Aren't we chatty today, Windows 11
Continuing my work from the Web Browser telemetry article two years ago (which I plan to update, just to see the difference time does to telemetry data), I decided to make a log of all network connections a standard install of Windows 11 Pro (for ARM, 22H2, OS build 22621.1344) does.
The methodology is the same, standard setup without changing any of the default settings (Privacy ones, for example). Test device is a MacBook M1 laptop and Parallels Desktop, a clean user profile, all network connections blocked, application-level network connection whitelisting and only Little Snitch installed. So it’s actually Little Snitch that does all the heavy-lifting. Network traffic is routed through a VPN in Finland.
That’s 66 unique network connections to different hosts/domains for a clean install. Some are understandable, like Windows Update CDN, others like graph.microsoft.com
and watson.events.data.microsoft.com
are just the thing that would define Windows 11 as spyware. Definitely “more spyware” than DPRK’s Red Star OS.

config.edge.skype.com
onTCP
port443
- Microsoft Skypectldl.windowsupdate.com
onTCP
port80
- Windows Updatewww.msftconnecttest.com
onTCP
port80
- Network Connection (NCSI)settings-win.data.microsoft.com
onTCP
port443
- Used for Windows apps to dynamically update their configurationmsedge.api.cdp.microsoft.com
onTCP
port443
- Microsoft Edgemsedge.f.tlu.dl.delivery.mp.microsoft.com
onTCP
port80
- Microsoft Storefs.microsoft.com
onTCP
port443
- Used to download fonts on demand239.255.255.250
on UDP port1900
cacerts.digicert.com
onTCP
port80
- CRL and OCSP checks to the issuing certificate authoritiessdx.microsoft.com
onTCP
port443
login.live.com
onTCP
port443
- Microsoft Accountnav.smartscreen.microsoft.com
onTCP
port443
- Windows Defender Smartscreensmartscreen-prod.microsoft.com
onTCP
port443
- Windows Defenderslscr.update.microsoft.com
onTCP
port443
- Windows Update, Microsoft Update, and the online services of Microsoft Storeocsp.digicert.com
onTCP
port80
- CRL and OCSP checks to the issuing certificate authoritiescrl3.digicert.com
onTCP
port80
- CRL and OCSP checks to the issuing certificate authoritiesfe2cr.update.microsoft.com
onTCP
port443
- Windows Update, Microsoft Update, and the online services of Microsoft Storegeo.prod.do.dsp.mp.microsoft.com
onTCP
port443
- Windows Updatego.microsoft.com
onTCP
port443
- Windows Defenderstatics.teams.cdn.office.net
onTCP
port443
- Microsoft Teamsdownload.windowsupdate.com
onTCP
port80
- Windows Updatekv501.prod.do.dsp.mp.microsoft.com
onTCP
port443
- Windows Updatefe3cr.delivery.mp.microsoft.com
onTCP
port443
- Microsoft Storecp501.prod.do.dsp.mp.microsoft.com
onTCP
port443
- Windows Updatego.microsoft.com
onTCP
port80
- Windows Defendergeover.prod.do.dsp.mp.microsoft.com
onTCP
port443
- Windows Updatelicensing.mp.microsoft.com
onTCP
port443
- Used for online activation and some app licensingztd.dds.microsoft.com
onTCP
port443
client.wns.windows.com
onTCP
port443
- Used for the Windows Push Notification Services (WNS)dmd.metaservices.microsoft.com
onTCP
port80
- Used to retrieve device metadataconfig.teams.microsoft.com
onTCP
port443
- Microsoft Teamsteams.events.data.microsoft.com
onTCP
port443
- Microsoft Teamsstatics.teams.cdn.live.net
onTCP
port443
- Microsoft Teamsedge-conumer-static.azureedge.net
onTCP
port443
dl.delivery.mp.microsoft.com
onTCP
port80
- Microsoft Storemsedge.b.tlu.dl.delivery.mp.microsoft.com
onTCP
port80
- Microsoft Storeedge.microsoft.com
onTCP
port443
account.live.com
onTCP
port443
acctcdn.msauth.net
onTCP
port443
browser.events.data.microsoft.com
onTCP
port443
login.live.com
onTCP
port443
- Microsoft Accountlogincdn.msftauth.net
onTCP
port443
- Microsoft OneDrivev10.events.data.microsoft.com
onTCP
port443
- Diagnostic Datainference.location.live.net
onTCP
port443
- Used for location datav20.events.data.microsoft.com
onTCP
port443
fd.api.iris.microsoft.com
onTCP
port443
www.bing.com
onTCP
port443
- Cortana, apps, and Live Tilesonedscolprduks05.uksouth.cloudapp.azure.com
onTCP
port443
- Azurer.bing.com
onTCP
port443
- Cortana, apps, and Live Tilesth.bing.com
onTCP
port443
- Cortana, apps, and Live Tilesteams.live.com
onTCP
port443
- Microsoft Teamsassets.msn.com
onTCP
port443
- Windows Spotlightedgeassetservice.azureedge.net
onTCP
port443
arc.msn.com
onTCP
port443
- Windows Spotlightg.live.com
onTCP
port443
- Microsoft OneDriveofficeclient.microsoft.com
onTCP
port443
- Microsoft Officeoneclient.sfx.ms
onTCP
port443
- Used by OneDrive for Business to download and verify app updatesmaps.windows.com
onTCP
port443
- Maps applicationwatson.events.data.microsoft.com
onTCP
port443
- Diagnostic Datawww.microsoft.com
onTCP
port80
self.events.data.microsoft.com
onTCP
port443
- Microsoft Officegraph.microsoft.com
onTCP
port443
ris.api.iris.microsoft.com
onTCP
port443
- Used to retrieve Windows Spotlight metadatafp.msedge.net
onTCP
port443
- Microsoft OfficeHubwindows.msn.com
onTCP
port443
- Windows Spotlightnav-edge.smartscreen.microsoft.com
onTCP
port443
Yeah …