deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 16:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client

Browse Source
This commit is contained in:
Greg Lindsay 2018-12-31 12:48:49 -08:00
commit 70a42fb9b6
7 changed files with 202 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
View File

@ -9,7 +9,7 @@ ms.pagetype: security
localizationpriority: high
author: brianlic-msft
ms.author: brianlic
ms.date: 12/13/2018
ms.date: 12/27/2018
---
@ -1810,47 +1810,46 @@ This event sends data about boot IDs for which a normal clean shutdown was not o
The following fields are available:
- **AbnormalShutdownBootId** Retrieves the Boot ID for which the abnormal shutdown was observed.
- **CrashDumpEnabled** OS configuration of the type of crash dump enabled; 0 = not enabled
- **CumulativeCrashCount** Cumulative count of OS crashes since the BootId reset
- **CurrentBootId** Retrieves the current boot ID.
- **CrashDumpEnabled** Indicates whether crash dumps are enabled.
- **CumulativeCrashCount** Cumulative count of operating system crashes since the BootId reset.
- **CurrentBootId** BootId at the time the abnormal shutdown event was being reported.
- **FirmwareResetReasonEmbeddedController** Firmware-supplied reason for the reset.
- **FirmwareResetReasonEmbeddedControllerAdditional** Additional data related to the reset reason provided by the firmware.
- **FirmwareResetReasonPch** Hardware-supplied reason for the reset.
- **FirmwareResetReasonPchAdditional** Additional data related to the reset reason provided by the hardware.
- **FirmwareResetReasonSupplied** Indicates whether the firmware supplied any reset reason.
- **FirmwareType** ID of the FirmwareType as enumerated in DimFirmwareType
- **FirmwareType** ID of the FirmwareType as enumerated in DimFirmwareType.
- **HardwareWatchdogTimerGeneratedLastReset** Indicates whether the hardware watchdog timer caused the last reset.
- **HardwareWatchdogTimerPresent** Indicates whether hardware watchdog timer was present or not.
- **LastBugCheckBootId** "bootId of the captured Last Bug Check""; important to match AbnormalShutdownBootId for analysis or the Last Bug Check info in the event does not correlate with the rest of the information""""ootId of the captured ""Last Bug Check""; important to match AbnormalShutdownBootId for analysis or the Last Bug Check info in the event does not correlate with the """"otId of the captured ""Last Bug Check""; important to match AbnormalShutdownBootId for analysis or the Last Bug Check info in the event does n""""tId of the captured ""Last Bug Check""; important to match AbnormalShutdownBootId for analysis or the Last Bug Check inf""""Id of the captured ""Last Bug Check""; important to match AbnormalShutdownBootId for analysis or th""""d of the captured ""Last Bug Check""; important to match AbnormalShutdownBootId"""" of the captured ""Last Bug Check""; important to match Abno""""of the captured ""Last Bug Check""; import""""f the captured ""Last Bu"""" the ca"""
- **LastBugCheckCode** Bug Check code indicating the type of error; LastBugCheck data is only available on UEFI-enabled systems (as indicated by FirmwareTypeId == 2) because it is saved in an EFI variable; LastBugCheck data is only available if crashdumping is enabled (as indicated by CrashDumpEnabled > 0)
- **LastBugCheckContextFlags** Additional crashdump settings; LastBugCheck data is only available on UEFI-enabled systems (as indicated by FirmwareTypeId == 2) because it is saved in an EFI variable; LastBugCheck data is only available if crashdumping is enabled (as indicated by CrashDumpEnabled > 0)
- **LastBugCheckOriginalDumpType** Type of crashdump the system intended to save; LastBugCheck data is only available on UEFI-enabled systems (as indicated by FirmwareTypeId == 2) because it is saved in an EFI variable; LastBugCheck data is only available if crashdumping is enabled (as indicated by CrashDumpEnabled > 0)
- **LastBugCheckOtherSettings** Other crashdump settings; LastBugCheck data is only available on UEFI-enabled systems (as indicated by FirmwareTypeId == 2) because it is saved in an EFI variable; LastBugCheck data is only available if crashdumping is enabled (as indicated by CrashDumpEnabled > 0)
- **LastBugCheckParameter1** First Bug Check parameter with additional info on the type of the error; LastBugCheck data is only available on UEFI-enabled systems (as indicated by FirmwareTypeId == 2) because it is saved in an EFI variable; LastBugCheck data is only available if crashdumping is enabled (as indicated by CrashDumpEnabled > 0)
- **LastBugCheckProgress** Progress towards writing out the last crashdump; non-zero value indicates an attempt; LastBugCheck data is only available on UEFI-enabled systems (as indicated by FirmwareTypeId == 2) because it is saved in an EFI variable; LastBugCheck data is only available if crashdumping is enabled (as indicated by CrashDumpEnabled .> 0)
- **LastSuccessfullyShutdownBootId** Retrieves the last successfully/cleanly shutdown boot ID.
- **PowerButtonCumulativePressCount** "Number of times the Power Button was detected to have been pressed (pressed" not to be confused with "released") for the BootId specified in PowerButtonLastPressBootId""umber of times the Power Button was detected to have been pressed ("pressed" not to be confused wit""mber of times the Power Button """umber of times the Power Button was detected to have been pressed (pressed" not to be confused with "released") for the BootId specified in PowerButtonLastPressBootId""umber of times the Power Button was detected to have been ""mber of times the Power Button was detected to have been pressed (pressed" not to be confused with "released") for the BootId specified in PowerButtonL""ber of times the Power Button was detected to have been pressed (pressed" not""er o"
- **PowerButtonCumulativeReleaseCount** "Number of times the Power Button was detected to have been released (released" not to be confused with "pressed") for the BootId specified in PowerButtonLastReleaseBootId""umber of times the Power Button was detected to have been released ("released" not to be confused wit""mber of times the Power Button w"""umber of times the Power Button was detected to have been released (released" not to be confused with "pressed") for the BootId specified in PowerButtonLastReleaseBootId""umber of times the Power Button was detected to have been r""mber of times the Power Button was detected to have been released (released" not to be confused with "pressed") for the BootId specified in PowerButtonLa""ber of times the Power Button was detected to have been released (released" n""er"
- **PowerButtonErrorCount** Indicates the number of times there was an error attempting to record Power Button metrics (e.g. due to a failure to lock/update the bootstat file)
- **PowerButtonLastPressBootId** "BootId of the last time the Power Button was detected to have been pressed (pressed" not to be confused with "released")""ootId of the last time the Power Button was """ootId of the last time the Power Button was detected to have been pressed (pressed""""
- **PowerButtonLastPressTime** "Date/time of the last time the Power Button was detected to have been pressed (pressed" not to be confused with "released")""ate/time of the last time the Power Button w"""ate/time of the last time the Power Button was detected to have been pressed (press"
- **PowerButtonLastReleaseBootId** "BootId of the last time the Power Button was detected to have been released (released" not to be confused with "pressed")""ootId of the last time the Power Button was """ootId of the last time the Power Button was detected to have been released (releas"
- **PowerButtonLastReleaseTime** "Date/time of the last time the Power Button was detected to have been released (released" not to be confused with "pressed")""ate/time of the last time the Power Button w"""ate/time of the last time the Power Button was detected to have been released (rel"
- **LastBugCheckBootId** The Boot ID of the last captured crash.
- **LastBugCheckCode** Code that indicates the type of error.
- **LastBugCheckContextFlags** Additional crash dump settings.
- **LastBugCheckOriginalDumpType** The type of crash dump the system intended to save.
- **LastBugCheckOtherSettings** Other crash dump settings.
- **LastBugCheckParameter1** The first parameter with additional info on the type of the error.
- **LastSuccessfullyShutdownBootId** The Boot ID of the last fully successful shutdown.
- **PowerButtonCumulativePressCount** Indicates the number of times the power button has been pressed ("pressed" not to be confused with "released").
- **PowerButtonCumulativeReleaseCount** Indicates the number of times the power button has been released ("released" not to be confused with "pressed").
- **PowerButtonErrorCount** Indicates the number of times there was an error attempting to record Power Button metrics (e.g.: due to a failure to lock/update the bootstat file).
- **PowerButtonLastPressBootId** The Boot ID of the last time the Power Button was detected to have been pressed ("pressed" not to be confused with "released").
- **PowerButtonLastPressTime** The date and time the Power Button was most recently pressed ("pressed" not to be confused with "released").
- **PowerButtonLastReleaseBootId** The Boot ID of the last time the Power Button was released ("released" not to be confused with "pressed").
- **PowerButtonLastReleaseTime** The date and time the Power Button was most recently released ("released" not to be confused with "pressed").
- **PowerButtonPressCurrentCsPhase** Represents the phase of Connected Standby exit when the power button was pressed.
- **PowerButtonPressIsShutdownInProgress** Indicates whether a system shutdown was in progress at the last time the Power Button was pressed
- **PowerButtonPressLastPowerWatchdogStage** Progress while monitor/display is being turned on; ranges from 0 (no progress) to 0x50 (completion); if PowerButtonPressPowerWatchdogArmed == TRUE (armed), the value represents the current stage whereas if PowerButtonPressPowerWatchdogArmed == FALSE (not armed),the value represents the last completed stage at the time of the last Power Button press,
- **PowerButtonPressPowerWatchdogArmed** Inidicates whether or not the watchdog for the monitor/display was active at the time of the last Power Button press
- **TransitionInfoBootId** "BootId of the captured Transition Info""; important to match AbnormalShutdownBootId for analysis or the Transition Info in the event does not correlate with the rest of the information""""ootId of the captured ""Transition Info""; important to match AbnormalShutdownBootId for analysis or the Transition Info in the event does not correlate with the """"otId of the captured ""Transition Info""; important to match AbnormalShutdownBootId for analysis or the Transition Info in the event does n""""tId of the captured ""Transition Info""; important to match AbnormalShutdownBootId for analysis or the Transition Inf""""Id of the captured ""Transition Info""; important to match AbnormalShutdownBootId for analysis o""""d of the captured ""Transition Info""; important to match AbnormalShutdownBo"""" of the captured ""Transition Info""; important to match """"of the captured ""Transition Info""; im""""f the captured ""Tran"""" the"""
- **TransitionInfoCSCount** "Total number of times the system transitioned from Connected Standby mode to on" at the time the last marker was saved""otal number of times the system transitio"""otal number of times the system transitioned from Connected Standby mode to on" at""tal"
- **TransitionInfoCSEntryReason** Indicates the reason the device last entered Connected Standby mode
- **TransitionInfoCSExitReason** Indicates the reason the device last exited Connected Standby mode
- **TransitionInfoCSInProgress** At the time the last marker was saved,the system was in or entering Connected Standby mode
- **TransitionInfoLastReferenceTimeChecksum** Checksum of TransitionInfoLastReferenceTimestamp
- **TransitionInfoLastReferenceTimestamp** Date/time the marker was last saved
- **TransitionInfoPowerButtonTimestamp** Date/time of the last time the Power Button was detected to have been pressed (collected via a different mechanism than PowerButtonLastPressTime)
- **TransitionInfoSleepInProgress** At the time the last marker was saved,the system was in or entering Sleep mode
- **TransitionInfoSleepTranstionsToOn** "Total number of times the system transitioned from Sleep mode to on" at the time the last marker was saved""otal number of times the system transitio"""otal number of times the system transitioned from Sleep mode to on" at the time th""tal number of t"
- **TransitionInfoSystemRunning** At the time the last marker was saved,the system was running
- **PowerButtonPressIsShutdownInProgress** Indicates whether a system shutdown was in progress at the last time the Power Button was pressed.
- **PowerButtonPressLastPowerWatchdogStage** The last stage completed when the Power Button was most recently pressed.
- **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
- **TransitionInfoBootId** The Boot ID of the captured transition information.
- **TransitionInfoCSCount** The total number of times the system transitioned from "Connected Standby" mode to "On" when the last marker was saved.
- **TransitionInfoCSEntryReason** Indicates the reason the device last entered "Connected Standby" mode ("entered" not to be confused with "exited").
- **TransitionInfoCSExitReason** Indicates the reason the device last exited "Connected Standby" mode ("exited" not to be confused with "entered").
- **TransitionInfoCSInProgress** Indicates whether the system was in or entering Connected Standby mode when the last marker was saved.
- **TransitionInfoLastReferenceTimeChecksum** The checksum of TransitionInfoLastReferenceTimestamp.
- **TransitionInfoLastReferenceTimestamp** The date and time that the marker was last saved.
- **TransitionInfoPowerButtonTimestamp** The most recent date and time when the Power Button was pressed (collected via a different mechanism than PowerButtonLastPressTime).
- **TransitionInfoSleepInProgress** Indicates whether the system was in or entering Sleep mode when the last marker was saved.
- **TransitionInfoSleepTranstionsToOn** The total number of times the system transitioned from Sleep mode to on, when the last marker was saved.
- **TransitionInfoSystemRunning** Indicates whether the system was running when the last marker was saved.
- **TransitionInfoSystemShutdownInProgress** Indicates whether a device shutdown was in progress when the power button was pressed.
- **TransitionInfoUserShutdownInProgress** Indicates whether a user shutdown was in progress when the power button was pressed.
- **TransitionLatestCheckpointId** Represents a unique identifier for a checkpoint during the device state transition.

1
windows/privacy/manage-windows-1709-endpoints.md
View File

@ -35,6 +35,7 @@ We used the following methodology to derive these network endpoints:
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
4. Compile reports on traffic going to public IP addresses.
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
> [!NOTE]
> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.

1
windows/privacy/manage-windows-1803-endpoints.md
View File

@ -35,6 +35,7 @@ We used the following methodology to derive these network endpoints:
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
4. Compile reports on traffic going to public IP addresses.
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
> [!NOTE]
> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.

1
windows/privacy/manage-windows-1809-endpoints.md
View File

@ -35,6 +35,7 @@ We used the following methodology to derive these network endpoints:
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
4. Compile reports on traffic going to public IP addresses.
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
> [!NOTE]
> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.

1
windows/privacy/windows-endpoints-1709-non-enterprise-editions.md
View File

@ -27,6 +27,7 @@ We used the following methodology to derive these network endpoints:
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
4. Compile reports on traffic going to public IP addresses.
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
> [!NOTE]
> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.

1
windows/privacy/windows-endpoints-1803-non-enterprise-editions.md
View File

@ -27,6 +27,7 @@ We used the following methodology to derive these network endpoints:
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
4. Compile reports on traffic going to public IP addresses.
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
> [!NOTE]
> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.

159
windows/privacy/windows-endpoints-1809-non-enterprise-editions.md Normal file
View File

@ -0,0 +1,159 @@
---
title: Windows 10, version 1809, connection endpoints for non-Enterprise editions
description: Explains what Windows 10 endpoints are used in non-Enterprise editions.
keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.localizationpriority: high
author: danihalfin
ms.author: daniha
ms.date: 6/26/2018
---
# Windows 10, version 1809, connection endpoints for non-Enterprise editions
**Applies to**
- Windows 10 Home, version 1809
- Windows 10 Professional, version 1809
- Windows 10 Education, version 1809
In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1809-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1809.
We used the following methodology to derive these network endpoints:
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
4. Compile reports on traffic going to public IP addresses.
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
> [!NOTE]
> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
## Windows 10 Family
| **Destination** | **Protocol** | **Description** |
| --- | --- | --- |
|*.aria.microsoft.com* | HTTPS | Office Telemetry
|*.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update.
|*.download.windowsupdate.com* | HTTP | Used to download operating system patches and updates.
|*.g.akamai.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use.
|*.msn.com* |TLSv1.2/HTTPS | Windows Spotlight related traffic
|*.Skype.com | HTTP/HTTPS | Skype related traffic
|*.smartscreen.microsoft.com* | HTTPS | Windows Defender Smartscreen related traffic
|*.telecommand.telemetry.microsoft.com* | HTTPS | Used by Windows Error Reporting.
|*cdn.onenote.net* | HTTP | OneNote related traffic
|*displaycatalog.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|*emdl.ws.microsoft.com* | HTTP | Windows Update related traffic
|*geo-prod.do.dsp.mp.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|*hwcdn.net* | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates.
|*img-prod-cms-rt-microsoft-com.akamaized.net* | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
|*maps.windows.com* | HTTPS | Related to Maps application.
|*msedge.net* | HTTPS | Used by OfficeHub to get the metadata of Office apps.
|*nexusrules.officeapps.live.com* | HTTPS | Office Telemetry
|*photos.microsoft.com* | HTTPS | Photos App related traffic
|*prod.do.dsp.mp.microsoft.com* |TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates.
|*wac.phicdn.net* | HTTP | Windows Update related traffic
|*windowsupdate.com* | HTTP | Windows Update related traffic
|*wns.windows.com* | HTTPS, TLSv1.2 | Used for the Windows Push Notification Services (WNS).
|*wpc.v0cdn.net* | | Windows Telemetry related traffic
|auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js | | MSA related
|evoke-windowsservices-tas.msedge* | HTTPS | The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
|fe2.update.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|fe3.*.mp.microsoft.com.* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|fs.microsoft.com | | Font Streaming (in ENT traffic)
|g.live.com* | HTTPS | Used by OneDrive
|iriscoremetadataprod.blob.core.windows.net | HTTPS | Windows Telemetry
|mscrl.micorosoft.com | | Certificate Revocation List related traffic.
|ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities.
|officeclient.microsoft.com | HTTPS | Office related traffic.
|oneclient.sfx.ms* | HTTPS | Used by OneDrive for Business to download and verify app updates.
|purchase.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|query.prod.cms.rt.microsoft.com* | HTTPS | Used to retrieve Windows Spotlight metadata.
|ris.api.iris.microsoft.com* |TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata.
|ris-prod-atm.trafficmanager.net | HTTPS | Azure traffic manager
|settings.data.microsoft.com* | HTTPS | Used for Windows apps to dynamically update their configuration.
|settings-win.data.microsoft.com* | HTTPS | Used for Windows apps to dynamically update their configuration.
|sls.update.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|store*.dsx.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|storecatalogrevocation.storequality.microsoft.com* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store.
|store-images.s-microsoft.com* | HTTP | Used to get images that are used for Microsoft Store suggestions.
|tile-service.weather.microsoft.com* | HTTP | Used to download updates to the Weather app Live Tile.
|tsfe.trafficshaping.dsp.mp.microsoft.com* |TLSv1.2 | Used for content regulation.
|v10.events.data.microsoft.com | HTTPS | Diagnostic Data
|wdcp.microsoft.* |TLSv1.2 | Used for Windows Defender when Cloud-based Protection is enabled.
|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com | HTTPS | Windows Defender related traffic.
|www.bing.com* | HTTP | Used for updates for Cortana, apps, and Live Tiles.
## Windows 10 Pro
| **Destination** | **Protocol** | **Description** |
| --- | --- | --- |
| *.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.tlu.dl.delivery.mp.microsoft.com/* | HTTP | Enables connections to Windows Update. |
| *geo-prod.dodsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update. |
| arc.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. |
| ctldl.windowsupdate.com/msdownload/update/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
| cy2.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| cy2.settings.data.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| dm3p.wns.notify.windows.com.akadns.net | HTTPS | Used for the Windows Push Notification Services (WNS) |
| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in. |
| location-inference-westus.cloudapp.net | HTTPS | Used for location data. |
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
| ris.api.iris.microsoft.com.akadns.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
| vip5.afdorigin-prod-am02.afdogw.com | HTTPS | Used to serve office 365 experimentation traffic |
## Windows 10 Education
| **Destination** | **Protocol** | **Description** |
| --- | --- | --- |
| *.b.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
| *.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| *.tlu.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update. |
| *.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
| *geo-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
| au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
| cdn.onenote.net/livetile/* | HTTPS | Used for OneNote Live Tile. |
| client-office365-tas.msedge.net/* | HTTPS | Used to connect to the Office 365 portals shared infrastructure, including Office Online. |
| config.edge.skype.com/* | HTTPS | Used to retrieve Skype configuration values.  |
| ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| cy2.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| cy2.settings.data.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| displaycatalog.mp.microsoft.com/* | HTTPS | Used to communicate with Microsoft Store. |
| download.windowsupdate.com/* | HTTPS | Enables connections to Windows Update. |
| emdl.ws.microsoft.com/* | HTTP | Used to download apps from the Microsoft Store. |
| fe2.update.microsoft.com/* | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe3.delivery.mp.microsoft.com/* | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| g.live.com/odclientsettings/* | HTTPS | Used by OneDrive for Business to download and verify app updates. |
| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in. |
| licensing.mp.microsoft.com/* | HTTPS | Used for online activation and some app licensing. |
| maps.windows.com/windows-app-web-link | HTTPS | Link to Maps application |
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| ocos-office365-s2s.msedge.net/* | HTTPS | Used to connect to the Office 365 portal's shared infrastructure. |
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
| oneclient.sfx.ms/* | HTTPS | Used by OneDrive for Business to download and verify app updates. |
| settings-win.data.microsoft.com/settings/* | HTTPS | Used as a way for apps to dynamically update their configuration. |
| sls.update.microsoft.com/* | HTTPS | Enables connections to Windows Update. |
| storecatalogrevocation.storequality.microsoft.com/* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store. |
| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
| vip5.afdorigin-prod-ch02.afdogw.com | HTTPS | Used to serve office 365 experimentation traffic. |
| watson.telemetry.microsoft.com/Telemetry.Request | HTTPS | Used by Windows Error Reporting. |
| bing.com/* | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |