Surprise! SQL Server might be sending customer-sensitive data to Microsoft

By | February 12, 2019

Are you a Microsoft SQL Server operator? And use customer names as database names? If so, then this article might have a nasty surprise for you. It turns out that SQL Server’s telemetry service sends a lot of data back to Microsoft, including database names – and you apparently can’t turn it off. If those database names happen to contain sensitive data, this might be an issue for your business.

Other than that, it seems that they collect a bunch of information that might be helpful to better understand the type of hardware and environment their existing user base has, perhaps so that they can monitor changes in customer preferences and better optimize performance, upselling and cross-selling tatics, and stuff like that. Whether or not additional information is captured is something that it seems no one outside of Microsoft knows, and Microsoft is quite closed-lipped about it. That’s sort of like how Facebook collects all sorts of interest graphs and uses it to target marketing to you, only instead of targeting private individuals, Microsoft is targeting businesses, before the whole data economy surfaced to public knowledge.

Now, I am not a Microsoft customer and so I do not know if their contract stipulates this level of data collection, processing, analysis and usage… but I’d be quite willing to bet that most businesses don’t know they’re doing this. If you use SQL Server, and especially if you have customers in the EU, you just might want to take a closer look at whether this is compatible with what you’ve told your customers in your privacy policy, or make plans to regularly update the telemetry service to point to your own servers, and especially after installing any Microsoft update.


More information: https://www.brentozar.com/archive/2019/02/what-queries-does-microsofts-telemetry-service-run-on-your-sql-server/

Leave a Reply

Your email address will not be published. Required fields are marked *