Controlling Microsoft via firewall rules

A post for my business brethren, or anyone with a firewall on their network (which, really, please consider!).

Microsoft is at war with my company. They forcibly introduce internet sites that have nothing to do with my business to my users, limiting the productivity of my employees and exposing my network to potentially compromised websites with the only purpose of creating additional profit for them.

What started with easing their financial burden of hosting Windows Updates (Delivery Optimization) – but in reality was a strong-armed attempt to get me to pay for the electricity and bandwidth required to deliver updates to unknown parties the world over – has turned into paid advertisements being foisted upon my users on a continual basis. And here we thought forcing Candy Crush on us was bad, now they are pushing (likely) un-vetted websites on our systems constantly. Attempting to subvert any web content controls we may have in place to create profit (for them) at the cost of productivity (for us).

Not to mention the security nightmare that they have created by pushing these sites into our networks.

I continually look for a replacement OS that actually cares about my business’s productivity. (PLEASE RED HAT, SAVE ME!) And have never considered Apple in a more positive light than I do currently. But as it is, I am stuck with over 100 Windows computers.

As such, I have taken to banning Microsoft sites in my firewall in order to restore a level of security and control back into my network. I will keep a running list of sites in this thread that I have found contribute to unnecessary exposure and risk. I put these sites into a DROP ALL rule that is at the top of my firewall security policies. Unfortunately MS actively fights back, so constant diligence is needed, but at least it is something.

Banning these IP’s/Sites will result in the “search highlights” presented when you click on Windows search bar, and the “weather” widget next to your clock no longer able to provide content (or at least it does on my network).

Please contribute any sites/addresses that you find as well.

204.79.197.203
*.aria.microsoft.com
*.azurefd.net
*.msedge.net
strict.bing.com
th.bing.com

Taste the Success!

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>