Front  /  Privacy

Microsoft Decided Your Windows Settings Belong in Its Cloud

Microsoft turns Windows Backup on by default in Windows 11 26H2, sending your settings and Store apps to the cloud.

Microsoft Decided Your Windows Settings Belong in Its Cloud

Stand against censorship and surveillance: join Reclaim The Net

Microsoft has decided that copying your company’s Windows settings to its cloud should stop being your choice. Starting with Windows 11 version 26H2, the feature now called “Windows settings backup and restore” switches itself on for eligible business machines, and it does so without asking.

The one place that escapes this treatment is the European Union, where the Digital Markets Act keeps the setting off until an administrator turns it on.

The service copies a device’s settings and the list of Microsoft Store apps a user has installed, then parks all of it in Microsoft’s cloud so the data can be loaded onto a replacement machine later.

Microsoft has spent months renaming the thing, from Windows Backup for Organizations to its current label, and the rename changes nothing about what happens. Settings data leaves the device on a schedule, once every eight days, and lands in a tenant store that Microsoft operates.

The company’s pitch leans on the fear of the moment things go wrong. “Imagine a lost laptop, a hardware refresh, or an unexpected reset. These are some of the moments when your users need backup most. And that’s rarely when anyone wants to discover that backup was never turned on,” Microsoft wrote in its Windows IT Pro blog.

Its documentation frames the flip as a way of establishing “backup as a baseline capability, helping user environments stay protected without requiring setup.”

Read past the reassurance and the stated goals look different. Microsoft’s own overview lists what it wants the feature to achieve, and neither aim is really about protecting you. One is to help organizations “accelerate PC refresh cycle or the transition to Windows 11 or deploying AI-powered PCs.”

The other is to move companies onto “a cloud-first approach for managing devices and user settings.” Backup is the friendly word. Migration into Microsoft’s cloud is the objective.

The default flips only for machines running 26H2 or later. Windows 11 25H2 and earlier stay as they are, and any device whose administrator already wrote a policy disabling backup keeps that policy. GCCH and sovereign clouds fall outside the change, and so does China.

Everything else that qualifies gets switched on after a feature update, reaching Windows Insiders in the Experimental channel this month before a wider release later in the year. Only the backup half turns on by itself. Restoring settings to a new device still needs an administrator to flip a separate switch.

The EU carve-out is the tell. Where regulation forces the question, Microsoft asks permission. Where nothing forces it, Microsoft assumes a yes. A company outside Europe that cares about data sovereignty now has to notice the change, understand what it does, and turn it back off across machine after machine. The work of keeping data in place falls on the customer, not on the vendor shipping that data out.

The Register, which broke the story, described the cost to the people who run these fleets, noting that “an opt-out setting that quietly ships settings data off-device is exactly the sort of thing that adds to administrators’ workloads rather than lightening them.”

Microsoft concedes this is not even a complete backup solution, calling it “one step in a broader Windows resiliency effort.” What sits on the table, then, is partial protection traded for a standing copy of user settings on Microsoft’s servers, enabled by a default nobody requested.

Users can resist, though the controls are tucked away in Settings under Accounts and Windows backup, where toggles labeled “Remember my preferences” and “Remember my apps” decide what gets sent. Those toggles only respond if an administrator enabled the feature to begin with, so the people most exposed often have the least power to stop it. Data already uploaded does not disappear on its own. Clawing it back means an administrator has to reach into the tenant’s data store, or make Microsoft Graph API calls with the right permissions, to view and delete what was taken.

Away from Microsoft’s blog, the response ran cold. On Slashdot, one reader boiled the consent model down to “Yes or Ask Again in Three Days.” Another asked for a rule an operating system ought to follow on its own, writing “Do not change my OS from the one I purchased unless and until I explicitly request it.” A third tied the change to the company’s broader record, observing that “with the latest news that Microsoft used the Windows ID to identify users, one should really wonder if they should have a copy of your settings.”

The feature will help some workers recover a lost laptop. It will also hand Microsoft a fresh, always-current inventory of how millions of corporate machines are configured and what runs on them, gathered by default and dressed up as resilience. Switching it off is possible. Learning that it switched itself on is the harder half.

Stand against censorship and surveillance: join Reclaim The Net

Reclaim The Net is reader-supported. Every contribution widens the reach, helping more people see the threat to privacy and free expression, and push back.