Microsoft released the first version of Windows 10 three years ago and privacy has been a hot topic ever since.

We published Windows 10 and Privacy back in 2015 to highlight privacy issues such as the inability to turn off Telemetry collection and transfers in the user interface.

Microsoft was criticized by government agencies in various countries such as France or the Netherlands for privacy issues, and a rising arsenal of privacy tools for Windows 10 promised users protection against the data hunger of Microsoft.

One option that Windows users and administrators have is to block endpoints so that connections can't be established. The method requires extensive testing as critical functionality may become unavailable when connections are blocked.

If you block Windows Update endpoints, you should not be surprised that you cannot use the automatic updating system anymore to keep the operating system up to date.

Default Windows 10 systems, those installed using default settings and left untouched, make a large number of connections automatically for a variety of purposes. Windows 10 checks for updates regularly, checks new files against Windows Defender databases, or submits telemetry data to Microsoft.

While some connections are required for the operating system to work properly, others may be disabled without noticeable impact in functionality; the latter is true especially if features are not used on the system.

Microsoft released a master list of Windows Endpoints for non-Enterprise and for Enterprise editions of Windows recently. The non-Enterprise listing is available for Windows 10 version 1709 and 1803, the Enterprise-specific listing for Windows 10 version 1709.

Tip: Check out my side-project Privacy Amp for detailed lists and other privacy related topics.

Without further ado, here are the connection endpoints of Windows 10 version 1803 (non-Enterprise).

Windows 10 Family

Destination Protocol Description *.e-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. *.g.akamaiedge.net HTTPS Used to check for updates to maps that have been downloaded for offline use. *.s-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. *.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ HTTP Enables connections to Windows Update. arc.msn.com.nsatc.net HTTPS Used to retrieve Windows Spotlight metadata. arc.msn.com/v3/Delivery/Placement HTTPS Used to retrieve Windows Spotlight metadata. client-office365-tas.msedge.net* HTTPS Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. config.edge.skype.com/config/* HTTPS Used to retrieve Skype configuration values. ctldl.windowsupdate.com/msdownload/update* HTTP Used to download certificates that are publicly known to be fraudulent. cy2.displaycatalog.md.mp.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. cy2.licensing.md.mp.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. cy2.settings.data.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. displaycatalog.mp.microsoft.com* HTTPS Used to communicate with Microsoft Store. dm3p.wns.notify.windows.com.akadns.net HTTPS Used for the Windows Push Notification Services (WNS). fe2.update.microsoft.com* HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. fe3.delivery.dsp.mp.microsoft.com.nsatc.net HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. fe3.delivery.mp.microsoft.com HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. g.live.com/odclientsettings/Prod HTTPS Used by OneDrive for Business to download and verify app updates. g.msn.com.nsatc.net HTTPS Used to retrieve Windows Spotlight metadata. geo-prod.dodsp.mp.microsoft.com.nsatc.net HTTPS Enables connections to Windows Update. ipv4.login.msa.akadns6.net HTTPS Used for Microsoft accounts to sign in. licensing.mp.microsoft.com/v7.0/licenses/content HTTPS Used for online activation and some app licensing. location-inference-westus.cloudapp.net HTTPS Used for location data. maps.windows.com/windows-app-web-link HTTPS Link to Maps application. modern.watson.data.microsoft.com.akadns.net HTTPS Used by Windows Error Reporting. ocos-office365-s2s.msedge.net* HTTPS Used to connect to the Office 365 portal's shared infrastructure. ocsp.digicert.com* HTTP CRL and OCSP checks to the issuing certificate authorities. oneclient.sfx.ms* HTTPS Used by OneDrive for Business to download and verify app updates. query.prod.cms.rt.microsoft.com* HTTPS Used to retrieve Windows Spotlight metadata. ris.api.iris.microsoft.com* HTTPS Used to retrieve Windows Spotlight metadata. settings.data.microsoft.com/settings/v2.0/* HTTPS Used for Windows apps to dynamically update their configuration. settings-win.data.microsoft.com/settings/* HTTPS Used as a way for apps to dynamically update their configuration. sls.update.microsoft.com* HTTPS Enables connections to Windows Update. storecatalogrevocation.storequality.microsoft.com* HTTPS Used to revoke licenses for malicious apps on the Microsoft Store. storeedgefd.dsx.mp.microsoft.com* HTTPS Used to communicate with Microsoft Store. tile-service.weather.microsoft.com* HTTP Used to download updates to the Weather app Live Tile. tsfe.trafficshaping.dsp.mp.microsoft.com HTTPS Used for content regulation. ip5.afdorigin-prod-am02.afdogw.com HTTPS Used to serve office 365 experimentation traffic. watson.telemetry.microsoft.com/Telemetry.Request HTTPS Used by Windows Error Reporting.

Windows 10 Pro

Destination Protocol Description *.e-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. *.g.akamaiedge.net HTTPS Used to check for updates to maps that have been downloaded for offline use. *.s-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. .tlu.dl.delivery.mp.microsoft.com/ HTTP Enables connections to Windows Update. *geo-prod.dodsp.mp.microsoft.com.nsatc.net HTTPS Enables connections to Windows Update. arc.msn.com.nsatc.net HTTPS Used to retrieve Windows Spotlight metadata. au.download.windowsupdate.com/* HTTP Enables connections to Windows Update. ctldl.windowsupdate.com/msdownload/update/* HTTP Used to download certificates that are publicly known to be fraudulent. cy2.licensing.md.mp.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. cy2.settings.data.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. dm3p.wns.notify.windows.com.akadns.net HTTPS Used for the Windows Push Notification Services (WNS) fe3.delivery.dsp.mp.microsoft.com.nsatc.net HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. g.msn.com.nsatc.net HTTPS Used to retrieve Windows Spotlight metadata. ipv4.login.msa.akadns6.net HTTPS Used for Microsoft accounts to sign in. location-inference-westus.cloudapp.net HTTPS Used for location data. modern.watson.data.microsoft.com.akadns.net HTTPS Used by Windows Error Reporting. ocsp.digicert.com* HTTP CRL and OCSP checks to the issuing certificate authorities. ris.api.iris.microsoft.com.akadns.net HTTPS Used to retrieve Windows Spotlight metadata. tile-service.weather.microsoft.com/* HTTP Used to download updates to the Weather app Live Tile. tsfe.trafficshaping.dsp.mp.microsoft.com HTTPS Used for content regulation. vip5.afdorigin-prod-am02.afdogw.com HTTPS Used to serve office 365 experimentation traffic

Windows 10 Education

Destination Protocol Description *.b.akamaiedge.net HTTPS Used to check for updates to maps that have been downloaded for offline use. *.e-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. *.g.akamaiedge.net HTTPS Used to check for updates to maps that have been downloaded for offline use. *.s-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. *.telecommand.telemetry.microsoft.com.akadns.net HTTPS Used by Windows Error Reporting. .tlu.dl.delivery.mp.microsoft.com HTTP Enables connections to Windows Update. .windowsupdate.com HTTP Enables connections to Windows Update. *geo-prod.do.dsp.mp.microsoft.com HTTPS Enables connections to Windows Update. au.download.windowsupdate.com* HTTP Enables connections to Windows Update. cdn.onenote.net/livetile/* HTTPS Used for OneNote Live Tile. client-office365-tas.msedge.net/* HTTPS Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. config.edge.skype.com/* HTTPS Used to retrieve Skype configuration values. ctldl.windowsupdate.com/* HTTP Used to download certificates that are publicly known to be fraudulent. cy2.displaycatalog.md.mp.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. cy2.licensing.md.mp.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. cy2.settings.data.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. displaycatalog.mp.microsoft.com/* HTTPS Used to communicate with Microsoft Store. download.windowsupdate.com/* HTTPS Enables connections to Windows Update. emdl.ws.microsoft.com/* HTTP Used to download apps from the Microsoft Store. fe2.update.microsoft.com/* HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. fe3.delivery.dsp.mp.microsoft.com.nsatc.net HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. fe3.delivery.mp.microsoft.com/* HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. g.live.com/odclientsettings/* HTTPS Used by OneDrive for Business to download and verify app updates. g.msn.com.nsatc.net HTTPS Used to retrieve Windows Spotlight metadata. ipv4.login.msa.akadns6.net HTTPS Used for Microsoft accounts to sign in. licensing.mp.microsoft.com/* HTTPS Used for online activation and some app licensing. maps.windows.com/windows-app-web-link HTTPS Link to Maps application modern.watson.data.microsoft.com.akadns.net HTTPS Used by Windows Error Reporting. ocos-office365-s2s.msedge.net/* HTTPS Used to connect to the Office 365 portal's shared infrastructure. ocsp.digicert.com* HTTP CRL and OCSP checks to the issuing certificate authorities. oneclient.sfx.ms/* HTTPS Used by OneDrive for Business to download and verify app updates. settings-win.data.microsoft.com/settings/* HTTPS Used as a way for apps to dynamically update their configuration. sls.update.microsoft.com/* HTTPS Enables connections to Windows Update. storecatalogrevocation.storequality.microsoft.com/* HTTPS Used to revoke licenses for malicious apps on the Microsoft Store. tile-service.weather.microsoft.com/* HTTP Used to download updates to the Weather app Live Tile. tsfe.trafficshaping.dsp.mp.microsoft.com HTTPS Used for content regulation. vip5.afdorigin-prod-ch02.afdogw.com HTTPS Used to serve office 365 experimentation traffic. watson.telemetry.microsoft.com/Telemetry.Request HTTPS Used by Windows Error Reporting. bing.com/* HTTPS Used for updates for Cortana, apps, and Live Tiles.

Summary Article Name Master List of Windows 10 "phone home" connections Description Microsoft published master lists of endpoint connections that recent versions of the company's Windows 10 operating system make recently. Author Martin Brinkmann Publisher Ghacks Technology News Logo

Advertisement