Websites Windows 10 Connects To After a Clean Install

Starting with very first releases of Windows 10, Microsoft was often criticized by a huge number of users, and even by government agencies in certain countries like Netherlands for intensive data collection via the built-in diagnostics and telemetry services. In response, Microsoft has published the list of endpoints Windows 10 connects to after a clean install. Here are the endpoints for the recently released Windows 10 version 1809.

Having this list in their hands, experienced users and administrators may try to block them by configuring the network so connections to those endpoints can't be established. This method can have a negative effect, as it can break some online functionality of the OS if its backend shares a server with a blocked connection endpoint. Besides telemetry servers, Windows 10 connects to a large number of sites for various purposes, including OneDrive, and Outlook services, Microsoft Store, and Windows Update, and so on.

Microsoft has released details of which endpoints Windows 10 1809 connects to following a clean install. It is a huge list.

Windows 10 Family

DestinationProtocolDescription
.aria.microsoft.comHTTPSOffice Telemetry
.dl.delivery.mp.microsoft.comHTTPEnables connections to Windows Update.
.download.windowsupdate.comHTTPUsed to download operating system patches and updates.
*.g.akamai.netHTTPSUsed to check for updates to maps that have been downloaded for offline use.
.msn.comTLSv1.2/HTTPSWindows Spotlight related traffic
*.Skype.comHTTP/HTTPSSkype related traffic
.smartscreen.microsoft.comHTTPSWindows Defender Smartscreen related traffic
.telecommand.telemetry.microsoft.comHTTPSUsed by Windows Error Reporting.
cdn.onenote.netHTTPOneNote related traffic
displaycatalog.mp.microsoft.comHTTPSUsed to communicate with Microsoft Store.
emdl.ws.microsoft.comHTTPWindows Update related traffic
geo-prod.do.dsp.mp.microsoft.comTLSv1.2/HTTPSEnables connections to Windows Update.
hwcdn.netHTTPUsed by the Highwinds Content Delivery Network to perform Windows updates.
img-prod-cms-rt-microsoft-com.akamaized.netHTTPSUsed to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
maps.windows.comHTTPSRelated to Maps application.
msedge.netHTTPSUsed by OfficeHub to get the metadata of Office apps.
nexusrules.officeapps.live.comHTTPSOffice Telemetry
photos.microsoft.comHTTPSPhotos App related traffic
prod.do.dsp.mp.microsoft.comTLSv1.2/HTTPSUsed for Windows Update downloads of apps and OS updates.
wac.phicdn.netHTTPWindows Update related traffic
windowsupdate.comHTTPWindows Update related traffic
wns.windows.comHTTPS, TLSv1.2Used for the Windows Push Notification Services (WNS).
wpc.v0cdn.netWindows Telemetry related traffic
auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.jsMSA related
evoke-windowsservices-tas.msedge*HTTPSThe following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
fe2.update.microsoft.com*TLSv1.2/HTTPSEnables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
fe3..mp.microsoft.com.TLSv1.2/HTTPSEnables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
fs.microsoft.comFont Streaming (in ENT traffic)
g.live.com*HTTPSUsed by OneDrive
iriscoremetadataprod.blob.core.windows.netHTTPSWindows Telemetry
mscrl.micorosoft.comCertificate Revocation List related traffic.
ocsp.digicert.com*HTTPCRL and OCSP checks to the issuing certificate authorities.
officeclient.microsoft.comHTTPSOffice related traffic.
oneclient.sfx.ms*HTTPSUsed by OneDrive for Business to download and verify app updates.
purchase.mp.microsoft.com*HTTPSUsed to communicate with Microsoft Store.
query.prod.cms.rt.microsoft.com*HTTPSUsed to retrieve Windows Spotlight metadata.
ris.api.iris.microsoft.com*TLSv1.2/HTTPSUsed to retrieve Windows Spotlight metadata.
ris-prod-atm.trafficmanager.netHTTPSAzure traffic manager
settings.data.microsoft.com*HTTPSUsed for Windows apps to dynamically update their configuration.
settings-win.data.microsoft.com*HTTPSUsed for Windows apps to dynamically update their configuration.
sls.update.microsoft.com*TLSv1.2/HTTPSEnables connections to Windows Update.
store*.dsx.mp.microsoft.com*HTTPSUsed to communicate with Microsoft Store.
storecatalogrevocation.storequality.microsoft.com*HTTPSUsed to revoke licenses for malicious apps on the Microsoft Store.
store-images.s-microsoft.com*HTTPUsed to get images that are used for Microsoft Store suggestions.
tile-service.weather.microsoft.com*HTTPUsed to download updates to the Weather app Live Tile.
tsfe.trafficshaping.dsp.mp.microsoft.com*TLSv1.2Used for content regulation.
v10.events.data.microsoft.comHTTPSDiagnostic Data
wdcp.microsoft.*TLSv1.2Used for Windows Defender when Cloud-based Protection is enabled.
wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.comHTTPSWindows Defender related traffic.
www.bing.com*HTTPUsed for updates for Cortana, apps, and Live Tiles.

Windows 10 Pro

DestinationProtocolDescription
*.e-msedge.netHTTPSUsed by OfficeHub to get the metadata of Office apps.
*.g.akamaiedge.netHTTPSUsed to check for updates to maps that have been downloaded for offline use.
*.s-msedge.netHTTPSUsed by OfficeHub to get the metadata of Office apps.
.tlu.dl.delivery.mp.microsoft.com/HTTPEnables connections to Windows Update.
*geo-prod.dodsp.mp.microsoft.com.nsatc.netHTTPSEnables connections to Windows Update.
arc.msn.com.nsatc.netHTTPSUsed to retrieve Windows Spotlight metadata.
au.download.windowsupdate.com/*HTTPEnables connections to Windows Update.
ctldl.windowsupdate.com/msdownload/update/*HTTPUsed to download certificates that are publicly known to be fraudulent.
cy2.licensing.md.mp.microsoft.com.akadns.netHTTPSUsed to communicate with Microsoft Store.
cy2.settings.data.microsoft.com.akadns.netHTTPSUsed to communicate with Microsoft Store.
dm3p.wns.notify.windows.com.akadns.netHTTPSUsed for the Windows Push Notification Services (WNS)
fe3.delivery.dsp.mp.microsoft.com.nsatc.netHTTPSEnables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
g.msn.com.nsatc.netHTTPSUsed to retrieve Windows Spotlight metadata.
ipv4.login.msa.akadns6.netHTTPSUsed for Microsoft accounts to sign in.
location-inference-westus.cloudapp.netHTTPSUsed for location data.
modern.watson.data.microsoft.com.akadns.netHTTPSUsed by Windows Error Reporting.
ocsp.digicert.com*HTTPCRL and OCSP checks to the issuing certificate authorities.
ris.api.iris.microsoft.com.akadns.netHTTPSUsed to retrieve Windows Spotlight metadata.
tile-service.weather.microsoft.com/*HTTPUsed to download updates to the Weather app Live Tile.
tsfe.trafficshaping.dsp.mp.microsoft.comHTTPSUsed for content regulation.
vip5.afdorigin-prod-am02.afdogw.comHTTPSUsed to serve office 365 experimentation traffic

Windows 10 Education

DestinationProtocolDescription
*.b.akamaiedge.netHTTPSUsed to check for updates to maps that have been downloaded for offline use.
*.e-msedge.netHTTPSUsed by OfficeHub to get the metadata of Office apps.
*.g.akamaiedge.netHTTPSUsed to check for updates to maps that have been downloaded for offline use.
*.s-msedge.netHTTPSUsed by OfficeHub to get the metadata of Office apps.
*.telecommand.telemetry.microsoft.com.akadns.netHTTPSUsed by Windows Error Reporting.
.tlu.dl.delivery.mp.microsoft.comHTTPEnables connections to Windows Update.
.windowsupdate.comHTTPEnables connections to Windows Update.
*geo-prod.do.dsp.mp.microsoft.comHTTPSEnables connections to Windows Update.
au.download.windowsupdate.com*HTTPEnables connections to Windows Update.
cdn.onenote.net/livetile/*HTTPSUsed for OneNote Live Tile.
client-office365-tas.msedge.net/*HTTPSUsed to connect to the Office 365 portal’s shared infrastructure, including Office Online.
config.edge.skype.com/*HTTPSUsed to retrieve Skype configuration values.
ctldl.windowsupdate.com/*HTTPUsed to download certificates that are publicly known to be fraudulent.
cy2.displaycatalog.md.mp.microsoft.com.akadns.netHTTPSUsed to communicate with Microsoft Store.
cy2.licensing.md.mp.microsoft.com.akadns.netHTTPSUsed to communicate with Microsoft Store.
cy2.settings.data.microsoft.com.akadns.netHTTPSUsed to communicate with Microsoft Store.
displaycatalog.mp.microsoft.com/*HTTPSUsed to communicate with Microsoft Store.
download.windowsupdate.com/*HTTPSEnables connections to Windows Update.
emdl.ws.microsoft.com/*HTTPUsed to download apps from the Microsoft Store.
fe2.update.microsoft.com/*HTTPSEnables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
fe3.delivery.dsp.mp.microsoft.com.nsatc.netHTTPSEnables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
fe3.delivery.mp.microsoft.com/*HTTPSEnables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
g.live.com/odclientsettings/*HTTPSUsed by OneDrive for Business to download and verify app updates.
g.msn.com.nsatc.netHTTPSUsed to retrieve Windows Spotlight metadata.
ipv4.login.msa.akadns6.netHTTPSUsed for Microsoft accounts to sign in.
licensing.mp.microsoft.com/*HTTPSUsed for online activation and some app licensing.
maps.windows.com/windows-app-web-linkHTTPSLink to Maps application
modern.watson.data.microsoft.com.akadns.netHTTPSUsed by Windows Error Reporting.
ocos-office365-s2s.msedge.net/*HTTPSUsed to connect to the Office 365 portal's shared infrastructure.
ocsp.digicert.com*HTTPCRL and OCSP checks to the issuing certificate authorities.
oneclient.sfx.ms/*HTTPSUsed by OneDrive for Business to download and verify app updates.
settings-win.data.microsoft.com/settings/*HTTPSUsed as a way for apps to dynamically update their configuration.
sls.update.microsoft.com/*HTTPSEnables connections to Windows Update.
storecatalogrevocation.storequality.microsoft.com/*HTTPSUsed to revoke licenses for malicious apps on the Microsoft Store.
tile-service.weather.microsoft.com/*HTTPUsed to download updates to the Weather app Live Tile.
tsfe.trafficshaping.dsp.mp.microsoft.comHTTPSUsed for content regulation.
vip5.afdorigin-prod-ch02.afdogw.comHTTPSUsed to serve office 365 experimentation traffic.
watson.telemetry.microsoft.com/Telemetry.RequestHTTPSUsed by Windows Error Reporting.
bing.com/*HTTPSUsed for updates for Cortana, apps, and Live Tiles.

On the official web site, you can find the information related to a number of previously released versions of Windows 10, including version 1803 and 1709. Check out the following links:

Also, there are dedicated documents for Enterprise editions of the OS.

That's it

3 thoughts on “Websites Windows 10 Connects To After a Clean Install

  1. Cor

    Check out their so called methodology, instead of fetching these lists from source. As someone who monitors every traffic, I’m calling bs on these lists.

    Reply
  2. Shyam Reddy

    Thanks Sergey! Does winaero stop the above via disable telemetry setting?

    Reply
    1. Sergey Tkachenko Post author

      it should.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.