1) is turning off telemetry (opt-out) effective against this?
2) How will this be different between licenses? I would be very interested to see what is collectes when you have something like an E5 license and have Defender ATP and AIP turned on (I don't have that currently). I recall it sends a ton of data (>2000k dns requests/hour for an active user just for new connections to MS) perhaps some of that is left on disk? Would file classification with AIP (e.g.: new document/email is created) be logged? Is it fair to assume the Win10 they tested with is not for enterprise?
Regarding your first question: there's only one edition that let's you turn off telemetry completely: Windows 10 Enterprise. You can set it to "Security" which means nothing but the following information is sent: "Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender."
I have questions:
1) is turning off telemetry (opt-out) effective against this? 2) How will this be different between licenses? I would be very interested to see what is collectes when you have something like an E5 license and have Defender ATP and AIP turned on (I don't have that currently). I recall it sends a ton of data (>2000k dns requests/hour for an active user just for new connections to MS) perhaps some of that is left on disk? Would file classification with AIP (e.g.: new document/email is created) be logged? Is it fair to assume the Win10 they tested with is not for enterprise?