Merge pull request #2454 from MicrosoftDocs/FromPrivateRepo

From private repo

windows/configuration/kiosk-methods.md

@@ -7,7 +7,6 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: jdeckerms
-ms.date: 01/09/2019
 ---
 
 # Configure kiosks and digital signs on Windows desktop editions

windows/configuration/kiosk-prepare.md

@@ -28,6 +28,7 @@ ms.date: 01/09/2019
 >
 >Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
 
+## Configuration recommendations
 
 For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk:
 
@@ -237,3 +238,4 @@ The following table describes some features that have interoperability issues we
 
 
 
+

windows/privacy/TOC.md

@@ -22,4 +22,5 @@
 ### [Connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
 ### [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
 ### [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
+### [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
 ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)

windows/privacy/windows-endpoints-1803-non-enterprise-editions.md

@@ -49,13 +49,14 @@ We used the following methodology to derive these network endpoints:
 | cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
 | cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
 | displaycatalog.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store. |
-|dm3p.wns.notify.windows.com.akadns.net	| HTTPS |	Used for the Windows Push Notification Services (WNS). |
+| dm3p.wns.notify.windows.com.akadns.net	| HTTPS |	Used for the Windows Push Notification Services (WNS). |
 | fe2.update.microsoft.com*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
 | fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
 | fe3.delivery.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
 | g.live.com/odclientsettings/Prod	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
 | g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
 | geo-prod.dodsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update. |
+| ip5.afdorigin-prod-am02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic. |
 | ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
 | licensing.mp.microsoft.com/v7.0/licenses/content	| HTTPS |	Used for online activation and some app licensing. |
 | location-inference-westus.cloudapp.net	| HTTPS |	Used for location data. |
@@ -64,21 +65,24 @@ We used the following methodology to derive these network endpoints:
 | ocos-office365-s2s.msedge.net*	| HTTPS | Used to connect to the Office 365 portal's shared infrastructure. |
 | ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
 | oneclient.sfx.ms*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
+| onecollector.cloudapp.aria.akadns.net	| HTTPS |	Office Telemetry |
+| prod.nexusrules.live.com.akadns.net	| HTTPS |	Office Telemetry |
 | query.prod.cms.rt.microsoft.com*	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
 | ris.api.iris.microsoft.com*	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
 | settings.data.microsoft.com/settings/v2.0/*	| HTTPS |	Used for Windows apps to dynamically update their configuration. |
 | settings-win.data.microsoft.com/settings/*	| HTTPS |	Used as a way for apps to dynamically update their configuration.  |
+| share.microsoft.com/windows-app-web-link	| HTTPS |	Traffic related to Books app |
 | sls.update.microsoft.com*	| HTTPS |	Enables connections to Windows Update. |
 | storecatalogrevocation.storequality.microsoft.com*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store. |
 | storeedgefd.dsx.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store. |
 | tile-service.weather.microsoft.com* | HTTP | Used to download updates to the Weather app Live Tile. |
 | tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
-| ip5.afdorigin-prod-am02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic. |
+| us.configsvc1.live.com.akadns.net	| HTTPS |	Microsoft Office configuration related traffic |
 | watson.telemetry.microsoft.com/Telemetry.Request	| HTTPS |	Used by Windows Error Reporting. |
+| wd-prod-cp-us-east-2-fe.eastus.cloudapp.azure.com	| HTTPS |	Azure front end traffic |
 
 
 ## Windows 10 Pro
-
 | **Destination** | **Protocol** | **Description** |
 | --- | --- | --- |
 | *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
@@ -93,11 +97,13 @@ We used the following methodology to derive these network endpoints:
 | cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
 | dm3p.wns.notify.windows.com.akadns.net	| HTTPS |	Used for the Windows Push Notification Services (WNS) |
 | fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| flightingservicewus.cloudapp.net	| HTTPS |	Insider Program |
 | g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
 | ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
 | location-inference-westus.cloudapp.net	| HTTPS |	Used for location data. |
 | modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
 | ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
+| onecollector.cloudapp.aria.akadns.net	| HTTPS |	Office Telemetry |
 | ris.api.iris.microsoft.com.akadns.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
 | tile-service.weather.microsoft.com/* | HTTP |	Used to download updates to the Weather app Live Tile. |
 | tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
@@ -119,6 +125,7 @@ We used the following methodology to derive these network endpoints:
 | au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
 | cdn.onenote.net/livetile/*	| HTTPS |	Used for OneNote Live Tile. |
 | client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| cloudtile.photos.microsoft.com.akadns.net	| HTTPS |	Photos App in MS Store 
 | config.edge.skype.com/*	| HTTPS |	Used to retrieve Skype configuration values.  |
 | ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
 | cy2.displaycatalog.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
@@ -130,6 +137,7 @@ We used the following methodology to derive these network endpoints:
 | fe2.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
 | fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
 | fe3.delivery.mp.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| flightingservicewus.cloudapp.net	| HTTPS |	Insider Program | 
 | g.live.com/odclientsettings/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
 | g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
 | ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
@@ -139,11 +147,14 @@ We used the following methodology to derive these network endpoints:
 | ocos-office365-s2s.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal's shared infrastructure. |
 | ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
 | oneclient.sfx.ms/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
+| onecollector.cloudapp.aria.akadns.net	| HTTPS |	Office telemetry | 
 | settings-win.data.microsoft.com/settings/*	| HTTPS |	Used as a way for apps to dynamically update their configuration. |
+| share.microsoft.com/windows-app-web-link	| HTTPS |	Traffic related to Books app | 
 | sls.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update. |
 | storecatalogrevocation.storequality.microsoft.com/*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store. |
 | tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
 | tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
 | vip5.afdorigin-prod-ch02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic. |
 | watson.telemetry.microsoft.com/Telemetry.Request	| HTTPS |	Used by Windows Error Reporting. |
-| bing.com/*	| HTTPS |	Used for updates for Cortana, apps, and Live Tiles. |
+| wd-prod-cp-us-west-3-fe.westus.cloudapp.azure.com	| HTTPS |	Azure front end traffic | 
+| www.bing.com/*	| HTTPS |	Used for updates for Cortana, apps, and Live Tiles. |