Skip to content

Instantly share code, notes, and snippets.

@curability4apish

curability4apish/Microsoft-setup.md

Last active October 31, 2025 02:30
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save curability4apish/a7e09f13518b54c2da8ea17c06de7031 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save curability4apish/a7e09f13518b54c2da8ea17c06de7031 to your computer and use it in GitHub Desktop.
Download ZIP
How to firewall Microsoft telemetry?
Raw
Microsoft-setup.md

How to firewall Microsoft telemetry?

Setup

  1. Download and use Everything to find all paths of the following executables, and block them in Windows Firewall (wf.msc).

SearchApp.exe, *edgeupdate*, msedge.exe, smartscreen.exe

  1. Setup YogaDNS with NextDNS.
  2. Add this denylist to NextDNS profile designed for strict privacy protection. Alternatively, you can add it to the block rule of YogaDNS.
  3. When temporarily using a Microsoft service that is blocked by your strict privacy profile, switch to another NextDNS profile configured with YogaDNS.
  4. Create a separate browser profile and set it to a different NextDNS profile for debugging or temporary use.
  5. Replace Windows apps with FOSS alternatives.
  6. Debloat pre-installed apps you don't need with Geek Uninstaller. Beware that debloating (include but not limited to) Edge could have stability issues.

How to build the denylist

  1. Use Pandadome's process monitor to log down domains of useless connections (including telemetry) made by system programs.
@curability4apish
Copy link
Author

curability4apish commented Oct 7, 2025
edited
Loading

Here's the list I made:

---START---

apl.msn.com
b.c2r.ts.cdn.offce.net
backend-prd-imub2p4wyq-uc.a.run.app
client.wns.windows.com
config.edge.skype.com
cp601.prod.do.dsp.mp.microsoft.com
cxcs.microsoft.net
ctldl.windowsupdate.com
dmp100dmpprodstorage.table.core.windows.net
displaycatalog.mp.microsoft.com
dlassets-ssl.xboxlive.com
edgedl.me.gv1.com
edge.microsoft.com
ecs.office.com
fd.api.iris.microsoft.com
fe3cr.delivery.mp.microsoft.com
f.c2r.ts.cdn.office.net
geo.prod.do.dsp.mp.microsoft.com
geover.prod.do.dsp.mp.microsoft.com
go.microsoft.com
google-analytics.com
kv601.prod.do.dsp.mp.microsoft.com
licensing.mp.microsoft.com
login.live.com
mc100mcprodstorage.table.core.windows.net
mobile.events.data.microsoft.com
mrodevicemgr.officeapps.live.com
ocsp.digicert.com
officecdn.microsoft.com
officeclient.microsoft.com
outlook-sdf.office.com
prod.client.wosc.services.microsoft.com
sectigo.com
settings-win.data.microsoft.com
slscr.lllxlate.microsoft.com
storeedgefd.dsx.mp.microsoft.com
storagecatalogrevocation.storagequality.microsoft.com
usertrust.com
x1.c.lencr.org
*.bing.com
*.msftconnecttest.com
*.xboxab.com

---END---

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment