Tuesday, July 7, 2026Vol. III · No. 188Subscribe
The Mining, Energy & Technology Wire
Mining · Analysis

Microsoft Windows Backup Privacy Default

Microsoft will enable cloud backup by default in Windows 11 26H2 everywhere except the EU, forcing organizations with privacy concerns to opt out rather than opt in.

Microsoft Windows Backup Privacy Default
PhotographMicrosoft will enable cloud backup by default in Windows 11 26H2 everywhere except the EU, forcing organizations with privacy concerns to opt out rather than opt in.

Microsoft is enabling Windows Backup for Organizations by default in Windows 11 26H2 everywhere except the EU, meaning businesses elsewhere with sovereignty and privacy concerns will be forced opt out instead.

The shift, announced Monday, marks a significant policy reversal: "Starting with Windows 11, version 26H2, the default behavior of the Windows settings backup policy will shift from disabled to enabled," Microsoft said in a message center update.

The tool was unveiled at the Microsoft Ignite conference in November 2024 as an opt-in feature (disabled by default), reached public preview in May 2025, and general availability in August 2025.

The timing coincides with separate revelations about Microsoft's device tracking capabilities. According to PCMag, a newly unsealed cybercrime complaint revealed how Microsoft records helped investigators link online activity to one Windows device using a Microsoft Global Device Identifier, or GDID, while examining a May 2025 attack.

Why the EU Gets Different Treatment

Organizations with strict privacy or data sovereignty requirements, or those regulated by the EU Digital Markets Act (DMA), won't face the default-on behavior.

Windows backup default-on behavior will only apply to devices that run Windows 11 26H2 from countries or regions not regulated by the EU Digital Markets Act (DMA), that aren't in sovereign or restricted cloud environments, and that have the backup policy not configured.

The exemption follows a pattern. In a significant update, Microsoft confirmed that for users in the European Economic Area (EEA), the requirement to enable Windows Backup for a free year of ESU support has been removed. Consumer rights organizations cited the DMA when challenging Microsoft's OneDrive requirements, and Microsoft backed down.

The Digital Markets Act is a new European regulation focused on promoting contestability and fairness in the digital sector, and Microsoft has been working to ensure compliance with the DMA.

What Gets Backed Up—and Where It Goes

Now dubbed "Windows settings backup and restore," the service backs up a device's settings and a list of installed Microsoft Store apps, which can then be restored to a new device.

Data backed up using Windows Backup for Organizations is stored in the Exchange Online cloud, in the Country/Region selected during tenant creation in the admin portal. The data storage location for your tenant can be viewed in the Tenant Admin Center under Admin > Settings > Org Settings > Organization Profile > Data Location.

The backup scheduled task runs every eight days automatically, during which the user settings, preferences, and the list of installed Microsoft Store apps are backed up.

User-specific settings are classified as personal data and are included in the backup. This data is stored in the tenant's region and handled in accordance with Microsoft's privacy and compliance standards, including the Microsoft Products and Services Data Protection Addendum (DPA).

The feature does not back up files, documents, or Win32 applications—only settings and Microsoft Store app lists.

The Opt-Out Problem

Administrators might reasonably be wary of this being opt-out rather than opt-in. An opt-out setting that quietly ships settings data off-device is exactly the sort of thing that adds to administrators' workloads rather than lightening them.

On systems where the tool is enabled by default, IT admins will still retain full control via mobile device management (MDM) solutions. Admins who want to explicitly disable the backup policy can do so through Microsoft Intune or Group Policy, as these will take precedence over the default.

Microsoft's stated objectives for Windows Backup for Organizations include helping "organizations accelerate PC refresh cycle or the transition to Windows 11 or deploying AI-powered PCs," and allowing "organizations to transition to a cloud-first approach for managing devices and user settings."

Device Tracking Raises Separate Privacy Questions

The backup policy shift comes as new details emerge about Microsoft's device tracking capabilities. A GDID is a unique number tied to a Windows installation on a device that can stay the same across normal Windows updates. The records showed that the same device identifier appeared alongside specific internet activity, websites, and timestamps.

Microsoft could apparently associate the GDID with visits to third-party services and when they happened, which starts to look like activity tracking without needing browser cookies at all. The GDID survives Windows updates on the same device, and there is no setting anywhere in Windows to disable it.

The GDID transmits device activity through telemetry and Azure monitoring logs. Specifically, Microsoft can potentially link the GDID to precise web browsing activities and tracks IP address history, which persists even if the user activates a VPN.

What Changed This Week

Microsoft confirmed that Windows 11 26H2 will flip the backup default from opt-in to opt-out for enterprise organizations outside the EU. The default-on behavior is available with Windows 11, version 26H2 in Windows Insider Program Experimental channel starting July 2026, and it takes broad effect for eligible devices at Windows 11, version 26H2 general availability later this year. Devices originally running Windows 11, version 26H1 will receive the same default-on treatment starting with the following feature update.

Microsoft has said Windows 11 26H2 is being prepared for a fall 2026 rollout, which is likely October 2026. Microsoft usually prefers releasing feature updates in October, but in some cases, it could begin shipping as early as the last week of September or as late as the last week of October.

The policy applies only to Microsoft Entra-joined or hybrid-joined devices where administrators have not already configured an explicit backup policy. Restore functionality remains disabled by default.

What to Watch

Organizations should audit their current backup configurations before the 26H2 rollout. Security teams should review policies ahead of the 26H2 rollout, particularly in environments handling sensitive data, where automatic backup settings could have compliance implications.

The EU's Digital Markets Act continues to reshape how Microsoft implements default settings in Windows. Whether other jurisdictions will follow the EU's lead in demanding opt-in rather than opt-out defaults for cloud data collection remains an open question.

For organizations outside the EU, the choice is clear: configure an explicit policy to disable backup before 26H2 arrives, or accept that Windows will begin uploading device settings to Microsoft's cloud every eight days by default.


Reporting based on coverage from The Register, BleepingComputer, PCMag, Cybersecurity News, Microsoft Learn, July 2026.

Original reporting and analysis by the Stake & Paper editorial team. See linked sources within the article.

Share this story

More from Stake & Paper

Was this article helpful?

ClaimWatch

Mining claims intelligence — from query to report, in minutes.

Every unpatented mining claim across all twelve BLM states. Leadfile audits, due diligence, site selection, regional prospecting, entity investigations, and AOI monitoring — delivered as complete report packages.

4.4M+
Claims Tracked
12
BLM States
7
Report Types
Request a Sample Report
Stake & Paper AM

One morning brief. The whole energy sector.

Original analysis, the day's most important wire stories, and market data — delivered before your first cup of coffee. Free.