mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-16 02:43:43 +00:00
Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into 19h1-basic-diag
This commit is contained in:
Brian Lich
@ -360,9 +360,9 @@ You can turn on or turn off System Center diagnostic data gathering. The default
|
||||
|
||||
The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**.
|
||||
|
||||
### Configure the operating system diagnostic data level
|
||||
## Configure the operating system diagnostic data level
|
||||
|
||||
You can configure your operating system diagnostic data settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
|
||||
You can configure your operating system diagnostic data settings using the management tools you’re already using, such as **Group Policy, MDM, or Windows Provisioning.** You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
|
||||
|
||||
Use the appropriate value in the table below when you configure the management policy.
|
||||
|
||||
@ -392,7 +392,7 @@ Use the [Policy Configuration Service Provider (CSP)](https://msdn.microsoft.com
|
||||
|
||||
### Use Registry Editor to set the diagnostic data level
|
||||
|
||||
Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting.
|
||||
Use Registry Editor to manually set the registry level on the devices in your organization, or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, the policy will replace the manually set registry level.
|
||||
|
||||
1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.
|
||||
|
||||
|
||||
@ -21,17 +21,17 @@ ms.date: 01/17/2018
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1809
|
||||
- Windows 10, version 1803
|
||||
- Windows 10, version 1803
|
||||
|
||||
## Introduction
|
||||
The Diagnostic Data Viewer is a Windows app that lets you review the diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
|
||||
The Diagnostic Data Viewer is a Windows app that lets you review the Windows diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
|
||||
|
||||
## Install and Use the Diagnostic Data Viewer
|
||||
|
||||
You must turn on data viewing and download the app before you can use the Diagnostic Data Viewer to review your device's diagnostic data.
|
||||
You must download the app before you can use the Diagnostic Data Viewer to review your device's diagnostic data.
|
||||
|
||||
### Turn on data viewing
|
||||
Before you can use this tool, you must turn on data viewing in the **Settings** panel. Turning on data viewing lets Windows store your device's diagnostic data until you turn it off. Turning off data viewing stops Windows from collecting your diagnostic data and clears the existing diagnostic data from your device.
|
||||
Before you can use this tool for viewing Windows diagnostic data, you must turn on data viewing in the **Settings** panel. Turning on data viewing lets Windows store your device's diagnostic data until you turn it off. Turning off data viewing stops Windows from collecting your diagnostic data and clears the existing diagnostic data from your device. Note that this setting does not affect your Office data viewing or history.
|
||||
|
||||
**To turn on data viewing**
|
||||
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
||||
@ -44,7 +44,7 @@ Before you can use this tool, you must turn on data viewing in the **Settings**
|
||||
Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
|
||||
|
||||
### Start the Diagnostic Data Viewer
|
||||
You must start this app from the **Settings** panel.
|
||||
You can start this app from the **Settings** panel.
|
||||
|
||||
**To start the Diagnostic Data Viewer**
|
||||
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
||||
@ -58,29 +58,25 @@ You must start this app from the **Settings** panel.
|
||||
3. Close the Diagnostic Data Viewer app, use your device as you normally would for a few days, and then open Diagnostic Data Viewer again to review the updated list of diagnostic data.
|
||||
|
||||
>[!Important]
|
||||
>Turning on data viewing can use up to 1GB of disk space on your system drive. We strongly recommend that your turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
|
||||
>Turning on data viewing can use up to 1GB (by default) of disk space on your system drive. We strongly recommend that you turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
|
||||
|
||||
### Use the Diagnostic Data Viewer
|
||||
The Diagnostic Data Viewer provides you with the following features to view and filter your device's diagnostic data.
|
||||
|
||||
- **View your diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft.
|
||||
- **View your Windows diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft.
|
||||
|
||||
Selecting an event opens the detailed JSON view, which provides the exact details uploaded to Microsoft. Microsoft uses this info to continually improve the Windows operating system.
|
||||
|
||||
|
||||
>[!Important]
|
||||
>Seeing an event does not necessarily mean it has been uploaded yet. It’s possible that some events are still queued and will be uploaded at a later time.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
- **Search your diagnostic events.** The **Search** box at the top of the screen lets you search amongst all of the diagnostic event details. The returned search results include any diagnostic event that contains the matching text.
|
||||
|
||||
Selecting an event opens the detailed JSON view, with the matching text highlighted.
|
||||
|
||||
- **Filter your diagnostic event categories.** The apps Menu button opens the detailed menu. In here, you'll find a list of diagnostic event categories, which define how the events are used by Microsoft.
|
||||
|
||||
Selecting a check box lets you filter between the diagnostic event categories.
|
||||
|
||||
|
||||
- **Filter your diagnostic event categories.** The app's **Menu** button opens the detailed menu. In here, you'll find a list of diagnostic event categories, which define how the events are used by Microsoft. Selecting a check box lets you filter between the diagnostic event categories.
|
||||
|
||||
- **Help to make your Windows experience better.** Microsoft only needs diagnostic data from a small amount of devices to make big improvements to the Windows operating system and ultimately, your experience. If you’re a part of this small device group and you experience issues, Microsoft will collect the associated event diagnostic data, allowing your info to potentially help fix the issue for others.
|
||||
|
||||
@ -93,8 +89,20 @@ The Diagnostic Data Viewer provides you with the following features to view and
|
||||
>[!Important]
|
||||
>All content in the Feedback Hub is publicly viewable. Therefore, make sure you don't put any personal info into your feedback comments.
|
||||
|
||||
- **View a summary of the data you've shared with us over time.** Available for users on build 19H1+, 'About my data' in Diagnostic Data Viewer lets you see an overview of the Windows data you've shared with Microsoft.
|
||||
|
||||
Through this feature, you can checkout how much data you send on average each day, the breakdown of your data by category, the top components and services that have sent data, and more.
|
||||
|
||||
>[!Important]
|
||||
>This content is a reflection of the history of Windows data the app has stored. If you'd like to have extended analyses, please modify the storage capacity of Diagnostic Data Viewer.
|
||||
|
||||
|
||||
|
||||
## View Office Diagnostic Data
|
||||
By default, Diagnostic Data Viewer shows you Windows data. You can also view Office diagnostic data by enabling the feature in the app settings page. To learn more about how to view Office diagnostic data, please visit this [page](https://go.microsoft.com/fwlink/?linkid=2023830).
|
||||
|
||||
## Turn off data viewing
|
||||
When you're done reviewing your diagnostic data, you should turn of data viewing.
|
||||
When you're done reviewing your diagnostic data, you should turn of data viewing. This will also remove your Windows data history. Note that this setting does not affect your Office data viewing or history.
|
||||
|
||||
**To turn off data viewing**
|
||||
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
||||
@ -103,8 +111,24 @@ When you're done reviewing your diagnostic data, you should turn of data viewing
|
||||
|
||||
|
||||
|
||||
## Modifying the size of your data history
|
||||
By default, Diagnostic Data Viewer shows you up to 1GB or 30 days of data (whichever comes first) for Windows diagnostic data. Once either the time or space limit is reached, the data is incrementally dropped with the oldest data points dropped first.
|
||||
|
||||
>[!Important]
|
||||
>Note that if you have [Office diagnostic data viewing enabled](#view-office-diagnostic-data), the Office data history is fixed at 1 GB and cannot be modified.
|
||||
|
||||
**Modify the size of your data history**
|
||||
|
||||
To make changes to the size of your Windows diagnostic data history, visit the **app settings**, located at the bottom of the navigation menu. Data will be incrementally dropped with the oldest data points first once your chosen size or time limit is reached.
|
||||
|
||||
>[!Important]
|
||||
>Decreasing the maximum amount of diagnostic data viewable through the tool will remove all data history and requires a reboot of your device. Additionally, increasing the maximum amount of diagnostic data viewable by the tool may come with performance impacts to your machine.
|
||||
|
||||
|
||||
|
||||
## View additional diagnostic data in the View problem reports tool
|
||||
Available on Windows 1809 and higher, you can review additional Windows Error Reporting diagnostic data in the **View problem reports** page within the Diagnostic Data Viewer.
|
||||
|
||||
This page provides you with a summary of various crash reports that are sent to Microsoft as part of Windows Error Reporting.
|
||||
We use this data to find and fix specific issues that are hard to replicate and to improve the Windows operating system.
|
||||
|
||||
@ -112,7 +136,7 @@ You can also use the Windows Error Reporting tool available in the Control Panel
|
||||
|
||||
**To view your Windows Error Reporting diagnostic data using the Diagnostic Data Viewer**
|
||||
|
||||
Starting with Windows 1809 and higher, you can review Windows Error Reporting diagnostic data in the Diagnostic Data Viewer.
|
||||
Starting with Windows 1809 and higher, you can review Windows Error Reporting diagnostic data in the Diagnostic Data Viewer.
|
||||
|
||||
|
||||
|
||||
@ -123,3 +147,4 @@ Go to **Start** and search for _Problem Reports_.
|
||||
The **Review problem reports** tool opens, showing you your Windows Error Reporting reports, along with a status about whether it was sent to Microsoft.
|
||||
|
||||
|
||||
|
||||
|
||||
BIN
windows/privacy/images/ddv-analytics.png
Normal file
BIN
windows/privacy/images/ddv-analytics.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 53 KiB |
BIN
windows/privacy/images/ddv-event-view.jpg
Normal file
BIN
windows/privacy/images/ddv-event-view.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 337 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 149 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 105 KiB After Width: | Height: | Size: 108 KiB |
File diff suppressed because it is too large
Load Diff
@ -405,52 +405,21 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
|
||||
|
||||
The following endpoints are used to download operating system patches and updates.
|
||||
The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTP | *.windowsupdate.com |
|
||||
| | HTTP | fg.download.windowsupdate.com.c.footprint.net |
|
||||
|
||||
The following endpoint is used by the Highwinds Content Delivery Network to perform Windows updates.
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| | | cds.d2s7q6s2.hwcdn.net |
|
||||
|
||||
The following endpoints are used by the Verizon Content Delivery Network to perform Windows updates.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| | HTTP | *wac.phicdn.net |
|
||||
| | | *wac.edgecastcdn.net |
|
||||
|
||||
The following endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. Time Limited URL (TLU) is a mechanism for protecting the content. For example, it prevents someone from copying the URL and then getting access to the app that the person has not acquired).
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the updating functionality on this device is essentially in a disabled state, resulting in user unable to get apps from the Store, get latest version of Windows, and so on.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net |
|
||||
|
||||
The following endpoint is used to download apps from the Microsoft Store. It's used as part of calculating the right ranges for apps.
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), users of the device will not able to get apps from the Microsoft Store.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | | emdl.ws.microsoft.com |
|
||||
| svchost | HTTP | *.dl.delivery.mp.microsoft.com |
|
||||
|
||||
The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTPS | fe2.update.microsoft.com |
|
||||
| svchost | | fe3.delivery.mp.microsoft.com |
|
||||
| | | fe3.delivery.dsp.mp.microsoft.com.nsatc.net |
|
||||
| svchost | HTTPS | sls.update.microsoft.com |
|
||||
| svchost | HTTPS | *.update.microsoft.com |
|
||||
| svchost | HTTPS | *.delivery.mp.microsoft.com |
|
||||
|
||||
The following endpoint is used for content regulation.
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
|
||||
@ -459,14 +428,6 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
|
||||
|
||||
The following endpoints are used to download content.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), you will block any content from being downloaded.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| | | a122.dscd.akamai.net |
|
||||
| | | a1621.g.akamai.net |
|
||||
|
||||
## Microsoft forward link redirection service (FWLink)
|
||||
|
||||
The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer.
|
||||
@ -490,4 +451,4 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
|
||||
## Related links
|
||||
|
||||
- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
|
||||
- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
|
||||
- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
|
||||
|
||||
@ -410,53 +410,21 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
|
||||
|
||||
The following endpoints are used to download operating system patches and updates.
|
||||
The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTP | *.windowsupdate.com |
|
||||
| | HTTP | fg.download.windowsupdate.com.c.footprint.net |
|
||||
|
||||
The following endpoint is used by the Highwinds Content Delivery Network to perform Windows updates.
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| | | cds.d2s7q6s2.hwcdn.net |
|
||||
|
||||
The following endpoints are used by the Verizon Content Delivery Network to perform Windows updates.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| | HTTP | *wac.phicdn.net |
|
||||
| | | *wac.edgecastcdn.net |
|
||||
|
||||
The following endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. Time Limited URL (TLU) is a mechanism for protecting the content. For example, it prevents someone from copying the URL and then getting access to the app that the person has not acquired).
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the updating functionality on this device is essentially in a disabled state, resulting in user unable to get apps from the Store, get latest version of Windows, and so on.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net |
|
||||
|
||||
The following endpoint is used to download apps from the Microsoft Store. It's used as part of calculating the right ranges for apps.
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), users of the device will not able to get apps from the Microsoft Store.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | | emdl.ws.microsoft.com |
|
||||
| svchost | HTTP | *.dl.delivery.mp.microsoft.com |
|
||||
|
||||
The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTPS | fe2.update.microsoft.com |
|
||||
| svchost | | fe3.delivery.mp.microsoft.com |
|
||||
| | | fe3.delivery.dsp.mp.microsoft.com.nsatc.net |
|
||||
| svchost | HTTPS | sls.update.microsoft.com |
|
||||
| | HTTP | *.dl.delivery.mp.microsoft.com |
|
||||
| svchost | HTTPS | *.update.microsoft.com |
|
||||
| svchost | HTTPS | *.delivery.mp.microsoft.com |
|
||||
|
||||
The following endpoint is used for content regulation.
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
|
||||
@ -465,14 +433,6 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
|
||||
|
||||
The following endpoints are used to download content.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), you will block any content from being downloaded.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| | | a122.dscd.akamai.net |
|
||||
| | | a1621.g.akamai.net |
|
||||
|
||||
## Microsoft forward link redirection service (FWLink)
|
||||
|
||||
The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer.
|
||||
@ -496,4 +456,4 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
|
||||
## Related links
|
||||
|
||||
- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
|
||||
- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
|
||||
- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
|
||||
|
||||
@ -440,53 +440,21 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
|
||||
|
||||
The following endpoints are used to download operating system patches and updates.
|
||||
The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTP | *.windowsupdate.com |
|
||||
| | HTTP | fg.download.windowsupdate.com.c.footprint.net |
|
||||
|
||||
The following endpoint is used by the Highwinds Content Delivery Network to perform Windows updates.
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| | | cds.d2s7q6s2.hwcdn.net |
|
||||
|
||||
The following endpoints are used by the Verizon Content Delivery Network to perform Windows updates.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| | HTTP | *wac.phicdn.net |
|
||||
| | | *wac.edgecastcdn.net |
|
||||
|
||||
The following endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. Time Limited URL (TLU) is a mechanism for protecting the content. For example, it prevents someone from copying the URL and then getting access to the app that the person has not acquired).
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the updating functionality on this device is essentially in a disabled state, resulting in user unable to get apps from the Store, get latest version of Windows, and so on.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net |
|
||||
|
||||
The following endpoint is used to download apps from the Microsoft Store. It's used as part of calculating the right ranges for apps.
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), users of the device will not able to get apps from the Microsoft Store.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | | emdl.ws.microsoft.com |
|
||||
| svchost | HTTP | *.dl.delivery.mp.microsoft.com |
|
||||
|
||||
The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTPS | fe2.update.microsoft.com |
|
||||
| svchost | | fe3.delivery.mp.microsoft.com |
|
||||
| | | fe3.delivery.dsp.mp.microsoft.com.nsatc.net |
|
||||
| svchost | HTTPS | sls.update.microsoft.com |
|
||||
| | HTTP | *.dl.delivery.mp.microsoft.com |
|
||||
| svchost | HTTPS | *.update.microsoft.com |
|
||||
| svchost | HTTPS | *.delivery.mp.microsoft.com |
|
||||
|
||||
The following endpoint is used for content regulation.
|
||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
|
||||
@ -495,13 +463,6 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
||||
|----------------|----------|------------|
|
||||
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
|
||||
|
||||
The following endpoints are used to download content.
|
||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), you will block any content from being downloaded.
|
||||
|
||||
| Source process | Protocol | Destination |
|
||||
|----------------|----------|------------|
|
||||
| | | a122.dscd.akamai.net |
|
||||
| | | a1621.g.akamai.net |
|
||||
|
||||
## Microsoft forward link redirection service (FWLink)
|
||||
|
||||
@ -528,4 +489,4 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
|
||||
## Related links
|
||||
|
||||
- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
|
||||
- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
|
||||
- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
|
||||
|
||||
@ -40,52 +40,52 @@ We used the following methodology to derive these network endpoints:
|
||||
|
||||
| **Destination** | **Protocol** | **Description** |
|
||||
| --- | --- | --- |
|
||||
|*.aria.microsoft.com* | HTTPS | Office Telemetry
|
||||
|*.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update.
|
||||
|*.download.windowsupdate.com* | HTTP | Used to download operating system patches and updates.
|
||||
|*.g.akamai.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use.
|
||||
|*.msn.com* |TLSv1.2/HTTPS | Windows Spotlight related traffic
|
||||
|*.Skype.com | HTTP/HTTPS | Skype related traffic
|
||||
|*.smartscreen.microsoft.com* | HTTPS | Windows Defender Smartscreen related traffic
|
||||
|*.telecommand.telemetry.microsoft.com* | HTTPS | Used by Windows Error Reporting.
|
||||
|*cdn.onenote.net* | HTTP | OneNote related traffic
|
||||
|*displaycatalog.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|
||||
|*emdl.ws.microsoft.com* | HTTP | Windows Update related traffic
|
||||
|*geo-prod.do.dsp.mp.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|
||||
|*hwcdn.net* | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates.
|
||||
|*img-prod-cms-rt-microsoft-com.akamaized.net* | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
|
||||
|*maps.windows.com* | HTTPS | Related to Maps application.
|
||||
|*msedge.net* | HTTPS | Used by OfficeHub to get the metadata of Office apps.
|
||||
|*nexusrules.officeapps.live.com* | HTTPS | Office Telemetry
|
||||
|*photos.microsoft.com* | HTTPS | Photos App related traffic
|
||||
|*prod.do.dsp.mp.microsoft.com* |TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates.
|
||||
|*wac.phicdn.net* | HTTP | Windows Update related traffic
|
||||
|*windowsupdate.com* | HTTP | Windows Update related traffic
|
||||
|*wns.windows.com* | HTTPS, TLSv1.2 | Used for the Windows Push Notification Services (WNS).
|
||||
|*wpc.v0cdn.net* | | Windows Telemetry related traffic
|
||||
|\*.aria.microsoft.com\* | HTTPS | Office Telemetry
|
||||
|\*.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update.
|
||||
|\*.download.windowsupdate.com\* | HTTP | Used to download operating system patches and updates.
|
||||
|\*.g.akamai.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use.
|
||||
|\*.msn.com\* |TLSv1.2/HTTPS | Windows Spotlight related traffic
|
||||
|\*.Skype.com | HTTP/HTTPS | Skype related traffic
|
||||
|\*.smartscreen.microsoft.com\* | HTTPS | Windows Defender Smartscreen related traffic
|
||||
|\*.telecommand.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting.
|
||||
|\*cdn.onenote.net* | HTTP | OneNote related traffic
|
||||
|\*displaycatalog.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store.
|
||||
|\*emdl.ws.microsoft.com\* | HTTP | Windows Update related traffic
|
||||
|\*geo-prod.do.dsp.mp.microsoft.com\* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|
||||
|\*hwcdn.net* | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates.
|
||||
|\*img-prod-cms-rt-microsoft-com.akamaized.net* | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
|
||||
|\*maps.windows.com\* | HTTPS | Related to Maps application.
|
||||
|\*msedge.net* | HTTPS | Used by OfficeHub to get the metadata of Office apps.
|
||||
|\*nexusrules.officeapps.live.com\* | HTTPS | Office Telemetry
|
||||
|\*photos.microsoft.com\* | HTTPS | Photos App related traffic
|
||||
|\*prod.do.dsp.mp.microsoft.com\* |TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates.
|
||||
|\*wac.phicdn.net* | HTTP | Windows Update related traffic
|
||||
|\*windowsupdate.com\* | HTTP | Windows Update related traffic
|
||||
|\*wns.windows.com\* | HTTPS, TLSv1.2 | Used for the Windows Push Notification Services (WNS).
|
||||
|\*wpc.v0cdn.net* | | Windows Telemetry related traffic
|
||||
|auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js | | MSA related
|
||||
|evoke-windowsservices-tas.msedge* | HTTPS | The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
|
||||
|fe2.update.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|
||||
|fe3.*.mp.microsoft.com.* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|
||||
|fe2.update.microsoft.com\* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|
||||
|fe3.\*.mp.microsoft.com.\* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|
||||
|fs.microsoft.com | | Font Streaming (in ENT traffic)
|
||||
|g.live.com* | HTTPS | Used by OneDrive
|
||||
|g.live.com\* | HTTPS | Used by OneDrive
|
||||
|iriscoremetadataprod.blob.core.windows.net | HTTPS | Windows Telemetry
|
||||
|mscrl.micorosoft.com | | Certificate Revocation List related traffic.
|
||||
|ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities.
|
||||
|mscrl.microsoft.com | | Certificate Revocation List related traffic.
|
||||
|ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities.
|
||||
|officeclient.microsoft.com | HTTPS | Office related traffic.
|
||||
|oneclient.sfx.ms* | HTTPS | Used by OneDrive for Business to download and verify app updates.
|
||||
|purchase.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|
||||
|query.prod.cms.rt.microsoft.com* | HTTPS | Used to retrieve Windows Spotlight metadata.
|
||||
|ris.api.iris.microsoft.com* |TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata.
|
||||
|purchase.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store.
|
||||
|query.prod.cms.rt.microsoft.com\* | HTTPS | Used to retrieve Windows Spotlight metadata.
|
||||
|ris.api.iris.microsoft.com\* |TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata.
|
||||
|ris-prod-atm.trafficmanager.net | HTTPS | Azure traffic manager
|
||||
|settings.data.microsoft.com* | HTTPS | Used for Windows apps to dynamically update their configuration.
|
||||
|settings-win.data.microsoft.com* | HTTPS | Used for Windows apps to dynamically update their configuration.
|
||||
|sls.update.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|
||||
|store*.dsx.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|
||||
|storecatalogrevocation.storequality.microsoft.com* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store.
|
||||
|store-images.s-microsoft.com* | HTTP | Used to get images that are used for Microsoft Store suggestions.
|
||||
|tile-service.weather.microsoft.com* | HTTP | Used to download updates to the Weather app Live Tile.
|
||||
|tsfe.trafficshaping.dsp.mp.microsoft.com* |TLSv1.2 | Used for content regulation.
|
||||
|settings.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration.
|
||||
|settings-win.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration.
|
||||
|sls.update.microsoft.com\* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|
||||
|store*.dsx.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store.
|
||||
|storecatalogrevocation.storequality.microsoft.com\* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store.
|
||||
|store-images.s-microsoft.com\* | HTTP | Used to get images that are used for Microsoft Store suggestions.
|
||||
|tile-service.weather.microsoft.com\* | HTTP | Used to download updates to the Weather app Live Tile.
|
||||
|tsfe.trafficshaping.dsp.mp.microsoft.com\* |TLSv1.2 | Used for content regulation.
|
||||
|v10.events.data.microsoft.com | HTTPS | Diagnostic Data
|
||||
|wdcp.microsoft.* |TLSv1.2 | Used for Windows Defender when Cloud-based Protection is enabled.
|
||||
|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com | HTTPS | Windows Defender related traffic.
|
||||
@ -98,7 +98,7 @@ We used the following methodology to derive these network endpoints:
|
||||
| *.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
|
||||
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
|
||||
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
|
||||
| *.tlu.dl.delivery.mp.microsoft.com/* | HTTP | Enables connections to Windows Update. |
|
||||
| \*.tlu.dl.delivery.mp.microsoft.com/\* | HTTP | Enables connections to Windows Update. |
|
||||
| *geo-prod.dodsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update. |
|
||||
| arc.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
|
||||
| au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. |
|
||||
@ -111,7 +111,7 @@ We used the following methodology to derive these network endpoints:
|
||||
| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in. |
|
||||
| location-inference-westus.cloudapp.net | HTTPS | Used for location data. |
|
||||
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
|
||||
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
|
||||
| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
|
||||
| ris.api.iris.microsoft.com.akadns.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
|
||||
| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
|
||||
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
|
||||
@ -127,10 +127,10 @@ We used the following methodology to derive these network endpoints:
|
||||
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
|
||||
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
|
||||
| *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
|
||||
| *.tlu.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update. |
|
||||
| *.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
|
||||
| *.tlu.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update. |
|
||||
| *.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
|
||||
| *geo-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
|
||||
| au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
|
||||
| au.download.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
|
||||
| cdn.onenote.net/livetile/* | HTTPS | Used for OneNote Live Tile. |
|
||||
| client-office365-tas.msedge.net/* | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
|
||||
| config.edge.skype.com/* | HTTPS | Used to retrieve Skype configuration values. |
|
||||
@ -151,7 +151,7 @@ We used the following methodology to derive these network endpoints:
|
||||
| maps.windows.com/windows-app-web-link | HTTPS | Link to Maps application |
|
||||
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
|
||||
| ocos-office365-s2s.msedge.net/* | HTTPS | Used to connect to the Office 365 portal's shared infrastructure. |
|
||||
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
|
||||
| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
|
||||
| oneclient.sfx.ms/* | HTTPS | Used by OneDrive for Business to download and verify app updates. |
|
||||
| settings-win.data.microsoft.com/settings/* | HTTPS | Used as a way for apps to dynamically update their configuration. |
|
||||
| sls.update.microsoft.com/* | HTTPS | Enables connections to Windows Update. |
|
||||
|
||||
Reference in New Issue
Block a user