Stop network traffic to Microsoft Telemetry service

jayanthi ramprakash 46 Reputation points
2021-01-26T02:39:11.393+00:00

Hi Experts,
Two of our exchange servers (Exchange 2013 on Windows 2012 R2) in our Development environment are generating excessive network traffic. (traffic through Squid proxy) All the attempts are for ‘sqm.microsoft.com’ on port 443 and they all result in HTTP 503.
‘sqm.microsoft.com’ seems to be related to Microsoft Telemetry service. So, using the following link, I already turned off “Windows Customer Experience program” via Group policy editor and task scheduler. But our proxy engineers can still see the traffic on squid by these machines.
Could you please advise how I can configure the machines to turn off this traffic? Thanks.
https://www.ghacks.net/2016/10/26/turn-off-the-windows-customer-experience-program/

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,331 questions
{count} votes

Accepted answer
  1. Sunny Qi 10,906 Reputation points Microsoft Vendor
    2021-01-27T02:54:12.547+00:00

    Hi,

    It seems that the client contact proxy server directly and the proxy server sent HTTP request to connect sqm.microsoft.com.

    Please understand, analysis of network traffic is beyond our forum support level. If you want to know deeper about the network traces result, I would suggest you open a case with Microsoft where more in-depth investigation can be done so that you would get a more satisfying explanation to this question.

    You may find phone number for your region accordingly from the link below:

    Global Customer Service phone numbers

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Sunny Qi 10,906 Reputation points Microsoft Vendor
    2021-01-26T07:06:33.15+00:00

    Hi,

    Thanks for posting in Q&A platform.

    Windows uses a lot of technologies that require your system to contact Microsoft servers, Windows Automatic Update, telemetry, usage statistics, error reporting ,Edge . . . etc. Generally, we don't need to worry about it as it should be safe.

    If you need block traffics to sqm.microsoft.com, I would suggest verify the IP address of it first, and then block outbound traffic to this IP via Windows Firewall.

    60561-image-1.jpg

    In order to get the IP address of sqm.microsoft.com, you can run nslookup sqm.microsoft.com in Command Prompt from the impacted server. If you cannot get the answer, you could check it with network monitor.

    For more details about how to collect network traffic by Network Monitor, please refer to the following article:

    Collect data using Network Monitor

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. jayanthi ramprakash 46 Reputation points
    2021-01-26T23:27:38.947+00:00

    60658-72.jpgHi Sunny,

    Thank you very much for the response. I did not get the answer when I run 'nslookup sqm.microsoft.com' in command Prompt from the impacted server. So, I used Network Monitor. However, I found proxy server's name in the destination field instead of ip address for sqm.microsoft.com. Could you please advice how should I proceed further. Thank you.

    0 comments No comments