Detections
Analytics

18.10.3.1 Ensure 'Turn off API Sampling' is set to 'Enabled'

Information

This policy setting determines if API data sampling is sent to Microsoft. API sampling monitors the sampled collection of APIs used during system runtime to help diagnose compatibility problems in Windows.

The recommended state for this setting is: Enabled.

In high-security environments, data must never be shared with third-parties without explicit consent, as it may contain sensitive information.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\App and Device Inventory\Turn off API Sampling

Note: This Group Policy path is provided by the Group Policy template AppDeviceInventory.admx/adml that is included with the Microsoft Windows 11 Release 24H2 Administrative Templates (or newer).

Impact:

API data sampling will not be sent to Microsoft.

See Also

https://workbench.cisecurity.org/benchmarks/26061

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Windows

Control ID: a5dff87cc43894136d23af3a6a83a9553cc570f0ff6060ded9d1bf241795b246