These are the websites your clean-install Windows PC connects to by itself

Since the release of Windows 10, Microsoft has been accused of breaching privacy and connecting users to services without proper disclosure. The company now has released a list of websites and services that a Windows PC connects to after a clean install.

The list mostly consists of Microsoft services which provide data endpoints to the respective Microsoft apps. The list can be derived after installing Windows 10 (1709 or above) and leaving the PC idle on default settings for a week. This can then be used to Compile reports on traffic going to public IP addresses. However, if you don’t want to go through all that then you can head below to take a look at the list.

Apps

Weather app Live Tile. If you turn off traffic to this endpoint, no Live Tiles will be updated.

Source processProtocolDestinationApplies from Windows 10 version
explorerHTTPtile-service.weather.microsoft.com1709
HTTPblob.weather.microsoft.com1803

OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
HTTPScdn.onenote.net/livetile/?Language=en-US1709

Twitter. To turn off traffic for these endpoints, either uninstall Twitter or disable the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
HTTPSwildcard.twimg.com1709
svchost.exeoem.twimg.com/windows/tile.xml1709

Facebook. To turn off traffic for this endpoint, either uninstall Facebook or disable the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
star-mini.c10r.facebook.com1709

Photos App. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
WindowsApps\Microsoft.Windows.PhotosHTTPSevoke-windowsservices-tas.msedge.net1709

Candy Crush Saga. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or disable the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
TLS v1.2candycrushsoda.king.com1709

Microsoft Wallet. To turn off traffic for this endpoint, either uninstall the Wallet app or disable the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
system32\AppHostRegistrationVerifier.exeHTTPSwallet.microsoft.com1709

Groove Music. If you turn off traffic for this endpoint, apps for websites won’t work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won’t be able to directly launch the app.

Source processProtocolDestinationApplies from Windows 10 version
system32\AppHostRegistrationVerifier.exeHTTPSmediaredirect.microsoft.com1709

Cortana and Search

Microsoft Store Suggestions. If you turn off traffic for this endpoint, you will block images that are used for Microsoft Store suggestions.

Source processProtocolDestinationApplies from Windows 10 version
searchuiHTTPSstore-images.s-microsoft.com1709

Cortana greetings, tips, and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.

Source processProtocolDestinationApplies from Windows 10 version
backgroundtaskhostHTTPSwww.bing.com/client1709

Live Tiles. If you turn off traffic for this endpoint, parameters would not be updated and the device would no longer participate in experiments.

Source processProtocolDestinationApplies from Windows 10 version
backgroundtaskhostHTTPSwww.bing.com/proactive1709

Cortana to report diagnostic and diagnostic data information. If you turn off traffic for this endpoint, Microsoft won’t be aware of issues with Cortana and won’t be able to fix them.

Source processProtocolDestinationApplies from Windows 10 version
searchui
backgroundtaskhost
HTTPSwww.bing.com/threshold/xls.aspx1709

Certificates

Automatic Root Certificates Update component. It is possible to turn off traffic to this endpoint, but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses.

Source processProtocolDestinationApplies from Windows 10 version
svchostHTTPctldl.windowsupdate.com1709

Download certificates. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.

Source processProtocolDestinationApplies from Windows 10 version
svchostHTTPctldl.windowsupdate.com1709

Device authentication

The following endpoint is used to authenticate a device. If you turn off traffic for this endpoint, the device will not be authenticated.

Source processProtocolDestinationApplies from Windows 10 version
HTTPSlogin.live.com/ppsecure1709

Device metadata

The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata will not be updated for the device.

Source processProtocolDestinationApplies from Windows 10 version
dmd.metaservices.microsoft.com.akadns.net1709
HTTPdmd.metaservices.microsoft.com1803

Diagnostic Data

Connected User Experiences and Telemetry component.  If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.

Source processProtocolDestinationApplies from Windows 10 version
svchostcy2.vortex.data.microsoft.com.akadns.net1709
svchostv10.vortex-win.data.microsoft.com/collect/v11709

Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting.

Source processProtocolDestinationApplies from Windows 10 version
wermgrwatson.telemetry.microsoft.com1709
TLS v1.2modern.watson.data.microsoft.com.akadns.net1709

Font streaming

Download fonts on demand. If you turn off traffic for these endpoints, you will not be able to download fonts on demand.

Source processProtocolDestinationApplies from Windows 10 version
svchostfs.microsoft.com1709
fs.microsoft.com/fs/windows/config.json1709

Licensing

The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.

Source processProtocolDestinationApplies from Windows 10 version
licensemanagerHTTPSlicensing.mp.microsoft.com/v7.0/licenses/content1709

Location

The following endpoint is used for location data. If you turn off traffic for this endpoint, apps cannot use location data.

Source processProtocolDestinationApplies from Windows 10 version
HTTPlocation-inference-westus.cloudapp.net1709

Maps

The following endpoint is used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.

Source processProtocolDestinationApplies from Windows 10 version
svchostHTTPS*g.akamaiedge.net1709

Microsoft account

The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts.

Source processProtocolDestinationApplies from Windows 10 version
login.msa.akadns6.net1709
system32\Auth.Host.exeHTTPSauth.gfx.ms1709

Microsoft Store

Windows Push Notification Services (WNS). If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.

Source processProtocolDestinationApplies from Windows 10 version
*.wns.windows.com1709

Revoke licenses for malicious apps. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
HTTPstorecatalogrevocation.storequality.microsoft.com1709

Download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won’t be downloaded, and apps cannot be installed or updated from the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
HTTPSimg-prod-cms-rt-microsoft-com.akamaized.net1709
backgroundtransferhostHTTPSstore-images.microsoft.com1803

Communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
HTTPstoreedgefd.dsx.mp.microsoft.com1709
HTTPpti.store.microsoft.com1709
TLS v1.2cy2.*.md.mp.microsoft.com.*.1709
svchostHTTPSdisplaycatalog.mp.microsoft.com1803

Network Connection Status Indicator (NCSI)

Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won’t be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.

Source processProtocolDestinationApplies from Windows 10 version
HTTPwww.msftconnecttest.com/connecttest.txt1709

Office

The following endpoints are used to connect to the Office 365 portal’s shared infrastructure, including Office Online. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.

Source processProtocolDestinationApplies from Windows 10 version
*.a-msedge.net1709
hxstr*.c-msedge.net1709
*.e-msedge.net1709
*.s-msedge.net1709
HTTPSocos-office365-s2s.msedge.net1803

Connect to the Office 365 portal’s shared infrastructure, including Office Online. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.

Source processProtocolDestinationApplies from Windows 10 version
system32\Auth.Host.exeHTTPSoutlook.office365.com1709

Get the metadata of Office apps. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
Windows Apps\Microsoft.Windows.PhotosHTTPSclient-office365-tas.msedge.net1709

OneDrive

Automatically update URLs. If you turn off traffic for this endpoint, anything that relies on g.live.com to get updated URL information will no longer work.

Source processProtocolDestinationApplies from Windows 10 version
onedriveHTTP \ HTTPSg.live.com/1rewlive5skydrive/ODSUProduction1709

Download and verify app updates. To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates.

Source processProtocolDestinationApplies from Windows 10 version
onedriveHTTPSoneclient.sfx.ms1709

Settings

Dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.

Source processProtocolDestinationApplies from Windows 10 version
dmclientcy2.settings.data.microsoft.com.akadns.net1709
dmclientHTTPSsettings.data.microsoft.com1709

Dynamically update app configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.

Source processProtocolDestinationApplies from Windows 10 version
svchostHTTPSsettings-win.data.microsoft.com1709

Skype

Retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
microsoft.windowscommunicationsapps.exeHTTPSconfig.edge.skype.com1709

Windows Defender

Cloud-based Protection (enabled). If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.

Source processProtocolDestinationApplies from Windows 10 version
wdcp.microsoft.com1709

Definition updates. If you turn off traffic for these endpoints, definitions will not be updated.

Source processProtocolDestinationApplies from Windows 10 version
definitionupdates.microsoft.com1709
MpCmdRun.exeHTTPSgo.microsoft.com1709

Windows Spotlight

Retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded.

Source processProtocolDestinationApplies from Windows 10 version
backgroundtaskhostHTTPSarc.msn.com1709
backgroundtaskhostg.msn.com.nsatc.net1709
TLS v1.2*.search.msn.com1709
HTTPSris.api.iris.microsoft.com1709
HTTPSquery.prod.cms.rt.microsoft.com1709

Windows Update

Windows Update downloads of apps and OS updates. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked.

Source processProtocolDestinationApplies from Windows 10 version
svchostHTTPS*.prod.do.dsp.mp.microsoft.com1709

Used to download operating system patches and updates. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.

Source processProtocolDestinationApplies from Windows 10 version
svchostHTTP*.windowsupdate.com1709
HTTPfg.download.windowsupdate.com.c.footprint.net1709

Highwinds Content Delivery Network. If you turn off traffic for this endpoint, the device will not perform updates.

Source processProtocolDestinationApplies from Windows 10 version
cds.d2s7q6s2.hwcdn.net1709

Verizon Content Delivery Network. If you turn off traffic for these endpoints, the device will not perform updates.

Source processProtocolDestinationApplies from Windows 10 version
HTTP*wac.phicdn.net1709
*wac.edgecastcdn.net1709

Download apps and Windows Insider Preview builds from the Microsoft Store. If you turn off traffic for this endpoint, the updating functionality on this device is essentially in a disabled state, resulting in user unable to get apps from the Store, get latest version of Windows, and so on.

Source processProtocolDestinationApplies from Windows 10 version
svchost*.tlu.dl.delivery.mp.microsoft.com.c.footprint.net1709

Download apps from the Microsoft Store. If you turn off traffic for this endpoint, users of the device will not able to get apps from the Microsoft Store.

Source processProtocolDestinationApplies from Windows 10 version
svchostemdl.ws.microsoft.com1709

Enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure.

Source processProtocolDestinationApplies from Windows 10 version
svchostHTTPSfe2.update.microsoft.com1709
svchostfe3.delivery.mp.microsoft.com1709
fe3.delivery.dsp.mp.microsoft.com.nsatc.net1709
svchostHTTPSsls.update.microsoft.com1709
HTTP*.dl.delivery.mp.microsoft.com1803

Content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used.

Source processProtocolDestinationApplies from Windows 10 version
svchostHTTPStsfe.trafficshaping.dsp.mp.microsoft.com1709

Used to download content. If you turn off traffic for these endpoints, you will block any content from being downloaded.

Source processProtocolDestinationApplies from Windows 10 version
a122.dscd.akamai.net1709
a1621.g.akamai.net1709

The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer.

If you disable this endpoint, Windows Defender won’t be able to update its malware definitions; links from Windows and other Microsoft products to the Web won’t work; and PowerShell updateable Help won’t update. To disable the traffic, instead disable the traffic that’s getting forwarded.

Source processProtocolDestinationApplies from Windows 10 version
VariousHTTPSgo.microsoft.com1709

These are the endpoints used by Microsoft to provide different metadata for different apps and services. While Microsoft has added a way to disable endpoints, it’s not recommended to do so as it might break an app or multiple apps that use the endpoint to fetch data.

Also, do note that the endpoints mentioned above are only available on Windows 10 (1709 or above). For endpoints related to other versions, head to docs.microsoft.com to know more.

Source: Microsoft; Via: Twitter

Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.

Related
Comments