7. Microsoft Defender

7.1. Firewall

Endpoints for telemetry may change. Peridiocally verify these have not changed. See references for additional documentation.


These endpoints should be blocked or routed to a blackhole. See Pi-Hole and DNAT for Captive DNS.


  1. Configure Windows Diagnostic Data

  2. Manage connections from Windows 10 to Microsoft Services

  3. Remove Microsoft Defender Telemetry