Share via


Diagnostic Data collected for Exchange Server

APPLIES TO: yes-img-162016 yes-img-192019 yes-img-seSubscription Edition

Microsoft collects diagnostic data to keep Exchange Server secure and up to date, find and fix problems, and identify and mitigate threats. When the September 2021 (or later) Cumulative Update (CU) is installed on a Mailbox server, Exchange Server 2016 or Exchange Server 2019 has the ability to send diagnostic data from each Exchange server to the Office Config Service (OCS) in the Microsoft cloud. There's a change to the License Agreement acceptance process to allow you to choose whether to share diagnostic data with Microsoft.

Change in License Term acceptance process

When using the graphical user interface (GUI) version of Exchange Setup, a new License Agreement screen will appear, as shown below.

Instead of two options, there are now three options.

New exchange license agreement

Choose one of the following options:

Selection Description
I accept the license agreement and will share diagnostic data with Microsoft This is the default option that accepts the license agreement and enables sending data to Microsoft.
I accept the license agreement, but I'm not ready to share diagnostic data with Microsoft This option accepts the license agreement but disables sending data to Microsoft.
I do not accept the license agreement If you don't accept the EULA, you can't install the CU.

Unattended Setup of Exchange Server

The acceptance options are also available via an unattended command-line setup using the new Setup switches:

Selection Description
/IAcceptExchangeServerLicenseTerms_DiagnosticDataON Use this switch to accept the license terms and send optional data to Microsoft when the EM service requests mitigations.
/IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF Use this new setup switch to accept the license terms and disable sending optional data to Microsoft.

Important

/IAcceptExchangeServerLicenseTerms has been removed from Exchange server command-line Setup and replaced with the two new Setup switches shown above.

Diagnostic Data collected

When diagnostic data collection is enabled, your Exchange server sends the following information hourly to the Office Config Service:

Data Description
ExchangeVersion The server version (CU and SU build information)
ServiceState Information about the Emergency Mitigation Service state (enabled or disabled)
ImmutableDeviceId Unique identifier for the server
ImmutableOrgId Unique identifier for the Exchange organization
ConfigurationsApplied A list of all mitigations that were applied
ConfigurationsBlocked A list of all mitigations that were blocked
MiscConfigurations Information about the following Exchange Server component state:
  • SerializationSigningEnabled
  • MSIPCEnabled
  • EncryptionAlgorithmCBCEnabled

Starting with the Exchange Server 2019 CU15 (2025H1), Exchange Server collects the following additional telemetry data:

Data Description
PrimaryKey A unique identifier for the server that acts as primary key: {OrganizationId}.{DeviceId}
OrganizationId Unique identifier for the Exchange organization
Oauth2ClientProfile Indicates whether modern authentication is enabled or disabled for the Exchange organization, controlled by OAuth2ClientProfileEnabled setting
DeviceId Unique MachineId identifier for the server
RemoteMailboxCount Total count of mailboxes where RecipientTypeDetails is RemoteUserMailbox
ServerVersion The build number of the Exchange Server build running on the server
ServerRole The Exchange Server role running on the server
IsPPE Indicates whether this is a preproduction Exchange Server installation (default is false)
MailBoxDataValue Total count of mailboxes within the organization and on a per Exchange server base
AuthServerDataList Information about the Auth Server configured in the organization:
  • Name
  • AuthMetaDataURL
  • IsDefaultAuthorizationEndpoint
  • TokenIssuingEndpoint
  • ApplicationIdentifier
  • Enabled
  • Type
AcceptedDomainsList Information about the Accepted Domains configured in the organization:
  • DomainName
  • IsTenantDomain
  • IsDefault
AmsiDataValue Information about the AMSI configuration:
  • EnabledAll
  • EnabledApi
  • EnabledAutoD
  • EnabledEas
  • EnabledEcp
  • EnabledEws
  • EnabledMapi
  • EnabledOab
  • EnabledOwa
  • EnabledPowerShell
  • EnabledOthers
BinaryFormatterDataValue Information about the Binary Formatter configuration:
  • EnableSecureDeserializerLocation
  • EnableFirstFallbackDeserializerLocation
  • EnableSecondFallbackDeserializerLocation
FlightingDataValue Information about the flights configured via Feature Flighting:
  • FeaturesAwaitingAdminApproval
  • FeaturesBlocked
  • FeaturesEnabled
  • RingLevel
IsAppIdIsolationEnabled Indicates whether the dedicated Exchange hybrid application feature is enabled

How to configure the Diagnostic Data setting after installation is complete

After the Setup has completed, you can enable and disable sending the diagnostic data to the OCS on any Exchange server using the Set-ExchangeServer cmdlet.

To disable sending optional data to Microsoft:

Set-ExchangeServer -Identity <ServerName> -DataCollectionEnabled:$false

To enable sending optional data to Microsoft:

Set-ExchangeServer -Identity <ServerName> -DataCollectionEnabled:$true