These are all the websites Windows 10 connects to after a clean install
150 Comments
Windows 10 has always had a bad reputation for snooping on users. While that was a valid issue at the start, each new feature update has made changes to the privacy side of the operating system, and users now have much greater control over things.
When you perform a clean install of Windows 10, the operating system connects to a large number of sites for different purposes, including -- naturally enough -- to send and receive email, download apps and security updates, and so on. The sheer number of endpoints that the operating system connects to might surprise you however. It's a very, very long list.
SEE ALSO:
- How to install Microsoft Windows Essentials tools -- including Movie Maker -- on Windows 10
- Make Windows 10's Timeline feature actually useful by adding support for Chrome and Firefox
- EdgeDeflector for Windows 10 forces all links to open in the default browser, not Microsoft Edge
Microsoft has released details of which endpoints Windows 10 1709 (Fall Creators Update) and 1803 (April 2018 Update) connect to following a clean install.
This list was created by installing the OS on a virtual machine using the default settings and leaving it running without user interaction for a week.
Most of the first batch of sites are for Windows 10 1709 onwards, but any that are for 1803 are marked as such under Destination.
Windows 10 Enterprise connection endpoints
| APPS | ||||
| Weather app Live Tile | ||||
| Source process | Protocol | Destination | ||
| explorer | HTTP | tile-service.weather.microsoft.com | ||
| HTTP | blob.weather.microsoft.com (1803) | |||
| OneNote Live Tile | ||||
| Source process | Protocol | Destination | ||
| HTTPS | cdn.onenote.net/livetile/?Language=en-US | |||
| Twitter updates | ||||
| Source process | Protocol | Destination | ||
| HTTPS | wildcard.twimg.com | |||
| svchost.exe | oem.twimg.com/windows/tile.xml | |||
| Facebook updates | ||||
| Source process | Protocol | Destination | ||
| star-mini.c10r.facebook.com | ||||
| Photos app | ||||
| Source process | Protocol | Destination | ||
| WindowsApps\Microsoft.Windows.Photos | HTTPS | evoke-windowsservices-tas.msedge.net | ||
| Candy Crush Saga | ||||
| Source process | Protocol | Destination | ||
| TLS v1.2 | candycrushsoda.king.com | |||
| Microsoft Wallet | ||||
| Source process | Protocol | Destination | ||
| system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | ||
| Groove Music | ||||
| Source process | Protocol | Destination | ||
| system32\AppHostRegistrationVerifier.exe | HTTPS | mediaredirect.microsoft.com | ||
| CORTANA AND SEARCH | ||||
| Images for Store suggestions | ||||
| Source process | Protocol | Destination | ||
| searchui | HTTPS | store-images.s-microsoft.com | ||
| Cortana greetings, tips, and Live Tiles | ||||
| Source process | Protocol | Destination | ||
| backgroundtaskhost | HTTPS | www.bing.com/client | ||
| Configures parameters | ||||
| Source process | Protocol | Destination | ||
| backgroundtaskhost | HTTPS | www.bing.com/proactive | ||
| Report diagnostic | ||||
| Source process | Protocol | Destination | ||
| searchui | HTTPS | www.bing.com/threshold/xls.aspx | ||
| CERTIFICATES | ||||
| Checks trusted authorities for updates | ||||
| Source process | Protocol | Destination | ||
| svchost | HTTP | ctldl.windowsupdate.com | ||
| Downloads fraudulent certificate list | ||||
| Source process | Protocol | Destination | ||
| svchost | HTTP | ctldl.windowsupdate.com | ||
| DEVICE AUTHENTICATION | ||||
| Authenticate a device. | ||||
| Source process | Protocol | Destination | ||
| dmd.metaservices.microsoft.com.akadns.net | ||||
| HTTP | dmd.metaservices.microsoft.com | |||
| DEVICE METADATA | ||||
| Retrieve device metadata | ||||
| Source process | Protocol | Destination | ||
| dmd.metaservices.microsoft.com.akadns.net | ||||
| HTTP | dmd.metaservices.microsoft.com (1803) | |||
| DIAGNOSTIC DATA | ||||
| Connected User Experiences and Telemetry | ||||
| Source process | Protocol | Destination | ||
| svchost | cy2.vortex.data.microsoft.com.akadns.net | |||
| Connected User Experiences and Telemetry | ||||
| Source process | Protocol | Destination | ||
| svchost | v10.vortex-win.data.microsoft.com/collect/v1 | |||
| Used by Windows Error Reporting | ||||
| Source process | Protocol | Destination | ||
| wermgr | watson.telemetry.microsoft.com | |||
| TLS v1.2 | modern.watson.data.microsoft.com.akadns.net | |||
| FONT STREAMING | ||||
| Download fonts on demand | ||||
| Source process | Protocol | Destination | ||
| svchost | fs.microsoft.com | |||
| fs.microsoft.com/fs/windows/config.json | ||||
| LICENSING | ||||
| Online activation and app licensing | ||||
| Source process | Protocol | Destination | ||
| licensemanager | HTTPS | licensing.mp.microsoft.com/v7.0/licenses/content | ||
| LOCATION | ||||
| Location data | ||||
| Source process | Protocol | Destination | ||
| HTTP | location-inference-westus.cloudapp.net | |||
| MAPS | ||||
| Check offline map data | ||||
| Source process | Protocol | Destination | ||
| svchost | HTTPS | *g.akamaiedge.net | ||
| MICROSOFT ACCOUNT | ||||
| Account sign-in | ||||
| Source process | Protocol | Destination | ||
| login.msa.akadns6.net | ||||
| system32\Auth.Host.exe | HTTPS | auth.gfx.ms | ||
| MICROSOFT STORE | ||||
| Windows Push Notification Services (WNS) | ||||
| Source process | Protocol | Destination | ||
| *.wns.windows.com | ||||
| Revoke malicious app licenses | ||||
| Source process | Protocol | Destination | ||
| HTTP | storecatalogrevocation.storequality.microsoft.com | |||
| Download app image files | ||||
| Source process | Protocol | Destination | ||
| HTTPS | img-prod-cms-rt-microsoft-com.akamaized.net | |||
| backgroundtransferhost | HTTPS | store-images.microsoft.com (1803) | ||
| Communicate with store | ||||
| Source process | Protocol | Destination | ||
| HTTP | storeedgefd.dsx.mp.microsoft.com | |||
| HTTP | pti.store.microsoft.com | |||
| TLS v1.2 | cy2.*.md.mp.microsoft.com.*. | |||
| svchost | HTTPS | displaycatalog.mp.microsoft.com (1803) | ||
| NETWORK CONNECTION STATUS INDICATOR | ||||
| Detects Internet connectivity | ||||
| Source process | Protocol | Destination | ||
| HTTP | www.msftconnecttest.com/connecttest.txt | |||
| OFFICE | ||||
| Office 365 portal's shared infrastructure | ||||
| Source process | Protocol | Destination | ||
| *.a-msedge.net | ||||
| hxstr | *.c-msedge.net | |||
| *.e-msedge.net | ||||
| *.s-msedge.net | ||||
| HTTPS | ocos-office365-s2s.msedge.net (1803) | |||
| Office 365 portal's shared infrastructure | ||||
| Source process | Protocol | Destination | ||
| system32\Auth.Host.exe | HTTPS | outlook.office365.com | ||
| Office app metadata | ||||
| Source process | Protocol | Destination | ||
| Windows Apps\Microsoft.Windows.Photos | HTTPS | client-office365-tas.msedge.net | ||
| ONEDRIVE | ||||
| Automatically update URLs | ||||
| Source process | Protocol | Destination | ||
| onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | ||
| OneDrive for Business | ||||
| Source process | Protocol | Destination | ||
| onedrive | HTTPS | oneclient.sfx.ms | ||
| SETTINGS | ||||
| Apps dynamically update configuration | ||||
| Source process | Protocol | Destination | ||
| dmclient | cy2.settings.data.microsoft.com.akadns.net | |||
| Apps dynamically update configuration | ||||
| Source process | Protocol | Destination | ||
| dmclient | HTTPS | settings.data.microsoft.com | ||
| Apps dynamically update configuration | ||||
| Source process | Protocol | Destination | ||
| svchost | HTTPS | settings-win.data.microsoft.com | ||
| SKYPE | ||||
| Retrieve Skype configuration values | ||||
| Source process | Protocol | Destination | ||
| microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com | ||
| WINDOWS DEFENDER | ||||
| Cloud-based Protection | ||||
| Source process | Protocol | Destination | ||
| wdcp.microsoft.com | ||||
| Definition updates | ||||
| Source process | Protocol | Destination | ||
| definitionupdates.microsoft.com | ||||
| MpCmdRun.exe | HTTPS | go.microsoft.com | ||
| WINDOWS SPOTLIGHT | ||||
| Retrieve Spotlight metadata | ||||
| Source process | Protocol | Destination | ||
| backgroundtaskhost | HTTPS | arc.msn.com | ||
| backgroundtaskhost | g.msn.com.nsatc.net | |||
| TLS v1.2 | *.search.msn.com | |||
| HTTPS | ris.api.iris.microsoft.com | |||
| HTTPS | query.prod.cms.rt.microsoft.com | |||
| WINDOWS UPDATE | ||||
| Downloads app and OS updates | ||||
| Source process | Protocol | Destination | ||
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com | ||
| Download patches and updates | ||||
| Source process | Protocol | Destination | ||
| svchost | HTTP | *.windowsupdate.com | ||
| HTTP | fg.download.windowsupdate.com.c.footprint.net | |||
| Highwinds Content Delivery Network updates | ||||
| Source process | Protocol | Destination | ||
| cds.d2s7q6s2.hwcdn.net | ||||
| Verizon Content Delivery Network updates | ||||
| Source process | Protocol | Destination | ||
| HTTP | *wac.phicdn.net | |||
| *wac.edgecastcdn.net | ||||
| Apps and Windows Insider builds | ||||
| Source process | Protocol | Destination | ||
| svchost | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | |||
| Apps from Store | ||||
| Source process | Protocol | Destination | ||
| svchost | emdl.ws.microsoft.com | |||
| Enable connections | ||||
| Source process | Protocol | Destination | ||
| svchost | HTTPS | fe2.update.microsoft.com | ||
| svchost | fe3.delivery.mp.microsoft.com | |||
| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | ||||
| svchost | HTTPS | sls.update.microsoft.com | ||
| HTTP | *.dl.delivery.mp.microsoft.com (1803) | |||
| Content regulation | ||||
| Source process | Protocol | Destination | ||
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com | ||
| Source process | Protocol | Destination | ||
| a122.dscd.akamai.net | ||||
| a1621.g.akamai.net | ||||
| MICROSOFT FORWARD LINK REDIRECTION SERVICE | ||||
| Redirect web links | ||||
| Source process | Protocol | Destination | ||
| Various | HTTPS | go.microsoft.com | ||
You can find out more, including any problems that blocking certain endpoints might have on the smooth running of your system here.
Non-Enterprise versions of Windows 10 also connect to the following:
Windows 10 Home 1709
| Destination | Protocol | Description |
| *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
| *.wac.phicdn.net | HTTP | Used by the Verizon Content Delivery Network to perform Windows updates. |
| *.1.msftsrvcs.vo.llnwi.net | HTTP | Used for Windows Update downloads of apps and OS updates. |
| *.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. |
| *.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
| *.dscd.akamai.net | HTTP | Used to download content. |
| *.dspg.akamaiedge.net | HTTP | Used to check for updates to maps that have been downloaded for offline use. |
| *.hwcdn.net | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates. |
| *.m1-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
| *.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
| *.wac.edgecastcdn.net | TLSv1.2 | Used by the Verizon Content Delivery Network to perform Windows updates. |
| *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). |
| *prod.do.dsp.mp.microsoft.com | TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates. |
| .g.akamaiedge.net | HTTP | Used to check for updates to maps that have been downloaded for offline use. |
| telecommand.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
| 2.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
| 2.tlu.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
| arc.msn.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
| arc.msn.com.nsatc.net | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
| a-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| au.download.windowsupdate.com | HTTP | Used to download operating system patches and updates. |
| b-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| candycrushsoda.king.com | TLSv1.2 | Used for Candy Crush Saga updates. |
| cdn.content.prod.cms.msn.com | HTTP | Used to retrieve Windows Spotlight metadata. |
| cdn.onenote.net | HTTP | Used for OneNote Live Tile. |
| client-office365-tas.msedge.net | HTTP | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
| config.edge.skype.com | HTTP | Used to retrieve Skype configuration values. |
| ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
| cy2.licensing.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
| cy2.purchase.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
| cy2.settings.data.microsoft.com.akadns.net | TLSv1.2 | Used as a way for apps to dynamically update their configuration. |
| cy2.vortex.data.microsoft.com.akadns.net | TLSv1.2 | Used to retrieve Windows Insider Preview builds. |
| definitionupdates.microsoft.com | HTTPS | Used for Windows Defender definition updates. |
| displaycatalog.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
| dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
| dual-a-0001.a-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
| fe2.update.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. |
| fp.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| g.live.com/1rewlive5skydrive/ | HTTPS | Used by a redirection service to automatically update URLs. |
| g.msn.com.nsatc.net | HTTP | Used to retrieve Windows Spotlight metadata. |
| geo-prod.do.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
| go.microsoft.com | HTTPS | Used by a redirection service to automatically update URLs. |
| img-prod-cms-rt-microsoft-com.akamaized.net | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). |
| *.login.msa.akadns6.net | TLSv1.2 | Used for Microsoft accounts to sign in. |
| licensing.mp.microsoft.com | HTTPS | Used for online activation and some app licensing. |
| location-inference-westus.cloudapp.net | TLSv1.2 | Used for location data. |
| login.live.com | HTTPS | Used to authenticate a device. |
| mediaredirect.microsoft.com | HTTPS | Used by the Groove Music app to update HTTP handler status. |
| modern.watson.data.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
| msftsrvcs.vo.llnwd.net | HTTP | Enables connections to Windows Update. |
| msnbot-*.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
| oem.twimg.com | HTTPS | Used for the Twitter Live Tile. |
| oneclient.sfx.ms | HTTPS | Used by OneDrive for Business to download and verify app updates. |
| peer4-wst.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| pti.store.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
| pti.store.microsoft.com.unistore.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
| purchase.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
| ris.api.iris.microsoft.com.akadns.net | TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata. |
| settings-win.data.microsoft.com | HTTPS | Used for Windows apps to dynamically update their configuration. |
| sls.update.microsoft.com.nsatc.net | TLSv1.2/HTTPS | Enables connections to Windows Update. |
| star-mini.c10r.facebook.com | TLSv1.2 | Used for the Facebook Live Tile. |
| storecatalogrevocation.storequality.microsoft.com | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store. |
| storeedgefd.dsx.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
| store-images.s-microsoft.com | HTTP | Used to get images that are used for Microsoft Store suggestions. |
| tile-service.weather.microsoft.com | HTTP | Used to download updates to the Weather app Live Tile. |
| tsfe.trafficshaping.dsp.mp.microsoft.com | TLSv1.2 | Used for content regulation. |
| v10.vortex-win.data.microsoft.com | HTTPS | Used to retrieve Windows Insider Preview builds. |
| wallet.microsoft.com | HTTPS | Used by the Microsoft Wallet app. |
| wallet-frontend-prod-westus.cloudapp.net | TLSv1.2 | Used by the Microsoft Wallet app. |
| watson.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
| wdcp.microsoft.akadns.net | TLSv1.2 | Used for Windows Defender when Cloud-based Protection is enabled. |
| wildcard.twimg.com | TLSv1.2 | Used for the Twitter Live Tile. |
| www.bing.com | HTTP | Used for updates for Cortana, apps, and Live Tiles. |
| www.facebook.com | HTTPS | Used for the Facebook Live Tile. |
| www.microsoft.com | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |
Windows 10 Pro 1709
| Destination | Protocol | Description |
| ..akamai.net | HTTP | Used to download content. |
| ..akamaiedge.net | TLSv1.2/HTTP | Used to check for updates to maps that have been downloaded for offline use. |
| *.a-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
| *.blob.core.windows.net | HTTPS | Used by Windows Update to update words used for language input methods. |
| *.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. |
| *.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
| *.dspb.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
| *.dspg.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
| *.e-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
| *.login.msa.akadns6.net | TLSv1.2 | Used for Microsoft accounts to sign in. |
| *.s-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
| *.telecommand.telemetry.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
| *.wac.edgecastcdn.net | TLSv1.2 | Used by the Verizon Content Delivery Network to perform Windows updates. |
| *.wac.phicdn.net | HTTP | Used by the Verizon Content Delivery Network to perform Windows updates. |
| *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). |
| *prod.do.dsp.mp.microsoft.com | TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates. |
| 3.dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
| 3.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
| 3.tlu.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
| 3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
| arc.msn.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
| arc.msn.com.nsatc.net | TLSv1.3 | Used to retrieve Windows Spotlight metadata. |
| au.download.windowsupdate.com | HTTPS | Used to download operating system patches and updates. |
| b-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| candycrushsoda.king.com | HTTPS | Used for Candy Crush Saga updates. |
| cdn.content.prod.cms.msn.com | HTTP | Used to retrieve Windows Spotlight metadata. |
| cdn.onenote.net | HTTPS | Used for OneNote Live Tile. |
| client-office365-tas.msedge.net | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
| config.edge.skype.com | HTTPS | Used to retrieve Skype configuration values. |
| ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
| cs12.wpc.v0cdn.net | HTTP | Used by the Verizon Content Delivery Network to download content for Windows upgrades with Wireless Planning and Coordination (WPC). |
| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
| cy2.settings.data.microsoft.com.akadns.net | TLSv1.2 | Used as a way for apps to dynamically update their configuration. |
| cy2.vortex.data.microsoft.com.akadns.net | TLSv1.2 | Used to retrieve Windows Insider Preview builds. |
| definitionupdates.microsoft.com | HTTPS | Used for Windows Defender definition updates. |
| displaycatalog.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
| download.windowsupdate.com | HTTP | Enables connections to Windows Update. |
| evoke-windowsservices-tas.msedge.net | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
| fe2.update.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe3.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. |
| fp.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| fs.microsoft.com | HTTPS | Used to download fonts on demand |
| g.live.com | HTTP | Used by a redirection service to automatically update URLs. |
| g.msn.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
| g.msn.com.nsatc.net | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
| geo-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
| geover-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
| go.microsoft.com | HTTPS | Used by a redirection service to automatically update URLs. |
| gpla1.wac.v2cdn.net | HTTP | Used for Baltimore CyberTrust Root traffic. |
| img-prod-cms-rt-microsoft-com.akamaized.net | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). |
| licensing.mp.microsoft.com | HTTPS | Used for online activation and some app licensing. |
| location-inference-westus.cloudapp.net | TLSv1.2 | Used for location data. |
| login.live.com | HTTPS | Used to authenticate a device. |
| l-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| mediaredirect.microsoft.com | HTTPS | Used by the Groove Music app to update HTTP handler status. |
| modern.watson.data.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
| msnbot-*.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
| oem.twimg.com | HTTP | Used for the Twitter Live Tile. |
| oneclient.sfx.ms | HTTP | Used by OneDrive for Business to download and verify app updates. |
| peer1-wst.msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. |
| pti.store.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
| pti.store.microsoft.com.unistore.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| purchase.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
| ris.api.iris.microsoft.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
| settings-win.data.microsoft.com | HTTPS | Used for Windows apps to dynamically update their configuration. |
| sls.update.microsoft.com | HTTPS | Enables connections to Windows Update. |
| storecatalogrevocation.storequality.microsoft.com | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store. |
| storeedgefd.dsx.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
| store-images.s-microsoft.com | HTTPS | Used to get images that are used for Microsoft Store suggestions. |
| store-images.s-microsoft.com | HTTPS | Used to get images that are used for Microsoft Store suggestions. |
| telecommand.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
| tile-service.weather.microsoft.com | HTTP | Used to download updates to the Weather app Live Tile. |
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
| v10.vortex-win.data.microsoft.com | HTTPS | Used to retrieve Windows Insider Preview builds. |
| wallet.microsoft.com | HTTPS | Used by the Microsoft Wallet app. |
| watson.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
| wdcp.microsoft.akadns.net | HTTPS | Used for Windows Defender when Cloud-based Protection is enabled. |
| wildcard.twimg.com | TLSv1.2 | Used for the Twitter Live Tile. |
| www.bing.com | TLSv1.2 | Used for updates for Cortana, apps, and Live Tiles. |
| www.facebook.com | HTTPS | Used for the Facebook Live Tile. |
| www.microsoft.com | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |
Windows 10 Family 1803
| Destination | Protocol | Description |
| *.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ | HTTP | Enables connections to Windows Update. |
| arc.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| arc.msn.com/v3/Delivery/Placement | HTTPS | Used to retrieve Windows Spotlight metadata. |
| client-office365-tas.msedge.net* | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
| config.edge.skype.com/config/* | HTTPS | Used to retrieve Skype configuration values. |
| ctldl.windowsupdate.com/msdownload/update* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| cy2.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| cy2.settings.data.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| displaycatalog.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store. |
| dm3p.wns.notify.windows.com.akadns.net | HTTPS | Used for the Windows Push Notification Services (WNS). |
| fe2.update.microsoft.com* | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe3.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| g.live.com/odclientsettings/Prod | HTTPS | Used by OneDrive for Business to download and verify app updates. |
| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| geo-prod.dodsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update. |
| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in. |
| licensing.mp.microsoft.com/v7.0/licenses/content | HTTPS | Used for online activation and some app licensing. |
| location-inference-westus.cloudapp.net | HTTPS | Used for location data. |
| maps.windows.com/windows-app-web-link | HTTPS | Link to Maps application. |
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| ocos-office365-s2s.msedge.net* | HTTPS | Used to connect to the Office 365 portal's shared infrastructure. |
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
| oneclient.sfx.ms* | HTTPS | Used by OneDrive for Business to download and verify app updates. |
| query.prod.cms.rt.microsoft.com* | HTTPS | Used to retrieve Windows Spotlight metadata. |
| ris.api.iris.microsoft.com* | HTTPS | Used to retrieve Windows Spotlight metadata. |
| settings.data.microsoft.com/settings/v2.0/* | HTTPS | Used for Windows apps to dynamically update their configuration. |
| settings-win.data.microsoft.com/settings/* | HTTPS | Used as a way for apps to dynamically update their configuration. |
| sls.update.microsoft.com* | HTTPS | Enables connections to Windows Update. |
| storecatalogrevocation.storequality.microsoft.com* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store. |
| storeedgefd.dsx.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store. |
| tile-service.weather.microsoft.com* | HTTP | Used to download updates to the Weather app Live Tile. |
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
| ip5.afdorigin-prod-am02.afdogw.com | HTTPS | Used to serve office 365 experimentation traffic. |
| watson.telemetry.microsoft.com/Telemetry.Request | HTTPS | Used by Windows Error Reporting. |
Windows 10 Pro 1803
| Destination | Protocol | Description |
| *.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| .tlu.dl.delivery.mp.microsoft.com/ | HTTP | Enables connections to Windows Update. |
| *geo-prod.dodsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update. |
| arc.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. |
| ctldl.windowsupdate.com/msdownload/update/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
| cy2.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| cy2.settings.data.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| dm3p.wns.notify.windows.com.akadns.net | HTTPS | Used for the Windows Push Notification Services (WNS) |
| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in. |
| location-inference-westus.cloudapp.net | HTTPS | Used for location data. |
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
| ris.api.iris.microsoft.com.akadns.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
| vip5.afdorigin-prod-am02.afdogw.com | HTTPS | Used to serve office 365 experimentation traffic |
Image credit: carballo/ Shutterstock