Right in the docs:
Windows Update Whitelist
I am looking for a current list of URLs to whitelist on our firewall for Windows Update. Currently we are using SSL inspection and we are whitelisting the below URLs however we are getting certificate errors:
Auto proxy settings for this web service call.
WS error: There was an error communicating with the endpoint at 'https://fe2.delivery.mp.microsoft.com/ClientWebService/client.asmx'.
WS error: There was an error sending the HTTP request.
WS error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
WS error: The certificate authority is invalid or incorrect
Whitelist
*.dl.delivery.mp.microsoft.com
*.download.microsoft.com
*.mp.microsoft.com
*.update.microsoft.com
*.windowsupdate.com Wildcard
*.windowsupdate.microsoft.com
fe2.update.microsoft.com
go.microsoft.com
msedge.api.cdp.microsoft.com
msedge.b.dl.delivery.mp.microsoft.com
msedge.b.tlu.dl.delivery.mp.microsoft.com
msedge.f.dl.delivery.mp.microsoft.com
msedge.f.tlu.dl.delivery.mp.microsoft.com
msedge.sb.dl.delivery.mp.microsoft.com
msedge.sb.tlu.dl.delivery.mp.microsoft.com
msedge.sf.dl.delivery.mp.microsoft.com
msedge.sf.tlu.dl.delivery.mp.microsoft.com
ntservicepack.microsoft.com
settings-win.data.microsoft.com
sls.update.microsoft.com
wustat.windows.com