Master List of Windows 10 "phone home" connections
Microsoft released the first version of Windows 10 three years ago and privacy has been a hot topic ever since.
We published Windows 10 and Privacy back in 2015 to highlight privacy issues such as the inability to turn off Telemetry collection and transfers in the user interface.
Microsoft was criticized by government agencies in various countries such as France or the Netherlands for privacy issues, and a rising arsenal of privacy tools for Windows 10 promised users protection against the data hunger of Microsoft.
One option that Windows users and administrators have is to block endpoints so that connections can't be established. The method requires extensive testing as critical functionality may become unavailable when connections are blocked.
If you block Windows Update endpoints, you should not be surprised that you cannot use the automatic updating system anymore to keep the operating system up to date.
Default Windows 10 systems, those installed using default settings and left untouched, make a large number of connections automatically for a variety of purposes. Windows 10 checks for updates regularly, checks new files against Windows Defender databases, or submits telemetry data to Microsoft.
While some connections are required for the operating system to work properly, others may be disabled without noticeable impact in functionality; the latter is true especially if features are not used on the system.
Microsoft released a master list of Windows Endpoints for non-Enterprise and for Enterprise editions of Windows recently. The non-Enterprise listing is available for Windows 10 version 1709 and 1803, the Enterprise-specific listing for Windows 10 version 1709.
Tip: Check out my side-project Privacy Amp for detailed lists and other privacy related topics.
Without further ado, here are the connection endpoints of Windows 10 version 1803 (non-Enterprise).
Windows 10 Family
| Destination | Protocol | Description |
|---|---|---|
| *.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ | HTTP | Enables connections to Windows Update. |
| arc.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| arc.msn.com/v3/Delivery/Placement | HTTPS | Used to retrieve Windows Spotlight metadata. |
| client-office365-tas.msedge.net* | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
| config.edge.skype.com/config/* | HTTPS | Used to retrieve Skype configuration values. |
| ctldl.windowsupdate.com/msdownload/update* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| cy2.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| cy2.settings.data.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| displaycatalog.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store. |
| dm3p.wns.notify.windows.com.akadns.net | HTTPS | Used for the Windows Push Notification Services (WNS). |
| fe2.update.microsoft.com* | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe3.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| g.live.com/odclientsettings/Prod | HTTPS | Used by OneDrive for Business to download and verify app updates. |
| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| geo-prod.dodsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update. |
| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in. |
| licensing.mp.microsoft.com/v7.0/licenses/content | HTTPS | Used for online activation and some app licensing. |
| location-inference-westus.cloudapp.net | HTTPS | Used for location data. |
| maps.windows.com/windows-app-web-link | HTTPS | Link to Maps application. |
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| ocos-office365-s2s.msedge.net* | HTTPS | Used to connect to the Office 365 portal's shared infrastructure. |
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
| oneclient.sfx.ms* | HTTPS | Used by OneDrive for Business to download and verify app updates. |
| query.prod.cms.rt.microsoft.com* | HTTPS | Used to retrieve Windows Spotlight metadata. |
| ris.api.iris.microsoft.com* | HTTPS | Used to retrieve Windows Spotlight metadata. |
| settings.data.microsoft.com/settings/v2.0/* | HTTPS | Used for Windows apps to dynamically update their configuration. |
| settings-win.data.microsoft.com/settings/* | HTTPS | Used as a way for apps to dynamically update their configuration. |
| sls.update.microsoft.com* | HTTPS | Enables connections to Windows Update. |
| storecatalogrevocation.storequality.microsoft.com* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store. |
| storeedgefd.dsx.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store. |
| tile-service.weather.microsoft.com* | HTTP | Used to download updates to the Weather app Live Tile. |
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
| ip5.afdorigin-prod-am02.afdogw.com | HTTPS | Used to serve office 365 experimentation traffic. |
| watson.telemetry.microsoft.com/Telemetry.Request | HTTPS | Used by Windows Error Reporting. |
Windows 10 Pro
| Destination | Protocol | Description |
|---|---|---|
| *.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| .tlu.dl.delivery.mp.microsoft.com/ | HTTP | Enables connections to Windows Update. |
| *geo-prod.dodsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update. |
| arc.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. |
| ctldl.windowsupdate.com/msdownload/update/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
| cy2.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| cy2.settings.data.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| dm3p.wns.notify.windows.com.akadns.net | HTTPS | Used for the Windows Push Notification Services (WNS) |
| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in. |
| location-inference-westus.cloudapp.net | HTTPS | Used for location data. |
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
| ris.api.iris.microsoft.com.akadns.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
| vip5.afdorigin-prod-am02.afdogw.com | HTTPS | Used to serve office 365 experimentation traffic |
Windows 10 Education
| Destination | Protocol | Description |
|---|---|---|
| *.b.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
| *.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| .tlu.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
| .windowsupdate.com | HTTP | Enables connections to Windows Update. |
| *geo-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
| au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
| cdn.onenote.net/livetile/* | HTTPS | Used for OneNote Live Tile. |
| client-office365-tas.msedge.net/* | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
| config.edge.skype.com/* | HTTPS | Used to retrieve Skype configuration values. |
| ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| cy2.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| cy2.settings.data.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
| displaycatalog.mp.microsoft.com/* | HTTPS | Used to communicate with Microsoft Store. |
| download.windowsupdate.com/* | HTTPS | Enables connections to Windows Update. |
| emdl.ws.microsoft.com/* | HTTP | Used to download apps from the Microsoft Store. |
| fe2.update.microsoft.com/* | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| fe3.delivery.mp.microsoft.com/* | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
| g.live.com/odclientsettings/* | HTTPS | Used by OneDrive for Business to download and verify app updates. |
| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in. |
| licensing.mp.microsoft.com/* | HTTPS | Used for online activation and some app licensing. |
| maps.windows.com/windows-app-web-link | HTTPS | Link to Maps application |
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| ocos-office365-s2s.msedge.net/* | HTTPS | Used to connect to the Office 365 portal's shared infrastructure. |
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
| oneclient.sfx.ms/* | HTTPS | Used by OneDrive for Business to download and verify app updates. |
| settings-win.data.microsoft.com/settings/* | HTTPS | Used as a way for apps to dynamically update their configuration. |
| sls.update.microsoft.com/* | HTTPS | Enables connections to Windows Update. |
| storecatalogrevocation.storequality.microsoft.com/* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store. |
| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
| vip5.afdorigin-prod-ch02.afdogw.com | HTTPS | Used to serve office 365 experimentation traffic. |
| watson.telemetry.microsoft.com/Telemetry.Request | HTTPS | Used by Windows Error Reporting. |
| bing.com/* | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |
Summary
Article Name
Master List of Windows 10 "phone home" connections
Description
Microsoft published master lists of endpoint connections that recent versions of the company's Windows 10 operating system make recently.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
I think what’s most hilarious is how Microsoft created these findings, their methodology clearly explained in its introduction.
Because that’s what these lists are based on: findings.
Not gathered from source, but by logging network traffic.
We used the following methodology to derive these network endpoints:
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
2. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
3. Compile reports on traffic going to public IP addresses.
4. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
Somewhat on topic –
This is the best hosts lists I’ve found to date. While it may not add blocks for W10 problems, (they can easily be added by the user) it is massive and it works well:
https://github.com/StevenBlack/hosts
“This repository consolidates several reputable hosts files, and merges them into a unified hosts file with duplicates removed.”
In addition, “A variety of tailored hosts files are provided.”
If you want the default one (latest release):
https://github.com/StevenBlack/hosts/releases
Users of *nix will probably want to change all ‘0.0.0.0’ entries to ‘127.0.0.1’. (and maybe some Windows users, too, IDK)
To much websites. My scroll buton almost broke.
Martin, do you have all websites in one document for easy copying?
Is M$ secretly passing on such data to the NSA when requested.?
MS operates withing 14 Eyes countries. Of course they do.
Since 2007 Microsoft’s own servers were fully open for NSA, as many other American companies servers. The last couple of years i have heard about that everything that were going on in f.ex Live and Skype were re-routed via NSA. Today when the spying is expanded (by the Trump administration) so be prepared to that they even can walk right in to Your computer and do whatever they want to via backdoors. Backdoors were found already in Windows 95.
Microsoft even made a little spyware app for Chrome: https://arstechnica.com/gadgets/2018/04/microsoft-claims-to-make-chrome-safer-with-new-extension/
Hosts list https://pastebin.com/050GLwG8
I like Crazy Max’s Windows Spy Blocker:
https://github.com/crazy-max/WindowsSpyBlocker
Remember Microsoft bought github. Such tools will be obsolete.
“Good……Good……” (said in my best Emperor Palpatine voice!)
Let M$ spend even more beellions of dollars on the *next* hosting sevice that harbours code it doesn’t like!
Linux Has No Such Problems
Some really good efforts here to combat Windows’ (serious) privacy issues. I’ve been on Linux for several years now and looking over the work required to maintain (the semblance) of privacy seems never-ending and exhausting.
I honestly don’t think it’s possible to protect yourself from all the spyware built into Windows (and other similar OSes). The only answer is forcing these companies to be 100% transparent about every aspect of data collection and sharing. This will slowly help force the changes required (ala Facebook).
@johnjames: “The only answer is forcing these companies to be 100% transparent about every aspect of data collection and sharing.”
Transparency is very important. However, I don’t think that transparency, all by itself, will change any of this behavior.
“This will slowly help force the changes required (ala Facebook).”
I think that what’s happened with Facebook is more supportive of my conjecture than of yours. The changes that Facebook has been engaging aren’t even beginning to address the underlying privacy problems with Facebook. I think that’s 100% intentional — Facebook is hoping that if they make enough noise about “fixing” some of the tangential privacy issues, that will make people forget about the real privacy issues.
Once the OS’s of the world are totally transparent, then all you’ll need to worry about is data breaches, ransomware, and banks and insurance companies sharing your personal data.
Martin,
First : The are clean install connections, no 3rd party software.
Second: Missing from your list the apps servers, like :
candycrushsoda.king.com
evoke-windowsservices-tas.msedge.net
star-mini.c10r.facebook.com
wildcard.twimg.com, oem.twimg.com/windows/tile.xml
cdn.onenote.net/livetile/?Language=en-US
tile-service.weather.microsoft.com, blob.weather.microsoft.com
wallet.microsoft.com
mediaredirect.microsoft.com
store-images.s-microsoft.com
http://www.bing.com/proactive, http://www.bing.com/client, http://www.bing.com/threshold/xls.aspx
ctldl.windowsupdate.com
location-inference-westus.cloudapp.net…
This isn’t Martin’s list, it was published by Dani Halfin at Microsoft per the link in the article.
A lot of those are Microsoft domains which do feature in the list, however things like facebook, twitter and candy crush do not phone home to Microsoft.
Because the comment doesn’t immediately post…so I couldn’t edit or immediately reply…
will make a new comment. I just wanted to say, “thanks Martin,” This article was very informative.
The M$$$$$oft Eco-system has grown so massive…like very hot melted lead seeping into the works. You can’t shut down or toggle a setting for more privacy, without adversely affecting your normal operating experience.
I am experimenting with Linux mint as a dual boot, in an effort to one day…go all in for Linux.
Microsoft has been doing a lot of glad-handing (with an evil smile) with Linux.
Please beware Linux… Microsoft couldn’t figure out how to reverse engineer your android so their phone was crap. Microsoft would never admit it but…..IMO,
The PLAN: If Microsoft plans to completely take over the world, they need Linux.
It is sad that the United States hasn’t established better controls over Microsoft like the EU has….at least attempted.
For those run a clean installation of Windows 10
http://betanews.com/2018/07/31/all-the-websites-windows-10-connects-to-clean-install/
I know I’m giving away my privacy, but since Windows 10 ( brand new installation will all the latest drivers installed ) is blazing fast and free… such is life.
The mentality of this guy Deo lol
@ Deo —
“There is no free lunch in this world.”
In July 2014, M$ abolished her Windows Testing Division comprising of about 150 professional testers and 1200 test-computers = M$ saved a bundle of ca$h. As replacement, every Win 10 Home & Pro users are forced to become M$’s unpaid Beta-testers for her forced auto-updates/upgrades. Windows Insiders and a few M$ staff became unpaid Alpha-testers.
……. Hence, the quality of Windows Update has dropped and become amateurish or unprofessional.
Their Win 10 computers have also become M$’s money-making ad-box, eg preinstalled Candy Crush.
P S – M$ also tried to recruit Win 7/8.1 users as unpaid Beta-testers by sneaking Telemetry updates to their computers from Oct 2015 onwards. Unfortunately for M$, Win 7/8.1 users can manually block updates.
What is the procedure used to ‘block’ the end points listed above?
If I remember correctly, you do need a separate device for dropping the connections. So, there’s no way to block them from inside Windows, as these connections ignore the hosts-file.
That separate device could be your router, if it can be configured to do such things. Or you can also buy a Linux-compatible single-board computer, most prominent in this category is the Raspberry Pi, and then install Pi-Hole on there: https://pi-hole.net/
In a corporate network, you’re most likely routing internet traffic through a proxy, where you could easily block these, or do it in the dedicated firewall hardware that you probably have before that still.
Doesnt neccessarily need to be on raspberry pi, I got one working in a VM
There are over 457 microsoft servers in Simplewall open source firewall blocklist. That’s the crazy amount of data mining servers.
I never used Home/Pro of 10, only Enterprise, LTSB and Server. Looking at those lists (and I assume “Family” SKU is actually Home), I have a hard time believing Pro does so many less traffic compared to Home. Knowing how notorious Enterprise CBB is, it’s just not possible. Even LTSB initiates a connection whnever I open a new explorer window through explorer.exe.
Btw, don’t trust the “hosts” file in W10. I you use this OS and you want to block either of those domains, do it in your router. If it’s a portable machine, such as a laptop, well, then just don’t connect to other *LANs.
ANd my advice, just avoid those “privacy applications” for W10. They can’t do more than what the OS allows them to. Do yourself a favour, open gpedit.msc and disable, as much as you’re allowed to do, of course, through a non-destructive way.
“Btw, don’t trust the “hosts†file in W10. I you use this OS and you want to block either of those domains, do it in your router”
I just wanted to reinforce this. Windows 10 ignores the hosts file when doing some of its “phone home” connections.
@Yuliya, could you please elaborate on what to disable in the Group Policy Editor? Thanks!
Did you not check out Martin’s link in the article?
https://privacyamp.com/knowledge-base/windows-10-privacy-settings/
A good start would be these (on the right side you have the paths): imgur.com/cXN59lh
Note this is from a LTSB 1607. Also pay attention to the wording, for instance:
Allow Telemetry = Enabled [Secure] is the most “disabled” state of that policy.
Allow Telemetry = Disabled on the other hand does not do anything. It’s the same as Windows 10’s default. Also I think you won’t be able to set it to “Secure” unless you run Enterprise.
I remember they had these things about disabled and enabled that really didn’t be what it said, but the opposite in GPEDIT.msc already in Windows 2000. Some could be really confusing when the explanation did sound a bit odd. But i found the explanations online. Back then there were many good sites with guides You could follow, there probably still are. You are right about this thing about being awake ! (Thumb up !)
Spybot Anti-Beacon… already made a list longer than this in the HOSTS file. Frankly, it’s incredible what M$ gets away with. The slave mentality they are working with…
MS is now worth $800 billion. MS can afford to have contempt for users like us.
see…
https://www.baystreet.ca/techinsider/1325/Microsoft-Now-Worth-800-Billion
M$ is making all these connections because they’re trying to eventually force end users to have to be online all the time in order to use Windows. They will then rent the OS instead of allowing a one-time payment for its use. Being online will also keep the feds happy because… well…. you know, 1984. M$ always talks about their “stategy” as if the end user is their opponent. That’s because they’ve completely lost respect for their customers. It’s time for somebody else to step up to the plate and create an alternative to the (IMO) M$ monopoly. The way I see it, once a fully functional and bug-free NON-LINUX or other UNIX knockoff OS is created, then programmers can be recruited to meet end user program needs. However, with all the copyrights and patents the government has allowed M$ to acquire, this won’t happen until some other alternative is found. M$ is just plain evil. The U.S vs. M$ case was a P.R. hoax.
m$ strategy is pretty clear at this point; convince users to stream its OS, Games and Data with the convenience of pushing that data to any device for a monthly fee, that will go up every year or two.. forever. Then they will create obstacles between you and your data for even more control. Add on the windows store that will gouge a cut of profits from Dev’s and you’ve got a pretty solid ever expanding revenue stream. End goals of companies today are easy to spot when you consider that their only care is higher stock value, and they will do anything the law will allow to accomplish that task. When the law blocks their path they hire lobbyists, politicians and lawyers to clear the way.
“You” are the product.
thx, informative contribution. especially for simplewall users (which i am not). as far as windows is concerned, i recommend o & o shutup : https://www.oo-software.com/en/shutup10 .