From 960c8dcb4af8b8e9aa74248b50e35e280e2396c3 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Thu, 15 Nov 2018 14:17:01 +0200 Subject: [PATCH 01/12] s --- .../exposed-apis-odata-samples.md | 54 +++++++++++++++++-- 1 file changed, 49 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md index a7384d989f..6908d2a23b 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md @@ -21,11 +21,55 @@ ms.date: 09/24/2018 > If you are not familiar with OData queries, please see: [OData V4 queries](https://www.odata.org/documentation/) -> ** Currently, [Machine](machine-windows-defender-advanced-threat-protection-new.md) and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities supports all OData queries.** -> ** [Alert](alerts-windows-defender-advanced-threat-protection-new.md) entity support all OData queries except $filter.** +- ** Currently, [Machine](machine-windows-defender-advanced-threat-protection-new.md) and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities supports all OData queries. ** +- ** [Alert](alerts-windows-defender-advanced-threat-protection-new.md) entity support all OData queries except $filter. ** ### Example 1 +**Get all the machines with the tag 'ExampleTag' ** + +``` +HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=machineTags/any(tag: tag eq 'ExampleTag') +``` + +**Response:** + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "value": [ + { + "id": "b9d4c51123327fb2a25db29ff1b8f3b64888e7ba", + "computerDnsName": "examples.dev.corp.microsoft.com", + "firstSeen": "2018-03-07T11:19:11.7234147Z", + "lastSeen": "2018-11-15T11:23:38.3196947Z", + "osPlatform": "Windows10", + "osVersion": "10.0.0.0", + "lastIpAddress": "123.17.255.241", + "lastExternalIpAddress": "123.220.196.180", + "agentVersion": "10.6400.18282.1001", + "osBuild": 18282, + "healthStatus": "Active", + "isAadJoined": true, + "machineTags": [ + "ExampleTag" + ], + "rbacGroupId": 5, + "rbacGroupName": "MiddleEast", + "riskScore": "North", + "aadDeviceId": null + }, + . + . + . + ] +} +``` + +### Example 2 + **Get all the machines with 'High' 'RiskScore'** ``` @@ -66,7 +110,7 @@ Content-type: application/json } ``` -### Example 2 +### Example 3 **Get top 100 machines with 'HealthStatus' not equals to 'Active'** @@ -108,7 +152,7 @@ Content-type: application/json } ``` -### Example 3 +### Example 4 **Get all the machines that last seen after 2018-10-20** @@ -150,7 +194,7 @@ Content-type: application/json } ``` -### Example 4 +### Example 5 **Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using WDATP** From 338298af58ddea79631eef0184b5698f74854c1f Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Thu, 15 Nov 2018 14:28:35 +0200 Subject: [PATCH 02/12] d --- .../windows-defender-atp/exposed-apis-list.md | 2 +- ...-alerts-windows-defender-advanced-threat-protection-new.md | 4 ++-- ...achines-windows-defender-advanced-threat-protection-new.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md index aaf42956c2..101b345a77 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md @@ -38,7 +38,7 @@ ms.date: 30/07/2018 > To use a specific version, use this format: https://api.securitycenter.windows.com/api/{Version}. For example: https://api.securitycenter.windows.com/api/v1.0/alerts -> If you don't specify any version ( without /v1.0/ ) you will get to the latest version. +> If you don't specify any version (e.g., https://api.securitycenter.windows.com/api/alerts ) you will get to the latest version. Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md index e109d17851..df5abdbe22 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -41,7 +41,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' GET /api/users/{id}/alerts ``` -**Note that the id is not the Full UPN, its only the user name. For example, for user1@contoso.com you will need to send /api/users/user1/alerts** +**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve alerts for user1@contoso.com use /api/users/user1/alerts) ** ## Request headers @@ -54,7 +54,7 @@ Authorization | String | Bearer {token}. **Required**. Empty ## Response -If successful and user and alert exists - 200 OK. If user or alerts does not exist - 404 Not Found. +If successful and user and alert exist - 200 OK. If user or alerts do not exist - 404 Not Found. ## Example diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md index 35a87d200a..ecf23df07d 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md @@ -41,7 +41,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine GET /api/users/{id}/machines ``` -**Note that the id is not the Full UPN, its only the user name. For example, for user1@contoso.com you will need to send /api/users/user1/machines** +**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve machines for user1@contoso.com use /api/users/user1/machines) ** ## Request headers From c63c5ddcf5b4eadf6edd61b75284dd03d77133ca Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Thu, 15 Nov 2018 15:06:27 +0200 Subject: [PATCH 03/12] s --- .../exposed-apis-odata-samples.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md index 6908d2a23b..fe3f9c3dd7 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md @@ -21,8 +21,8 @@ ms.date: 09/24/2018 > If you are not familiar with OData queries, please see: [OData V4 queries](https://www.odata.org/documentation/) -- ** Currently, [Machine](machine-windows-defender-advanced-threat-protection-new.md) and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities supports all OData queries. ** -- ** [Alert](alerts-windows-defender-advanced-threat-protection-new.md) entity support all OData queries except $filter. ** +- Currently, [Machine](machine-windows-defender-advanced-threat-protection-new.md) and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities supports all OData queries. +- [Alert](alerts-windows-defender-advanced-threat-protection-new.md) entity support all OData queries except $filter. ### Example 1 @@ -42,7 +42,7 @@ Content-type: application/json "value": [ { "id": "b9d4c51123327fb2a25db29ff1b8f3b64888e7ba", - "computerDnsName": "examples.dev.corp.microsoft.com", + "computerDnsName": "examples.dev.corp.Contoso.com", "firstSeen": "2018-03-07T11:19:11.7234147Z", "lastSeen": "2018-11-15T11:23:38.3196947Z", "osPlatform": "Windows10", @@ -57,7 +57,7 @@ Content-type: application/json "ExampleTag" ], "rbacGroupId": 5, - "rbacGroupName": "MiddleEast", + "rbacGroupName": "Developers", "riskScore": "North", "aadDeviceId": null }, @@ -86,7 +86,7 @@ Content-type: application/json "value": [ { "id": "e3a77eeddb83d581238792387b1239b01286b2f", - "computerDnsName": "examples.dev.corp.microsoft.com", + "computerDnsName": "examples.dev.corp.Contoso.com", "firstSeen": "2016-11-02T23:26:03.7882168Z", "lastSeen": "2018-11-12T10:27:08.708723Z", "osPlatform": "Windows10", @@ -99,7 +99,7 @@ Content-type: application/json "isAadJoined": true, "machineTags": [], "rbacGroupId": 5, - "rbacGroupName": "North", + "rbacGroupName": "Developers", "riskScore": "High", "aadDeviceId": "d90b0b99-1234-1234-1234-b91d50c6796a" }, @@ -128,7 +128,7 @@ Content-type: application/json "value": [ { "id": "1113333ddb83d581238792387b1239b01286b2f", - "computerDnsName": "examples.dev.corp.microsoft.com", + "computerDnsName": "examples.dev.corp.Contoso.com", "firstSeen": "2016-11-02T23:26:03.7882168Z", "lastSeen": "2018-11-12T10:27:08.708723Z", "osPlatform": "Windows10", @@ -141,7 +141,7 @@ Content-type: application/json "isAadJoined": true, "machineTags": [], "rbacGroupId": 5, - "rbacGroupName": "North", + "rbacGroupName": "Developers", "riskScore": "Medium", "aadDeviceId": "d90b0b99-1234-1234-1234-b91d50c6796a" }, @@ -182,8 +182,8 @@ Content-type: application/json "healthStatus": "Active", "isAadJoined": false, "machineTags": [], - "rbacGroupId": 4, - "rbacGroupName": "East", + "rbacGroupId": 5, + "rbacGroupName": "Developers", "riskScore": "None", "aadDeviceId": null }, From 7251d23c14423f1195bb9520a0a11621650f15b5 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Thu, 15 Nov 2018 15:32:14 +0200 Subject: [PATCH 04/12] s --- .../windows-defender-atp/exposed-apis-odata-samples.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md index fe3f9c3dd7..7562900100 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md @@ -19,7 +19,7 @@ ms.date: 09/24/2018 [!include[Prerelease information](prerelease.md)] -> If you are not familiar with OData queries, please see: [OData V4 queries](https://www.odata.org/documentation/) +- If you are not familiar with OData queries, please see: [OData V4 queries](https://www.odata.org/documentation/) - Currently, [Machine](machine-windows-defender-advanced-threat-protection-new.md) and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities supports all OData queries. - [Alert](alerts-windows-defender-advanced-threat-protection-new.md) entity support all OData queries except $filter. From 5c3f565742f31fa679e429a6aa9531d9cf066c58 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Thu, 15 Nov 2018 16:07:57 +0200 Subject: [PATCH 05/12] s --- .../windows-defender-atp/exposed-apis-odata-samples.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md index 7562900100..ed1ef8273e 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md @@ -70,7 +70,7 @@ Content-type: application/json ### Example 2 -**Get all the machines with 'High' 'RiskScore'** +- Get all the machines with 'High' 'RiskScore' ``` HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore eq 'High' @@ -112,7 +112,7 @@ Content-type: application/json ### Example 3 -**Get top 100 machines with 'HealthStatus' not equals to 'Active'** +- Get top 100 machines with 'HealthStatus' not equals to 'Active' ``` HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStatus ne 'Active'&$top=100 @@ -154,7 +154,7 @@ Content-type: application/json ### Example 4 -**Get all the machines that last seen after 2018-10-20** +- Get all the machines that last seen after 2018-10-20 ``` HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-10-20Z @@ -196,7 +196,7 @@ Content-type: application/json ### Example 5 -**Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using WDATP** +- Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using WDATP ``` HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@WcdTestPrd.onmicrosoft.com' and type eq 'RunAntiVirusScan' From cfbc2094b4fcdb999f3183a579776080ebcae449 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 15 Nov 2018 10:30:07 -0800 Subject: [PATCH 06/12] edits --- ...compliant-algorithms-for-encryption-hashing-and-signing.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md index bba7a2624e..ae91d8d14b 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: brianlic-msft -ms.date: 08/29/2017 +ms.date: 11/16/2018 --- # System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing @@ -50,7 +50,7 @@ Additionally, if a data drive is password-protected, it can be accessed by a FIP ### Best practices -- For use with TLS, set this policy to **Enabled**. Client devices with this policy setting enabled will be unable to communicate through digitally encrypted or signed protocols with servers that do not support these algorithms. Client devices that are connected to the network and do not support these algorithms cannot use servers that require the algorithms for network communications. If you enable this policy setting, you must also configure Internet Explorer to use TLS. +There are no best practices for this setting. Our previous guidance had recommended a setting of **Enabled**, primarily to align with US Federal government recommendations. [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend this setting be **Not Defined**, meaning that we leave the decision to customers. For a deeper explanation, see [Why We’re Not Recommending “FIPS Mode” Anymore](https://blogs.technet.microsoft.com/secguide/2014/04/07/why-were-not-recommending-fips-mode-anymore/). ### Location From 6ec065f6a463c572190d721a7024fae2a56ca12d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 15 Nov 2018 11:33:26 -0800 Subject: [PATCH 07/12] edits --- ...nable-virtualization-based-protection-of-code-integrity.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md index 98835fdcfd..325b6119b3 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: justinha author: brianlic-msft -ms.date: 08/08/2018 +ms.date: 11/15/2018 --- # Enable virtualization-based protection of code integrity @@ -42,7 +42,7 @@ Enabling in Intune requires using the Code Integrity node in the [AppLocker CSP] 1. Use Group Policy Editor (gpedit.msc) to either edit an existing GPO or create a new one. 2. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard**. 3. Double-click **Turn on Virtualization Based Security**. -4. Click **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled with UEFI lock** to ensure HVCI cannot be enabled remotely or select **Enabled without UEFI lock**. +4. Click **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled with UEFI lock** to ensure HVCI cannot be disabled remotely or select **Enabled without UEFI lock**. ![Enable HVCI using Group Policy](images\enable-hvci-gp.png) From 14cf506a3f559d551e35389ac00723748a3b81f3 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 15 Nov 2018 11:41:46 -0800 Subject: [PATCH 08/12] edited slider description --- .../user-account-control/how-user-account-control-works.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md index 15f9ab184e..851edc7279 100644 --- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md +++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md @@ -7,7 +7,7 @@ ms.mktglfcycl: operate ms.sitesec: library ms.pagetype: security author: brianlic-msft -ms.date: 09/19/2018 +ms.date: 11/16/2018 --- # How User Account Control works @@ -182,7 +182,7 @@ To better understand each component, review the table below:

Not recommended. Choose this only if it takes a long time to dim the desktop on your computer.


-

  • Never notify (Disable UAC) will:

    +

  • Never notify (Disable UAC prompts) will:

    • Not notify you when programs try to install software or make changes to your computer.
    • Not notify you when you make changes to Windows settings.
      • From 139d7df6666c20451b77780de2996f126dda415b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 15 Nov 2018 12:29:46 -0800 Subject: [PATCH 09/12] removed video link --- .../secure-the-windows-10-boot-process.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md index 585264179f..cb56f52198 100644 --- a/windows/security/information-protection/secure-the-windows-10-boot-process.md +++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.sitesec: library ms.localizationpriority: medium author: brianlic-msft -ms.date: 10/13/2017 +ms.date: 11/16/2018 --- # Secure the Windows 10 boot process @@ -122,9 +122,5 @@ Measured Boot uses the power of UEFI, TPM, and Windows 10 to give you a way to ## Summary Secure Boot, Trusted Boot, and Measured Boot create an architecture that is fundamentally resistant to bootkits and rootkits. In Windows 10, these features have the potential to eliminate kernel-level malware from your network. This is the most ground-breaking anti-malware solution that Windows has ever had; it’s leaps and bounds ahead of everything else. With Windows 10, you can truly trust the integrity of your operating system. -For more information: - -- Watch a [video demonstration of Secure Boot](https://technet.microsoft.com/windows/jj737995.aspx) - ## Additional resources - [Windows 10 Enterprise Evaluation](https://technet.microsoft.com/evalcenter/hh699156.aspx?ocid=wc-tn-wctc) From 296c6e149ab2c9ce6c6be162ef1c394931244e0e Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 15 Nov 2018 20:33:35 +0000 Subject: [PATCH 10/12] Merged PR 12860: add download link for Surface Pro 6 --- devices/surface/change-history-for-surface.md | 8 +++++++- ...he-latest-firmware-and-drivers-for-surface-devices.md | 9 ++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 0e0ff5dcc7..3e1f85a04d 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -7,13 +7,19 @@ ms.sitesec: library author: jdeckerms ms.author: jdecker ms.topic: article -ms.date: 10/15/2018 +ms.date: 11/15/2018 --- # Change history for Surface documentation This topic lists new and updated topics in the Surface documentation library. +## November 2018 + +New or changed topic | Description +--- | --- +|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Pro 6 | + ## October 2018 New or changed topic | Description diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md index 116df9446d..84f48dfd07 100644 --- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md +++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: brecords -ms.date: 10/15/2018 +ms.date: 11/15/2018 ms.author: jdecker ms.topic: article --- @@ -67,8 +67,15 @@ Download the following updates for [Surface Pro (Model 1796) from the Microsoft Download the following updates for [Surface Pro with LTE Advanced from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56278). + * SurfacePro_LTE_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10 +## Surface Pro 6 + +Download the following updates for [Surface Pro 6 from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=57514). + +* SurfacePro6_Win10_17134_xxxxx_xxxxxx.msi + ## Surface Studio From 88962add9cd6fc1d766a021a0278e20734863298 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Nov 2018 12:58:09 -0800 Subject: [PATCH 11/12] minor edits --- .../windows-defender-atp/exposed-apis-odata-samples.md | 8 ++++---- ...-alerts-windows-defender-advanced-threat-protection.md | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md index ed1ef8273e..dfc82df1d8 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 09/24/2018 +ms.date: 11/15/2018 --- # OData queries with Windows Defender ATP @@ -19,14 +19,14 @@ ms.date: 09/24/2018 [!include[Prerelease information](prerelease.md)] -- If you are not familiar with OData queries, please see: [OData V4 queries](https://www.odata.org/documentation/) +- If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/) - Currently, [Machine](machine-windows-defender-advanced-threat-protection-new.md) and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities supports all OData queries. - [Alert](alerts-windows-defender-advanced-threat-protection-new.md) entity support all OData queries except $filter. ### Example 1 -**Get all the machines with the tag 'ExampleTag' ** +**Get all the machines with the tag 'ExampleTag'** ``` HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=machineTags/any(tag: tag eq 'ExampleTag') @@ -196,7 +196,7 @@ Content-type: application/json ### Example 5 -- Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using WDATP +- Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Windows Defender ATP ``` HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@WcdTestPrd.onmicrosoft.com' and type eq 'RunAntiVirusScan' diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md index 6ea6b78d52..ec40578526 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 12/08/2017 +ms.date: 11/15/2018 --- # Get user related alerts API (deprecated) From c8cd26866347d2a54a91714be513133aace6c7f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=20Halfin=20=F0=9F=93=AC=F0=9F=94=A8?= Date: Thu, 15 Nov 2018 22:59:08 +0000 Subject: [PATCH 12/12] Merged PR 12876: endpoints 1809 push --- .openpublishing.redirection.json | 5 + windows/privacy/TOC.md | 5 +- ...ts.md => manage-windows-1709-endpoints.md} | 358 ++++++------ .../privacy/manage-windows-1803-endpoints.md | 498 +++++++++++++++++ .../privacy/manage-windows-1809-endpoints.md | 528 ++++++++++++++++++ 5 files changed, 1213 insertions(+), 181 deletions(-) rename windows/privacy/{manage-windows-endpoints.md => manage-windows-1709-endpoints.md} (68%) create mode 100644 windows/privacy/manage-windows-1803-endpoints.md create mode 100644 windows/privacy/manage-windows-1809-endpoints.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 6c0356d667..78189003c5 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -13889,6 +13889,11 @@ "source_path": "education/windows/windows-automatic-redeployment.md", "redirect_url": "/education/windows/autopilot-reset", "redirect_document_id": true +}, +{ +"source_path": "windows/privacy/manage-windows-endpoints.md", +"redirect_url": "/windows/privacy/manage-windows-1809-endpoints", +"redirect_document_id": true } ] } diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md index 6148d1201c..5a0db3b73e 100644 --- a/windows/privacy/TOC.md +++ b/windows/privacy/TOC.md @@ -14,7 +14,10 @@ ## Full level categories ### [Windows 10, version 1709 and newer diagnostic data for the Full level](windows-diagnostic-data.md) ### [Windows 10, version 1703 diagnostic data for the Full level](windows-diagnostic-data-1703.md) -## [Manage Windows 10 connection endpoints](manage-windows-endpoints.md) +## Manage Windows 10 connection endpoints +### [Connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md) +### [Connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md) +### [Connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) ### [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) ### [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md) ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) diff --git a/windows/privacy/manage-windows-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md similarity index 68% rename from windows/privacy/manage-windows-endpoints.md rename to windows/privacy/manage-windows-1709-endpoints.md index c324f877dd..db62a206fb 100644 --- a/windows/privacy/manage-windows-endpoints.md +++ b/windows/privacy/manage-windows-1709-endpoints.md @@ -1,5 +1,5 @@ --- -title: Windows 10 connection endpoints +title: Connection endpoints for Windows 10, version 1709 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 @@ -10,11 +10,11 @@ author: danihalfin ms.author: daniha ms.date: 6/26/2018 --- -# Manage Windows 10 connection endpoints +# Manage connection endpoints for Windows 10, version 1709 **Applies to** -- Windows 10, version 1709 and later +- Windows 10, version 1709 Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include: @@ -46,102 +46,101 @@ We used the following methodology to derive these network endpoints: The following endpoint is used to download updates to the Weather app Live Tile. If you [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), no Live Tiles will be updated. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| explorer | HTTP | tile-service.weather.microsoft.com | 1709 | -| | HTTP | blob.weather.microsoft.com | 1803 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| explorer | HTTP | tile-service.weather.microsoft.com | The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | HTTPS | cdn.onenote.net/livetile/?Language=en-US | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | cdn.onenote.net/livetile/?Language=en-US | The following endpoints are used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | HTTPS | wildcard.twimg.com | 1709 | -| svchost.exe | | oem.twimg.com/windows/tile.xml | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | wildcard.twimg.com | +| svchost.exe | | oem.twimg.com/windows/tile.xml | The following endpoint is used for Facebook updates. To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | | star-mini.c10r.facebook.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | star-mini.c10r.facebook.com | The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| WindowsApps\Microsoft.Windows.Photos | HTTPS | evoke-windowsservices-tas.msedge.net | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| WindowsApps\Microsoft.Windows.Photos | HTTPS | evoke-windowsservices-tas.msedge.net | The following endpoint is used for Candy Crush Saga updates. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | TLS v1.2 | candycrushsoda.king.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | TLS v1.2 | candycrushsoda.king.com | The following endpoint is used for by the Microsoft Wallet app. To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | The following endpoint is used by the Groove Music app for update HTTP handler status. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| system32\AppHostRegistrationVerifier.exe | HTTPS | mediaredirect.microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| system32\AppHostRegistrationVerifier.exe | HTTPS | mediaredirect.microsoft.com | ## Cortana and Search The following endpoint is used to get images that are used for Microsoft Store suggestions. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| searchui | HTTPS |store-images.s-microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| searchui | HTTPS |store-images.s-microsoft.com | The following endpoint is used to update Cortana greetings, tips, and Live Tiles. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| backgroundtaskhost | HTTPS | www.bing.com/client | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| backgroundtaskhost | HTTPS | www.bing.com/client | The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| backgroundtaskhost | HTTPS | www.bing.com/proactive | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| backgroundtaskhost | HTTPS | www.bing.com/proactive | The following endpoint is used by Cortana to report diagnostic and diagnostic data information. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| searchui
      backgroundtaskhost | HTTPS | www.bing.com/threshold/xls.aspx | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| searchui
      backgroundtaskhost | HTTPS | www.bing.com/threshold/xls.aspx | ## Certificates @@ -152,142 +151,139 @@ These settings are critical for both Windows security and the overall security o We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | HTTP | ctldl.windowsupdate.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTP | ctldl.windowsupdate.com | ## Device authentication The following endpoint is used to authenticate a device. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device will not be authenticated. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | HTTPS | login.live.com/ppsecure | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | login.live.com/ppsecure | ## Device metadata The following endpoint is used to retrieve device metadata. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata will not be updated for the device. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | | dmd.metaservices.microsoft.com.akadns.net | 1709 | -| | HTTP | dmd.metaservices.microsoft.com | 1803 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | dmd.metaservices.microsoft.com.akadns.net | ## Diagnostic Data The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | | cy2.vortex.data.microsoft.com.akadns.net | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | cy2.vortex.data.microsoft.com.akadns.net | The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | | v10.vortex-win.data.microsoft.com/collect/v1 | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | v10.vortex-win.data.microsoft.com/collect/v1 | The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| wermgr | | watson.telemetry.microsoft.com | 1709 | -| | TLS v1.2 | modern.watson.data.microsoft.com.akadns.net | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| wermgr | | watson.telemetry.microsoft.com | +| | TLS v1.2 | modern.watson.data.microsoft.com.akadns.net | ## Font streaming The following endpoints are used to download fonts on demand. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#font-streaming), you will not be able to download fonts on demand. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | | fs.microsoft.com | 1709 | -| | | fs.microsoft.com/fs/windows/config.json | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | fs.microsoft.com | +| | | fs.microsoft.com/fs/windows/config.json | ## Licensing The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| licensemanager | HTTPS | licensing.mp.microsoft.com/v7.0/licenses/content | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| licensemanager | HTTPS | licensing.mp.microsoft.com/v7.0/licenses/content | ## Location The following endpoint is used for location data. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location), apps cannot use location data. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | HTTP | location-inference-westus.cloudapp.net | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | location-inference-westus.cloudapp.net | ## Maps The following endpoint is used to check for updates to maps that have been downloaded for offline use. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps), offline maps will not be updated. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | HTTPS | *g.akamaiedge.net | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | *g.akamaiedge.net | ## Microsoft account The following endpoints are used for Microsoft accounts to sign in. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account), users cannot sign in with Microsoft accounts. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | | login.msa.akadns6.net | 1709 | -| system32\Auth.Host.exe | HTTPS | auth.gfx.ms | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | login.msa.akadns6.net | +| system32\Auth.Host.exe | HTTPS | auth.gfx.ms | ## Microsoft Store The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | | *.wns.windows.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | *.wns.windows.com | The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | HTTP | storecatalogrevocation.storequality.microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | storecatalogrevocation.storequality.microsoft.com | The following endpoints are used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | HTTPS | img-prod-cms-rt-microsoft-com.akamaized.net | 1709 | -| backgroundtransferhost | HTTPS | store-images.microsoft.com | 1803 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | img-prod-cms-rt-microsoft-com.akamaized.net | The following endpoints are used to communicate with Microsoft Store. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | HTTP | storeedgefd.dsx.mp.microsoft.com | 1709 | -| | HTTP | pti.store.microsoft.com | 1709 | -||TLS v1.2|cy2.\*.md.mp.microsoft.com.\*.| 1709 | -| svchost | HTTPS | displaycatalog.mp.microsoft.com | 1803 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | storeedgefd.dsx.mp.microsoft.com | +| | HTTP | pti.store.microsoft.com | +||TLS v1.2|cy2.\*.md.mp.microsoft.com.\*.| ## Network Connection Status Indicator (NCSI) Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi), NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | HTTP | www.msftconnecttest.com/connecttest.txt | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | www.msftconnecttest.com/connecttest.txt | ## Office @@ -295,74 +291,73 @@ The following endpoints are used to connect to the Office 365 portal's shared in You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | | *.a-msedge.net | 1709 | -| hxstr | | *.c-msedge.net | 1709 | -| | | *.e-msedge.net | 1709 | -| | | *.s-msedge.net | 1709 | -| | HTTPS | ocos-office365-s2s.msedge.net | 1803 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | *.a-msedge.net | +| hxstr | | *.c-msedge.net | +| | | *.e-msedge.net | +| | | *.s-msedge.net | The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| system32\Auth.Host.exe | HTTPS | outlook.office365.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| system32\Auth.Host.exe | HTTPS | outlook.office365.com | The following endpoint is OfficeHub traffic used to get the metadata of Office apps. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -|Windows Apps\Microsoft.Windows.Photos|HTTPS|client-office365-tas.msedge.net| 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +|Windows Apps\Microsoft.Windows.Photos|HTTPS|client-office365-tas.msedge.net| ## OneDrive The following endpoint is a redirection service that’s used to automatically update URLs. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive), anything that relies on g.live.com to get updated URL information will no longer work. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| onedrive | HTTPS | oneclient.sfx.ms | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| onedrive | HTTPS | oneclient.sfx.ms | ## Settings The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| dmclient | | cy2.settings.data.microsoft.com.akadns.net | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| dmclient | | cy2.settings.data.microsoft.com.akadns.net | The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| dmclient | HTTPS | settings.data.microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| dmclient | HTTPS | settings.data.microsoft.com | The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | HTTPS | settings-win.data.microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | settings-win.data.microsoft.com | ## Skype The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -|microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +|microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com | @@ -371,102 +366,101 @@ The following endpoint is used to retrieve Skype configuration values. To turn o The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | | wdcp.microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | wdcp.microsoft.com | The following endpoints are used for Windows Defender definition updates. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), definitions will not be updated. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | | definitionupdates.microsoft.com | 1709 | -|MpCmdRun.exe|HTTPS|go.microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | definitionupdates.microsoft.com | +|MpCmdRun.exe|HTTPS|go.microsoft.com | ## Windows Spotlight The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight), Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see [Windows Spotlight](/windows/configuration/windows-spotlight). -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| backgroundtaskhost | HTTPS | arc.msn.com | 1709 | -| backgroundtaskhost | | g.msn.com.nsatc.net | 1709 | -| |TLS v1.2| *.search.msn.com | 1709 | -| | HTTPS | ris.api.iris.microsoft.com | 1709 | -| | HTTPS | query.prod.cms.rt.microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| backgroundtaskhost | HTTPS | arc.msn.com | +| backgroundtaskhost | | g.msn.com.nsatc.net | +| |TLS v1.2| *.search.msn.com | +| | HTTPS | ris.api.iris.microsoft.com | +| | HTTPS | query.prod.cms.rt.microsoft.com | ## Windows Update The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates), Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com | The following endpoints are used to download operating system patches and updates. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | HTTP | *.windowsupdate.com | 1709 | -| | HTTP | fg.download.windowsupdate.com.c.footprint.net | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTP | *.windowsupdate.com | +| | HTTP | fg.download.windowsupdate.com.c.footprint.net | The following endpoint is used by the Highwinds Content Delivery Network to perform Windows updates. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | | cds.d2s7q6s2.hwcdn.net | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | cds.d2s7q6s2.hwcdn.net | The following endpoints are used by the Verizon Content Delivery Network to perform Windows updates. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | HTTP | *wac.phicdn.net | 1709 | -| | | *wac.edgecastcdn.net | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | *wac.phicdn.net | +| | | *wac.edgecastcdn.net | The following endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. Time Limited URL (TLU) is a mechanism for protecting the content. For example, it prevents someone from copying the URL and then getting access to the app that the person has not acquired). If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the updating functionality on this device is essentially in a disabled state, resulting in user unable to get apps from the Store, get latest version of Windows, and so on. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | The following endpoint is used to download apps from the Microsoft Store. It's used as part of calculating the right ranges for apps. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), users of the device will not able to get apps from the Microsoft Store. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | | emdl.ws.microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | emdl.ws.microsoft.com | The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | HTTPS | fe2.update.microsoft.com | 1709 | -| svchost | | fe3.delivery.mp.microsoft.com | 1709 | -| | | fe3.delivery.dsp.mp.microsoft.com.nsatc.net | 1709 | -| svchost | HTTPS | sls.update.microsoft.com | 1709 | -| | HTTP | *.dl.delivery.mp.microsoft.com | 1803 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | fe2.update.microsoft.com | +| svchost | | fe3.delivery.mp.microsoft.com | +| | | fe3.delivery.dsp.mp.microsoft.com.nsatc.net | +| svchost | HTTPS | sls.update.microsoft.com | The following endpoint is used for content regulation. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com | The following endpoints are used to download content. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), you will block any content from being downloaded. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -| | | a122.dscd.akamai.net | 1709 | -| | | a1621.g.akamai.net | 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | a122.dscd.akamai.net | +| | | a1621.g.akamai.net | ## Microsoft forward link redirection service (FWLink) @@ -474,11 +468,15 @@ The following endpoint is used by the Microsoft forward link redirection service If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded. -| Source process | Protocol | Destination | Applies from Windows 10 version | -|----------------|----------|------------|----------------------------------| -|Various|HTTPS|go.microsoft.com| 1709 | +| Source process | Protocol | Destination | +|----------------|----------|------------| +|Various|HTTPS|go.microsoft.com| -## Other Windows 10 editions +## Other Windows 10 versions and editions + +To view endpoints for other versions of Windows 10 enterprise, see: +- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) To view endpoints for non-Enterprise Windows 10 editions, see: - [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md new file mode 100644 index 0000000000..56cece92c2 --- /dev/null +++ b/windows/privacy/manage-windows-1803-endpoints.md @@ -0,0 +1,498 @@ +--- +title: Connection endpoints for Windows 10, version 1803 +description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. +keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.localizationpriority: high +author: danihalfin +ms.author: daniha +ms.date: 6/26/2018 +--- +# Manage connection endpoints for Windows 10, version 1803 + +**Applies to** + +- Windows 10, version 1803 + +Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include: + +- Connecting to Microsoft Office and Windows sites to download the latest app and security updates. +- Connecting to email servers to send and receive email. +- Connecting to the web for every day web browsing. +- Connecting to the cloud to store and access backups. +- Using your location to show a weather forecast. + +This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. +Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). +Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. + +We used the following methodology to derive these network endpoints: + +1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. +2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). +3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. +4. Compile reports on traffic going to public IP addresses. +5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. + +> [!NOTE] +> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. + +## Windows 10 Enterprise connection endpoints + +## Apps + +The following endpoint is used to download updates to the Weather app Live Tile. +If you [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), no Live Tiles will be updated. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| explorer | HTTP | tile-service.weather.microsoft.com | +| | HTTP | blob.weather.microsoft.com | + +The following endpoint is used for OneNote Live Tile. +To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | cdn.onenote.net/livetile/?Language=en-US | + +The following endpoints are used for Twitter updates. +To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | wildcard.twimg.com | +| svchost.exe | | oem.twimg.com/windows/tile.xml | + +The following endpoint is used for Facebook updates. +To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | star-mini.c10r.facebook.com | + +The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. +To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| WindowsApps\Microsoft.Windows.Photos | HTTPS | evoke-windowsservices-tas.msedge.net | + +The following endpoint is used for Candy Crush Saga updates. +To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | TLS v1.2 | candycrushsoda.king.com | + +The following endpoint is used for by the Microsoft Wallet app. +To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | + +The following endpoint is used by the Groove Music app for update HTTP handler status. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| system32\AppHostRegistrationVerifier.exe | HTTPS | mediaredirect.microsoft.com | + +## Cortana and Search + +The following endpoint is used to get images that are used for Microsoft Store suggestions. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| searchui | HTTPS |store-images.s-microsoft.com | + +The following endpoint is used to update Cortana greetings, tips, and Live Tiles. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| backgroundtaskhost | HTTPS | www.bing.com/client | + +The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| backgroundtaskhost | HTTPS | www.bing.com/proactive | + +The following endpoint is used by Cortana to report diagnostic and diagnostic data information. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| searchui
      backgroundtaskhost | HTTPS | www.bing.com/threshold/xls.aspx | + +## Certificates + +The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTP | ctldl.windowsupdate.com | + +The following endpoints are used to download certificates that are publicly known to be fraudulent. +These settings are critical for both Windows security and the overall security of the Internet. +We do not recommend blocking this endpoint. +If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTP | ctldl.windowsupdate.com | + +## Device authentication + +The following endpoint is used to authenticate a device. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device will not be authenticated. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | login.live.com/ppsecure | + +## Device metadata + +The following endpoint is used to retrieve device metadata. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata will not be updated for the device. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | dmd.metaservices.microsoft.com.akadns.net | +| | HTTP | dmd.metaservices.microsoft.com | + +## Diagnostic Data + +The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | cy2.vortex.data.microsoft.com.akadns.net | + +The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | v10.vortex-win.data.microsoft.com/collect/v1 | + +The following endpoints are used by Windows Error Reporting. +To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| wermgr | | watson.telemetry.microsoft.com | +| | TLS v1.2 | modern.watson.data.microsoft.com.akadns.net | + +## Font streaming + +The following endpoints are used to download fonts on demand. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#font-streaming), you will not be able to download fonts on demand. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | fs.microsoft.com | +| | | fs.microsoft.com/fs/windows/config.json | + +## Licensing + +The following endpoint is used for online activation and some app licensing. +To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| licensemanager | HTTPS | licensing.mp.microsoft.com/v7.0/licenses/content | + +## Location + +The following endpoint is used for location data. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location), apps cannot use location data. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | location-inference-westus.cloudapp.net | + +## Maps + +The following endpoint is used to check for updates to maps that have been downloaded for offline use. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps), offline maps will not be updated. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | *g.akamaiedge.net | + +## Microsoft account + +The following endpoints are used for Microsoft accounts to sign in. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account), users cannot sign in with Microsoft accounts. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | login.msa.akadns6.net | +| system32\Auth.Host.exe | HTTPS | auth.gfx.ms | + +## Microsoft Store + +The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | *.wns.windows.com | + +The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. +To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | storecatalogrevocation.storequality.microsoft.com | + +The following endpoints are used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | img-prod-cms-rt-microsoft-com.akamaized.net | +| backgroundtransferhost | HTTPS | store-images.microsoft.com | + +The following endpoints are used to communicate with Microsoft Store. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | storeedgefd.dsx.mp.microsoft.com | +| | HTTP | pti.store.microsoft.com | +||TLS v1.2|cy2.\*.md.mp.microsoft.com.\*.| +| svchost | HTTPS | displaycatalog.mp.microsoft.com | + +## Network Connection Status Indicator (NCSI) + +Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi), NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | www.msftconnecttest.com/connecttest.txt | + +## Office + +The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. +If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | *.a-msedge.net | +| hxstr | | *.c-msedge.net | +| | | *.e-msedge.net | +| | | *.s-msedge.net | +| | HTTPS | ocos-office365-s2s.msedge.net | + +The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. +If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| system32\Auth.Host.exe | HTTPS | outlook.office365.com | + +The following endpoint is OfficeHub traffic used to get the metadata of Office apps. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +|Windows Apps\Microsoft.Windows.Photos|HTTPS|client-office365-tas.msedge.net| + +## OneDrive + +The following endpoint is a redirection service that’s used to automatically update URLs. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive), anything that relies on g.live.com to get updated URL information will no longer work. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | + +The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). +To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| onedrive | HTTPS | oneclient.sfx.ms | + +## Settings + +The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| dmclient | | cy2.settings.data.microsoft.com.akadns.net | + +The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| dmclient | HTTPS | settings.data.microsoft.com | + +The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | settings-win.data.microsoft.com | + +## Skype + +The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +|microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com | + + + +## Windows Defender + +The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | wdcp.microsoft.com | + +The following endpoints are used for Windows Defender definition updates. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), definitions will not be updated. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | definitionupdates.microsoft.com | +|MpCmdRun.exe|HTTPS|go.microsoft.com | + +## Windows Spotlight + +The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight), Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see [Windows Spotlight](/windows/configuration/windows-spotlight). + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| backgroundtaskhost | HTTPS | arc.msn.com | +| backgroundtaskhost | | g.msn.com.nsatc.net | +| |TLS v1.2| *.search.msn.com | +| | HTTPS | ris.api.iris.microsoft.com | +| | HTTPS | query.prod.cms.rt.microsoft.com | + +## Windows Update + +The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates), Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com | + +The following endpoints are used to download operating system patches and updates. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTP | *.windowsupdate.com | +| | HTTP | fg.download.windowsupdate.com.c.footprint.net | + +The following endpoint is used by the Highwinds Content Delivery Network to perform Windows updates. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | cds.d2s7q6s2.hwcdn.net | + +The following endpoints are used by the Verizon Content Delivery Network to perform Windows updates. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | *wac.phicdn.net | +| | | *wac.edgecastcdn.net | + +The following endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. Time Limited URL (TLU) is a mechanism for protecting the content. For example, it prevents someone from copying the URL and then getting access to the app that the person has not acquired). +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the updating functionality on this device is essentially in a disabled state, resulting in user unable to get apps from the Store, get latest version of Windows, and so on. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | + +The following endpoint is used to download apps from the Microsoft Store. It's used as part of calculating the right ranges for apps. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), users of the device will not able to get apps from the Microsoft Store. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | emdl.ws.microsoft.com | + +The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | fe2.update.microsoft.com | +| svchost | | fe3.delivery.mp.microsoft.com | +| | | fe3.delivery.dsp.mp.microsoft.com.nsatc.net | +| svchost | HTTPS | sls.update.microsoft.com | +| | HTTP | *.dl.delivery.mp.microsoft.com | + +The following endpoint is used for content regulation. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com | + +The following endpoints are used to download content. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), you will block any content from being downloaded. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | a122.dscd.akamai.net | +| | | a1621.g.akamai.net | + +## Microsoft forward link redirection service (FWLink) + +The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. + +If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +|Various|HTTPS|go.microsoft.com| + +## Other Windows 10 editions + +To view endpoints for other versions of Windows 10 enterprise, see: +- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) + +To view endpoints for non-Enterprise Windows 10 editions, see: +- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) +- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md) + +## Related links + +- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune) \ No newline at end of file diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md new file mode 100644 index 0000000000..f1805362f1 --- /dev/null +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -0,0 +1,528 @@ +--- +title: Connection endpoints for Windows 10, version 1803 +description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. +keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.localizationpriority: high +author: danihalfin +ms.author: daniha +ms.date: 6/26/2018 +--- +# Manage connection endpoints for Windows 10, version 1809 + +**Applies to** + +- Windows 10, version 1809 + +Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include: + +- Connecting to Microsoft Office and Windows sites to download the latest app and security updates. +- Connecting to email servers to send and receive email. +- Connecting to the web for every day web browsing. +- Connecting to the cloud to store and access backups. +- Using your location to show a weather forecast. + +This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. +Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). +Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. + +We used the following methodology to derive these network endpoints: + +1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. +2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). +3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. +4. Compile reports on traffic going to public IP addresses. +5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. + +> [!NOTE] +> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. + +## Windows 10 Enterprise connection endpoints + +## Apps + +The following endpoint is used to download updates to the Weather app Live Tile. +If you [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), no Live Tiles will be updated. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| explorer | HTTP | tile-service.weather.microsoft.com | +| | HTTP | blob.weather.microsoft.com | + +The following endpoint is used for OneNote Live Tile. +To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | cdn.onenote.net/livetile/?Language=en-US | + +The following endpoints are used for Twitter updates. +To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | wildcard.twimg.com | +| svchost.exe | | oem.twimg.com/windows/tile.xml | + +The following endpoint is used for Facebook updates. +To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | star-mini.c10r.facebook.com | + +The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. +To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| WindowsApps\Microsoft.Windows.Photos | HTTPS | evoke-windowsservices-tas.msedge.net | + +The following endpoint is used for Candy Crush Saga updates. +To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | TLS v1.2 | candycrushsoda.king.com | + +The following endpoint is used for by the Microsoft Wallet app. +To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. +Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | + +The following endpoint is used by the Groove Music app for update HTTP handler status. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| system32\AppHostRegistrationVerifier.exe | HTTPS | mediaredirect.microsoft.com | + +The following endpoints are used when using the Whiteboard app. +To turn off traffic for this endpoint [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | wbd.ms | +| | HTTPS | int.whiteboard.microsoft.com | +| | HTTPS | whiteboard.microsoft.com | +| | HTTP / HTTPS | whiteboard.ms | + +## Cortana and Search + +The following endpoint is used to get images that are used for Microsoft Store suggestions. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| searchui | HTTPS |store-images.s-microsoft.com | + +The following endpoint is used to update Cortana greetings, tips, and Live Tiles. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| backgroundtaskhost | HTTPS | www.bing.com/client | + +The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| backgroundtaskhost | HTTPS | www.bing.com/proactive | + +The following endpoint is used by Cortana to report diagnostic and diagnostic data information. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| searchui
      backgroundtaskhost | HTTPS | www.bing.com/threshold/xls.aspx | + +## Certificates + +The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTP | ctldl.windowsupdate.com | + +The following endpoints are used to download certificates that are publicly known to be fraudulent. +These settings are critical for both Windows security and the overall security of the Internet. +We do not recommend blocking this endpoint. +If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTP | ctldl.windowsupdate.com | + +## Device authentication + +The following endpoint is used to authenticate a device. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device will not be authenticated. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | login.live.com/ppsecure | + +## Device metadata + +The following endpoint is used to retrieve device metadata. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata will not be updated for the device. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | dmd.metaservices.microsoft.com.akadns.net | +| | HTTP | dmd.metaservices.microsoft.com | + +## Diagnostic Data + +The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | cy2.vortex.data.microsoft.com.akadns.net | + +The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | v10.vortex-win.data.microsoft.com/collect/v1 | + +The following endpoints are used by Windows Error Reporting. +To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| wermgr | | watson.telemetry.microsoft.com | +| | TLS v1.2 | modern.watson.data.microsoft.com.akadns.net | + +## Font streaming + +The following endpoints are used to download fonts on demand. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#font-streaming), you will not be able to download fonts on demand. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | fs.microsoft.com | +| | | fs.microsoft.com/fs/windows/config.json | + +## Licensing + +The following endpoint is used for online activation and some app licensing. +To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| licensemanager | HTTPS | licensing.mp.microsoft.com/v7.0/licenses/content | + +## Location + +The following endpoint is used for location data. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location), apps cannot use location data. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | location-inference-westus.cloudapp.net | +| | HTTPS | inference.location.live.net | + +## Maps + +The following endpoint is used to check for updates to maps that have been downloaded for offline use. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps), offline maps will not be updated. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | *g.akamaiedge.net | + +## Microsoft account + +The following endpoints are used for Microsoft accounts to sign in. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account), users cannot sign in with Microsoft accounts. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | login.msa.akadns6.net | +| system32\Auth.Host.exe | HTTPS | auth.gfx.ms | +| | | us.configsvc1.live.com.akadns.net | + +## Microsoft Store + +The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | *.wns.windows.com | + +The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. +To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | storecatalogrevocation.storequality.microsoft.com | + +The following endpoints are used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | img-prod-cms-rt-microsoft-com.akamaized.net | +| backgroundtransferhost | HTTPS | store-images.microsoft.com | + +The following endpoints are used to communicate with Microsoft Store. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | storeedgefd.dsx.mp.microsoft.com | +| | HTTP \ HTTPS | pti.store.microsoft.com | +||TLS v1.2|cy2.\*.md.mp.microsoft.com.\*.| +| svchost | HTTPS | displaycatalog.mp.microsoft.com | + +## Network Connection Status Indicator (NCSI) + +Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi), NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | www.msftconnecttest.com/connecttest.txt | + +## Office + +The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. +If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | *.a-msedge.net | +| hxstr | | *.c-msedge.net | +| | | *.e-msedge.net | +| | | *.s-msedge.net | +| | HTTPS | ocos-office365-s2s.msedge.net | +| | HTTPS | nexusrules.officeapps.live.com | +| | HTTPS | officeclient.microsoft.com | + +The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. +If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| system32\Auth.Host.exe | HTTPS | outlook.office365.com | + +The following endpoint is OfficeHub traffic used to get the metadata of Office apps. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +|Windows Apps\Microsoft.Windows.Photos|HTTPS|client-office365-tas.msedge.net| + +The following endpoint is used to connect the Office To-Do app to it's cloud service. +To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| |HTTPS|to-do.microsoft.com| + +## OneDrive + +The following endpoint is a redirection service that’s used to automatically update URLs. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive), anything that relies on g.live.com to get updated URL information will no longer work. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | + +The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). +To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| onedrive | HTTPS | oneclient.sfx.ms | + +## Settings + +The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| dmclient | | cy2.settings.data.microsoft.com.akadns.net | + +The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| dmclient | HTTPS | settings.data.microsoft.com | + +The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | settings-win.data.microsoft.com | + +## Skype + +The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +|microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com | +| | HTTPS | browser.pipe.aria.microsoft.com | +| | | skypeecs-prod-usw-0-b.cloudapp.net | + +## Windows Defender + +The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | wdcp.microsoft.com | + +The following endpoints are used for Windows Defender definition updates. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), definitions will not be updated. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | definitionupdates.microsoft.com | +|MpCmdRun.exe|HTTPS|go.microsoft.com | + +The following endpoints are used for Windows Defender Smartscreen reporting and notifications. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender-smartscreen), Smartscreen notifications will no appear. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTPS | ars.smartscreen.microsoft.com | +| | HTTPS | unitedstates.smartscreen-prod.microsoft.com | +| | | smartscreen-sn3p.smartscreen.microsoft.com | + +## Windows Spotlight + +The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight), Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see [Windows Spotlight](/windows/configuration/windows-spotlight). + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| backgroundtaskhost | HTTPS | arc.msn.com | +| backgroundtaskhost | | g.msn.com.nsatc.net | +| |TLS v1.2| *.search.msn.com | +| | HTTPS | ris.api.iris.microsoft.com | +| | HTTPS | query.prod.cms.rt.microsoft.com | + +## Windows Update + +The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates), Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com | + +The following endpoints are used to download operating system patches and updates. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTP | *.windowsupdate.com | +| | HTTP | fg.download.windowsupdate.com.c.footprint.net | + +The following endpoint is used by the Highwinds Content Delivery Network to perform Windows updates. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | cds.d2s7q6s2.hwcdn.net | + +The following endpoints are used by the Verizon Content Delivery Network to perform Windows updates. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | HTTP | *wac.phicdn.net | +| | | *wac.edgecastcdn.net | + +The following endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. Time Limited URL (TLU) is a mechanism for protecting the content. For example, it prevents someone from copying the URL and then getting access to the app that the person has not acquired). +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the updating functionality on this device is essentially in a disabled state, resulting in user unable to get apps from the Store, get latest version of Windows, and so on. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | + +The following endpoint is used to download apps from the Microsoft Store. It's used as part of calculating the right ranges for apps. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), users of the device will not able to get apps from the Microsoft Store. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | emdl.ws.microsoft.com | + +The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | fe2.update.microsoft.com | +| svchost | | fe3.delivery.mp.microsoft.com | +| | | fe3.delivery.dsp.mp.microsoft.com.nsatc.net | +| svchost | HTTPS | sls.update.microsoft.com | +| | HTTP | *.dl.delivery.mp.microsoft.com | + +The following endpoint is used for content regulation. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com | + +The following endpoints are used to download content. +If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), you will block any content from being downloaded. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| | | a122.dscd.akamai.net | +| | | a1621.g.akamai.net | + +## Microsoft forward link redirection service (FWLink) + +The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. + +If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +|Various|HTTPS|go.microsoft.com| + +## Other Windows 10 editions + +To view endpoints for other versions of Windows 10 enterprise, see: +- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md) + +To view endpoints for non-Enterprise Windows 10 editions, see: +- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) +- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md) + +## Related links + +- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune) \ No newline at end of file