Why is any of this an issue if they are collecting actual metrics on their own software?
I have plenty of environments that run whitelist only, you can always go that route and not think about any vendor, any software not getting out.
And stuff like this is just inflammatory:
>Similarly, some Windows telemetry uses "microsft.com" instead of "microsoft.com" to bypess firewall rules blocking the latter.
Do you think we'd just block *.microsoft.com over their telemetry ___domain, microsft.com? Half the planet is in O365.
And on the flip side you know we'd all block telemetry.microsoft.com just because, it wouldn't matter what they collect and not think twice, then turn around sell it to people as "we are adding security".
I have plenty of environments that run whitelist only, you can always go that route and not think about any vendor, any software not getting out.
And stuff like this is just inflammatory:
>Similarly, some Windows telemetry uses "microsft.com" instead of "microsoft.com" to bypess firewall rules blocking the latter.
Do you think we'd just block *.microsoft.com over their telemetry ___domain, microsft.com? Half the planet is in O365.
And on the flip side you know we'd all block telemetry.microsoft.com just because, it wouldn't matter what they collect and not think twice, then turn around sell it to people as "we are adding security".