4 Windows Features You Should Disable Right Now for Better Privacy
Windows 11 is a solid operating system — but it comes with a number of features enabled by default that quietly collect and send your data to Microsoft. Most users never touch these settings. If you care about your privacy, here’s exactly what to turn off.
Telemetry and Diagnostic Data
This is the biggest offender. Windows tracks how you use your PC and sends that data back to Microsoft constantly. You may have agreed to this during setup without realizing it.
To turn it off:
- Go to Settings → Privacy & Security → Diagnostics & Feedback
- Set diagnostic data to Required only (or off, if available)
- Disable Tailored experiences
- Click Delete diagnostic data to clear what’s already been sent
If you’re on Windows Pro or Enterprise, you can enforce this more strictly via Group Policy at:
Computer Configuration → Administrative Templates → Windows Components → Data Collection → Allow Diagnostic Data → Disabled
Or set it directly in the registry:HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection → AllowTelemetry = 0
Advertising ID
Windows assigns every user a unique advertising ID. Apps use this to serve you targeted ads across the OS. It’s on by default.
Turn it off here:
- Settings → Privacy & Security → General
- Toggle off Let apps show me personalized ads by using my advertising ID
- While you’re there, disable everything else on that page too
None of those toggles are things you need.
Windows Recall
Recall was one of the most controversial features Microsoft has shipped in years. It takes periodic screenshots of your screen and uses AI to make them searchable. That sounds useful — until you think about all the sensitive things that pass across your screen: banking details, passwords, private messages, confidential documents.
Microsoft made changes after public backlash, but Recall still raises serious concerns.
To disable it:
- Settings → Privacy & Security → Activity History
- Toggle off Store my activity history on this device
- Clear any existing history
If you’re managing devices via Intune or Group Policy, you can push this setting across your fleet and make sure it stays off.
Microsoft Copilot
Copilot is woven into Windows and Microsoft 365. It has broad access to your files, emails, and activity to function. That access might be fine if you fully trust Microsoft’s data practices — but if you don’t, it’s worth restricting or disabling entirely.
You can disable Copilot via Group Policy:
User Configuration → Administrative Templates → Windows Components → Windows Copilot → Turn off Windows Copilot → Enabled
In Intune, you can push this as a Settings Catalog policy.
Bonus: OneDrive
OneDrive isn’t a “feature” per se, but it auto-starts and syncs your files to Microsoft’s servers by default. The problem is that Microsoft holds the encryption keys — meaning they can technically access your files.
If you don’t actively use OneDrive, disable it from startup:
- Right-click the OneDrive icon in the system tray → Settings → Account → Unlink this PC
For a privacy-first alternative, look at Proton Drive — it uses zero-knowledge encryption, meaning even Proton can’t read your files.
Final Thoughts
None of these changes will break your PC or affect performance. Most take under two minutes to apply. But together, they significantly reduce the amount of data Windows sends out without you knowing.
If you’re managing a fleet of machines via Intune or Group Policy, most of these can be rolled out as policies and enforced across all devices — which is the smarter way to handle it at scale.
Take a few minutes today. Your data is yours.
Found this useful? Share it with someone who just set up a new Windows PC.
