Apps Learn how to turn off traffic to the following endpoint(s). The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won’t be able to revoke malicious Store apps and users will still be able to open them. HTTP tile-service.weather.microsoft.com The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won’t be able to revoke malicious Store apps and users will still be able to open them. TLSv1.2/HTTPS/HTTP cdn.onenote.net The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won’t be able to revoke malicious Store apps and users will still be able to open them. TLSv1.2/HTTPS evoke-windowsservices-tas.msedge.net Certificates Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or is not trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.

If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.

Learn how to turn off traffic to all of the following endpoint(s). TLSv1.2/HTTPS/HTTP ctldl.windowsupdate.com Cortana and Live Tiles Learn how to turn off traffic to all of the following endpoint(s). The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles. TLSv1.2/HTTPS/HTTP www.bing.com* TLSv1.2/HTTPS/HTTP fp.msedge.net TLSv1.2 I-ring.msedge.net HTTPS s-ring.msedge.net Device authentication Learn how to turn off traffic to all of the following endpoint(s). The following endpoint is used to authenticate a device. If you turn off traffic for this endpoint, the device will not be authenticated. HTTPS login.live.com* Device metadata The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata will not be updated for the device. Learn how to turn off traffic to all of the following endpoint(s). HTTP dmd.metaservices.microsoft.com Diagnostic Data The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. Learn how to turn off traffic to all of the following endpoint(s). TLSv1.2/HTTPS/HTTP v10.events.data.microsoft.com The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft. TLSv1.2 telecommand.telemetry.microsoft.com TLS v1.2/HTTPS/HTTP watson.*.microsoft.com Font Streaming The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you will not be able to download fonts on demand. Learn how to turn off traffic to all of the following endpoint(s). HTTPS fs.microsoft.com Licensing The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work. Learn how to turn off traffic to all of the following endpoint(s). TLSv1.2/HTTPS/HTTP licensing.mp.microsoft.com Maps Learn how to turn off traffic to all of the following endpoint(s). The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated. TLSv1.2/HTTPS/HTTP maps.windows.com Microsoft Account Learn how to turn off traffic to all of the following endpoint(s). The following endpoints are used for Microsoft acc