| Must have | aka.ms*
go.microsoft.com |
| Device Authentication | login.live.com
dmd.metaservices.microsoft.com [used to retrieve device metadata] |
| Windows Autopilot | ztd.dds.microsoft.com
cs.dds.microsoft.com |
| TPM Attestation for Whiteglove | *.microsoftaik.azure.net
ekop.intel.com/ekcertservice [If device firmware is from Intel] ekcert.spserv.microsoft.com/EKCertificate/GetEKCertificate/v1 [If device firmware is from Qualcomm]
ftpm.amd.com/pki/aia [If device firmware is from AMD] |
| Windows Activation/Licensing | activation.sls.microsoft.com
validation.sls.microsoft.com
activation-v2.sls.microsoft.com
validation-v2.sls.microsoft.com
licensing.mp.microsoft.com
licensing.md.mp.microsoft.com |
| CRL and OCSP checks for CA | crl.microsoft.com/pki/crl/products/MicProSecSerCA_2007-12-04.crl
crl.microsoft.com/pki/crl/*
*microsoft.com/pkiops/*
ocsp.digicert.com/* |
| Windows Update/Delivery Optimization | ctldl.windowsupdate.com
cs9.wac.phicdn.net
*.windowsupdate.com
*.update.microsoft.com
*hwcdn.net
*.delivery.mp.microsoft.com
tsfe.trafficshaping.dsp.mp.microsoft.com
*.prod.do.dsp.mp.microsoft.com
*geo-prod.do.dsp.mp.microsoft.com*
*.dl.delivery.mp.microsoft.com
*.emdl.ws.microsoft.com adl.windows.com |
| Microsoft Store for Business | *displaycatalog.mp.microsoft.com d
isplaycatalog.md.mp.microsoft.com
purchase.mp.microsoft.com
purchase.md.mp.microsoft.com
storecatalogrevocation.storequality.microsoft.com
img-prod-cms-rt-microsoft-com.akamaized.net
.md.mp.microsoft.com
pti.store.microsoft.com
markets.books.microsoft.com
storeedgefd.dsx.mp.microsoft.com
livetileedge.dsx.mp.microsoft.com
share.microsoft.com
*.microsoft.com.akadns.net
clientconfig.passport.net windowsphone.com
*.microsoft.com
*.s-microsoft.com
manage.devcenter.microsoft.com |
| NTP | time.windows.com [over UDP port 123] |
| Network Connection Status Indicator | www.msftconnecttest.com* |
| Diagnostics Data | *.events.data.microsoft.com
*.telemetry.microsoft.com
watson.*.microsoft.com
*.vortex-win.data.microsoft.com/collect/v1
cs11.wpc.v0cdn.net
cs1137.wpc.gammacdn.net
settings.data.microsoft.com
settings-win.data.microsoft.com
*.blob.core.windows.net |
| Windows Notification Services | *.wns.windows.com |
| Office Apps/Office Updates | *.c-msedge.net
*.e-msedge.net
*.s-msedge.net
nexusrules.officeapps.live.com
ocos-office365-s2s.msedge.net
officeclient.microsoft.com
outlook.office365.com
client-office365-tas.msedge.net
www.office.com
onecollector.cloudapp.aria
v10.events.data.microsoft.com/onecollector/1.0/
self.events.data.microsoft.com to-do.microsoft.com
g.live.com/1rewlive5skydrive/*
msagfx.live.com
oneclient.sfx.ms
logincdn.msauth.net
blobs.officehome.msocdn.com
officehomeblobs.blob.core.windows.net
self.events.data.microsoft.com
outlookmobile-office365-tas.msedge.net
config.teams.microsoft.com |
| Defender | wdcp.microsoft.com
definitionupdates.microsoft.com
*.smartscreen.microsoft.com
*.smartscreen-prod.microsoft.com
checkappexec.microsoft.com |
| Microsoft Account Access endpoints | *.login.microsoftonline.com
*.login.microsoft.com
login.windows.net
account.live.com
signup.live.com
login.msa.akadns6.net
us.configsvc1.live.com.akadns.net |
| Required for Cortana | www.bing.com*
I-ring.msedge.net
s-ring.msedge.net |
| MS Edge | iecvlist.microsoft.com
msedge.api.cdp.microsoft.com |
| Azure Cloud related | wd-prod-fe.cloudapp.azure.com
accountalt.azureedge.net
secure.aadcdn.microsoftonline-p.com
ris-prod-atm.trafficmanager.net
validation-v2.sls.trafficmanager.net |
| Intune related | portal.manage.microsoft.com
r.manage.microsoft.com
m.manage.microsoft.com
*.manage.microsoft.com
*.officeconfig.msocdn.com
config.office.com
graph.windows.net
enterpriseregistration.windows.net
fef.msuc03.manage.microsoft.com
wip.mam.manage.microsoft.com [requires port 444]
mam.manage.microsoft.com |