Add a firewall rule to block any traffic destined to 64.4.54.1/24
and 65.55.44.1/24
You could also use a bigger set, which still allows windows updates to function 23.212.108.0/24 64.4.0.0/18 65.52.0.0/14 111.221.29.0/24 157.56.91.77 168.61.0.0/16 168.62.0.0/15
If you use OpenDNS, add the following domains to the untrusted list vortex.data.microsoft.com vortex-win.data.microsoft.com telecommand.telemetry.microsoft.com telecommand.telemetry.microsoft.com.nsatc.net oca.telemetry.microsoft.com oca.telemetry.microsoft.com.nsatc.net sqm.telemetry.microsoft.com sqm.telemetry.microsoft.com.nsatc.net