Blocking Microshaft - that's what you think
Going off at a tangent - I run a Windows 10 Pro (2004) VM on my Linux Mint desktop. I also run a pfsense firewall with the pfblockerNG package installed.
Obviously I have blocked Microsoft at a DNS level but have also blocked all Microsoft ASN I can find (25 so far). I will allow access to Microshaft but only when I decide its appropriate (eg Windows update check) otherwise the VM Win 10 client is blocked.
As soon as I booted the Windows 10 VM this afternoon pfsense reported that it tried to establish a connection (443) to these IP's
Whois shows they are both Microshaft
NetRange: 220.127.116.11 - 18.104.22.168
CIDR: 22.214.171.124/12, 126.96.36.199/14
Parent: NET52 (NET-52-0-0-0-0)
NetType: Direct Assignment
Organization: Microsoft Corporation (MSFT)
You may block Microsfaft at an DNS level but it appears to have some hard coding for IP addresses to circumvent this.
As I am somewhat neurotic I operate a similar ASN policy for Facebook. Google, Oracle, Adobe, Yahoo. Twitter, Telegram and Amazon. It can be a bit wearing at times but at least I decide who has access to what.
Whilst I am only a home user I also operate a default block outbound policy on pfsense - stops any IOT devices phoning home unless specifically authorised.
Think I'll go for a lie down now ....