Merge branch 'main' into vp-titleSuffix

.openpublishing.redirection.json

@@ -1272,7 +1272,7 @@
     },
     {
       "source_path": "windows/configure/basic-level-windows-diagnostic-events-and-fields-1703.md",
-      "redirect_url": "/windows/configuration/basic-level-windows-diagnostic-events-and-fields",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
       "redirect_document_id": false
     },
     {
@@ -1302,7 +1302,7 @@
     },
     {
       "source_path": "windows/configure/configure-windows-telemetry-in-your-organization.md",
-      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
+      "redirect_url": "/windows/privacy/configure-windows-diagnostic-data-in-your-organization",
       "redirect_document_id": false
     },
     {
@@ -1527,7 +1527,7 @@
     },
     {
       "source_path": "windows/configure/windows-diagnostic-data-1703.md",
-      "redirect_url": "/windows/configuration/windows-diagnostic-data",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
       "redirect_document_id": false
     },
     {
@@ -10372,7 +10372,7 @@
     },
     {
       "source_path": "windows/manage/configure-windows-telemetry-in-your-organization.md",
-      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
+      "redirect_url": "/windows/privacy/configure-windows-diagnostic-data-in-your-organization",
       "redirect_document_id": false
     },
     {

.openpublishing.redirection.windows-configuration.json

@@ -2,17 +2,17 @@
   "redirections": [
     {
       "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md",
-      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1709.md",
-      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1709",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields.md",
-      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
@@ -27,7 +27,7 @@
     },
     {
       "source_path": "windows/configuration/configure-windows-telemetry-in-your-organization.md",
-      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
+      "redirect_url": "/windows/privacy/configure-windows-diagnostic-data-in-your-organization",
       "redirect_document_id": false
     },
     {
@@ -47,7 +47,7 @@
     },
     {
       "source_path": "windows/configuration/gdpr-win10-whitepaper.md",
-      "redirect_url": "/windows/privacy/gdpr-win10-whitepaper",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
       "redirect_document_id": false
     },
     {
@@ -72,7 +72,7 @@
     },
     {
       "source_path": "windows/configuration/manage-windows-endpoints-version-1709.md",
-      "redirect_url": "/windows/privacy/manage-windows-endpoints",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
@@ -262,17 +262,17 @@
     },
     {
       "source_path": "windows/configuration/windows-diagnostic-data-1703.md",
-      "redirect_url": "/windows/privacy/windows-diagnostic-data-1703",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/configuration/windows-diagnostic-data-1709.md",
-      "redirect_url": "/windows/configuration/windows-diagnostic-data",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1709",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/configuration/windows-diagnostic-data.md",
-      "redirect_url": "/windows/privacy/windows-diagnostic-data",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {

.openpublishing.redirection.windows-privacy.json

@@ -2,22 +2,22 @@
   "redirections": [
     {
       "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md",
-      "redirect_url": "/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/deploy-data-processor-service-windows.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/gdpr-it-guidance.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/gdpr-win10-whitepaper.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
       "redirect_document_id": false
     },
     {
@@ -27,38 +27,138 @@
     },
     {
       "source_path": "windows/privacy/manage-windows-1709-endpoints.md",
-      "redirect_url": "/windows/privacy/manage-windows-21h2-endpoints",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/manage-windows-1803-endpoints.md",
-      "redirect_url": "/windows/privacy/manage-windows-21h2-endpoints",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/manage-windows-endpoints.md",
-      "redirect_url": "/windows/privacy/manage-windows-2004-endpoints",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/windows-endpoints-1709-non-enterprise-editions.md",
-      "redirect_url": "/windows/privacy/windows-endpoints-21h1-non-enterprise-editions",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/windows-endpoints-1803-non-enterprise-editions.md",
-      "redirect_url": "/windows/privacy/windows-endpoints-21h1-non-enterprise-editions",
+      "redirect_url": "/windows/privacy/index",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/windows-personal-data-services-configuration.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md",
       "redirect_url": "https://techcommunity.microsoft.com/t5/windows-it-pro-blog/preview-app-and-driver-compatibility-insights-in-endpoint/ba-p/3482136",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1709",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1803",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1903",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-1903-endpoints.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/manage-windows-1903-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-1909-endpoints.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/manage-windows-1909-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-2004-endpoints.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/manage-windows-2004-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-20H2-endpoints.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/manage-windows-20H2-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-21H1-endpoints.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/manage-windows-21H1-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-1809-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-1809-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-1903-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-1903-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-1909-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-1909-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-2004-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-2004-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-20H2-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/windows-endpoints-21H1-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-diagnostic-data-1703.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/changes-to-windows-diagnostic-data-collection.md",
+      "redirect_url": "/previous-versions/windows/it-pro/privacy/changes-to-windows-diagnostic-data-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-10-and-privacy-compliance.md",
+      "redirect_url": "/windows/privacy/windows-privacy-compliance-guide",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/privacy/windows-diagnostic-data.md",
+      "redirect_url": "/windows/privacy/optional-diagnostic-data",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/privacy/Microsoft-DiagnosticDataViewer.md",
+      "redirect_url": "/windows/privacy/diagnostic-data-viewer-powershell",
+      "redirect_document_id": true
     }
   ]
 }

windows/client-management/mdm/policy-csp-update.md

@@ -1222,8 +1222,11 @@ If you enter an invalid value, you'll remain on your current version until you c
 <!-- TargetReleaseVersion-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Supported value type is a string containing Windows version number. For example, `1809`, `1903`, etc.
-<!-- TargetReleaseVersion-Editable-End -->
 
+> [!NOTE]
+> You need to set up the ProductVersion CSP along with the TargetReleaseVersion CSP for it to work.
+
+<!-- TargetReleaseVersion-Editable-End -->
 <!-- TargetReleaseVersion-DFProperties-Begin -->
 **Description framework properties**:
 

windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md

@@ -29,11 +29,7 @@ You can learn more about Windows functional and diagnostic data through these ar
 
 - [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
 - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
-- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
-- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
-- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
-- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
+- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
 

windows/privacy/changes-to-windows-diagnostic-data-collection.md

@@ -1,96 +0,0 @@
----
-title: Changes to Windows diagnostic data collection
-description: This article provides information on changes to Windows diagnostic data collection Windows 10 and Windows 11.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 06/27/2024
-ms.topic: conceptual
-ms.collection: privacy-windows
----
-
-# Changes to Windows diagnostic data collection
-
-**Applies to**
-- Windows 11, version 21H2 and later
-- Windows 10, version 1903 and later
-- Windows Server 2022
-
-Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. As part of this effort, we've moved our major products and services to a model where data sent back to Microsoft from customer devices will be classified as either **Required** or **Optional**. We believe this change will provide our customers with a simpler experience – information should be easier to find, easier to understand, and easier to act upon through the tools we provide.
-
-This article is meant for IT administrators and explains the changes Windows is making to align to the new data collection taxonomy. These changes are focused in two areas:
-
-- [Taxonomy changes](#taxonomy-changes)
-- [Behavioral changes](#behavioral-changes)
-
-## Summary of changes
-
-In Windows 10, version 1903 and later, you'll see taxonomy updates in both the **Out-of-box-experience** (OOBE) and the **Diagnostics & feedback** privacy settings page. These changes are explained in the section named **Taxonomy** changes.
-
-Additionally, starting in Windows 11 and Windows Server 2022, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. We’re also clarifying the Security diagnostic data level to reflect its behavior more accurately by changing it to **Diagnostic data off**. All these changes are explained in the section named **Behavioral changes**.
-
-Prior to December 13 2022, the default setting for Windows Server 2022 Datacenter: Azure Edition images deployed using Azure Marketplace was **Diagnostic data off**. Beginning December 13 2022, all newly deployed images are set to **Required diagnostic data** to align with all other Windows releases. All other Windows releases and existing installations remain unchanged.
-
-## Taxonomy changes
-
-Starting in Windows 10, version 1903 and later, both the **Out-of-Box-Experience** (OOBE) and the **Diagnostics & feedback** privacy setting pages will reflect the following changes:
-
-- The **Basic** diagnostic data level is being labeled as **Required**.
-- The **Full** diagnostic data level is being labeled as **Optional**.
-
-> [!IMPORTANT]
-> No action is required for the taxonomy changes, and your existing settings will be maintained as part of this update.
-
-## Behavioral changes
-
-Starting in Windows 11 and Windows Server 2022, we’re simplifying the Windows diagnostic data controls by moving from four diagnostic data settings to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they're upgraded to a supported version of the operating system, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that use enhanced data collection may not work properly. For a list of services, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change.
-
-Additionally, you'll see the following policy changes in Windows Server 2022, Windows 11, and Windows Holographic, version 21H1 (HoloLens 2):
-
-| Policy type | Current policy | Renamed policy |
-| --- | --- | --- |
-| Group Policy | Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow Telemetry**<ul><li>**0 - Security** <br /></li><li>**1 - Basic**<br /></li><li>**2 - Enhanced**<br /></li><li>**3 - Full**<br /></li></ul>| Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow Diagnostic Data**<ul><li>**Diagnostic data off (not recommended)** <br /></li><li>**Send required diagnostic data**<br /></li><li>**Send optional diagnostic data**<br /></li></ul> |
-| Group Policy |Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Configure telemetry opt-in settings user interface**| Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Configure diagnostic data opt-in settings user interface** |
-| Group Policy |Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Configure telemetry opt-in change notifications**| Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Configure diagnostic data opt-in change notifications** |
-
-A final set of changes includes two new policies that can help you fine-tune diagnostic data collection within your organization. These policies let you limit the amount of optional diagnostic data that’s sent back to Microsoft.
-
-- The **Limit dump collection** policy is a new policy that can be used to limit the types of [crash dumps](/windows/win32/dxtecharts/crash-dump-analysis) that can be sent back to Microsoft. If this policy is enabled, Windows Error Reporting will send only kernel mini dumps and user mode triage dumps.
-  - Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Dump Collection**
-  - MDM policy: System/LimitDumpCollection
-- The **Limit diagnostic log collection** policy is another new policy that limits the number of diagnostic logs that are sent back to Microsoft. If this policy is enabled, diagnostic logs aren't sent back to Microsoft.
-  - Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Limit Diagnostic Log Collection**
-  - MDM policy: System/LimitDiagnosticLogCollection
-
-For more information, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
-
-## Services that rely on Enhanced diagnostic data
-
-Customers who use services that depend on Windows diagnostic data, such as [Microsoft Managed Desktop](/managed-desktop/operate/device-policies#windows-diagnostic-data), may be impacted by the behavioral changes when they're released. These services will be updated to address these changes and guidance will be published on how to configure them properly.
-
-## Significant change to the Windows diagnostic data processor configuration
-
-> [!NOTE]
-> The information in this section applies to the following versions of Windows:
-> - Windows 10, versions 20H2, 21H2, 22H2, and newer
-> - Windows 11, versions 21H2, 22H2, 23H2, and newer
-
-Previously, IT admins could use policies (for example, the "Allow commercial data pipeline" policy) at the individual device level to enroll devices in the Windows diagnostic data processor configuration.
-
-Starting with the January 2023 preview cumulative update, how you enable the processor configuration option depends on the billing address of the Azure AD tenant to which your devices are joined.
-
-We made this change to help ensure the diagnostic data for all devices in an organization is processed in a consistent way and in the same geographic region, and to help us implement our plan to [store and process EU Data for European enterprise customers in the EU](/privacy/eudb/eu-data-boundary-learn).
-
-For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration).
-
-## Data collection changes
-
-> [!NOTE]
-> The information in this section applies to the following versions of Windows:
-> - Windows 10, version 22H2 and newer
-> - Windows 11, version 23H2 and newer
-
-As of March 6, 2024, Microsoft Edge diagnostic data is collected separately from Windows diagnostic data on Windows 10 and Windows 11 devices in the European Economic Area. The collection of Microsoft Edge diagnostic data is subject to its own settings. For more information related to this change, see [Microsoft Edge, browsing data, and privacy](https://support.microsoft.com/windows/bb8174ba-9d73-dcf2-9b4a-c582b4e640dd).

windows/privacy/configure-windows-diagnostic-data-in-your-organization.md

@@ -70,6 +70,8 @@ Depending on the diagnostic data settings on the device, diagnostic data can be
 
 Later in this document we provide further details about how to control what’s collected and what data can be included in these different types of diagnostic data.
 
+As of March 6, 2024, Microsoft Edge diagnostic data is collected separately from Windows diagnostic data on Windows 10 (version 22H2 and newer) and Windows 11 (version 23H2 and newer) devices in the European Economic Area. The collection of Microsoft Edge diagnostic data is subject to its own settings. For more information related to this change, see [Microsoft Edge, browsing data, and privacy](https://support.microsoft.com/windows/bb8174ba-9d73-dcf2-9b4a-c582b4e640dd).
+
 ### Data transmission
 
 All diagnostic data is encrypted using Transport Layer Security (TLS) and uses certificate pinning during transfer from the device to the Microsoft data management services.

windows/privacy/diagnostic-data-viewer-overview.md

@@ -44,7 +44,7 @@ Before you can use this tool for viewing Windows diagnostic data, you must turn
 Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
 
 > [!Important]
-> It's possible that your Windows device doesn't have the Microsoft Store available (for example, Windows Server). If this is the case, see [Diagnostic Data Viewer for PowerShell](./microsoft-diagnosticdataviewer.md).
+> It's possible that your Windows device doesn't have the Microsoft Store available (for example, Windows Server). If this is the case, see [Diagnostic Data Viewer for PowerShell](./diagnostic-data-viewer-powershell.md).
 
 ### Start the Diagnostic Data Viewer
 

windows/privacy/essential-services-and-connected-experiences.md

@@ -109,22 +109,12 @@ To view endpoints for Windows Enterprise, see:
 
 - [Manage connection endpoints for Windows 11](manage-windows-11-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 21H1](manage-windows-21H1-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20h2-endpoints.md)
-- [Manage connection endpoints for Windows 10  version 2004](manage-windows-2004-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
 
 To view endpoints for non-Enterprise Windows editions, see:
 
 - [Windows 11 connection endpoints for non-Enterprise editions](windows-11-endpoints-non-enterprise-editions.md)
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](windows-endpoints-20H2-non-enterprise-editions.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
+
 
 > [!IMPORTANT]
 > To inquire about Windows data access or interoperability related to the Digital Markets Act (DMA), [submit this form](https://go.microsoft.com/fwlink/p/?linkid=2271128).

windows/privacy/index.yml

@@ -24,7 +24,7 @@ highlightedContent:
   items:
     - title: Windows privacy & compliance guide for IT and compliance professionals
       itemType: overview
-      url: Windows-10-and-privacy-compliance.md
+      url: windows-privacy-compliance-guide.md
     - title: Configure Windows diagnostic data
       itemType: how-to-guide
       url: configure-windows-diagnostic-data-in-your-organization.md
@@ -47,7 +47,7 @@ productDirectory:
     - title: Optional diagnostic data
       imageSrc: /media/common/i_get-started.svg
       summary: Get examples of the types of optional diagnostic data collected from Windows
-      url: windows-diagnostic-data.md
+      url: optional-diagnostic-data.md
 
 additionalContent:
   sections:

windows/privacy/manage-windows-1809-endpoints.md

@@ -27,7 +27,7 @@ Some Windows components, app, and related services transfer data to Microsoft ne
 
 This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
 Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it.
+Where applicable, each endpoint covered in this article includes a link to specific details about how to control traffic to it.
 
 We used the following methodology to derive these network endpoints:
 
@@ -157,9 +157,9 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 
 ## Certificates
 
-Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or is not trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.
+Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.
 
-If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.
+If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.
 
 The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It's possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that isn't recommended because when root certificates are updated over time, applications and websites may stop working because they didn't receive an updated root certificate the application uses.
 
@@ -218,7 +218,7 @@ To turn off traffic for these endpoints, enable the following Group Policy: Admi
 ## Font streaming
 
 The following endpoints are used to download fonts on demand.
-If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#font-streaming), you will not be able to download fonts on demand.
+If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#font-streaming), you won't be able to download fonts on demand.
 
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@@ -451,7 +451,7 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
 | svchost | HTTP  | `*.dl.delivery.mp.microsoft.com` |
 
 The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
-If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
+If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store.
 
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@@ -463,7 +463,7 @@ These are dependent on enabling:
 - [Microsoft account](manage-windows-1809-endpoints.md#microsoft-account)
 
 The following endpoint is used for content regulation.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint, and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
 
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@@ -486,11 +486,6 @@ To view endpoints for other versions of Windows 10 Enterprise, see:
 
 - [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
 
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-
 
 ## Related links
 

windows/privacy/manage-windows-1903-endpoints.md

@@ -1,183 +0,0 @@
----
-title: Connection endpoints for Windows 10 Enterprise, version 1903
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1903.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 01/18/2018
-ms.topic: reference
----
-# Manage connection endpoints for Windows 10 Enterprise, version 1903
-
-**Applies to**
-
-- Windows 10 Enterprise, version 1903
-
-Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
-
-This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
-Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). 
-Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic. 
-
-The following methodology was used to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
-2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 
-4. Compile reports on traffic going to public IP addresses.
-5.  The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
-6.  All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here. 
-7.  These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8.  These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 1903 Enterprise connection endpoints
-
-|Area|Description|Protocol|Destination|
-|----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoints are used to download updates to the Weather app Live Tile. If you turn off traffic to this endpoint, no Live Tiles will be updated.|HTTP|`blob.weather.microsoft.com`|
-|||HTTP|tile-service.weather.microsoft.com|
-|||HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/livetile/?Language=en-US|
-||The following endpoint is used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|*.twimg.com*|
-||The following endpoint is used for Candy Crush Saga updates. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLS v1.2|candycrushsoda.king.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for by the Microsoft Wallet app. To turn off traffic for this endpoint, either uninstall the Wallet app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|wallet.microsoft.com|
-||The following endpoint is used by the Groove Music app for update HTTP handler status. If you turn off traffic for this endpoint, apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app.|HTTPS|mediaredirect.microsoft.com|
-||The following endpoints are used when using the Whiteboard app. To turn off traffic for this endpoint disable the Microsoft Store.|HTTPS|int.whiteboard.microsoft.com|
-|||HTTPS|wbd.ms|
-|||HTTPS|whiteboard.microsoft.com|
-|||HTTP / HTTPS|whiteboard.ms|
-|Azure |The following endpoints are related to Azure. |HTTPS|wd-prod-*fe*.cloudapp.azure.com|
-|||HTTPS|ris-prod-atm.trafficmanager.net|
-|||HTTPS|validation-v2.sls.trafficmanager.net|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||HTTP|ctldl.windowsupdate.com|
-|Cortana and Search|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoint is used to get images that are used for Microsoft Store suggestions. If you turn off traffic for this endpoint, you'll block images that are used for Microsoft Store suggestions.|HTTPS|store-images.*microsoft.com|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|HTTPS|www.bing.com/client|
-|||HTTPS|www.bing.com|
-|||HTTPS|www.bing.com/proactive|
-|||HTTPS|www.bing.com/threshold/xls.aspx|
-|||HTTP|exo-ring.msedge.net|
-|||HTTP|fp.msedge.net|
-|||HTTP|fp-vp.azureedge.net|
-|||HTTP|odinvzc.azureedge.net|
-|||HTTP|spo-ring.msedge.net|
-|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-||The following endpoint is used to authenticate a device. If you  turn off traffic for this endpoint, the device won't be authenticated.|HTTPS|login.live.com*|
-|Device metadata|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
-||The following endpoint is used to retrieve device metadata. If you  turn off traffic for this endpoint, metadata won't be updated for the device.|HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||HTTP|v10.events.data.microsoft.com|
-|||HTTPS|v10.vortex-win.data.microsoft.com/collect/v1|
-|||HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information won't be sent back to Microsoft.|HTTPS|co4.telecommand.telemetry.microsoft.com|
-|||HTTP|cs11.wpc.v0cdn.net|
-|||HTTPS|cs1137.wpc.gammacdn.net|
-|||TLS v1.2|modern.watson.data.microsoft.com*|
-|||HTTPS|watson.telemetry.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||HTTPS|*licensing.mp.microsoft.com*|
-|Location|The following endpoints are used for location data. If you turn off traffic for this endpoint, apps can't use location data. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location)|
-|||HTTPS|inference.location.live.net|
-|||HTTP|location-inference-westus.cloudapp.net|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|HTTPS|*g.akamaiedge.net|
-|||HTTP|*maps.windows.com*|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |HTTP|login.msa.akadns6.net|
-|||HTTP|us.configsvc1.live.com.akadns.net|
-|Microsoft Edge|This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
-|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
-|||HTTP|www.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com*|
-|||HTTPS|store-images.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|TLS v1.2|*.md.mp.microsoft.com*|
-|||HTTPS|*displaycatalog.mp.microsoft.com|
-|||HTTP|storeedgefd.dsx.mp.microsoft.com|
-|||HTTP|markets.books.microsoft.com|
-|||HTTP |share.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTP|*.c-msedge.net|
-|||HTTPS|*.e-msedge.net|
-|||HTTPS|*.s-msedge.net|
-|||HTTPS|nexusrules.officeapps.live.com|
-|||HTTPS|ocos-office365-s2s.msedge.net|
-|||HTTPS|officeclient.microsoft.com|
-|||HTTPS|outlook.office365.com|
-|||HTTPS|client-office365-tas.msedge.net|
-|||HTTPS|www.office.com|
-|||HTTPS|onecollector.cloudapp.aria|
-|||HTTP|v10.events.data.microsoft.com/onecollector/1.0/|
-|||HTTPS|self.events.data.microsoft.com|
-||The following endpoint is used to connect the Office To-Do app to its cloud service. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store.|HTTPS|to-do.microsoft.com|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||HTTP \ HTTPS|g.live.com/1rewlive5skydrive/*|
-|||HTTP|msagfx.live.com|
-|||HTTPS|oneclient.sfx.ms|
-|||HTTP| windows.policies.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||HTTPS|cy2.settings.data.microsoft.com.akadns.net|
-|||HTTPS|settings.data.microsoft.com|
-|||HTTPS|settings-win.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS|browser.pipe.aria.microsoft.com|
-|||HTTP|config.edge.skype.com|
-|||HTTP|s2s.config.skype.com|
-|||HTTPS|skypeecs-prod-usw-0-b.cloudapp.net|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||HTTPS|wdcp.microsoft.com|
-|||HTTPS|definitionupdates.microsoft.com|
-|||HTTPS|go.microsoft.com|
-||The following endpoints are used for Windows Defender Smartscreen reporting and notifications. If you turn off traffic for these endpoints, Smartscreen notifications won't appear.|HTTPS|*.smartscreen.microsoft.com|
-|||HTTPS|smartscreen-sn3p.smartscreen.microsoft.com|
-|||HTTPS|unitedstates.smartscreen-prod.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||TLS v1.2|*.search.msn.com|
-|||HTTPS|arc.msn.com|
-|||HTTPS|g.msn.com*|
-|||HTTPS|query.prod.cms.rt.microsoft.com|
-|||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||HTTPS|*.prod.do.dsp.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com|
-|||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTPS|*.delivery.mp.microsoft.com|
-|||HTTPS|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|HTTPS|tsfe.trafficshaping.dsp.mp.microsoft.com|
-
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-
-## Related links
-
-- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
-- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)

windows/privacy/manage-windows-1909-endpoints.md

@@ -1,133 +0,0 @@
----
-title: Connection endpoints for Windows 10 Enterprise, version 1909
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1909.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 01/18/2018
-ms.topic: reference
----
-# Manage connection endpoints for Windows 10 Enterprise, version 1909
-
-**Applies to**
-
-- Windows 10 Enterprise, version 1909
-
-Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
-
-Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic.
-
-The following methodology was used to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 1909 Enterprise connection endpoints
-
-|Area|Description|Protocol|Destination|
-|----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
-|||HTTP|tile-service.weather.microsoft.com/en-us/livetile/preinstall|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/*|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLS v1.2|evoke-windowsservices-tas.msedge.net|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||HTTP|ctldl.windowsupdate.com|
-|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|HTTPS|www.bing.com*|
-|||HTTPS|www.bing.com/client/config|
-|||TLS v1.2|fp.msedge.net|
-|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-||The following endpoint is used to authenticate a device. If you  turn off traffic for this endpoint, the device won't be authenticated.|HTTPS|login.live.com*|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||HTTP|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information won't be sent back to Microsoft.|HTTPS|*.telecommand.telemetry.microsoft.com|
-|||TLS v1.2|watson.*.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||HTTPS|*licensing.mp.microsoft.com|
-|||HTTPS|licensing.mp.microsoft.com/v7.0/licenses/content|
-|Location|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location)|
-||The following endpoints are used for location data. If you turn off traffic for this endpoint, apps can't use location data.|TLS v1.2|inference.location.live.net|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|HTTP|*maps.windows.com|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |TLS v1.2|*login.live.com|
-|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
-||This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
-|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLS v1.2|1storecatalogrevocation.storequality.microsoft.com|
-|||HTTPS|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|HTTPS|*displaycatalog.mp.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTP/ TLS v1.2|v10.events.data.microsoft.com/onecollector/1.0/|
-|||TLS v1.2|*.blob.core.windows.net|
-|||HTTP|officehomeblobs.blob.core.windows.net|
-||The following endpoints are used by Microsoft OfficeHub to get the metadata of Microsoft Office apps |TLS v1.2|c-ring.msedge.net|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||TLS v1.2|*g.live.com|
-|||HTTPS|oneclient.sfx.ms|
-|||HTTPS| logincdn.msauth.net|
-|||HTTP| windows.policies.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLS v1.2|settings-win.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS|*.pipe.aria.microsoft.com|
-|||HTTP/TLS v1.2|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||HTTPS/TLS v1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS/TLS v1.2|*.smartscreen-prod.microsoft.com|
-|||HTTPS|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||HTTPS/TLS v1.2|arc.msn.com|
-|||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||HTTPS/TLS v1.2|*.prod.do.dsp.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com|
-|||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTP|*.delivery.mp.microsoft.com|
-|||HTTPS/TLS v1.2|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|HTTPS/TLS v1.2|tsfe.trafficshaping.dsp.mp.microsoft.com|
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-
-## Related links
-
-- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
-- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)

windows/privacy/manage-windows-2004-endpoints.md

@@ -1,135 +0,0 @@
----
-title: Connection endpoints for Windows 10 Enterprise, version 2004
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 2004.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 01/18/2018
-ms.topic: reference
----
-# Manage connection endpoints for Windows 10 Enterprise, version 2004
-
-**Applies to**
-
-- Windows 10 Enterprise, version 2004
-
-Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
-
-Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic.
-
-The following methodology was used to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 2004 Enterprise connection endpoints
-
-|Area|Description|Protocol|Destination|
-|----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoints are used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|blob.weather.microsoft.com|
-|||HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/*|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2|evoke-windowsservices-tas.msedge.net|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||HTTP|ctldl.windowsupdate.com|
-|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2|www.bing.com*|
-|Device metadata|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
-||The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata won't be updated for the device.|HTTPS|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Windows Diagnostic Data, Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft improve our products and services, won't be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information won't be sent back to Microsoft.|HTTPS|*.telecommand.telemetry.microsoft.com|
-|||TLS v1.2|watson.*.microsoft.com|
-|Font Streaming|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
-||The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you won't be able to download fonts on demand. |HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||HTTPS|*licensing.mp.microsoft.com|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|TLSv1.2|*maps.windows.com|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |TLSv1.2|*login.live.com|
-|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|TLSv1.2/HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|TLSv1.2|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|HTTPS|*displaycatalog.mp.microsoft.com|
-|||HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|*ow1.res.office365.com|
-|||HTTPS|office.com|
-|||HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS|self.events.data.microsoft.com|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||TLSv1.2|*g.live.com|
-|||TLSv1.2|oneclient.sfx.ms|
-|||HTTPS| logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2|settings-win.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS|*.pipe.aria.microsoft.com|
-|||HTTPS|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||TLSv1.2|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||TLSv1.2|wdcp.microsoft.com|
-|||HTTPS|go.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*.smartscreen-prod.microsoft.com|
-|||HTTPS|*.smartscreen.microsoft.com |
-|||HTTPS|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||TLSv1.2|arc.msn.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||TLSv1.2|*.prod.do.dsp.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com|
-|||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTPS|*.delivery.mp.microsoft.com|
-|||TLSv1.2|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|TLSv1.2|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||TLSv1.2|dlassets-ssl.xboxlive.com|
-
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-
-## Related links
-
-- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
-- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)

windows/privacy/manage-windows-20H2-endpoints.md

@@ -1,151 +0,0 @@
----
-title: Connection endpoints for Windows 10 Enterprise, version 20H2
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 20H2.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 01/18/2018
-ms.topic: reference
----
-
-# Manage connection endpoints for Windows 10 Enterprise, version 20H2
-
-**Applies to**
-
-- Windows 10 Enterprise, version 20H2
-
-Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
-
-Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic.
-
-The following methodology was used to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 20H2 Enterprise connection endpoints
-
-|Area|Description|Protocol|Destination|
-|----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com|
-|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||TLSv1.2/HTTPS/HTTP|fp.msedge.net|
-|||TLSv1.2|I-ring.msedge.net|
-|||HTTPS|s-ring.msedge.net|
-|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-||The following endpoint is used to authenticate a device. If you  turn off traffic for this endpoint, the device won't be authenticated.|HTTPS|login.live.com*|
-|Device metadata|The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata won't be updated for the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
-|||HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2/HTTPS/HTTP|v10.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com|
-|||HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information won't be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com|
-|||TLS v1.2/HTTPS/HTTP|watson.*.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you won't be able to download fonts on demand.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
-|||HTTPS|fs.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |TLSv1.2/HTTPS|login.live.com|
-|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
-||This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
-||The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won't be able to check for and apply new edge updates.|TLSv1.2/HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTP|go.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is needed to load the content in the Microsoft Store app.|HTTPS|livetileedge.dsx.mp.microsoft.com|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTP|share.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|www.office.com|
-|||HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS|officehomeblobs.blob.core.windows.net|
-|||HTTPS|self.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||TLSv1.2/HTTPS/HTTP|g.live.com|
-|||TLSv1.2/HTTPS/HTTP|oneclient.sfx.ms|
-|||HTTPS| logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com|
-|||HTTPS|settings.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||HTTPS/TLSv1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*.smartscreen-prod.microsoft.com|
-|||HTTPS/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||TLSv1.2/HTTPS/HTTP|arc.msn.com|
-|||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-|||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|dlassets-ssl.xboxlive.com|
-
-
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-
-## Related links
-
-- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
-- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)

windows/privacy/manage-windows-21H1-endpoints.md

@@ -1,153 +0,0 @@
----
-title: Connection endpoints for Windows 10 Enterprise, version 21H1
-description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H1.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 01/18/2018
-ms.topic: reference
----
-
-# Manage connection endpoints for Windows 10 Enterprise, version 21H1
-
-**Applies to**
-
-- Windows 10 Enterprise, version 21H1
-
-Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
-
-Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic.
-
-The following methodology was used to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 21H1 Enterprise connection endpoints
-
-|Area|Description|Protocol|Destination|
-|----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft Store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft Store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft Store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com|
-|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||TLSv1.2/HTTPS/HTTP|fp.msedge.net|
-|||TLSv1.2|I-ring.msedge.net|
-|||HTTPS|s-ring.msedge.net|
-|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-||The following endpoint is used to authenticate a device. If you  turn off traffic for this endpoint, the device won't be authenticated.|HTTPS|login.live.com*|
-|Device metadata|The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata won't be updated for the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
-|||HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2/HTTPS/HTTP|v10.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com|
-|||HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: **Administrative Templates** > **Windows Components** > **Windows Error Reporting** > **Disable Windows Error Reporting**. This means error reporting information won't be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com|
-|||TLS v1.2/HTTPS/HTTP|watson.*.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you won't be able to download fonts on demand.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
-|||HTTPS|fs.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |TLSv1.2/HTTPS|login.live.com|
-|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
-||This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
-||The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won't be able to check for and apply new edge updates.|TLSv1.2/HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead, disable the traffic that's getting forwarded.|HTTP|go.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is needed to load the content in the Microsoft Store app.|HTTPS|livetileedge.dsx.mp.microsoft.com|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTP|share.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|www.office.com|
-|||HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS|officehomeblobs.blob.core.windows.net|
-|||HTTPS|self.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||TLSv1.2/HTTPS/HTTP|g.live.com|
-|||TLSv1.2/HTTPS/HTTP|oneclient.sfx.ms|
-|||HTTPS| logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com|
-|||HTTPS|settings.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||HTTPS/TLSv1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*.smartscreen-prod.microsoft.com|
-|||HTTPS/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||TLSv1.2/HTTPS/HTTP|arc.msn.com|
-|||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-|||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Microsoft Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|dlassets-ssl.xboxlive.com|
-
-
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](windows-endpoints-20H2-non-enterprise-editions.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-
-## Related links
-
-- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
-- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)

windows/privacy/manage-windows-21h2-endpoints.md

@@ -129,18 +129,8 @@ The following methodology was used to derive these network endpoints:
 
 To view endpoints for other versions of Windows 10 Enterprise, see:
 
-- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
 - [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
 
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
 
 ## Related links
 

windows/privacy/optional-diagnostic-data.md

@@ -1,5 +1,5 @@
 ---
-title: Windows 10, version 1709 and Windows 11 and later optional diagnostic data (Windows 10)
+title: Optional diagnostic data for Windows 11 and Windows 10
 description: Use this article to learn about the types of optional diagnostic data that is collected.
 ms.service: windows-client
 ms.subservice: itpro-privacy
@@ -12,7 +12,7 @@ ms.collection: highpri
 ms.topic: reference
 ---
 
-# Windows 10, version 1709 and later and Windows 11 optional diagnostic data
+# Optional diagnostic data for Windows 11 and Windows 10
 
 Applies to:
 - Windows 11, version 23H2
@@ -20,14 +20,10 @@ Applies to:
 - Windows 11, version 21H2
 - Windows 10, version 22H2
 - Windows 10, version 21H2
-- Windows 10, version 21H1
-- Windows 10, version 20H2
-- Windows 10, version 2004
-- Windows 10, version 1909
-- Windows 10, version 1903
 - Windows 10, version 1809
-- Windows 10, version 1803
-- Windows 10, version 1709
+
+> [!NOTE]
+> The information in this article also applies to these versions of Windows 10: 21H1, 20H2, 2004, 1909, 1903, 1803, and 1709. But those versions have reached their end of servicing date. For more information, see [Microsoft Product Lifecycle](/lifecycle/products).
 
 Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of optional diagnostic data collected by Windows, with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 11 required diagnostic events and fields](/windows/privacy/required-windows-11-diagnostic-events-and-fields).
 

windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md

@@ -29,11 +29,8 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
-- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
-- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
-- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
 - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
 

windows/privacy/required-windows-11-diagnostic-events-and-fields.md

@@ -29,11 +29,8 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 - [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
-- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
-- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
-- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
 - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
 

windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md

@@ -1,6 +1,6 @@
 ---
 description: Learn more about the required Windows 10 diagnostic data gathered.
-title: Required diagnostic events and fields for Windows 10 (versions 22H2, 21H2, 21H1, 20H2, and 2004)
+title: Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2
 ms.service: windows-client
 ms.subservice: itpro-privacy
 ms.localizationpriority: high
@@ -13,16 +13,15 @@ ms.topic: reference
 ---
 
 
-# Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004
+# Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2
 
  **Applies to**
 
 - Windows 10, version 22H2
 - Windows 10, version 21H2
-- Windows 10, version 21H1
-- Windows 10, version 20H2
-- Windows 10, version 2004
 
+> [!NOTE]
+> The information in this article also applies to these versions of Windows 10: 21H1, 20H2, and 2004. But those versions have reached their end of servicing date. For more information, see [Microsoft Product Lifecycle](/lifecycle/products).
 
 Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store.
 

windows/privacy/toc.yml

@@ -2,41 +2,29 @@
   href: index.yml
   items: 
     - name: "Windows Privacy Compliance: A Guide for IT and Compliance Professionals"
-      href: windows-10-and-privacy-compliance.md
+      href: windows-privacy-compliance-guide.md
     - name: Configure Windows diagnostic data in your organization
       href: configure-windows-diagnostic-data-in-your-organization.md
-    - name: Changes to Windows diagnostic data collection
-      href: changes-to-windows-diagnostic-data-collection.md
     - name: Diagnostic Data Viewer
       items: 
         - name: Diagnostic Data Viewer Overview
           href: diagnostic-data-viewer-overview.md
         - name: Diagnostic Data Viewer for PowerShell Overview
-          href: Microsoft-DiagnosticDataViewer.md
+          href: diagnostic-data-viewer-powershell.md
     - name: Required Windows diagnostic data events and fields
       items: 
         - name: Windows 11, versions 23H2 and 22H2
           href: required-diagnostic-events-fields-windows-11-22H2.md
         - name: Windows 11, version 21H2
           href: required-windows-11-diagnostic-events-and-fields.md
-        - name: Windows 10, versions 22H2, 21H2, 21H1, 20H2, and 2004
+        - name: Windows 10, versions 22H2 and 21H2
           href: required-windows-diagnostic-data-events-and-fields-2004.md
-        - name: Windows 10, versions 1909 and 1903
-          href: basic-level-windows-diagnostic-events-and-fields-1903.md
         - name: Windows 10, version 1809
           href: basic-level-windows-diagnostic-events-and-fields-1809.md
-        - name: Windows 10, version 1803
-          href: basic-level-windows-diagnostic-events-and-fields-1803.md
-        - name: Windows 10, version 1709
-          href: basic-level-windows-diagnostic-events-and-fields-1709.md
-        - name: Windows 10, version 1703
-          href: basic-level-windows-diagnostic-events-and-fields-1703.md
-    - name: Optional Windows diagnostic data events and fields
+    - name: Optional Windows diagnostic data
       items:
-        - name: Windows 10, version 1709 and later and Windows 11 optional diagnostic data
-          href: windows-diagnostic-data.md
-        - name: Windows 10, version 1703 optional diagnostic data
-          href: windows-diagnostic-data-1703.md
+        - name: Optional diagnostic data for Windows 11 and Windows 10
+          href: optional-diagnostic-data.md
     - name: Manage Windows connected experiences
       items: 
         - name: Manage connections from Windows operating system components to Microsoft services
@@ -49,29 +37,7 @@
           href: manage-windows-11-endpoints.md
         - name: Connection endpoints for Windows 10, version 21H2
           href: manage-windows-21h2-endpoints.md
-        - name: Connection endpoints for Windows 10, version 21H1
-          href: manage-windows-21H1-endpoints.md
-        - name: Connection endpoints for Windows 10, version 20H2
-          href: manage-windows-20H2-endpoints.md
-        - name: Connection endpoints for Windows 10, version 2004
-          href: manage-windows-2004-endpoints.md
-        - name: Connection endpoints for Windows 10, version 1909
-          href: manage-windows-1909-endpoints.md
-        - name: Connection endpoints for Windows 10, version 1903
-          href: manage-windows-1903-endpoints.md
         - name: Connection endpoints for Windows 10, version 1809
           href: manage-windows-1809-endpoints.md
         - name: Connection endpoints for non-Enterprise editions of Windows 11
           href: windows-11-endpoints-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 21H1
-          href: windows-endpoints-21H1-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 20H2
-          href: windows-endpoints-20H2-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 2004
-          href: windows-endpoints-2004-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 1909
-          href: windows-endpoints-1909-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 1903
-          href: windows-endpoints-1903-non-enterprise-editions.md
-        - name: Connection endpoints for non-Enterprise editions of Windows 10, version 1809
-          href: windows-endpoints-1809-non-enterprise-editions.md

windows/privacy/windows-diagnostic-data-1703.md

@@ -1,117 +0,0 @@
----
-title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10)
-description: Use this article to learn about the types of data that is collected the Full diagnostic data level.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 03/31/2017
-ms.topic: reference
----
-
-# Windows 10 diagnostic data for the Full diagnostic data level
-
-**Applies to:**
-- Windows 10, version 1703
-
-Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the user’s needs.   This article describes all types diagnostic data collected by Windows at the Full diagnostic data level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](./basic-level-windows-diagnostic-events-and-fields-1709.md) and [Windows 10, version 1703 Basic level diagnostic events and fields](./basic-level-windows-diagnostic-events-and-fields-1703.md).
-
-The data covered in this article is grouped into the following categories:
-
--   Common Data (diagnostic header information)
--   Device, Connectivity, and Configuration data
--   Product and Service Usage data
--   Product and Service Performance data
--   Software Setup and Inventory data
--   Browsing History data
--   Inking, Typing, and Speech Utterance data
-
-> [!NOTE]
-> The majority of diagnostic data falls into the first four categories.
-
-## Common data
-
-Most diagnostic events contain a header of common data:
-
-| Category Name | Examples |
-| - | - |
-| Common Data | Information that is added to most diagnostic events, if relevant and available:<br><ul><li>OS name, version, build, and [locale](/windows/win32/intl/locales-and-languages)</li><li>User ID - a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic diagnostic data</li><li>Xbox UserID</li><li>Environment from which the event was logged - Application ID of app or component that logged the event, Session GUID. Used to track events over a given period of time such the period an app is running or between boots of the OS.</li><li>The diagnostic event name, Event ID, [ETW](/windows/win32/etw/event-tracing-portal) opcode, version, schema signature, keywords, and flags</li><li>HTTP header information, including the IP address. This IP address is the source address that’s provided by the network packet header and received by the diagnostics ingestion service.</li><li>Various IDs that are used to correlate and sequence related events together.</li><li>Device ID. This ID is not the user provided device name, but an ID that is unique for that device.</li><li>Device class - Desktop, Server, or Mobile</li><li>Event collection time</li><li>Diagnostic level -  Basic or Full, Sample level - for sampled data, what sample level is this device opted into</li></ul> |
-
-## ​Device, Connectivity, and Configuration data
-
-This type of data includes details about the device, its configuration and connectivity capabilities, and status.
-
-| Category Name |  Examples |
-| - | - |
-| Device properties | Information about the OS and device hardware, such as:<br><ul><li> OS - version name, Edition</li><li>Installation type, subscription status, and genuine OS status</li><li>Processor architecture, speed, number of cores, manufacturer, and model</li><li>OEM details - manufacturer, model, and serial number<li>Device identifier and Xbox serial number</li><li>Firmware/BIOS - type, manufacturer, model, and version</li><li>Memory - total memory, video memory, speed, and how much memory is available after the device has reserved memory</li><li>Storage - total capacity and disk type</li><li>Battery - charge capacity and InstantOn support</li><li>Hardware chassis type, color, and form factor</li><li>Is this machine a virtual machine?</li></ul> |
-| Device capabilities | Information about the specific device capabilities such as:<br/><ul><li>Camera - whether the device has a front facing, a rear facing camera, or both.</li><li>Touch screen - does the device include a touch screen? If so, how many hardware touch points are supported?</li><li>Processor capabilities - CompareExchange128, LahfSahf, NX, PrefetchW, and SSE2</li><li>Trusted Platform Module (TPM) – whether present and what version</li><li>Virtualization hardware - whether an IOMMU is present, SLAT support, is virtualization enabled in the firmware</li><li>Voice – whether voice interaction is supported and the number of active microphones</li><li>Number of displays, resolutions, DPI</li><li>Wireless capabilities</li><li>OEM or platform face detection</li><li>OEM or platform video stabilization and quality level set</li><li>Advanced Camera Capture mode (HDR vs. LowLight), OEM vs. platform implementation, HDR probability, and Low Light probability</li></ul> |
-| Device preferences and settings | Information about the device settings and user preferences such as:<br><ul><li>User Settings – System, Device, Network &amp; Internet, Personalization, Cortana, Apps, Accounts, Time &amp; Language, Gaming, Ease of Access, Privacy, Update &amp; Security</li><li>User-provided device name</li><li>Whether device is domain-joined, or cloud-domain joined (that is, part of a company-managed network)</li><li>Hashed representation of the domain name</li><li>MDM (mobile device management) enrollment settings and status</li><li>BitLocker, Secure Boot, encryption settings, and status</li><li>Windows Update settings and status</li><li>Developer Unlock settings and status</li><li>Default app choices</li><li>Default browser choice</li><li>Default language settings for app, input, keyboard, speech, and display</li><li>App store update settings</li><li>Enterprise OrganizationID, Commercial ID</li></ul> |
-| Device peripherals | Information about the device peripherals such as:<br><ul><li>Peripheral name, device model, class, manufacturer, and description</li><li>Peripheral device state, install state, and checksum</li><li>Driver name, package name, version, and manufacturer</li><li>HWID - A hardware vendor defined ID to match a device to a driver [INF file](/windows-hardware/drivers/install/hardware-ids)</li><li>Driver state, problem code, and checksum</li><li>Whether driver is kernel mode, signed, and image size</li></ul> |
-| Device network info | Information about the device network configuration such as:<br><ul><li>Network system capabilities</li><li>Local or Internet connectivity status</li><li>Proxy, gateway, DHCP, DNS details, and addresses</li><li>Paid or free network</li><li>Wireless driver is emulated or not</li><li>Access point mode capable</li><li>Access point manufacturer, model, and MAC address</li><li>WDI Version</li><li>Name of networking driver service</li><li>Wi-Fi Direct details</li><li>Wi-Fi device hardware ID and manufacturer</li><li>Wi-Fi scan attempt counts and item counts</li><li>Mac randomization is supported/enabled or not</li><li>Number of spatial streams and channel frequencies supported</li><li>Manual or Auto Connect enabled</li><li>Time and result of each connection attempt</li><li>Airplane mode status and attempts</li><li>Interface description provided by the manufacturer</li><li>Data transfer rates</li><li>Cipher algorithm</li><li>Mobile Equipment ID (IMEI) and Mobile Country Code (MCCO)</li><li>Mobile operator and service provider name</li><li>Available SSIDs and BSSIDs</li><li>IP Address type - IPv4 or IPv6</li><li>Signal Quality percentage and changes</li><li>Hotspot presence detection and success rate</li><li>TCP connection performance</li><li>Miracast device names</li><li>Hashed IP address</li></ul>
-
-## Product and Service Usage data
-
-This type of data includes details about the usage of the device, operating system, applications, and services. 
-
-| Category Name | Examples |
-| - | - |
-| App usage | Information about Windows and application usage such as:<ul><li>OS component and app feature usage</li><li>User navigation and interaction with app and Windows features. This information could include user input, such as the name of a new alarm set, user menu choices, or user favorites.</li><li>Time of and count of app/component launches, duration of use, session GUID, and process ID</li><li>App time in various states – running foreground or background, sleeping, or receiving active user interaction</li><li>User interaction method and duration – whether and length of time user used the keyboard, mouse, pen, touch, speech, or game controller</li><li>Cortana launch entry point/reason</li><li>Notification delivery requests and status</li><li>Apps used to edit images and videos</li><li>SMS, MMS, VCard, and broadcast message usage statistics on primary or secondary line</li><li>Incoming and Outgoing calls and Voicemail usage statistics on primary or secondary line</li><li>Emergency alerts are received or displayed statistics</li><li>Content searches within an app</li><li>Reading activity - bookmarking used, print used, layout changed</li></ul>|
-| App or product state | Information about Windows and application state such as:<ul><li>Start Menu and Taskbar pins</li><li>Online/Offline status</li><li>App launch state –- with deep-link such as Groove launched with an audio track to play, or share contract such as MMS launched to share a picture.</li><li>Personalization impressions delivered</li><li>Whether the user clicked or hovered on UI controls or hotspots</li><li>User feedback Like or Dislike or rating was provided</li><li>Caret location or position within documents and media files - how much of a book has been read in a single session or how much of a song has been listened to.</li></ul>|
-| Login properties | <ul><li>Login success or failure</li><li>Login sessions and state</li></ul>|
-
-
-## Product and Service Performance data
-
-This type of data includes details about the health of the device, operating system, apps, and drivers.
-
-| Category Name | Description and Examples |
-| - | - |
-|Device health and crash data | Information about the device and software health such as:<br><ul><li>Error codes and error messages, name and ID of the app, and process reporting the error</li><li>DLL library predicted to be the source of the error - xyz.dll</li><li>System-generated files - app or product logs and trace files to help diagnose a crash or hang</li><li>System settings such as registry keys</li><li>User-generated files – .doc, .ppt, .csv files where they are indicated as a potential cause for a crash or hang</li><li>Details and counts of abnormal shutdowns, hangs, and crashes</li><li>Crash failure data – OS, OS component, driver, device, 1st and 3rd party app data</li><li>Crash and Hang dumps<ul><li>The recorded state of the working memory at the point of the crash.</li><li>Memory in use by the kernel at the point of the crash.</li><li>Memory in use by the application at the point of the crash.</li><li>All the physical memory used by Windows at the point of the crash.</li><li>Class and function name within the module that failed.</li></li></ul> |
-|Device performance and reliability data | Information about the device and software performance such as:<br><ul><li>User Interface interaction durations - Start Menu display times, browser tab switch times, app launch and switch times, and Cortana and search performance and reliability.</li><li>Device on/off performance - Device boot, shutdown, power on/off, lock/unlock times, and user authentication times (fingerprint and face recognition durations).</li><li>In-app responsiveness - time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction.</li><li>User input responsiveness – onscreen keyboard invocation times for different languages, time to show autocomplete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score.</li><li>UI and media performance and glitches/smoothness - video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance</li><li>Disk footprint - Free disk space, out of memory conditions, and disk score.</li><li>Excessive resource utilization – components impacting performance or battery life through high CPU usage during different screen and power states</li><li>Background task performance - download times, Windows Update scan duration, Microsoft Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results</li><li>Peripheral and devices - USB device connection times, time to connect to a wireless display, printing times, network availability, and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP, and so on), smart card authentication times, automatic brightness environmental response times</li><li>Device setup - first setup experience times (time to install updates, install apps, connect to network etc.), time to recognize connected devices (printer and monitor), and time to setup Microsoft Account.</li><li>Power and Battery life – power draw by component (Process/CPU/GPU/Display), hours of screen off time, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use during screen off, autobrightness details, time device is plugged into AC vs. battery, battery state transitions</li><li>Service responsiveness - Service URI, operation, latency, service success/error codes, and protocol.</li><li>Diagnostic heartbeat – regular signal to validate the health of the diagnostics system</li></ul>|
-|Movies|Information about movie consumption functionality on the device. This information isn't intended to capture user viewing, listening, or habits.<br><ul><li>Video Width, height, color pallet, encoding (compression) type, and encryption type</li><li>Instructions for how to stream content for the user - the smooth streaming manifest of chunks of content files that must be pieced together to stream the content based on screen resolution and bandwidth</li><li>URL for a specific two-second chunk of content if there is an error</li><li>Full screen viewing mode details|
-|Music & TV|Information about music and TV consumption on the device. This information isn't intended to capture user viewing, listening, or habits.<br><ul><li>Service URL for song being downloaded from the music service – collected when an error occurs to facilitate restoration of service</li><li>Content type (video, audio, surround audio)</li><li>Local media library collection statistics - number of purchased tracks, number of playlists</li><li>Region mismatch - User OS Region, and Xbox Live region</li></ul>|
-|Reading|Information about reading consumption functionality on the device. This information isn't intended to capture user viewing, listening, or habits.<br><ul><li>App accessing content and status and options used to open a Microsoft Store book</li><li>Language of the book</li><li>Time spent reading content</li><li>Content type and size details</li></ul>|
-|Photos App|Information about photos usage on the device. This information isn't intended to capture user viewing, listening, or habits.<br><ul><li>File source data - local, SD card, network device, and OneDrive</li><li>Image &amp; video resolution, video length, file sizes types and encoding</li><li>Collection view or full screen viewer use and duration of view</li></ul></ul>|
-|On-device file query | Information about local search activity on the device such as: <ul><li>Type of query issued and index type (ConstraintIndex, SystemIndex)</li><li>Number of items requested and retrieved</li><li>File extension of search result user interacted with</li><li>Launched item kind, file extension, index of origin, and the App ID of the opening app.</li><li>Name of process calling the indexer and time to service the query.</li><li>A hash of the search scope (file, Outlook, OneNote, IE history) </li><li>The state of the indices (fully optimized, partially optimized, being built)</li></ul> |
-|Purchasing| Information about purchases made on the device such as: <br><ul><li>Product ID, edition ID, and product URI</li><li>Offer details - price</li><li>Order requested date/time</li><li>Store client type - web or native client</li><li>Purchase quantity and price</li><li>Payment type - credit card type and PayPal</li></ul> |
-|Entitlements | Information about entitlements on the device such as:<br><ul><li>Service subscription status and errors</li><li>DRM and license rights details - Groove subscription or OS volume license</li><li>Entitlement ID, lease ID, and package ID of the install package</li><li>Entitlement revocation</li><li>License type (trial, offline versus online) and duration</li><li>License usage session</li></ul> |
-
-## Software Setup and Inventory data
-
-This type of data includes software installation and update information on the device.
-
-| Category Name | Data Examples |
-| - | - |
-| Installed Applications and Install History | Information about apps, drivers, update packages, or OS components installed on the device such as:<br><ul><li>App, driver, update package, or component’s Name, ID, or Package Family Name</li><li>Product, SKU, availability, catalog, content, and Bundle IDs</li><li>OS component, app or driver publisher, language, version and type (Win32 or UWP)</li><li>Install date, method, and install directory, count of install attempts</li><li>MSI package code and product code</li><li>Original OS version at install time</li><li>User or administrator or mandatory installation/update</li><li>Installation type – clean install, repair, restore, OEM, retail, upgrade, and update</li></ul> |
-| Device update information | Information about Windows Update such as:<br><ul><li>Update Readiness analysis of device hardware, OS components, apps, and drivers (progress, status, and results)</li><li>Number of applicable updates, importance, type</li><li>Update download size and source - CDN or LAN peers</li><li>Delay upgrade status and configuration</li><li>OS uninstall and rollback status and count</li><li>Windows Update server and service URL</li><li>Windows Update machine ID</li><li>Windows Insider build details</li></ul>
-
-## Browsing History data
-
-**Microsoft browser data**: This type of data includes details about web browsing, the address bar, and search box performance on the device in the Microsoft browsers, such as:
-
-- Text typed in address bar and search box
-- Text selected for Ask Cortana search
-- Service response time
-- Autocompleted text if there was an autocomplete
-- Navigation suggestions provided based on local history and favorites
-- Browser ID
-- URLs (which may include search terms)
-- Page title
-
-## Inking Typing and Speech Utterance data
-
-**Voice, inking, and typing**: This type of data gathers details about the voice, inking, and typing input features on the device, such as:
-
-- Type of pen used (highlighter, ball point, pencil), pen color, stroke height and width, and how long it is used
-- Pen gestures (click, double-click, pan, zoom, rotate)
-- Palm Touch x,y coordinates
-- Input latency, missed pen signals, number of frames, strokes, first frame commit time, sample rate
-- Ink strokes written, text before and after the ink insertion point, recognized text entered, Input language - processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values) which could be used to reconstruct the original content or associate the input to the user.
-- Text input from Windows on-screen keyboards except from password fields and private sessions - processed to remove identifiers, sequencing information, and other data (such as email addresses, and numeric values) which could be used to reconstruct the original content or associate the input to the user.
-- Text of speech recognition results - result codes and recognized text
-- Language and model of the recognizer, System Speech language
-- App ID using speech features
-- Whether user is known to be a child
-- Confidence and Success/Failure of speech recognition

windows/privacy/windows-endpoints-1809-non-enterprise-editions.md

@@ -1,157 +0,0 @@
----
-title: Windows 10, version 1809, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1809.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 06/29/2018
-ms.topic: reference
----
-# Windows 10, version 1809, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 1809
-- Windows 10 Professional, version 1809
-- Windows 10 Education, version 1809
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1809-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1809.
-
-We used the following methodology to derive these network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
-2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
-4. Compile reports on traffic going to public IP addresses.
-5.  The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
-6.  All traffic was captured in our lab using a IPV4 network.  Therefore no IPV6 traffic is reported here. 
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|\*.aria.microsoft.com\*	| HTTPS |	Office Telemetry
-|\*.dl.delivery.mp.microsoft.com\*	| HTTP |	Enables connections to Windows Update.
-|\*.download.windowsupdate.com\*	| HTTP |	Used to download operating system patches and updates.
-|\*.g.akamai.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use.
-|\*.msn.com\*	|TLSv1.2/HTTPS |	Windows Spotlight related traffic
-|\*.Skype.com	| HTTP/HTTPS |	Skype related traffic
-|\*.smartscreen.microsoft.com	| HTTPS |	Windows Defender Smartscreen related traffic
-|\*.telecommand.telemetry.microsoft.com\*	| HTTPS |	Used by Windows Error Reporting.
-|\*cdn.onenote.net*	| HTTP |	OneNote related traffic
-|\*displaycatalog.mp.microsoft.com\*	| HTTPS |	Used to communicate with Microsoft Store.
-|\*geo-prod.do.dsp.mp.microsoft.com\*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
-|\*hwcdn.net*	| HTTP |	Used by the Highwinds Content Delivery Network to perform Windows updates.
-|\*img-prod-cms-rt-microsoft-com.akamaized.net*	| HTTPS |	Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
-|\*maps.windows.com\*	| HTTPS |	Related to Maps application.
-|\*msedge.net*	| HTTPS |	Used by OfficeHub to get the metadata of Office apps.
-|\*nexusrules.officeapps.live.com\*	| HTTPS |	Office Telemetry
-|\*photos.microsoft.com\*	| HTTPS |	Photos App related traffic
-|\*prod.do.dsp.mp.microsoft.com\*	|TLSv1.2/HTTPS |	Used for Windows Update downloads of apps and OS updates.
-|\*wac.phicdn.net*	| HTTP |	Windows Update related traffic
-|\*windowsupdate.com\*	| HTTP |	Windows Update related traffic
-|\*wns.windows.com\*	| HTTPS, TLSv1.2 |	Used for the Windows Push Notification Services (WNS).
-|\*wpc.v0cdn.net*	| |	Windows Telemetry related traffic
-|auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js	| |	MSA related
-|evoke-windowsservices-tas.msedge*	| HTTPS |	The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
-|fe2.update.microsoft.com\*	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
-|fe3.\*.mp.microsoft.com.\* 	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
-|fs.microsoft.com	| |	Font Streaming (in ENT traffic)
-|g.live.com\*	| HTTPS |	Used by OneDrive
-|iriscoremetadataprod.blob.core.windows.net	| HTTPS |	Windows Telemetry
-|mscrl.microsoft.com	| |	Certificate Revocation List related traffic.
-|ocsp.digicert.com\*	| HTTP |	CRL and OCSP checks to the issuing certificate authorities.
-|officeclient.microsoft.com	| HTTPS |	Office related traffic.
-|oneclient.sfx.ms*	| HTTPS |	Used by OneDrive for Business to download and verify app updates.
-|purchase.mp.microsoft.com\*	| HTTPS |	Used to communicate with Microsoft Store.
-|query.prod.cms.rt.microsoft.com\*	| HTTPS |	Used to retrieve Windows Spotlight metadata.
-|ris.api.iris.microsoft.com\*	|TLSv1.2/HTTPS |	Used to retrieve Windows Spotlight metadata.
-|ris-prod-atm.trafficmanager.net	| HTTPS |	Azure traffic manager
-|settings.data.microsoft.com\*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
-|settings-win.data.microsoft.com\*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
-|sls.update.microsoft.com\*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
-|store*.dsx.mp.microsoft.com\*	| HTTPS |	Used to communicate with Microsoft Store.
-|storecatalogrevocation.storequality.microsoft.com\*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store.
-|store-images.s-microsoft.com\*	| HTTP |	Used to get images that are used for Microsoft Store suggestions.
-|tile-service.weather.microsoft.com\*	| HTTP |	Used to download updates to the Weather app Live Tile.
-|tsfe.trafficshaping.dsp.mp.microsoft.com\*	|TLSv1.2 |	Used for content regulation.
-|v10.events.data.microsoft.com	| HTTPS |	Diagnostic Data
-|wdcp.microsoft.*	|TLSv1.2 |	Used for Windows Defender when Cloud-based Protection is enabled.
-|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com	| HTTPS |	Windows Defender related traffic.
-|www.bing.com*	| HTTP |	Used for updates for Cortana, apps, and Live Tiles.
-
-## Windows 10 Pro
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-| *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
-| *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| \*.tlu.dl.delivery.mp.microsoft.com/\* | HTTP | Enables connections to Windows Update. |
-| *geo-prod.dodsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update. |
-| arc.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. |
-| ctldl.windowsupdate.com/msdownload/update/* | HTTP |	Used to download certificates that are publicly known to be fraudulent. |
-| cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| dm3p.wns.notify.windows.com.akadns.net	| HTTPS |	Used for the Windows Push Notification Services (WNS) |
-| fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
-| location-inference-westus.cloudapp.net	| HTTPS |	Used for location data. |
-| modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
-| ocsp.digicert.com\* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
-| ris.api.iris.microsoft.com.akadns.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| tile-service.weather.microsoft.com/* | HTTP |	Used to download updates to the Weather app Live Tile. |
-| tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
-| vip5.afdorigin-prod-am02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic |
-
-
-## Windows 10 Education
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-| *.b.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
-| *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
-| *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
-| *.tlu.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update. |
-| *.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
-| *geo-prod.do.dsp.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update. |
-| au.download.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
-| cdn.onenote.net/livetile/*	| HTTPS |	Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Microsoft 365 admin center’s shared infrastructure, including Office. |
-| config.edge.skype.com/*	| HTTPS |	Used to retrieve Skype configuration values.  |
-| ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
-| cy2.displaycatalog.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| displaycatalog.mp.microsoft.com/*	| HTTPS |	Used to communicate with Microsoft Store. | 
-| download.windowsupdate.com/*	| HTTPS |	Enables connections to Windows Update. |
-| fe2.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe3.delivery.mp.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| g.live.com/odclientsettings/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
-| g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
-| licensing.mp.microsoft.com/*	| HTTPS |	Used for online activation and some app licensing. |
-| maps.windows.com/windows-app-web-link	| HTTPS |	Link to Maps application |
-| modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
-| ocos-office365-s2s.msedge.net/*	| HTTPS |	Used to connect to the Microsoft 365 admin center's shared infrastructure. |
-| ocsp.digicert.com\* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
-| oneclient.sfx.ms/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
-| settings-win.data.microsoft.com/settings/*	| HTTPS |	Used as a way for apps to dynamically update their configuration. |
-| sls.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update. |
-| storecatalogrevocation.storequality.microsoft.com/*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store. |
-| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
-| tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
-| vip5.afdorigin-prod-ch02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic. |
-| watson.telemetry.microsoft.com/Telemetry.Request	| HTTPS |	Used by Windows Error Reporting. |
-| bing.com/*	| HTTPS |	Used for updates for Cortana, apps, and Live Tiles. |

windows/privacy/windows-endpoints-1903-non-enterprise-editions.md

@@ -1,267 +0,0 @@
----
-title: Windows 10, version 1903, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1903.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 06/29/2018
-ms.topic: reference
----
-
-# Windows 10, version 1903, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 1903
-- Windows 10 Professional, version 1903
-- Windows 10 Education, version 1903
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1903-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 1903.
-
-The following methodology was used to derive the network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
-
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| Destination | Protocol | Description |
-| ----------- | -------- | ----------- |
-| \*.aria.microsoft.com\* | HTTPS | Microsoft Office Telemetry
-| \*.b.akamai\*.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
-| \*.c-msedge.net | HTTP | Microsoft Office
-| \*.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update
-| \*.download.windowsupdate.com\* | HTTP | Used to download operating system patches and updates
-| \*.g.akamai\*.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
-| \*.login.msa.\*.net | HTTPS | Microsoft Account related
-| \*.msn.com\* | TLSv1.2/HTTPS | Windows Spotlight
-| \*.skype.com | HTTP/HTTPS | Skype
-| \*.smartscreen.microsoft.com | HTTPS | Windows Defender Smartscreen
-| \*.telecommand.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
-| \*cdn.onenote.net\* | HTTP | OneNote
-| \*displaycatalog.\*mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
-| \*geo-prod.do.dsp.mp.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update
-| \*hwcdn.net\* | HTTP | Highwinds Content Delivery Network / Windows updates
-| \*img-prod-cms-rt-microsoft-com\* | HTTPS | Microsoft Store or Inbox MSN Apps image download
-| \*licensing.\*mp.microsoft.com\* | HTTPS | Licensing
-| \*maps.windows.com\* | HTTPS | Related to Maps application
-| \*msedge.net\* | HTTPS | Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps
-| \*nexusrules.officeapps.live.com\* | HTTPS | Microsoft Office Telemetry
-| \*photos.microsoft.com\* | HTTPS | Photos App
-| \*prod.do.dsp.mp.microsoft.com* | TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates
-| \*purchase.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
-| \*settings.data.microsoft.com.akadns.net | HTTPS | Used for Windows apps to dynamically update their configuration
-| \*wac.phicdn.net\* | HTTP | Windows Update
-| \*windowsupdate.com\* | HTTP | Windows Update
-| \*wns.\*windows.com\* | TLSv1.2/HTTPS | Used for the Windows Push Notification Services (WNS)
-| \*wpc.v0cdn.net\* | HTTP | Windows Telemetry
-| arc.msn.com | HTTPS | Spotlight
-| auth.gfx.ms\* | HTTPS | MSA related
-| cdn.onenote.net | HTTPS | OneNote Live Tile
-| dmd.metaservices.microsoft.com\* | HTTP | Device Authentication
-| e-0009.e-msedge.net | HTTPS | Microsoft Office
-| e10198.b.akamaiedge.net | HTTPS | Maps application
-| evoke-windowsservices-tas.msedge\* | HTTPS | Photos app
-| fe2.update.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
-| fe3.\*.mp.microsoft.com.\* | TLSv1.2/HTTPS | Windows Update, Microsoft Update, and Microsoft Store services
-| g.live.com\* | HTTPS | OneDrive
-| go.microsoft.com | HTTP | Windows Defender
-| iriscoremetadataprod.blob.core.windows.net | HTTPS | Windows Telemetry
-| login.live.com | HTTPS | Device Authentication
-| msagfx.live.com | HTTP | OneDrive
-| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
-| officeclient.microsoft.com | HTTPS | Microsoft Office
-| oneclient.sfx.ms\* | HTTPS | Used by OneDrive for Business to download and verify app updates
-| onecollector.cloudapp.aria.akadns.net | HTTPS | Microsoft Office
-| ow1.res.office365.com | HTTP | Microsoft Office
-| purchase.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
-| query.prod.cms.rt.microsoft.com\* | HTTPS | Used to retrieve Windows Spotlight metadata
-| ris.api.iris.microsoft.com\* | TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata
-| ris-prod-atm.trafficmanager.net | HTTPS | Azure traffic manager
-| s-0001.s-msedge.net | HTTPS | Microsoft Office
-| self.events.data.microsoft.com | HTTPS | Microsoft Office
-| settings.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration
-| settings-win.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration
-| share.microsoft.com | HTTPS | Microsoft Store
-| skypeecs-prod-usw-0.cloudapp.net | HTTPS | Microsoft Store
-| sls.update.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update
-| slscr.update.microsoft.com\* | HTTPS | Enables connections to Windows Update
-| store*.dsx.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
-| storecatalogrevocation.storequality.microsoft.com | HTTPS | Microsoft Store
-| storecatalogrevocation.storequality.microsoft.com\* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store
-| store-images.\*microsoft.com\* | HTTP | Used to get images that are used for Microsoft Store suggestions
-| storesdk.dsx.mp.microsoft.com | HTTP | Microsoft Store
-| tile-service.weather.microsoft.com\* | HTTP | Used to download updates to the Weather app Live Tile
-| time.windows.com | HTTP | Microsoft Windows Time related
-| tsfe.trafficshaping.dsp.mp.microsoft.com\* | TLSv1.2/HTTPS | Used for content regulation
-| v10.events.data.microsoft.com | HTTPS | Diagnostic Data
-| watson.telemetry.microsoft.com | HTTPS | Diagnostic Data
-| wdcp.microsoft.\* | TLSv1.2, HTTPS | Used for Windows Defender when Cloud-based Protection is enabled
-| wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com | HTTPS | Windows Defender
-| wusofficehome.msocdn.com | HTTPS | Microsoft Office
-| `www.bing.com`* | HTTP | Used for updates for Cortana, apps, and Live Tiles
-| `www.msftconnecttest.com` | HTTP | Network Connection (NCSI)
-| `www.office.com` | HTTPS | Microsoft Office
-| adl.windows.com | HTTP | Used for compatibility database updates for Windows
-| windows.policies.live.net | HTTP | OneDrive
-
-
-## Windows 10 Pro
-
-| Destination | Protocol | Description |
-| ----------- | -------- | ----------- |
-| \*.cloudapp.azure.com | HTTPS | Azure
-| \*.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Windows Update, Microsoft Update, and Microsoft Store services
-| \*.displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
-| \*.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update
-| \*.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
-| \*.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use
-| \*.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
-| \*.windowsupdate.com\* | HTTP | Enables connections to Windows Update
-| \*.wns.notify.windows.com.akadns.net | HTTPS | Used for the Windows Push Notification Services (WNS)
-| \*dsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update
-| \*c-msedge.net | HTTP | Office
-| a1158.g.akamai.net | HTTP | Maps application
-| arc.msn.com\* | HTTP / HTTPS | Used to retrieve Windows Spotlight metadata
-| blob.mwh01prdstr06a.store.core.windows.net | HTTPS | Microsoft Store
-| browser.pipe.aria.microsoft.com | HTTPS | Microsoft Office
-| bubblewitch3mobile.king.com | HTTPS | Bubble Witch application
-| candycrush.king.com | HTTPS | Candy Crush application
-| cdn.onenote.net | HTTP | Microsoft OneNote
-| cds.p9u4n2q3.hwcdn.net | HTTP | Highwinds Content Delivery Network traffic for Windows updates
-| client.wns.windows.com | HTTPS | Windows Notification System
-| co4.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Windows Error Reporting
-| config.edge.skype.com | HTTPS | Microsoft Skype
-| cs11.wpc.v0cdn.net | HTTP | Windows Telemetry
-| cs9.wac.phicdn.net | HTTP | Windows Update
-| cy2.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
-| cy2.purchase.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
-| cy2.settings.data.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
-| dmd.metaservices.microsoft.com.akadns.net | HTTP | Device Authentication
-| e-0009.e-msedge.net | HTTPS | Microsoft Office
-| e10198.b.akamaiedge.net | HTTPS | Maps application
-| fe3.update.microsoft.com | HTTPS | Windows Update
-| g.live.com | HTTPS | Microsoft OneDrive
-| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata
-| geo-prod.do.dsp.mp.microsoft.com | HTTPS | Windows Update
-| go.microsoft.com | HTTP | Windows Defender
-| iecvlist.microsoft.com | HTTPS | Microsoft Edge
-| img-prod-cms-rt-microsoft-com.akamaized.net | HTTP / HTTPS | Microsoft Store
-| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in
-| licensing.mp.microsoft.com | HTTP | Licensing
-| location-inference-westus.cloudapp.net | HTTPS | Used for location data
-| login.live.com | HTTP | Device Authentication
-| maps.windows.com | HTTP | Maps application
-| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting
-| msagfx.live.com | HTTP | OneDrive
-| nav.smartscreen.microsoft.com | HTTPS | Windows Defender
-| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
-| oneclient.sfx.ms | HTTP | OneDrive
-| ris.api.iris.microsoft.com.akadns.net | HTTPS | Used to retrieve Windows Spotlight metadata
-| ris-prod-atm.trafficmanager.net | HTTPS | Azure
-| s2s.config.skype.com | HTTP | Microsoft Skype
-| settings-win.data.microsoft.com | HTTPS | Application settings
-| share.microsoft.com | HTTPS | Microsoft Store
-| skypeecs-prod-usw-0.cloudapp.net | HTTPS | Microsoft Skype
-| slscr.update.microsoft.com | HTTPS | Windows Update
-| storecatalogrevocation.storequality.microsoft.com | HTTPS | Microsoft Store
-| store-images.microsoft.com | HTTPS | Microsoft Store
-| tile-service.weather.microsoft.com/\* | HTTP | Used to download updates to the Weather app Live Tile
-| time.windows.com | HTTP | Windows time
-| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation
-| v10.events.data.microsoft.com\* | HTTPS | Microsoft Office
-| vip5.afdorigin-prod-am02.afdogw.com | HTTPS | Used to serve office 365 experimentation traffic
-| watson.telemetry.microsoft.com | HTTPS | Telemetry
-| wdcp.microsoft.com | HTTPS | Windows Defender
-| wusofficehome.msocdn.com | HTTPS | Microsoft Office
-| `www.bing.com` | HTTPS | Cortana and Search
-| `www.microsoft.com` | HTTP | Diagnostic
-| `www.msftconnecttest.com` | HTTP | Network connection
-| `www.office.com` | HTTPS | Microsoft Office
-
-
-
-## Windows 10 Education
-
-| Destination | Protocol | Description |
-| ----------- | -------- | ----------- |
-| \*.b.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use
-| \*.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps
-| \*.dl.delivery.mp.microsoft.com\* | HTTP | Windows Update
-| \*.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
-| \*.g.akamaiedge.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
-| \*.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
-| \*.settings.data.microsoft.com.akadns.net | HTTPS | Microsoft Store
-| \*.skype.com\* | HTTPS | Used to retrieve Skype configuration values
-| \*.smartscreen\*.microsoft.com | HTTPS | Windows Defender
-| \*.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
-| \*.telecommand.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
-| \*.wac.phicdn.net | HTTP | Windows Update
-| \*.windowsupdate.com\* | HTTP | Windows Update
-| \*.wns.windows.com | HTTPS | Windows Notifications Service
-| \*.wpc.\*.net | HTTP | Diagnostic Data
-| \*displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
-| \*dsp.mp.microsoft.com | HTTPS | Windows Update
-| a1158.g.akamai.net | HTTP | Maps
-| a122.dscg3.akamai.net | HTTP | Maps
-| a767.dscg3.akamai.net | HTTP | Maps
-| au.download.windowsupdate.com\* | HTTP | Windows Update
-| bing.com/\* | HTTPS | Used for updates for Cortana, apps, and Live Tiles
-| blob.dz5prdstr01a.store.core.windows.net | HTTPS | Microsoft Store
-| browser.pipe.aria.microsoft.com | HTTP | Used by OfficeHub to get the metadata of Office apps
-| cdn.onenote.net/livetile/\* | HTTPS | Used for OneNote Live Tile
-| cds.p9u4n2q3.hwcdn.net | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates
-| client-office365-tas.msedge.net/\* | HTTPS | Microsoft 365 admin center and Office in a browser
-| ctldl.windowsupdate.com\* | HTTP | Used to download certificates that are publicly known to be fraudulent
-| displaycatalog.mp.microsoft.com/\* | HTTPS | Microsoft Store
-| dmd.metaservices.microsoft.com\* | HTTP | Device Authentication
-| download.windowsupdate.com\* | HTTPS | Windows Update
-| evoke-windowsservices-tas.msedge.net | HTTPS | Photo app
-| fe2.update.microsoft.com\* | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
-| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
-| fe3.delivery.mp.microsoft.com\* | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
-| g.live.com\* | HTTPS | Used by OneDrive for Business to download and verify app updates
-| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata
-| go.microsoft.com | HTTP | Windows Defender
-| iecvlist.microsoft.com | HTTPS | Microsoft Edge browser
-| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in
-| licensing.mp.microsoft.com\* | HTTPS | Used for online activation and some app licensing
-| login.live.com | HTTPS | Device Authentication
-| maps.windows.com/windows-app-web-link | HTTPS | Maps application
-| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting
-| msagfx.live.com | HTTPS | OneDrive
-| ocos-office365-s2s.msedge.net/\* | HTTPS | Used to connect to the Microsoft 365 admin center's shared infrastructure
-| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
-| oneclient.sfx.ms/\* | HTTPS | Used by OneDrive for Business to download and verify app updates
-| onecollector.cloudapp.aria.akadns.net | HTTPS | Microsoft Office
-| settings-win.data.microsoft.com/settings/\* | HTTPS | Used as a way for apps to dynamically update their configuration
-| share.microsoft.com | HTTPS | Microsoft Store
-| skypeecs-prod-usw-0.cloudapp.net | HTTPS | Skype
-| sls.update.microsoft.com\* | HTTPS | Windows Update
-| storecatalogrevocation.storequality.microsoft.com\* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store
-| tile-service.weather.microsoft.com\* | HTTP | Used to download updates to the Weather app Live Tile
-| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Windows Update
-| v10.events.data.microsoft.com\* | HTTPS | Diagnostic Data
-| vip5.afdorigin-prod-ch02.afdogw.com | HTTPS | Used to serve Office 365 experimentation traffic
-| watson.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
-| wdcp.microsoft.com | HTTPS | Windows Defender
-| wd-prod-cp-us-east-1-fe.eastus.cloudapp.azure.com | HTTPS | Azure
-| wusofficehome.msocdn.com | HTTPS | Microsoft Office
-| `www.bing.com` | HTTPS | Cortana and Search
-| `www.microsoft.com` | HTTP | Diagnostic Data
-| `www.microsoft.com/pkiops/certs/`* | HTTP | CRL and OCSP checks to the issuing certificate authorities
-| `www.msftconnecttest.com` | HTTP | Network Connection
-| `www.office.com` | HTTPS | Microsoft Office

windows/privacy/windows-endpoints-1909-non-enterprise-editions.md

@@ -1,205 +0,0 @@
----
-title: Windows 10, version 1909, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1909.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 07/20/2020
-ms.topic: reference
----
-# Windows 10, version 1909, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 1909
-- Windows 10 Professional, version 1909
-- Windows 10 Education, version 1909
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-2004-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 1909.
-
-The following methodology was used to derive the network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
-8. These tests were conducted for one week. If you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|arc.msn.com|HTTP/TLS v1.2|Windows Spotlight  
-|api.asm.skype.com|TLS v1.2|Used to retrieve Skype configuration values
-|browser.pipe.aria.microsoft.com|HTTPS|Used to retrieve Skype configuration values
-|ctldl.windowsupdate.com/*|HTTP|Certificate Trust List
-|client.wns.windows.com|HTTP|Used for the Windows Push Notification Service(WNS)
-|config.edge.skype.com|HTTP/TLS v1.2|Used to retrieve Skype configuration values
-|dmd.metaservices.microsoft.com|HTTP|Device metadata
-|config.teams.microsoft.com|HTTPS|Used for Microsoft Teams application
-|*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft Store
-|*.tlu.dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft Store
-|\*displaycatalog.mp.microsoft.com|HTTP/TLS v1.2|Used to communicate with Microsoft Store
-|evoke-windowsservices-tas.msedge.net|HTTP/TLS v1.2|Used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser
-|fe2cr.update.microsoft.com|HTTPS/TLS v1.2|Enables connections to Windows Update, Microsoft Update, and the online services of the Store
-|fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Used to download operating system patches, updates, and apps from Microsoft Store
-|go.microsoft.com|HTTP|Windows Defender and/or Microsoft forward link redirection service (FWLink)
-|g.live.com|HTTP|OneDrive
-|checkappexec.microsoft.com|HTTPS|Used for Windows Defender Smartscreen reporting and notifications
-|*.prod.do.dsp.mp.microsoft.com|HTTP/TLS v1.2|Windows Update
-|*.au.download.windowsupdate.com|HTTP|Windows Update
-|download.windowsupdate.com|HTTP|Windows Update
-|inference.location.live.net|TLS v1.2|Used for Location Data
-|iecvlist.microsoft.com|HTTP|This endpoint is related to Microsoft Edge
-|login.live.com|HTTPS/TLS v1.2|Device Authentication
-|logincdn.msauth.net|HTTPS|OneDrive
-|licensing.mp.microsoft.com|HTTP/TLS v1.2|Licensing
-|maps.windows.com|TLS v1.2|Used to check for updates to maps that have been downloaded for offline use
-|mobile.pipe.aria.microsoft.com|HTTP|Office Telemetry
-|nav.smartscreen.microsoft.com|HTTP|Used for Windows Defender SmartScreen reporting and notifications
-|outlook.office365.com|HTTP|Used to connect to the Microsoft 365 admin center's shared infrastructure, including Office in a browser
-|ocsp.digicert.com|HTTP|Used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available
-|oneclient.sfx.ms|HTTPS|Used by OneDrive for Business to download and verify app updates
-|img-prod-cms-rt-microsoft-com.akamaized.net|HTTP|Used to communicate with Microsoft Store
-|manage.devcenter.microsoft.com|HTTP/TLS v1.2|Used to get Microsoft Store analytics
-|ris.api.iris.microsoft.com|HTTPS|Used to retrieve Windows Spotlight metadata that describes content
-|settings-win.data.microsoft.com|HTTPS/TLS v1.2|Used for Windows apps to dynamically update their configuration
-|smartscreen-prod.microsoft.com|HTTP|Used for Windows Defender SmartScreen reporting and notifications
-|*.blob.core.windows.net|HTTP/TLS v1.2|Windows Telemetry
-|storage.live.com|HTTP/TLS v1.2|OneDrive
-|skydrivesync.policies.live.net|TLS v1.2|OneDrive
-|dm2302.settings.live.net|HTTP|OneDrive
-|slscr.update.microsoft.com|HTTPS/TLS V1.2|Windows Update
-|tile-service.weather.microsoft.com|HTTP|Used for the Weather app
-|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTP|This endpoint is used for content regulation
-|watson.telemetry.microsoft.com*|HTTPS/TLS v1.2|Diagnostic Data
-|v10.events.data.microsoft.com/onecollector/1.0/|HTTPS|Microsoft Office
-|v10.events.data.microsoft.com|HTTPS/TLS v1.2|Used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service
-|www.bing.com|HTTPS/TLS v1.2|Cortana and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection Status Indicator (NCSI)
-|wdcp.microsoft.com|HTTPS|Used for Windows Defender when Cloud-based Protection is enabled
-|activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows
-|adl.windows.com|HTTP|Used for compatibility database updates for Windows
-|spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile
-|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.
-
-## Windows 10 Pro
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|*.prod.do.dsp.mp.microsoft.com|HTTP/TLS v1.2|Windows Update
-|api.onedrive.com|HTTP|OneDrive
-|smartscreen-prod.microsoft.com|HTTP|Used for Windows Defender SmartScreen reporting and notifications
-|nav.smartscreen.microsoft.com|HTTPS/TLS v1.2|Windows Defender
-|*.update.microsoft.com|HTTP|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store  
-|browser.pipe.aria.microsoft.com|HTTPS|Used to retrieve Skype configuration values
-|*.windowsupdate.com|HTTP|Used to download operating system patches and updates
-|*.wns.windows.com|TLS v1.2|Used for the Windows Push Notification Services (WNS)
-|*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft Store
-|c-ring.msedge.net|TLS v1.2|Cortana and Live Tiles
-|a-ring.msedge.net|TLS v1.2|Cortana and Live Tiles
-|*storecatalogrevocation.storequality.microsoft.com|HTTP/TLS v1.2|Used to revoke licenses for malicious apps on the Microsoft Store
-|arc.msn.com|HTTP/TLS v1.2|Windows Spotlight
-|*.blob.core.windows.net|HTTP/TLS v1.2|Windows Telemetry
-|cdn.onenote.net|HTTPS/TLS v1.2|OneNote Live Tile
-|checkappexec.microsoft.com|HTTPS|Used for Windows Defender SmartScreen reporting and notifications
-|config.edge.skype.com|HTTP/TLS v1.2|Used to retrieve Skype configuration values
-|config.teams.microsoft.com|HTTPS|Used for Microsoft Teams application
-|ctldl.windowsupdate.com|HTTP|Used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available
-|*displaycatalog.mp.microsoft.com|HTTP/TLS v1.2|Microsoft Store
-|fe2cr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|slscr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|evoke-windowsservices-tas.msedge.net|HTTPS/TLS v1.2|Used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser
-|fp.msedge.net|HTTPS/TLS v1.2|Cortana and Live Tiles
-|fp-vp.azureedge.net|TLS v1.2|Cortana and Live Tiles
-|g.live.com|TLS v1.2|OneDrive
-|go.microsoft.com|HTTP|Windows Defender and/or Microsoft forward link redirection service (FWLink)
-|iecvlist.microsoft.com|HTTP|Microsoft Edge
-|inference.location.live.net|TLS v1.2|Used for Location Data
-|img-prod-cms-rt-microsoft-com.akamaized.net|HTTP|Used to communicate with Microsoft Store
-|licensing.mp.microsoft.com*|HTTP/TLS v1.2|Licensing
-|login.live.com|HTTPS/TLS v1.2|Device Authentication
-|logincdn.msauth.net|HTTPS|Used for Microsoft accounts to sign in
-|manage.devcenter.microsoft.com|HTTP/TLS v1.2|Microsoft Store analytics
-|maps.windows.com|TLS v1.2|Related to Maps application
-|ocsp.digicert.com|HTTP|Used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available
-|ocsp.msocsp.com|HTTP|Used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available
-|oneclient.sfx.ms|HTTPS|Used by OneDrive for Business to download and verify app updates
-|mobile.pipe.aria.microsoft.com|HTTP|Office Telemetry
-|ris.api.iris.microsoft.com|TLS v1.2|Windows Spotlight
-|settings-win.data.microsoft.com|HTTPS/TLS v1.2|Used for Windows apps to dynamically update their configuration
-|spo-ring.msedge.net|TLSv1.2|Cortana and Live Tiles
-|telecommand.telemetry.microsoft.com|TLS v1.2|Used by Windows Error Reporting 
-|tile-service.weather.microsoft.com|HTTP|Used for the Weather app
-|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|Used for content regulation
-|v10.events.data.microsoft.com/onecollector/1.0/|HTTPS/TLS v1.2|Diagnostic Data
-|v10.events.data.microsoft.com|HTTPS/TLS v1.2|Used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service
-|watson.telemetry.microsoft.com*|HTTPS/TLS v1.2|Used by Windows Error Reporting
-|wdcp.microsoft.com|HTTPS|Used for Windows Defender when Cloud-based Protection is enabled
-|www.bing.com|HTTPS/TLS v1.2|Cortana and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection Status Indicator (NCSI)
-|outlook.office365.com|HTTP|Microsoft Office
-|storage.live.com|HTTP/TLS v1.2|OneDrive
-|skydrivesync.policies.live.net|TLS v1.2|OneDrive
-|windows.policies.live.net|HTTP|OneDrive
-|activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows
-|adl.windows.com|HTTP|Used for compatibility database updates for Windows
-|spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile
-|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.
-
-## Windows 10 Education
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|arc.msn.com|HTTPS/TLS v1.2|Windows Spotlight
-|*.dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|client.wns.windows.com|TLS v1.2|Used for the Windows Push Notification Services (WNS)
-|*storecatalogrevocation.storequality.microsoft.com|TLS v1.2|Used to revoke licenses for malicious apps on the Microsoft Store
-|ctldl.windowsupdate.com|HTTP|Certificate Trust List
-|dmd.metaservices.microsoft.com|HTTP|Device metadata
-|Inference.location.live.net|TLS v1.2|Location
-|oneclient.sfx.ms|HTTPS|OneDrive
-|storage.live.com|HTTP/TLS v1.2|OneDrive
-|skydrivesync.policies.live.net|TLS v1.2|OneDrive
-|slscr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|fe2cr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Windows Update
-|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTP/TLS v1.2|Windows Update
-|officehomeblobs.blob.core.windows.net|HTTP|Windows Telemetry
-|\*displaycatalog.mp.microsoft.com|HTTP/TLS v1.2|Microsoft Store
-|img-prod-cms-rt-microsoft-com.akamaized.net|HTTP|Used to communicate with Microsoft Store
-|config.teams.microsoft.com|HTTPS|Teams
-|api.asm.skype.com|TLS v1.2|Used to retrieve Skype configuration values
-|config.edge.skype.com|HTTP/TLS v1.2|Used to retrieve Skype configuration values
-|logincdn.msauth.net|HTTPS|OneDrive
-|iecvlist.microsoft.com|HTTP|Microsoft Edge
-|download.windowsupdate.com|HTTP|Windows Update
-|checkappexec.microsoft.com|HTTPS|Windows Defender
-|evoke-windowsservices-tas.msedge.net|HTTPS/TLS v1.2|Photos app
-|g.live.com|TLS v1.2|OneDrive
-|go.microsoft.com|HTTP|Windows Defender
-|licensing.mp.microsoft.com|HTTP/TLS v1.2|Licensing
-|login.live.com|HTTPS/TLS v1.2|Device Authentication
-|manage.devcenter.microsoft.com|TLS v1.2|Microsoft Store analytics
-|ocsp.digicert.com|HTTP|CRL and OCSP checks to the issuing certificate authorities
-|ris.api.iris.microsoft.com|TLS v1.2|Windows spotlight
-|telecommand.telemetry.microsoft.com|TLS v1.2|Used by Windows Error Reporting  
-|tile-service.weather.microsoft.com|HTTP|Used to download updates to the Weather app Live Tile
-|v10.events.data.microsoft.com|HTTPS/TLS v1.2|Diagnostic Data
-|V10.events.data.microsoft.com/onecollector/1.0/|HTTPS|Diagnostic Data
-|Watson.telemetry.microsoft.com/telemetry.request|HTTPS|Diagnostic Data
-|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
-|outlook.office365.com|HTTP|Microsoft Office
-|www.bing.com|TLS v1.2|Used for updates for Cortana, apps, and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
-|adl.windows.com|HTTP|Used for compatibility database updates for Windows

windows/privacy/windows-endpoints-2004-non-enterprise-editions.md

@@ -1,196 +0,0 @@
----
-title: Windows 10, version 2004, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 2004.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 05/11/2020
-ms.topic: reference
----
-# Windows 10, version 2004, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 2004
-- Windows 10 Professional, version 2004
-- Windows 10 Education, version 2004
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-2004-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 2004.
-
-The following methodology was used to derive the network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here. 
-7. These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
-8. These tests were conducted for one week. If you capture traffic for longer you may have different results.
-
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|*.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|*.prod.do.dsp.mp.microsoft.com|TLSv1.2|Windows Update 
-|*.smartscreen.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.smartscreen-prod.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.update.microsoft.com|TLSv1.2|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
-|*.windowsupdate.com|HTTP|Used to download operating system patches and updates
-|*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft 
-|*storecatalogrevocation.storequality.microsoft.com|TLSv1.2|Used to revoke licenses for malicious apps on the Microsoft Store
-|arc.msn.com|TLSv1.2|Windows Spotlight 
-|cdn.onenote.net|HTTPS|OneNote
-|config.edge.skype.com|HTTPS|Skype 
-|config.teams.microsoft.com|HTTPS|Skype 
-|crl.microsoft.com|HTTPS|Skype 
-|ctldl.windowsupdate.com|HTTP|Certificate Trust List 
-|da.xboxservices.com|HTTPS|Microsoft Edge  
-|*displaycatalog.mp.microsoft.com|HTTPS|Microsoft Store 
-|dmd.metaservices.microsoft.com|HTTP|Device Authentication 
-|evoke-windowsservices-tas.msedge.net|TLSv1.2|Photos app 
-|fs.microsoft.com|TLSv1.2|Maps application
-|g.live.com|TLSv1.2|OneDrive 
-|go.microsoft.com|HTTPS|Windows Defender
-|img-prod-cms-rt-microsoft-com|TLSv1.2|This endpoint is related to Microsoft Edge 
-|licensing.mp.microsoft.com|HTTPS|Licensing 
-|login.live.com|TLSv1.2|Device Authentication
-|logincdn.msauth.net|TLSv1.2|Device Authentication
-|manage.devcenter.microsoft.com|TLSv1.2|Microsoft Store analytics  
-|maps.windows.com|TLSv1.2|Related to Maps application 
-|ocsp.digicert.com|HTTPS|CRL and OCSP checks to the issuing certificate authorities
-|oneclient.sfx.ms|HTTPS|Used by OneDrive for Business to download and verify app updates
-|pipe.aria.microsoft.com|HTTPS|Used to retrieve Skype configuration values
-|ris.api.iris.microsoft.com|TLSv1.2|Windows Telemetry
-|settings-win.data.microsoft.com|TLSv1.2|Used for Windows apps to dynamically update their configuration
-|storesdk.dsx.mp.microsoft.com|HTTPS|Used to communicate with Microsoft Store
-|telecommand.telemetry.microsoft.com|TLSv1.2|Used by Windows Error Reporting
-|tile-service.weather.microsoft.com|HTTPS|Used to download updates to the Weather app Live Tile
-|tsfe.trafficshaping.dsp.mp.microsoft.com|TLSv1.2|Used for content regulation
-|v10.events.data.microsoft.com|TLSv1.2|Diagnostic Data
-|v20.events.data.microsoft.com|TLSv1.2|Diagnostic Data
-|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
-|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
-|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
-|www.office.com|HTTPS|Microsoft Office
-
-
-## Windows 10 Pro
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|*.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|*.prod.do.dsp.mp.microsoft.com|TLSv1.2|Windows Update 
-|*.smartscreen.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.smartscreen-prod.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.update.microsoft.com|TLSv1.2|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
-|*.windowsupdate.com|HTTP|Used to download operating system patches and updates
-|*.wns.windows.com|TLSv1.2|Used for the Windows Push Notification Services (WNS)
-|*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|*msn-com.akamaized.net|HTTPS|This endpoint is related to Microsoft Edge
-|*ring.msedge.net|HTTPS|Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps 
-|*storecatalogrevocation.storequality.microsoft.com|TLSv1.2|Used to revoke licenses for malicious apps on the Microsoft Store
-|arc.msn.com|TLSv1.2|Windows Spotlight 
-|blobs.officehome.msocdn.com|HTTPS|OneNote
-|cdn.onenote.net|HTTPS|OneNote
-|checkappexec.microsoft.com|HTTPS|OneNote
-|config.edge.skype.com|HTTPS|Skype 
-|config.teams.microsoft.com|HTTPS|Skype 
-|crl.microsoft.com|HTTPS|Skype 
-|ctldl.windowsupdate.com|HTTP|Certificate Trust List 
-|d2i2wahzwrm1n5.cloudfront.net|HTTPS|Microsoft Edge
-|da.xboxservices.com|HTTPS|Microsoft Edge  
-|*displaycatalog.mp.microsoft.com|HTTPS|Microsoft Store 
-|dlassets-ssl.xboxlive.com|HTTPS|Xbox Live 
-|dmd.metaservices.microsoft.com|HTTP|Device Authentication 
-|evoke-windowsservices-tas.msedge.net|TLSv1.2|Photos app 
-|fp.msedge.net|HTTPS|Cortana and Live Tiles
-|fs.microsoft.com|TLSv1.2|Maps application
-|g.live.com|TLSv1.2|OneDrive 
-|go.microsoft.com|HTTPS|Windows Defender
-|img-prod-cms-rt-microsoft-com*|TLSv1.2|This endpoint is related to Microsoft Edge 
-|licensing.mp.microsoft.com|HTTPS|Licensing 
-|login.live.com|TLSv1.2|Device Authentication
-|manage.devcenter.microsoft.com|TLSv1.2|Microsoft Store analytics  
-|maps.windows.com|TLSv1.2|Related to Maps application 
-|ocsp.digicert.com|HTTPS|CRL and OCSP checks to the issuing certificate authorities
-|oneclient.sfx.ms|HTTPS|Used by OneDrive for Business to download and verify app updates
-|pipe.aria.microsoft.com|HTTPS|Used to retrieve Skype configuration values
-|ris.api.iris.microsoft.com|TLSv1.2|Windows Telemetry
-|s1325.t.eloqua.com|HTTPS|Microsoft Edge
-|self.events.data.microsoft.com|HTTPS|Microsoft Office
-|settings-win.data.microsoft.com|TLSv1.2|Used for Windows apps to dynamically update their configuration
-|store-images.*microsoft.com|HTTPS|Used to get images that are used for Microsoft Store suggestions
-|storesdk.dsx.mp.microsoft.com|HTTPS|Microsoft Store
-|telecommand.telemetry.microsoft.com|TLSv1.2|Used by Windows Error Reporting
-|tile-service.weather.microsoft.com|HTTPS|Used to download updates to the Weather app Live Tile
-|time.windows.com|HTTPS|Fetch the time
-|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|The following endpoint is used for content regulation
-|v10.events.data.microsoft.com|TLSv1.2|Diagnostic Data
-|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
-|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
-|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
-|www.msn.com|HTTPS|Network Connection (NCSI)
-|www.office.com|HTTPS|Microsoft Office
-
-
-## Windows 10 Education
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|*.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|*.prod.do.dsp.mp.microsoft.com|TLSv1.2|Windows Update 
-|*.smartscreen.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.smartscreen-prod.microsoft.com|HTTPS|Windows Defender SmartScreen 
-|*.update.microsoft.com|TLSv1.2|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
-|*.windowsupdate.com|HTTP|Used to download operating system patches and updates
-|*.wns.windows.com|TLSv1.2|Used for the Windows Push Notification Services (WNS)
-|*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft
-|*ring.msedge.net|HTTPS|Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps 
-|*storecatalogrevocation.storequality.microsoft.com|TLSv1.2|Used to revoke licenses for malicious apps on the Microsoft Store
-|arc.msn.com|TLSv1.2|Windows Spotlight 
-|blobs.officehome.msocdn.com|HTTPS|OneNote
-|cdn.onenote.net|HTTPS|OneNote
-|checkappexec.microsoft.com|HTTPS|OneNote
-|config.edge.skype.com|HTTPS|Skype 
-|config.teams.microsoft.com|HTTPS|Skype 
-|crl.microsoft.com|HTTPS|Skype 
-|ctldl.windowsupdate.com|HTTP|Certificate Trust List 
-|da.xboxservices.com|HTTPS|Microsoft Edge  
-|dmd.metaservices.microsoft.com|HTTP|Device Authentication 
-|evoke-windowsservices-tas.msedge.net|TLSv1.2|Photos app 
-|fp.msedge.net|HTTPS|Cortana and Live Tiles
-|fs.microsoft.com|TLSv1.2|Maps application
-|g.live.com|TLSv1.2|OneDrive 
-|go.microsoft.com|HTTPS|Windows Defender
-|licensing.mp.microsoft.com|HTTPS|Licensing 
-|login.live.com|TLSv1.2|Device Authentication
-|logincdn.msauth.net|HTTPS|Device Authentication
-|manage.devcenter.microsoft.com|TLSv1.2|Microsoft Store analytics  
-|ocsp.digicert.com|HTTPS|CRL and OCSP checks to the issuing certificate authorities
-|ocsp.msocsp.com|HTTPS|CRL and OCSP checks to the issuing certificate authorities
-|ow1.res.office365.com|HTTPS|Microsoft Office
-|pipe.aria.microsoft.com|HTTPS|Used to retrieve Skype configuration values
-|ris.api.iris.microsoft.com|TLSv1.2|Windows Telemetry
-|s1325.t.eloqua.com|HTTPS|Microsoft Edge
-|settings-win.data.microsoft.com|TLSv1.2|Used for Windows apps to dynamically update their configuration
-|telecommand.telemetry.microsoft.com|TLSv1.2|Used by Windows Error Reporting
-|tile-service.weather.microsoft.com|HTTPS|Used to download updates to the Weather app Live Tile
-|v10.events.data.microsoft.com|TLSv1.2|Diagnostic Data
-|v20.events.data.microsoft.com|HTTPS|Diagnostic Data
-|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
-|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
-|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
-|www.microsoft.com|HTTP|Connected User Experiences and Telemetry, Microsoft Data Management service
-|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
-|www.office.com|HTTPS|Microsoft Office

windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md

@@ -1,256 +0,0 @@
----
-title: Windows 10, version 20H2, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 20H2.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 12/17/2020
-ms.topic: reference
----
-# Windows 10, version 20H2, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 20H2
-- Windows 10 Professional, version 20H2
-- Windows 10 Education, version 20H2
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-2004-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 20H2.
-
-The following methodology was used to derive the network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
-8. These tests were conducted for one week. If you capture traffic for longer you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-|-----------|--------------- |------------- |-----------------|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||HTTPS/HTTP|fp.msedge.net|
-|||HTTPS/HTTP|k-ring.msedge.net|
-|||TLSv1.2|b-ring.msedge.net|
-|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
-|Device Directory Service|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.|HTTPS/HTTP|cs.dds.microsoft.com|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com|
-|||TLSv1.2/HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|||HTTPS|licensing.mp.microsoft.com/v7.0/licenses/content|
-|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com| 
-|||HTTPS/HTTP|*.ssl.ak.dynamic.tiles.virtualearth.net|
-|||HTTPS/HTTP|*.ssl.ak.tiles.virtualearth.net|
-|||HTTPS/HTTP|dev.virtualearth.net|
-|||HTTPS/HTTP|ecn.dev.virtualearth.net|
-|||HTTPS/HTTP|ssl.bing.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoints are used for Microsoft Edge Browser Services.|HTTPS/HTTP|edge.activity.windows.com|
-|||HTTPS/HTTP|edge.microsoft.com|
-||The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|HTTP|go.microsoft.com/fwlink/|
-|||TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-||The following endpoints are used get images that are used for Microsoft Store suggestions|TLSv1.2|store-images.s-microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
-|||TLSv1.2/HTTPS|office.com|
-|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||HTTP/HTTPS|*.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|||HTTP|roaming.officeapps.live.com|
-|||HTTPS/HTTP|substrate.office.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|||HTTPS/HTTP|windows.policies.live.net|
-|||HTTPS/HTTP|api.onedrive.com|
-|||HTTPS/HTTP|skydrivesync.policies.live.net|
-|||HTTPS/HTTP|*storage.live.com|
-|||HTTPS/HTTP|*settings.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-|||TLSv1.2|definitionupdates.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|||HTTPS|mucp.api.account.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com| 
-|||TLSv1.2/HTTPS|da.xboxservices.com|
-|||HTTPS|www.xboxab.com|
-|
-
-## Windows 10 Pro
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-| --- | --- | --- | ---|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com|
-|||TLSv1.2/HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
-|||TLSv1.2/HTTPS|office.com|
-|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||HTTP/HTTPS|*.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|||TLSv1.2/HTTPS/HTTP|officeclient.microsoft.com|
-|||HTTPS/HTTP|substrate.office.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|||HTTPS/HTTP|windows.policies.live.net|
-|||HTTPS/HTTP|*storage.live.com|
-|||HTTPS/HTTP|*settings.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com| 
-|||TLSv1.2/HTTPS|da.xboxservices.com|
-|
-
-## Windows 10 Education
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-| --- | --- | --- | ---|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Viva Engage conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||HTTPS/HTTP|fp.msedge.net|
-|||TLSv1.2|odinvzc.azureedge.net|
-|||TLSv1.2|b-ring.msedge.net|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com|
-|||TLSv1.2/HTTP|www.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|1storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS|office.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
-|||TLSv1.2/HTTPS|da.xboxservices.com|

windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md

@@ -1,250 +0,0 @@
----
-title: Windows 10, version 21H1, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 21H1.
-ms.service: windows-client
-ms.subservice: itpro-privacy
-ms.localizationpriority: high
-author: DHB-MSFT
-ms.author: danbrown
-manager: laurawi
-ms.date: 12/17/2020
-ms.topic: reference
----
-# Windows 10, version 21H1, connection endpoints for non-Enterprise editions
-
- **Applies to**
-
-- Windows 10 Home, version 21H1
-- Windows 10 Professional, version 21H1
-- Windows 10 Education, version 21H1
-
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-21H1-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 21H1.
-
-The following methodology was used to derive the network endpoints:
-
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
-4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
-8. These tests were conducted for one week. If you capture traffic for longer, you may have different results.
-
-> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
-## Windows 10 Home
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-|-----------|--------------- |------------- |-----------------|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||HTTPS/HTTP|fp.msedge.net|
-|||HTTPS/HTTP|k-ring.msedge.net|
-|||TLSv1.2|b-ring.msedge.net|
-|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
-|Device Directory Service|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.|HTTPS/HTTP|cs.dds.microsoft.com|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. <br/>If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|||HTTPS|licensing.mp.microsoft.com/v7.0/licenses/content|
-|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com| 
-|||HTTPS/HTTP|*.ssl.ak.dynamic.tiles.virtualearth.net|
-|||HTTPS/HTTP|*.ssl.ak.tiles.virtualearth.net|
-|||HTTPS/HTTP|dev.virtualearth.net|
-|||HTTPS/HTTP|ecn.dev.virtualearth.net|
-|||HTTPS/HTTP|ssl.bing.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoints are used for Microsoft Edge Browser Services.|HTTPS/HTTP|edge.activity.windows.com|
-|||HTTPS/HTTP|edge.microsoft.com|
-||The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|HTTP|go.microsoft.com/fwlink/|
-|||TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-||The following endpoints are used get images that are used for Microsoft Store suggestions|TLSv1.2|store-images.s-microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
-|||TLSv1.2/HTTPS|office.com|
-|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||HTTP/HTTPS|*.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|||HTTP|roaming.officeapps.live.com|
-|||HTTPS/HTTP|substrate.office.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|||HTTPS/HTTP|windows.policies.live.net|
-|||HTTPS/HTTP|api.onedrive.com|
-|||HTTPS/HTTP|skydrivesync.policies.live.net|
-|||HTTPS/HTTP|*storage.live.com|
-|||HTTPS/HTTP|*settings.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-|||TLSv1.2|definitionupdates.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|||HTTPS|mucp.api.account.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com| 
-|||TLSv1.2/HTTPS|da.xboxservices.com|
-|||HTTPS|www.xboxab.com|
-|
-
-## Windows 10 Pro
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-| --- | --- | --- | ---|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. <br/>If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com|
-|||TLSv1.2/HTTPS|office.com|
-|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||HTTP/HTTPS|*.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|||TLSv1.2/HTTPS/HTTP|officeclient.microsoft.com|
-|||HTTPS/HTTP|substrate.office.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|||HTTPS/HTTP|windows.policies.live.net|
-|||HTTPS/HTTP|*storage.live.com|
-|||HTTPS/HTTP|*settings.live.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com| 
-|||TLSv1.2/HTTPS|da.xboxservices.com|
-|
-
-## Windows 10 Education
-
-| **Area** | **Description** | **Protocol** | **Destination** |
-| --- | --- | --- | ---|
-| Activity Feed Service |The following endpoints are used by Activity Feed Service, which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com|
-|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
-||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Viva Engage conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
-|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
-|||HTTPS/HTTP|fp.msedge.net|
-|||TLSv1.2|odinvzc.azureedge.net|
-|||TLSv1.2|b-ring.msedge.net|
-|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. <br/>If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|TLSv1.2/HTTP|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*|
-|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com|
-|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com|
-|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com|
-|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|1storecatalogrevocation.storequality.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|storesdk.dsx.mp.microsoft.com|
-||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS|office.com|
-|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net|
-|||TLSv1.2|self.events.data.microsoft.com|
-|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com|
-|||TLSv1.2/HTTPS|oneclient.sfx.ms|
-|||HTTPS/TLSv1.2|logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*|
-|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
-|||TLSv1.2/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
-|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
-|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com|
-|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
-||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoints are used for Xbox Live.|
-|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
-|||TLSv1.2/HTTPS|da.xboxservices.com|

windows/privacy/windows-privacy-compliance-guide.md

@@ -44,7 +44,7 @@ The following table provides an overview of the Windows 10 and Windows 11 privac
 
 | Feature/Setting | Description | Supporting content | Privacy statement |
 | --- | --- | --- | --- |
-| Diagnostic Data | <p>Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft to quickly identify and address issues affecting its customers.</p><p>Diagnostic data is categorized into the following:<ul><li>**Required diagnostic data**<br />Required diagnostic data includes information about your device, its settings, capabilities, and whether it is performing properly, whether a device is ready for an update, and whether there are factors that may impede the ability to receive updates, such as low battery, limited disk space, or connectivity through a paid network. You can find out what is collected with required diagnostic data [here](./required-windows-diagnostic-data-events-and-fields-2004.md).</li><li>**Optional diagnostic data**<br />Optional diagnostic data includes more detailed information about your device and its settings, capabilities, and device health. When you choose to send optional diagnostic data, required diagnostic data will always be included. You can find out the types of optional diagnostic data collected [here](./windows-diagnostic-data.md).</li></ul></p> | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)<br /><br />[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
+| Diagnostic Data | <p>Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft to quickly identify and address issues affecting its customers.</p><p>Diagnostic data is categorized into the following:<ul><li>**Required diagnostic data**<br />Required diagnostic data includes information about your device, its settings, capabilities, and whether it is performing properly, whether a device is ready for an update, and whether there are factors that may impede the ability to receive updates, such as low battery, limited disk space, or connectivity through a paid network. You can find out what is collected with required diagnostic data [here](./required-windows-diagnostic-data-events-and-fields-2004.md).</li><li>**Optional diagnostic data**<br />Optional diagnostic data includes more detailed information about your device and its settings, capabilities, and device health. When you choose to send optional diagnostic data, required diagnostic data will always be included. You can find out the types of optional diagnostic data collected [here](./optional-diagnostic-data.md).</li></ul></p> | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)<br /><br />[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
 | Inking & typing | Microsoft collects optional inking and typing diagnostic data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
 | Location | Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services. | [Learn more](https://support.microsoft.com/help/4468240/windows-10-location-service-and-privacy) |[Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) |
 | Find my device | Use your device’s location data to help you find your device if you lose it. | [Learn more](https://support.microsoft.com/help/11579/microsoft-account-find-and-lock-lost-windows-device) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) |
@@ -56,7 +56,7 @@ The following table provides an overview of the Windows 10 and Windows 11 privac
 
 [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) is a Microsoft Store app (available in Windows 10, version 1803 and later and Windows 11) that lets a user review the Windows diagnostic data that is being collected on their Windows device and sent to Microsoft in real-time. DDV groups the information into simple categories that describe the data that’s being collected.
 
-An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](microsoft-diagnosticdataviewer.md) provides further information.
+An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](diagnostic-data-viewer-powershell.md) provides further information.
 
 > [!Note]
 > If the Windows diagnostic data processor configuration is enabled, IT administrators should use the admin portal to fulfill data subject requests to access or export Windows diagnostic data associated with a particular user’s device usage. See [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights).
@@ -180,14 +180,14 @@ Users can delete their device-based data by opening the Windows settings app and
 
 ### 3.2 View
 
-The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from a Windows device. Administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet.
+The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from a Windows device. Administrators can also use the [Get-DiagnosticData](diagnostic-data-viewer-powershell.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet.
 
 >[!Note]
 >If the Windows diagnostic data processor configuration is enabled, IT administrators can view the diagnostic data that is associated with a user from the admin portal.
 
 ### 3.3 Export
 
-The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides the ability to export the diagnostic data captured while the app is running, by clicking the **Export** data button in the top menu. Administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script.
+The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides the ability to export the diagnostic data captured while the app is running, by clicking the **Export** data button in the top menu. Administrators can also use the [Get-DiagnosticData](diagnostic-data-viewer-powershell.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script.
 
 >[!Note]
 >If the Windows diagnostic data processor configuration is enabled, IT administrators can also export the diagnostic data that is associated with a user from the admin portal.
@@ -246,5 +246,4 @@ Microsoft Intune is a cloud-based endpoint management solution. It manages user
 * [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement)
 * [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 * [Privacy at Microsoft](https://privacy.microsoft.com/privacy-report)
-* [Changes to Windows diagnostic data](changes-to-windows-diagnostic-data-collection.md)
 * [Microsoft Service Trust Portal](https://servicetrust.microsoft.com/)