deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 22:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into siosulli-privacy

Browse Source
This commit is contained in:
Sinead O'Sullivan
2020-06-24 11:27:22 +01:00
parent 37f0b2295c 54781e29d3
commit dee1315172
406 changed files with 4410 additions and 3165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/privacy/index.yml
View File

@ -44,8 +44,8 @@ productDirectory:
- title: Required diagnostic data
# imageSrc should be square in ratio with no whitespace
imageSrc: https://docs.microsoft.com/media/common/i_extend.svg
summary: Learn more about required Windows diagnostic data events and fields collected
url: basic-level-windows-diagnostic-events-and-fields.md
summary: Learn more about basic Windows diagnostic data events and fields collected.
url: required-windows-diagnostic-data-events-and-fields-2004.md
# Card
- title: Optional diagnostic data
imageSrc: https://docs.microsoft.com/media/common/i_get-started.svg

6
windows/privacy/manage-windows-2004-endpoints.md
View File

@ -12,7 +12,7 @@ ms.author: obezeajo
manager: robsize
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 5/11/2020
ms.date: 6/9/2020
---
# Manage connection endpoints for Windows 10 Enterprise, version 2004
@ -53,7 +53,7 @@ The following methodology was used to derive these network endpoints:
||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|tile-service.weather.microsoft.com
||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/*
||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2|evoke-windowsservices-tas.msedge.net|
|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible turn off traffic to this endpoint, but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to turn off traffic to this endpoint, but it is not recommended because as root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
|||HTTP|ctldl.windowsupdate.com|
|Cortana and Search|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2|www.bing.com*|
@ -80,7 +80,7 @@ The following methodology was used to derive these network endpoints:
||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store. |HTTP|*.dl.delivery.mp.microsoft.com|
||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2|manage.devcenter.microsoft.com|
|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
|||HTTPS|*ow1.res.office365.com|
|||HTTPS|office.com|

6
windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
View File

@ -84,7 +84,7 @@ The following methodology was used to derive the network endpoints:
|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
|www.msftconnecttest.com|HTTPS|Network Connection (NCSI)
|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
|www.office.com|HTTPS|Microsoft Office
@ -144,7 +144,7 @@ The following methodology was used to derive the network endpoints:
|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
|www.msftconnecttest.com|HTTPS|Network Connection (NCSI)
|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
|www.msn.com|HTTPS|Network Connection (NCSI)
|www.office.com|HTTPS|Microsoft Office
@ -198,6 +198,6 @@ The following methodology was used to derive the network endpoints:
|wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
|www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
|www.microsoft.com|HTTP|Connected User Experiences and Telemetry, Microsoft Data Management service
|www.msftconnecttest.com|HTTPS|Network Connection (NCSI)
|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
|www.office.com|HTTPS|Microsoft Office