deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Marked up all destinations as code to...

Browse Source 
...prevent some from being treated as hyperlinks by the build and to provide consistent appearance of all
This commit is contained in:
Gary Moore
2021-07-07 21:52:10 -07:00
parent a8fccf0b71
commit e8703c1535
1 changed files with 78 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
windows/privacy/manage-windows-1809-endpoints.md
View File

@ -55,8 +55,8 @@ If you [turn off traffic to this endpoint](manage-connections-from-windows-opera
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| explorer | HTTP | tile-service.weather.microsoft.com |
| | HTTP | blob.weather.microsoft.com |
| explorer | HTTP | `tile-service.weather.microsoft.com` |
| | HTTP | `blob.weather.microsoft.com` |
The following endpoint is used for OneNote Live Tile.
To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
@ -65,7 +65,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | HTTPS | cdn.onenote.net/livetile/?Language=en-US |
| | HTTPS | `cdn.onenote.net/livetile/?Language=en-US` |
The following endpoints are used for Twitter updates.
To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
@ -75,7 +75,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | HTTPS | wildcard.twimg.com |
| svchost.exe | | oem.twimg.com/windows/tile.xml |
| svchost.exe | | `oem.twimg.com/windows/tile.xml` |
The following endpoint is used for Facebook updates.
To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
@ -84,7 +84,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | | star-mini.c10r.facebook.com |
| | | `star-mini.c10r.facebook.com` |
The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office.
To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
@ -102,7 +102,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | TLS v1.2 | candycrushsoda.king.com |
| | TLS v1.2 | `candycrushsoda.king.com` |
The following endpoint is used for by the Microsoft Wallet app.
To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
@ -118,17 +118,17 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|----------------|----------|------------|
| system32\AppHostRegistrationVerifier.exe | HTTPS | mediaredirect.microsoft.com |
| system32\AppHostRegistrationVerifier.exe | HTTPS | `mediaredirect.microsoft.com` |
The following endpoints are used when using the Whiteboard app.
To turn off traffic for this endpoint [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | HTTPS | wbd.ms |
| | HTTPS | int.whiteboard.microsoft.com |
| | HTTPS | whiteboard.microsoft.com |
| | HTTP / HTTPS | whiteboard.ms |
| | HTTPS | `wbd.ms` |
| | HTTPS | `int.whiteboard.microsoft.com` |
| | HTTPS | `whiteboard.microsoft.com` |
| | HTTP / HTTPS | `whiteboard.ms` |
## Cortana and Search
@ -137,28 +137,28 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| searchui | HTTPS |store-images.s-microsoft.com |
| searchui | HTTPS | `store-images.s-microsoft.com` |
The following endpoint is used to update Cortana greetings, tips, and Live Tiles.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| backgroundtaskhost | HTTPS | www.bing.com/client |
| backgroundtaskhost | HTTPS | `www.bing.com/client` |
The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| backgroundtaskhost | HTTPS | www.bing.com/proactive |
| backgroundtaskhost | HTTPS | `www.bing.com/proactive` |
The following endpoint is used by Cortana to report diagnostic and diagnostic data information.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| searchui <br> backgroundtaskhost | HTTPS | www.bing.com/threshold/xls.aspx |
| searchui <br> backgroundtaskhost | HTTPS | `www.bing.com/threshold/xls.aspx` |
## Certificates
@ -171,7 +171,7 @@ If traffic to this endpoint is turned off, Windows no longer automatically downl
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| svchost | HTTP | ctldl.windowsupdate.com |
| svchost | HTTP | `ctldl.windowsupdate.com` |
## Device authentication
@ -180,7 +180,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | HTTPS | login.live.com/ppsecure |
| | HTTPS | `login.live.com/ppsecure` |
## Device metadata
@ -189,8 +189,8 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | | dmd.metaservices.microsoft.com.akadns.net |
| | HTTP | dmd.metaservices.microsoft.com |
| | | `dmd.metaservices.microsoft.com.akadns.net` |
| | HTTP | `dmd.metaservices.microsoft.com` |
## Diagnostic Data
@ -199,22 +199,22 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| svchost | | cy2.vortex.data.microsoft.com.akadns.net |
| svchost | | `cy2.vortex.data.microsoft.com.akadns.net` |
The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| svchost | HTTPS | v10.vortex-win.data.microsoft.com/collect/v1 |
| svchost | HTTPS | `v10.vortex-win.data.microsoft.com/collect/v1` |
The following endpoints are used by Windows Error Reporting.
To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| wermgr | | watson.telemetry.microsoft.com |
| | TLS v1.2 | modern.watson.data.microsoft.com.akadns.net |
| wermgr | | `watson.telemetry.microsoft.com` |
| | TLS v1.2 | `modern.watson.data.microsoft.com.akadns.net` |
## Font streaming
@ -223,8 +223,8 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| svchost | | fs.microsoft.com |
| | | fs.microsoft.com/fs/windows/config.json |
| svchost | | `fs.microsoft.com` |
| | | `fs.microsoft.com/fs/windows/config.json` |
## Licensing
@ -233,7 +233,7 @@ To turn off traffic for this endpoint, disable the Windows License Manager Servi
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| licensemanager | HTTPS | licensing.mp.microsoft.com/v7.0/licenses/content |
| licensemanager | HTTPS | `licensing.mp.microsoft.com/v7.0/licenses/content` |
## Location
@ -242,8 +242,8 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | HTTP | location-inference-westus.cloudapp.net |
| | HTTPS | inference.location.live.net |
| | HTTP | `location-inference-westus.cloudapp.net` |
| | HTTPS | `inference.location.live.net` |
## Maps
@ -252,7 +252,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| svchost | HTTPS | *g.akamaiedge.net |
| svchost | HTTPS | `*g.akamaiedge.net` |
## Microsoft account
@ -261,11 +261,11 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | | login.msa.akadns6.net |
| | | login.live.com |
| | | account.live.com |
| system32\Auth.Host.exe | HTTPS | auth.gfx.ms |
| | | us.configsvc1.live.com.akadns.net |
| | | `login.msa.akadns6.net` |
| | | `login.live.com` |
| | | `account.live.com` |
| system32\Auth.Host.exe | HTTPS | `auth.gfx.ms` |
| | | `us.configsvc1.live.com.akadns.net` |
## Microsoft Store
@ -274,32 +274,32 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | HTTPS | *.wns.windows.com |
| | HTTPS | `*.wns.windows.com` |
The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.
To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | HTTP | storecatalogrevocation.storequality.microsoft.com |
| | HTTP | `storecatalogrevocation.storequality.microsoft.com` |
The following endpoints are used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | HTTPS | img-prod-cms-rt-microsoft-com.akamaized.net |
| backgroundtransferhost | HTTPS | store-images.microsoft.com |
| | HTTPS | `img-prod-cms-rt-microsoft-com.akamaized.net` |
| backgroundtransferhost | HTTPS | `store-images.microsoft.com` |
The following endpoints are used to communicate with Microsoft Store.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | HTTP | storeedgefd.dsx.mp.microsoft.com |
| | HTTP \ HTTPS | pti.store.microsoft.com |
||TLS v1.2|cy2.\*.md.mp.microsoft.com.\*.|
| svchost | HTTPS | displaycatalog.mp.microsoft.com |
| | HTTP | `storeedgefd.dsx.mp.microsoft.com` |
| | HTTP \ HTTPS | `pti.store.microsoft.com` |
||TLS v1.2| `cy2.*.md.mp.microsoft.com.*.` |
| svchost | HTTPS | `displaycatalog.mp.microsoft.com` |
## Network Connection Status Indicator (NCSI)
@ -308,7 +308,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | HTTP | www.msftconnecttest.com/connecttest.txt |
| | HTTP | `www.msftconnecttest.com/connecttest.txt` |
## Office
@ -318,13 +318,13 @@ If you turn off traffic for these endpoints, users won't be able to save documen
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | | *.a-msedge.net |
| hxstr | | *.c-msedge.net |
| | | *.e-msedge.net |
| | | *.s-msedge.net |
| | HTTPS | ocos-office365-s2s.msedge.net |
| | HTTPS | nexusrules.officeapps.live.com |
| | HTTPS | officeclient.microsoft.com |
| | | `*.a-msedge.net` |
| hxstr | | `*.c-msedge.net` |
| | | `*.e-msedge.net` |
| | | `*.s-msedge.net` |
| | HTTPS | `ocos-office365-s2s.msedge.net` |
| | HTTPS | `nexusrules.officeapps.live.com` |
| | HTTPS | `officeclient.microsoft.com` |
The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity).
You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
@ -338,14 +338,14 @@ The following endpoint is OfficeHub traffic used to get the metadata of Office a
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
|Windows Apps\Microsoft.Windows.Photos|HTTPS|client-office365-tas.msedge.net|
|Windows Apps\Microsoft.Windows.Photos|HTTPS| `client-office365-tas.msedge.net` |
The following endpoint is used to connect the Office To-Do app to it's cloud service.
To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| |HTTPS|to-do.microsoft.com|
| |HTTPS| `to-do.microsoft.com` |
## OneDrive
@ -354,14 +354,14 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction |
| onedrive | HTTP \ HTTPS | `g.live.com/1rewlive5skydrive/ODSUProduction` |
The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US).
To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| onedrive | HTTPS | oneclient.sfx.ms |
| onedrive | HTTPS | `oneclient.sfx.ms` |
## Settings
@ -370,21 +370,21 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| dmclient | | cy2.settings.data.microsoft.com.akadns.net |
| dmclient | | `cy2.settings.data.microsoft.com.akadns.net` |
The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| dmclient | HTTPS | settings.data.microsoft.com |
| dmclient | HTTPS | `settings.data.microsoft.com` |
The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| svchost | HTTPS | settings-win.data.microsoft.com |
| svchost | HTTPS | `settings-win.data.microsoft.com` |
## Skype
@ -392,9 +392,9 @@ The following endpoint is used to retrieve Skype configuration values. To turn o
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
|microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com |
| | HTTPS | browser.pipe.aria.microsoft.com |
| | | skypeecs-prod-usw-0-b.cloudapp.net |
|microsoft.windowscommunicationsapps.exe | HTTPS | `config.edge.skype.com` |
| | HTTPS | `browser.pipe.aria.microsoft.com` |
| | | `skypeecs-prod-usw-0-b.cloudapp.net` |
## Windows Defender
@ -403,24 +403,24 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | | wdcp.microsoft.com |
| | | `wdcp.microsoft.com` |
The following endpoints are used for Windows Defender definition updates.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), definitions will not be updated.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | | definitionupdates.microsoft.com |
|MpCmdRun.exe|HTTPS|go.microsoft.com |
| | | `definitionupdates.microsoft.com` |
|MpCmdRun.exe|HTTPS| `go.microsoft.com` |
The following endpoints are used for Windows Defender Smartscreen reporting and notifications.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender-smartscreen), Windows Defender Smartscreen notifications will no appear.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| | HTTPS | ars.smartscreen.microsoft.com |
| | HTTPS | unitedstates.smartscreen-prod.microsoft.com |
| | | smartscreen-sn3p.smartscreen.microsoft.com |
| | HTTPS | `ars.smartscreen.microsoft.com` |
| | HTTPS | `unitedstates.smartscreen-prod.microsoft.com` |
| | | `smartscreen-sn3p.smartscreen.microsoft.com` |
## Windows Spotlight
@ -429,11 +429,11 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| backgroundtaskhost | HTTPS | arc.msn.com |
| backgroundtaskhost | | g.msn.com.nsatc.net |
| |TLS v1.2| *.search.msn.com |
| | HTTPS | ris.api.iris.microsoft.com |
| | HTTPS | query.prod.cms.rt.microsoft.com |
| backgroundtaskhost | HTTPS | `arc.msn.com` |
| backgroundtaskhost | | `g.msn.com.nsatc.net` |
| |TLS v1.2| `*.search.msn.com` |
| | HTTPS | `ris.api.iris.microsoft.com` |
| | HTTPS | `query.prod.cms.rt.microsoft.com` |
## Windows Update
@ -442,23 +442,23 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
| svchost | HTTPS | `*.prod.do.dsp.mp.microsoft.com` |
The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| svchost | HTTP | *.windowsupdate.com |
| svchost | HTTP | *.dl.delivery.mp.microsoft.com |
| svchost | HTTP | `*.windowsupdate.com` |
| svchost | HTTP | `*.dl.delivery.mp.microsoft.com` |
The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| svchost | HTTPS | *.update.microsoft.com |
| svchost | HTTPS | *.delivery.mp.microsoft.com |
| svchost | HTTPS | `*.update.microsoft.com` |
| svchost | HTTPS | `*.delivery.mp.microsoft.com` |
These are dependent on enabling:
- [Device authentication](manage-windows-1809-endpoints.md#device-authentication)
@ -469,7 +469,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
| Source process | Protocol | Destination |
|:--------------:|:--------:|:------------|
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
| svchost | HTTPS | `tsfe.trafficshaping.dsp.mp.microsoft.com` |
## Microsoft forward link redirection service (FWLink)
@ -480,7 +480,7 @@ If you disable this endpoint, Windows Defender won't be able to update its malwa
| Source process | Protocol | Destination |
|----------------|:--------:|------------|
|Various|HTTPS|go.microsoft.com|
|Various|HTTPS| `go.microsoft.com` |
## Other Windows 10 editions