9. Microsoft Defender

Don’t turn this off unless you know what you are doing. You should first disable all of the options for windows defender before disabling the service, as cloud-based protection will cause 100% disk usage (in settings).

See Virus & threat protection settings for Windows Defender GUI settings. ref:w10-20h2-standalone-telemetry for telemetry services.


As of 20H2 Microsoft Defender can no longer be disabled; it will only disable on detection of other certified antivirus software. Disable all live scanning services instead.

After every major windows update, verify these settings.

Reference Reference

9.1. Firewall

Endpoints for telemetry may change. Peridiocally verify these have not changed. See references for additional documentation.


These endpoints should be blocked or routed to a blackhole. See Pi-Hole and DNAT for Captive DNS.


  1. Configure Windows Diagnostic Data

  2. Manage connections from Windows 10 to Microsoft Services

  3. Remove Microsoft Defender Telemetry