloud and Sync Settings

OneDrive and settings sync are convenient, but they put your data on Microsoft’s servers. Here’s how to control what syncs.

OneDrive Privacy

1. Right-click the OneDrive icon in your system tray
2. Click Settings > Backup tab
3. Review what’s automatically backing up (Desktop, Documents, Pictures folders)
4. Click Manage backup to disable folders you prefer to keep local-only

My OneDrive philosophy: I use OneDrive selectively. Work files and documents I need across devices get synced. Personal files, photos, and anything sensitive stays local-only. OneDrive is encrypted in transit and at rest, but Microsoft holds the encryption keys. They can access your data if compelled legally or by internal policy.

Settings Sync

1. Go to Settings > Accounts > Windows backup
2. Review what’s syncing:
   • Apps and their settings
   • Passwords (if you use Windows password manager)
   • Language preferences
   • Other Windows settings
3. Disable individual items or turn off sync entirely

I keep language preferences and some app settings synced for convenience, but disable password sync (I use a dedicated password manager instead).

Security vs Privacy: While privacy settings control data collection, security features like Windows Defender protect against threats. For comprehensive antivirus configuration, see our Windows Defender setup guide. Remember that disabling telemetry doesn’t affect security features—Defender works independently of privacy settings. For additional security layers, consider enabling BitLocker encryption and configuring Windows Firewall rules.

Clipboard Sync

1. Navigate to Settings > System > Clipboard
2. Disable “Sync across devices” if you want clipboard history to stay local

Clipboard can contain sensitive information—passwords, personal data, confidential text. I disable sync to keep that data local.

---

Search and Cortana

Windows search can be privacy-invasive if it’s indexing cloud content and sending search queries to Microsoft.

Search Privacy

1. Go to Settings > Privacy & security > Search permissions
2. Set SafeSearch to your preference
3. Under Cloud content search, disable if you don’t want Windows searching your OneDrive files
4. Review and clear Search history if desired

Web search in Start Menu: By default, typing in the Start menu searches both your local files and the web via Bing. This sends your search queries to Microsoft. Disabling this requires a Registry edit (covered in Advanced Settings), but know that local-only search is an option.

Cortana

1. Go to Settings > Privacy & security > Voice activation
2. Disable voice activation for Cortana if you don’t use voice assistants
3. Review Cortana permissions under App permissions

I disable Cortana entirely—I don’t use voice assistants on my PC, and they’re always listening when enabled. If you do use Cortana, review what permissions it has and disable microphone access when not actively using it.

My search configuration: Local file search only, web search disabled, Cortana off. Faster search results, zero queries sent to Microsoft.

Browser Privacy: Windows privacy settings work alongside browser security. For guidance on browser security settings, extensions, and safe download practices, see our safe browsing practices guide.

---

Network and Sharing

Network settings have privacy implications, especially regarding device discovery and location tracking.

Find My Device

1. Navigate to Settings > Privacy & security > Find my device
2. Disable if you don’t need remote device location tracking

Find My Device requires your location data to be sent to Microsoft continuously. Useful if your laptop gets stolen, but that’s the tradeoff—constant location tracking.

Network Profile (Public vs Private)

This is critical for security and privacy:

1. Open Settings > Network & internet > Wi-Fi (or Ethernet)
2. Click your connected network
3. Set your home network to “Private” (allows file sharing with trusted devices)
4. Set public WiFi (coffee shops, airports) to “Public” (blocks incoming connections)

Why this matters: Public profile disables network discovery and file sharing. When you’re on untrusted networks, other devices shouldn’t be able to see your PC or attempt connections. At home, Private profile allows convenient sharing between your trusted devices.

I’m strict about this: every public WiFi network gets set to Public profile immediately. Your home network is the only one that should be Private.

---

Advanced Privacy Settings (Optional)

These settings are for users who want maximum privacy and understand the potential consequences.

Disable Telemetry via Services (Advanced Users Only)

Warning: This can prevent Windows Update from functioning properly if misconfigured. Only attempt if you’re comfortable troubleshooting Windows.

1. Press Win + R
2. Type services.msc and press Enter
3. Scroll to “Connected User Experiences and Telemetry”
4. Right-click > Properties
5. Set Startup type to “Disabled”
6. Click Stop > Apply > OK

Risk: Some Windows features and updates may break. I don’t recommend this for most users—the Settings app privacy controls are sufficient and much safer.

Group Policy Privacy Settings (Pro/Enterprise Only)

If you have Windows 11 Pro or Enterprise, Group Policy offers more granular control:

1. Press Win + R, type gpedit.msc
2. Navigate to: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds
3. Double-click “Allow Diagnostic Data”
4. Set to “Enabled” and select “Diagnostic data off” (most restrictive)

My advanced warning: Group Policy settings can conflict with Settings app configurations and cause unexpected behavior. For most users, sticking with the Settings app privacy controls provides excellent privacy without the risk of breaking Windows functionality.

---

Privacy-Focused Tools

Microsoft Privacy Dashboard

Visit privacy.microsoft.com/privacy-dashboard to:

• View data Microsoft has collected about your account
• Download your data (search history, location history, browsing data)
• Delete specific data categories
• Manage ad settings across Microsoft services

My quarterly routine: I check the Privacy Dashboard every three months, review what data exists, and delete old activity history I don’t need stored. It’s a good hygiene practice.

Third-Party Privacy Tools (Use Cautiously)

Tools like O&O ShutUp10++ provide easy toggles for advanced privacy settings, but they can break Windows features if you don’t understand what each toggle does.

My caution: I prefer manual configuration through the Settings app for safety. Third-party privacy tools often apply Registry and Group Policy changes that can cause conflicts, prevent updates, or break features. If you do use them, research each setting before enabling it.

---

Balancing Privacy and Functionality

Here’s my honest take on the privacy-vs-features tradeoff.

Features I think are worth the privacy cost (for some users):

• OneDrive sync: Cloud backup is valuable if you understand the privacy implications
• Find My Device: If you travel with a laptop, location tracking may be worth it
• Settings sync: Convenience across multiple devices

Features NOT worth the privacy cost (for most users):

• Optional diagnostic data: Minimal benefit, maximum data sharing
• Advertising ID: Only benefits advertisers, not you
• Activity history: Timeline isn’t useful enough to justify comprehensive activity tracking
• Cortana: Voice assistants require constant microphone access

My personal Windows 11 privacy setup:

• Diagnostic data: Required only
• Activity history: Disabled
• Advertising ID: Disabled
• OneDrive: Enabled for work files only
• Settings sync: Enabled for preferences, disabled for passwords
• Location: Disabled globally
• Camera/Mic: Enabled per-app only (Zoom, Teams)
• Find My Device: Disabled (desktop PC, not laptop)

This configuration gives me solid privacy while maintaining the Windows features I actually use. Your needs may differ—adjust based on your threat model and feature requirements.

---

Conclusion

Windows 11 privacy settings are extensive, and yes, Microsoft collects data by default. But you have significant control if you take the time to configure these settings properly.

Essential steps recap:

1. Set diagnostic data to “Required” only
2. Disable advertising ID and activity history
3. Review and restrict app permissions (camera, microphone, location)
4. Control what syncs to OneDrive and Microsoft account
5. Disable Cortana and limit search data collection
6. Set network profiles appropriately (Public for public WiFi)

My privacy philosophy: Privacy isn’t about locking down everything—it’s about understanding what you’re sharing and why. Disable what doesn’t benefit you. Enable what makes Windows useful for your specific needs. Review settings periodically, especially after major Windows updates.

Recommended review schedule:

• Initial setup: 30-45 minutes to configure everything (use this guide)
• After major Windows updates: Quick 5-minute check that settings weren’t reset
• Quarterly: Review app permissions and Privacy Dashboard
• Annually: Full privacy settings review

The privacy settings you’ve configured today are an investment in your digital security. You’ve taken meaningful control over your data, and that matters.

For comprehensive security strategies beyond privacy settings, see our Windows Security Guide covering antivirus configuration, malware defense, and safe browsing practices.

---

Frequently Asked Questions

Will disabling all privacy settings break Windows?

No, but certain features won’t work. Disabling location means Maps won’t function and weather won’t be location-aware. Disabling activity history breaks Timeline (which most people don’t use anyway). Disabling OneDrive sync means files stay local-only.

If you follow this guide and configure privacy through the Settings app (not aggressive Registry hacks), you won’t break Windows core functionality—you’ll just disable optional features that require data sharing.

The one exception: completely disabling diagnostic data (via Group Policy or services) can break Windows Update. That’s why I recommend setting diagnostics to “Required” rather than trying to eliminate it entirely.

Does Microsoft really respect privacy settings?

In my experience, yes—mostly. Microsoft has faced legal consequences for privacy violations under GDPR and other regulations, so they’re incentivized to respect settings. They’ve improved significantly in recent years.

That said, “Required” diagnostic data is still sent even if you disable everything else. Required includes device information, critical crash reports, and security data. If you want absolutely zero data sent to Microsoft, Windows isn’t the right operating system—consider Linux distributions instead.

For most users, properly configured Windows 11 privacy settings provide an acceptable balance between privacy and functionality.

Do Windows updates reset my privacy settings?

Sometimes, yes—especially after major feature updates. Microsoft has been known to reset certain privacy preferences during major Windows updates, though this happens less frequently with regular security updates.

Settings most likely to reset:

• Diagnostic data level (may revert from Required to Optional)
• Advertising ID (may be re-enabled)
• Some app permissions
• Group Policy configurations

Settings that typically persist:

• OneDrive sync preferences
• Network profiles (Public/Private)
• Most Registry-based configurations

My recommendation: After every major Windows update (like 24H2 or similar feature updates), spend 5 minutes checking key privacy settings: diagnostics, advertising ID, activity history, and app permissions. Set a reminder for yourself—this is the most common way privacy configurations get undone.

Should I disable OneDrive for privacy?

OneDrive is encrypted in transit (during upload/download) and at rest (on Microsoft servers), so it’s reasonably secure from external threats. The privacy concern is that Microsoft holds the encryption keys, meaning they can access your data if legally compelled or by internal policy.

Your options:

1. Disable OneDrive entirely and use local storage only
2. Use OneDrive selectively (work files yes, personal files no)
3. Use end-to-end encrypted solutions (Cryptomator, Boxcryptor) on top of OneDrive
4. Switch to privacy-focused cloud storage (though none are perfect)

I use OneDrive for work documents and files I need across devices, but keep personal files, photos, and anything sensitive local. That’s my balance between convenience and privacy.

Can I completely eliminate all Windows 11 telemetry?

Technically, no—not without breaking critical functionality. Even with all privacy settings maximized, Windows 11 still sends “Required diagnostic data” that includes basic device information, critical crash reports, and security telemetry necessary for Windows Update and security patches.

Windows 11 Home limitations: You cannot fully disable telemetry on Windows 11 Home edition. The most restrictive option is “Required diagnostic data” through Settings.

Windows 11 Pro/Enterprise: Group Policy allows setting diagnostic data to “Diagnostic data off,” but this can break Windows Update, security patches, and system stability. Microsoft explicitly warns against this configuration.

The reality: If you need absolute zero telemetry, Windows isn’t the right platform—consider privacy-focused Linux distributions instead. For most users, setting diagnostics to “Required” and disabling all optional data collection provides acceptable privacy while maintaining functionality.

Important: Disabling the “Connected User Experiences and Telemetry” service (a common suggestion online) can prevent critical security updates. I don’t recommend this approach.

What's the difference between Required and Optional diagnostic data?

Required diagnostic data:

• Basic device information (Windows version, hardware specifications)
• Critical error reports needed for security patches
• Crash logs necessary for system stability
• Essential telemetry for Windows Update functionality

Optional diagnostic data:

• Detailed app usage patterns (which apps you use and when)
• Browser history if you use Microsoft Edge
• Inking and typing data (used to train AI for predictive text)
• Performance metrics beyond what’s necessary for system stability

Required provides Microsoft with data actually necessary for Windows to function securely and stably. Optional provides product development data that benefits Microsoft more than you. I always set to Required and disable all optional data collection.

How do I know what apps are accessing my camera/microphone?

Windows 11 shows visual indicators when camera or microphone are active:

• Small camera or microphone icon appears in system tray
• Indicator shows which app is using the device

To review access history:

1. Go to Settings > Privacy & security > Camera or Microphone
2. See list of apps that have requested access
3. See “Recently accessed” to show which apps used these devices

I recommend reviewing these settings quarterly. If you see an app you don’t recognize accessing camera or microphone, investigate immediately—that’s a potential security concern.

Are third-party privacy tools safe to use?

Use with extreme caution. Tools like O&O ShutUp10++, privacy.sexy, and various “Windows privacy scripts” can quickly apply dozens of privacy-enhancing tweaks, but they come with significant risks:

The dangers:

• Can break Windows Update and prevent security patches
• May disable features you actually use without clear explanation
• Often apply aggressive Registry and Group Policy changes that conflict with each other
• Difficult to reverse if something breaks
• Some tools haven’t been updated for recent Windows 11 versions

The benefits:

• Faster than manual configuration
• Can access settings not available in the Settings app
• Useful for advanced users who understand each toggle

My recommendation: Avoid automated privacy tools unless you’re technically proficient enough to troubleshoot Windows when things break. The Settings app privacy controls provide excellent privacy without the risk of breaking core functionality. If you must use third-party tools, research each setting before enabling it, and create a system restore point first.

Can I use Windows 11 without a Microsoft account for better privacy?

Yes, but it requires workarounds during setup:

Windows 11 Home: Requires Microsoft account during setup, but workaround exists—disconnect from internet during the setup process to reveal local account option.

Windows 11 Pro: Provides explicit option for local account during setup.

Local account implications:

• Privacy benefit: Your activity isn’t tied to a Microsoft account identity
• Lost features: No OneDrive, Microsoft Store, settings sync (unless you sign in later)
• Less convenience: No automatic cloud backup, must manage everything manually

I use a Microsoft account but lock down privacy settings aggressively—best of both worlds. Local account is more private but significantly less convenient in daily use.

How often should I review privacy settings?

Here’s my recommended schedule:

Initial setup (30-45 minutes): Configure all settings using this guide. This is your privacy foundation.

After major Windows updates (5 minutes): Check key settings (diagnostics, activity history, advertising ID) to ensure they weren’t reset. Windows updates can change privacy settings, especially during major feature updates.

Quarterly (5-10 minutes): Review app permissions to see if new apps have requested access to camera, microphone, location, or files. Remove permissions from apps you no longer use.

Annually (20-30 minutes): Complete privacy review—check Privacy Dashboard, review all privacy settings, clear activity history, assess whether your privacy configuration still matches your needs.

Windows privacy isn’t “set and forget”—it’s an ongoing practice. But it doesn’t require constant maintenance, just periodic reviews.