Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, September 1, 2019 10:04 AM
Hi all,
I've a quite question to ask to this community, Due to our company was found some issues on the Firewall Appliance's Logs about this URL "enterprise.activity.windows.com" was consumed high network traffics (Uploads / Downloads)
So I would like to ask with these below questions.
Some clients that take an effect : Windows 10 (10.0.17763.529)
What is the objectives of the URL, And why some clients are consume high network traffics (Uploads / Downloads)? Please give me some advice.
Can we block this URL on the Firewall Appliance? And if we've blocked this URL, The client side might take an effects or not, Please give me some advice.
How to stop the issue on the client side?
Thank you very much for your useful information.
Pairat Rungrassamee
All replies (11)
Tuesday, September 3, 2019 8:42 AM
Hi,
There are my understandings for your question:
1. “What is the objectives of the URL”
According to the following link we can see that "enterprise.activity.windows.com" is included in the whitelist, so it is safe Microsoft URL:
https://github.com/csirtgadgets/tf-domains-example/blob/master/data/whitelist.txt
2. “some clients are consume high network traffics”
I haven’t see this situation occur on our clients… If this condition only appear on some clients not all clients, try to update OS build to the latest on problematic clients. You can refer to the following link for more information. One more thing, network monitor is a good tool to capture network trace, you could use it for more detailed information.
https://support.microsoft.com/en-sg/help/4027667/windows-10-update
3.“Can we block this URL on the Firewall Appliance“
Yes, you can. However the clients may meet with unexpected result, for specific situation analysis you may need to open a support request here.
Hope can help you.
Best regards,
Kiki Shi
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, September 4, 2019 8:10 AM
Hi,
Would you mind letting me know the update of the problem? If you need further assistance, feel free to let me know. I will be more than happy to be of assistance.
Best regards,
Kiki Shi
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, September 10, 2019 4:32 AM
Hi,
Currently, We are trying to test turn-off some specials features on the client side that related to the Microsoft's Analytics.
Thank you very much for your useful information. Have a nice day ^_^
Best Regards,
Pairat Rungrassamee
Tuesday, September 10, 2019 5:34 AM
Hi,
You are welcome.
Have a nice day=.=
Best regards,
Kiki Shi
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, September 25, 2019 4:04 PM
We had a network spike yesterday too for "enterprise.activity.microsoft.com" and are investigating the issue as well. So far, there is not much info about the URL, and the github link no longer has that URL whitelisted
Wednesday, September 25, 2019 4:24 PM
When doing a search for just activity.microsoft.com, these 3 pages came up:
- /en-us/windows/project-rome/user-activities/how-to-guide-for-android
- /en-us/windows/project-rome/notifications/how-to-guide-for-ios
- /en-us/windows/project-rome/notifications/how-to-guide-for-windows
Based on the above, it appears that activity.microsoft.com is used by the MS Graph API for app developers to program notifications, and as such, ENTERPRISE.activity.microsoft.com may be something similar, but for private, Enterprise-coded apps.
Wednesday, October 9, 2019 9:02 AM
Hi,
As this thread has been quiet for a while, we will propose it as‘Answered’as the information provided should be helpful.
If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
Best Regards,
Kiki Shi
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, December 18, 2019 7:34 AM
Recently, since last week (12th of December), we started noticing large amounts of traffic to this endpoint as well...
We are talking about 10TB from several endpoints combined
We didn't change any settings on our workstations and Enterprise Roaming is not enabled and updates for OS are managed via SCCM.
Does anyone know which services on clients and servers use this endpoint? We are not talking about small amounts of data...
Thursday, March 12, 2020 11:29 PM
Anyone block it and notice any issues? I'm blocking it starting today, we'll see what happens
Friday, March 20, 2020 11:00 PM
Any resolution to this issue?
Thursday, April 2, 2020 8:07 AM
We have the exact same issue but mainly on our laptops. The virtual machines do not send this huge amount of data execpt a few.
Recently the data decreased to enterprise.activity.windows.com but greatly increased to activity.windows.com.
The solution is to create a gpo that disables Windows Activity feed. We have done it and the traffic went from 500-800GB /day to 20-50mb / day!
Create a gpo that disables Windows activity feed:
Computer Configuration -> Administrative Templates -> System/OS
"Enables Activity Feed" = Disabled
Edit: I have asked employees from Microsoft about this and noone could give me an answer