Master List of Windows 10 "phone home" connections

[vissha]

Microsoft published master lists of endpoint connections that recent versions of the company's Windows 10 operating system make recently.

 

Microsoft released the first version of Windows 10 three years ago and privacy has been a hot topic ever since.

 

We published Windows 10 and Privacy back in 2015 to highlight privacy issues such as the inability to turn off Telemetry collection and transfers in the user interface.

 

Microsoft was criticized by government agencies in various countries such as France or the Netherlands for privacy issues, and a rising arsenal of privacy tools for Windows 10 promised users protection against the data hunger of Microsoft.

 

One option that Windows users and administrators have is to block endpoints so that connections can't be established. The method requires extensive testing as critical functionality may become unavailable when connections are blocked.

 

 

If you block Windows Update endpoints, you should not be surprised that you cannot use the automatic updating system anymore to keep the operating system up to date.

 

Default Windows 10 systems, those installed using default settings and left untouched, make a large number of connections automatically for a variety of purposes. Windows 10 checks for updates regularly, checks new files against Windows Defender databases, or submits telemetry data to Microsoft.

 

While some connections are required for the operating system to work properly, others may be disabled without noticeable impact in functionality; the latter is true especially if features are not used on the system.

 

Microsoft released a master list of Windows Endpoints for non-Enterprise and for Enterprise editions of Windows recently. The non-Enterprise listing is available for Windows 10 version 1709 and 1803, the Enterprise-specific listing for Windows 10 version 1709.

 

Tip: Check out my side-project Privacy Amp for detailed lists and other privacy related topics.

 

Without further ado, here are the connection endpoints of Windows 10 version 1803 (non-Enterprise).

Windows 10 Family

Destination	Protocol	Description
*.e-msedge.net	HTTPS	Used by OfficeHub to get the metadata of Office apps.
*.g.akamaiedge.net	HTTPS	Used to check for updates to maps that have been downloaded for offline use.
*.s-msedge.net	HTTPS	Used by OfficeHub to get the metadata of Office apps.
*.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/	HTTP	Enables connections to Windows Update.
arc.msn.com.nsatc.net	HTTPS	Used to retrieve Windows Spotlight metadata.
arc.msn.com/v3/Delivery/Placement	HTTPS	Used to retrieve Windows Spotlight metadata.
client-office365-tas.msedge.net*	HTTPS	Used to connect to the Office 365 portal’s shared infrastructure, including Office Online.
config.edge.skype.com/config/*	HTTPS	Used to retrieve Skype configuration values.
ctldl.windowsupdate.com/msdownload/update*	HTTP	Used to download certificates that are publicly known to be fraudulent.
cy2.displaycatalog.md.mp.microsoft.com.akadns.net	HTTPS	Used to communicate with Microsoft Store.
cy2.licensing.md.mp.microsoft.com.akadns.net	HTTPS	Used to communicate with Microsoft Store.
cy2.settings.data.microsoft.com.akadns.net	HTTPS	Used to communicate with Microsoft Store.
displaycatalog.mp.microsoft.com*	HTTPS	Used to communicate with Microsoft Store.
dm3p.wns.notify.windows.com.akadns.net	HTTPS	Used for the Windows Push Notification Services (WNS).
fe2.update.microsoft.com*	HTTPS	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
fe3.delivery.dsp.mp.microsoft.com.nsatc.net	HTTPS	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
fe3.delivery.mp.microsoft.com	HTTPS	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
g.live.com/odclientsettings/Prod	HTTPS	Used by OneDrive for Business to download and verify app updates.
g.msn.com.nsatc.net	HTTPS	Used to retrieve Windows Spotlight metadata.
geo-prod.dodsp.mp.microsoft.com.nsatc.net	HTTPS	Enables connections to Windows Update.
ipv4.login.msa.akadns6.net	HTTPS	Used for Microsoft accounts to sign in.
licensing.mp.microsoft.com/v7.0/licenses/content	HTTPS	Used for online activation and some app licensing.
location-inference-westus.cloudapp.net	HTTPS	Used for location data.
maps.windows.com/windows-app-web-link	HTTPS	Link to Maps application.
modern.watson.data.microsoft.com.akadns.net	HTTPS	Used by Windows Error Reporting.
ocos-office365-s2s.msedge.net*	HTTPS	Used to connect to the Office 365 portal's shared infrastructure.
ocsp.digicert.com*	HTTP	CRL and OCSP checks to the issuing certificate authorities.
oneclient.sfx.ms*	HTTPS	Used by OneDrive for Business to download and verify app updates.
query.prod.cms.rt.microsoft.com*	HTTPS	Used to retrieve Windows Spotlight metadata.
ris.api.iris.microsoft.com*	HTTPS	Used to retrieve Windows Spotlight metadata.
settings.data.microsoft.com/settings/v2.0/*	HTTPS	Used for Windows apps to dynamically update their configuration.
settings-win.data.microsoft.com/settings/*	HTTPS	Used as a way for apps to dynamically update their configuration.
sls.update.microsoft.com*	HTTPS	Enables connections to Windows Update.
storecatalogrevocation.storequality.microsoft.com*	HTTPS	Used to revoke licenses for malicious apps on the Microsoft Store.
storeedgefd.dsx.mp.microsoft.com*	HTTPS	Used to communicate with Microsoft Store.
tile-service.weather.microsoft.com*	HTTP	Used to download updates to the Weather app Live Tile.
tsfe.trafficshaping.dsp.mp.microsoft.com	HTTPS	Used for content regulation.
ip5.afdorigin-prod-am02.afdogw.com	HTTPS	Used to serve office 365 experimentation traffic.
watson.telemetry.microsoft.com/Telemetry.Request	HTTPS	Used by Windows Error Reporting.

Windows 10 Pro

Destination	Protocol	Description
*.e-msedge.net	HTTPS	Used by OfficeHub to get the metadata of Office apps.
*.g.akamaiedge.net	HTTPS	Used to check for updates to maps that have been downloaded for offline use.
*.s-msedge.net	HTTPS	Used by OfficeHub to get the metadata of Office apps.
.tlu.dl.delivery.mp.microsoft.com/	HTTP	Enables connections to Windows Update.
*geo-prod.dodsp.mp.microsoft.com.nsatc.net	HTTPS	Enables connections to Windows Update.
arc.msn.com.nsatc.net	HTTPS	Used to retrieve Windows Spotlight metadata.
au.download.windowsupdate.com/*	HTTP	Enables connections to Windows Update.
ctldl.windowsupdate.com/msdownload/update/*	HTTP	Used to download certificates that are publicly known to be fraudulent.
cy2.licensing.md.mp.microsoft.com.akadns.net	HTTPS	Used to communicate with Microsoft Store.
cy2.settings.data.microsoft.com.akadns.net	HTTPS	Used to communicate with Microsoft Store.
dm3p.wns.notify.windows.com.akadns.net	HTTPS	Used for the Windows Push Notification Services (WNS)
fe3.delivery.dsp.mp.microsoft.com.nsatc.net	HTTPS	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
g.msn.com.nsatc.net	HTTPS	Used to retrieve Windows Spotlight metadata.
ipv4.login.msa.akadns6.net	HTTPS	Used for Microsoft accounts to sign in.
location-inference-westus.cloudapp.net	HTTPS	Used for location data.
modern.watson.data.microsoft.com.akadns.net	HTTPS	Used by Windows Error Reporting.
ocsp.digicert.com*	HTTP	CRL and OCSP checks to the issuing certificate authorities.
ris.api.iris.microsoft.com.akadns.net	HTTPS	Used to retrieve Windows Spotlight metadata.
tile-service.weather.microsoft.com/*	HTTP	Used to download updates to the Weather app Live Tile.
tsfe.trafficshaping.dsp.mp.microsoft.com	HTTPS	Used for content regulation.
vip5.afdorigin-prod-am02.afdogw.com	HTTPS	Used to serve office 365 experimentation traffic

Windows 10 Education

Destination	Protocol	Description
*.b.akamaiedge.net	HTTPS	Used to check for updates to maps that have been downloaded for offline use.
*.e-msedge.net	HTTPS	Used by OfficeHub to get the metadata of Office apps.
*.g.akamaiedge.net	HTTPS	Used to check for updates to maps that have been downloaded for offline use.
*.s-msedge.net	HTTPS	Used by OfficeHub to get the metadata of Office apps.
*.telecommand.telemetry.microsoft.com.akadns.net	HTTPS	Used by Windows Error Reporting.
.tlu.dl.delivery.mp.microsoft.com	HTTP	Enables connections to Windows Update.
.windowsupdate.com	HTTP	Enables connections to Windows Update.
*geo-prod.do.dsp.mp.microsoft.com	HTTPS	Enables connections to Windows Update.
au.download.windowsupdate.com*	HTTP	Enables connections to Windows Update.
cdn.onenote.net/livetile/*	HTTPS	Used for OneNote Live Tile.
client-office365-tas.msedge.net/*	HTTPS	Used to connect to the Office 365 portal’s shared infrastructure, including Office Online.
config.edge.skype.com/*	HTTPS	Used to retrieve Skype configuration values.
ctldl.windowsupdate.com/*	HTTP	Used to download certificates that are publicly known to be fraudulent.
cy2.displaycatalog.md.mp.microsoft.com.akadns.net	HTTPS	Used to communicate with Microsoft Store.
cy2.licensing.md.mp.microsoft.com.akadns.net	HTTPS	Used to communicate with Microsoft Store.
cy2.settings.data.microsoft.com.akadns.net	HTTPS	Used to communicate with Microsoft Store.
displaycatalog.mp.microsoft.com/*	HTTPS	Used to communicate with Microsoft Store.
download.windowsupdate.com/*	HTTPS	Enables connections to Windows Update.
emdl.ws.microsoft.com/*	HTTP	Used to download apps from the Microsoft Store.
fe2.update.microsoft.com/*	HTTPS	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
fe3.delivery.dsp.mp.microsoft.com.nsatc.net	HTTPS	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
fe3.delivery.mp.microsoft.com/*	HTTPS	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
g.live.com/odclientsettings/*	HTTPS	Used by OneDrive for Business to download and verify app updates.
g.msn.com.nsatc.net	HTTPS	Used to retrieve Windows Spotlight metadata.
ipv4.login.msa.akadns6.net	HTTPS	Used for Microsoft accounts to sign in.
licensing.mp.microsoft.com/*	HTTPS	Used for online activation and some app licensing.
maps.windows.com/windows-app-web-link	HTTPS	Link to Maps application
modern.watson.data.microsoft.com.akadns.net	HTTPS	Used by Windows Error Reporting.
ocos-office365-s2s.msedge.net/*	HTTPS	Used to connect to the Office 365 portal's shared infrastructure.
ocsp.digicert.com*	HTTP	CRL and OCSP checks to the issuing certificate authorities.
oneclient.sfx.ms/*	HTTPS	Used by OneDrive for Business to download and verify app updates.
settings-win.data.microsoft.com/settings/*	HTTPS	Used as a way for apps to dynamically update their configuration.
sls.update.microsoft.com/*	HTTPS	Enables connections to Windows Update.
storecatalogrevocation.storequality.microsoft.com/*	HTTPS	Used to revoke licenses for malicious apps on the Microsoft Store.
tile-service.weather.microsoft.com/*	HTTP	Used to download updates to the Weather app Live Tile.
tsfe.trafficshaping.dsp.mp.microsoft.com	HTTPS	Used for content regulation.
vip5.afdorigin-prod-ch02.afdogw.com	HTTPS	Used to serve office 365 experimentation traffic.
watson.telemetry.microsoft.com/Telemetry.Request	HTTPS	Used by Windows Error Reporting.
bing.com/*	HTTPS	Used for updates for Cortana, apps, and Live Tiles.

 

Source

 

PS: I'm sure there would be much more connections not revealed due to privacy issues with MS. Hope will be revealed by any whistle-blower or someone like Woody/abbodi/.... soon to demolish Win 10 & MS - the day I'm feel much more joyful.

[Karlston]

Excellent. Now... where did I put my router's domain blacklist file?

[BimBamSmash]

I understand all the concerns over data collection - hell I share some of that myself. But I doubt there is a meaningful way out of this any more. Not when just about all tech vendors are implementing it at large in one way or another.

 

No amount of "whistle blowing" could ever fully derail this. Not when we live at a time where billions happily use free social networking services to share some of their most personal "stories".

 

The reason the likes of Linux are not in the headlines for this at the moment is because few bother to use the platform at all. It is like that old Apple story where claims were being made that Macs are too secure they can't get viruses. Once that platform got a bit of momentum it became clear that macos is just as vulnerable as others, if not worse. If Linux ever rises in ranks, data collection and ads will find a way in just like others.