Windows 11/10 provides a large number of privacy controls for end users who can control them at will. If you’re installing a fresh copy of Windows 11/10, Microsoft has released details about which endpoints you’re connecting to, and we think you should find out. Although we already know that when you connect to a mail server, browse the web, access your stored cloud and use the site for weather, they all connect to the respective servers but there is more than that. Find out which websites and endpoints Windows 10 connects to after a clean install.
Websites that Windows 11/10 connects to
When connecting to different websites, Windows uses several methodologies. This includes setting up Windows 11/10 on a virtual test machine with default conditions, idle conditions, and globally accepted network protocol scanning/capture tools, and they also collect traffic reports to public IP addresses. Here is a list of websites that Windows 11/10 Enterprise connects to.
Weather tile live app.
Thumbnail directly from OneNote.
Photos app for downloading configuration files and connecting to the Office 365 portal’s shared infrastructure, including Office Online
Candy Crush Saga Updates.
Microsoft Wallet app.
Groove Music App
Cortana and search
This website or endpoint is used to obtain images used for Microsoft Store suggestions.
To update the greetings, tips, and live tiles in Cortana.
The following endpoint is used to configure settings, such as the Live Tile refresh frequency, and to enable experimental features.
Cortana uses this website to report diagnostic and diagnostic data information
This website is used by the Root Certificate Automatic Update component to automatically check the list of trusted authorities in Windows Update to see if an update is available.
Windows uses this website to download certificates that are publicly known to be fraudulent.
The endpoint is used to authenticate a device.
In order to retrieve device metadata.
The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management Service.
Connected User Experience and Telemetry component and connects to the Microsoft Data Management Service.
The following endpoints are used by Windows Error Reporting.
The following endpoints are used to download fonts on demand.
Website used for online activation and certain application licenses.
The following endpoint is used to check for updates of downloaded maps for offline use.
The following endpoints for Microsoft accounts are used to sign in.
The following endpoint is used for Windows Notification Services (WNS). WNS allows third-party developers to send toasts, tiles, badges, and raw updates from their cloud service.
To revoke licenses of malicious apps in the Microsoft Store.
Download image files called when applications are launched (Microsoft Store or Inbox MSN Apps).
Windows communicates with the Microsoft Store through these
Network Connection Status Indicator (NCSI)
The Network Connection Status Indicator (NCSI) detects your Internet connection and the status of your corporate network connection.
The following endpoints are used to connect to the Office 365 portal’s shared infrastructure, including Office Online. For more information, see Office 365 IP address ranges and URLs.
The following endpoint is used to connect to the Office 365 portal’s shared infrastructure, including Office Online.
The next endpoint is the OfficeHub traffic that is used to get Office applications metadata.
Microsoft’s redirect service uses it to update URLs automatically.
OneDrive for Business to download and check for app updates here.
The following endpoint is used to allow applications to dynamically update their configuration.
Skype configuration values are downloaded from these endpoints.
Windows Defender when cloud-based protection is enabled.
Windows Defender definition updates.
These endpoints enable Windows Spotlight metadata for photo locations, as well as suggested apps, Microsoft account notifications, and Windows Tips.
The following endpoint is used for Windows Update downloads of applications and operating system updates, including HTTP downloads or HTTP bundled downloads with peers.
Windows uses these endpoints to download operating system patches and updates.
Highwinds Content Delivery Network uses these updates to perform Windows Updates.
The Verizon Content Delivery Network uses it to perform Windows updates.
This website or endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. A time-limited URL (TLU) is a content protection mechanism.
The following endpoint is used to download apps from the Microsoft Store.
The following endpoints allow connection to Windows Update, Microsoft Update, and Online Store services.
The following endpoint is used to organize content.
The following endpoints are used to download content.
Microsoft’s direct link redirect service uses the website mentioned below to redirect persistent web links to the actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, only longer.
For more details on this and how to disable traffic for certain endpoints, visit docs.microsoft.com.