7. Microsoft Defender

Disable microsoft defender notification icon
GPO

Computer Configuration › Administrative Templates › Windows Components › Windows Security › Systray

Hide Windows Security Systray

ENABLED

Updated: 2021-02-19 Reference

GUI

⌘ › Task Manager › More Details › Startup

Microsoft Defender notification icon

DISABLED

Updated: 2021-02-19 Reference

7.1. Firewall

Endpoints for telemetry may change. Peridiocally verify these have not changed. See references for additional documentation.

Warning

These endpoints should be blocked or routed to a blackhole. See Pi-Hole and DNAT for Captive DNS.

Connected User Experiences and Telemetry endpoints

Microsoft Defender Advanced Threat Protection is country specific and the prefix changes by country, e.g.: de.vortex-win.data.microsoft.com

Release

Diagnostic Endpoint

Functional Endpoint

Settings Endpoint

1703 with 2018-09 cumulative update

v10c.vortex-win.data.microsoft.com

v20.vortex-win.data.microsoft.com

settings-win.data.microsoft.com

1803 without 2018-09 cumulative update

v10.events.data.microsoft.com

v20.vortex-win.data.microsoft.com

settings-win.data.microsoft.com

1709 or earlier

v10.vortex-win.data.microsoft.com

v20.vortex-win.data.microsoft.com

settings-win.data.microsoft.com

Diagnostic data services endpoints

Service

Endpoint

Microsoft Defender Advanced Threat Protection

https://wdcp.microsoft.com

https://wdcpalt.microsoft.com

References

  1. Configure Windows Diagnostic Data

  2. Manage connections from Windows 10 to Microsoft Services

  3. Remove Microsoft Defender Telemetry