Windows 10 connects to these websites after a clean install

Windows 10 offers tons of privacy control for end users which they can control at their will. If you are installing a fresh copy of Windows 10, starting with version 1709 and later, Microsoft has released details of which endpoints it connects to, and we think you should know about it. While we already know that whenever you connect to the email server or browse the web or access backups stored on the cloud, and use the location for weather, they all connect to respective servers, but then there is more to that. Check out which websites & endpoints Windows 10 connects to after a clean install.

Websites that Windows 10 connects to

When connecting to different websites, Windows users many methodologies. It includes setting up Windows 10 on a virtual test machine with default conditions, idle conditions,  globally accepted network protocol analyzer/capturing tools, and they also compile reports on traffic going to public IP addresses. Below is the list of websites with which Windows 10 Enterprise connections.

windows 10 connects to websites

Apps

Weather App Live Tile.

Source process Protocol Destination Applies from Windows 10 version
explorer HTTP tile-service.weather.microsoft.com 1709
HTTP blob.weather.microsoft.com 1803

OneNote Live Tile.

Source process Protocol Destination Applies from Windows 10 version
HTTPS cdn.onenote.net/livetile/?Language=en-US 1709

Twitter updates.

Source process Protocol Destination Applies from Windows 10 version
HTTPS wildcard.twimg.com 1709
svchost.exe oem.twimg.com/windows/tile.xml 1709

Facebook updates.

Source process Protocol Destination Applies from Windows 10 version
star-mini.c10r.facebook.com 1709

Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office Online

Source process Protocol Destination Applies from Windows 10 version
WindowsApps\Microsoft.Windows.Photos HTTPS evoke-windowsservices-tas.msedge.net 1709

Candy Crush Saga updates.

Source process Protocol Destination Applies from Windows 10 version
TLS v1.2 candycrushsoda.king.com 1709

Microsoft Wallet app.

Source process Protocol Destination Applies from Windows 10 version
system32\AppHostRegistrationVerifier.exe HTTPS wallet.microsoft.com 1709

Groove Music app

Source process Protocol Destination Applies from Windows 10 version
system32\AppHostRegistrationVerifier.exe HTTPS mediaredirect.microsoft.com 1709

This website or endpoint is used to get images that are used for Microsoft Store suggestions.

Source process Protocol Destination Applies from Windows 10 version
searchui HTTPS store-images.s-microsoft.com 1709

To update Cortana greetings, tips, and Live Tiles.

Source process Protocol Destination Applies from Windows 10 version
backgroundtaskhost HTTPS www.bing.com/client 1709

The following endpoint is used to configure parameters, such as how often the Live Tile is updated, and for enabling experimental features.

Source process Protocol Destination Applies from Windows 10 version
backgroundtaskhost HTTPS www.bing.com/proactive 1709

Cortana uses this website to report diagnostic and diagnostic data information

Source process Protocol Destination Applies from Windows 10 version
searchui
backgroundtaskhost
HTTPS www.bing.com/threshold/xls.aspx 1709

Certificates

This website is used by Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.

Source process Protocol Destination Applies from Windows 10 version
svchost HTTP ctldl.windowsupdate.com 1709

Windows uses this website to download certificates that are publicly known to be fraudulent.

Source process Protocol Destination Applies from Windows 10 version
svchost HTTP ctldl.windowsupdate.com 1709

Device authentication

Endpoint used to authenticate a device.

Source process Protocol Destination Applies from Windows 10 version
HTTPS login.live.com/ppsecure 1709

Device metadata

In order to retrieve device metadata.

Source process Protocol Destination Applies from Windows 10 version
dmd.metaservices.microsoft.com.akadns.net 1709
HTTP dmd.metaservices.microsoft.com 1803

Diagnostic Data

The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.

Source process Protocol Destination Applies from Windows 10 version
svchost cy2.vortex.data.microsoft.com.akadns.net 1709

Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.

Source process Protocol Destination Applies from Windows 10 version
svchost v10.vortex-win.data.microsoft.com/collect/v1 1709

The following endpoints are used by Windows Error Reporting.

Source process Protocol Destination Applies from Windows 10 version
wermgr watson.telemetry.microsoft.com 1709
TLS v1.2 modern.watson.data.microsoft.com.akadns.net 1709

Font streaming

The following endpoints are used to download fonts on demand.

Source process Protocol Destination Applies from Windows 10 version
svchost fs.microsoft.com 1709
fs.microsoft.com/fs/windows/config.json 1709

Licensing

The website used for online activation and some app licensing.

Source process Protocol Destination Applies from Windows 10 version
licensemanager HTTPS licensing.mp.microsoft.com/v7.0/licenses/content 1709

Location

Location data.

Source process Protocol Destination Applies from Windows 10 version
HTTP location-inference-westus.cloudapp.net 1709

Maps

The following endpoint is used to check for updates to maps that have been downloaded for offline use.

Source process Protocol Destination Applies from Windows 10 version
svchost HTTPS *g.akamaiedge.net 1709

Microsoft account

The following endpoints are used for Microsoft accounts to sign in.

Source process Protocol Destination Applies from Windows 10 version
login.msa.akadns6.net 1709
system32\Auth.Host.exe HTTPS auth.gfx.ms 1709

Microsoft Store

The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service.

Source process Protocol Destination Applies from Windows 10 version
*.wns.windows.com 1709

To revoke licenses for malicious apps in the Microsoft Store.

Source process Protocol Destination Applies from Windows 10 version
HTTP storecatalogrevocation.storequality.microsoft.com 1709

Download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).

Source process Protocol Destination Applies from Windows 10 version
HTTPS img-prod-cms-rt-microsoft-com.akamaized.net 1709
backgroundtransferhost HTTPS store-images.microsoft.com 1803

Windows communicates with Microsoft Store through these

Source process Protocol Destination Applies from Windows 10 version
HTTP storeedgefd.dsx.mp.microsoft.com 1709
HTTP pti.store.microsoft.com 1709
TLS v1.2 cy2.*.md.mp.microsoft.com.*. 1709
svchost HTTPS displaycatalog.mp.microsoft.com 1803

Network Connection Status Indicator (NCSI)

Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status.

Source process Protocol Destination Applies from Windows 10 version
HTTP www.msftconnecttest.com/connecttest.txt 1709

Office

The following endpoints are used to connect to the Office 365 portal’s shared infrastructure, including Office Online. For more info, see Office 365 URLs and IP address ranges.

Source process Protocol Destination Applies from Windows 10 version
*.a-msedge.net 1709
hxstr *.c-msedge.net 1709
*.e-msedge.net 1709
*.s-msedge.net 1709
HTTPS ocos-office365-s2s.msedge.net 1803

The following endpoint is used to connect to the Office 365 portal’s shared infrastructure, including Office Online.

Source process Protocol Destination Applies from Windows 10 version
system32\Auth.Host.exe HTTPS outlook.office365.com 1709

The following endpoint is OfficeHub traffic used to get the metadata of Office apps.

Source process Protocol Destination Applies from Windows 10 version
Windows Apps\Microsoft.Windows.Photos HTTPS client-office365-tas.msedge.net 1709

OneDrive

Microsoft Redirection service uses these to automatically update URLs.

Source process Protocol Destination Applies from Windows 10 version
onedrive HTTP \ HTTPS g.live.com/1rewlive5skydrive/ODSUProduction 1709

OneDrive for Business to download and verify app updates from here.

Source process Protocol Destination Applies from Windows 10 version
onedrive HTTPS oneclient.sfx.ms 1709

Settings

The following endpoint is used as a way for apps to dynamically update their configuration.

Source process Protocol Destination Applies from Windows 10 version
dmclient cy2.settings.data.microsoft.com.akadns.net 1709
Source process Protocol Destination Applies from Windows 10 version
dmclient HTTPS settings.data.microsoft.com 1709
Source process Protocol Destination Applies from Windows 10 version
svchost HTTPS settings-win.data.microsoft.com 1709

Skype

Skype configuration values are downloaded from these endpoints.

Source process Protocol Destination Applies from Windows 10 version
microsoft.windowscommunicationsapps.exe HTTPS config.edge.skype.com 1709

Windows Defender

Windows Defender when Cloud-based Protection is enabled through these.

Source process Protocol Destination Applies from Windows 10 version
wdcp.microsoft.com 1709

Windows Defender definition updates.

Source process Protocol Destination Applies from Windows 10 version
definitionupdates.microsoft.com 1709
MpCmdRun.exe HTTPS go.microsoft.com 1709

Windows Spotlight

These endpoints make it possible for Windows Spotlight metadata for image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.

Source process Protocol Destination Applies from Windows 10 version
backgroundtaskhost HTTPS arc.msn.com 1709
backgroundtaskhost g.msn.com.nsatc.net 1709
TLS v1.2 *.search.msn.com 1709
HTTPS ris.api.iris.microsoft.com 1709
HTTPS query.prod.cms.rt.microsoft.com 1709

Windows Update

The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.

Source process Protocol Destination Applies from Windows 10 version
svchost HTTPS *.prod.do.dsp.mp.microsoft.com 1709

Windows uses these endpoints to download operating system patches and updates.

Source process Protocol Destination Applies from Windows 10 version
svchost HTTP *.windowsupdate.com 1709
HTTP fg.download.windowsupdate.com.c.footprint.net 1709

Highwinds Content Delivery Network uses these to perform Windows updates.

Source process Protocol Destination Applies from Windows 10 version
cds.d2s7q6s2.hwcdn.net 1709

Verizon Content Delivery Network uses these to perform Windows updates.

Source process Protocol Destination Applies from Windows 10 version
HTTP *wac.phicdn.net 1709
*wac.edgecastcdn.net 1709

This website or endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. Time Limited URL (TLU) is a mechanism for protecting the content.

Source process Protocol Destination Applies from Windows 10 version
svchost *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net 1709

The following endpoint is used to download apps from the Microsoft Store.

Source process Protocol Destination Applies from Windows 10 version
svchost emdl.ws.microsoft.com 1709

The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.

Source process Protocol Destination Applies from Windows 10 version
svchost HTTPS fe2.update.microsoft.com 1709
svchost fe3.delivery.mp.microsoft.com 1709
fe3.delivery.dsp.mp.microsoft.com.nsatc.net 1709
svchost HTTPS sls.update.microsoft.com 1709
HTTP *.dl.delivery.mp.microsoft.com 1803

The following endpoint is used for content regulation.

Source process Protocol Destination Applies from Windows 10 version
svchost HTTPS tsfe.trafficshaping.dsp.mp.microsoft.com 1709

The following endpoints are used to download content.

Source process Protocol Destination Applies from Windows 10 version
a122.dscd.akamai.net 1709
a1621.g.akamai.net 1709

Microsoft forward link redirection service uses the below-mentioned website to redirect permanent web links to the actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer.

Source process Protocol Destination Applies from Windows 10 version
Various HTTPS go.microsoft.com 1709

For full details on this and how to turn off traffic for particular endpoints, visit docs.microsoft.com.

Download this VPN to secure all your Windows devices and browse anonymously
Posted by on , in Category Windows with Tags
Ashish is a veteran Windows, and Xbox user who excels in writing tips, tricks, and features on it to improve your day to day experience with your devices.

Leave a Reply

Your email address will not be published. Required fields are marked *


3 + 9 =