Hello
Thank you for your question and reaching out. Windows Update requires TCP port 80, 443, and 49152-65535. The IP address for the Windows Update website is dynamic and changes frequently. The IP addresses are not officially published either. Typically, we recommend against using the firewall's IP address definitions for this. Instead, we advise designating the DNS names as allowed destinations for traffic via the firewall or enabling all outbound connections to http & https ports. Use the DNS system since it is the only trustworthy source of current information for the IPs that Windows Update is currently using. Make sure the following destination hosts are supplied if you're using DNS:
http://windowsupdate.microsoft.com
http://.windowsupdate.microsoft.com
https://.windowsupdate.microsoft.com
http://.update.microsoft.com
https://.update.microsoft.com
http://.windowsupdate.com
http://download.windowsupdate.com
http://.download.windowsupdate.com
http://ntservicepack.microsoft.com
--If the reply is helpful, please Upvote and Accept as answer--