Thank you for the tool. Any effort to prevent the forceful invasion of privacy Microsoft has imposed is very appreciated.
I am a bit paranoid though, and do not trust that simply putting Microsoft's domains in a text file will suffice. They may change the addresses or have less known servers or even explicitly hidden ones. Or they may have programmed the system to ignore address matching their domains. No, to be sure nothing unauthorized leaves my machine I explicitly block all in and out traffic with my firewall, which of course is not the default Windows one. I wouldn't trust that thing. Then I create specific rules for each application that needs access to the internet.
To be able to get a connection, svchost.exe needs to be granted outgoing permission in ports 67-68, for dhcp; if a static a IP is used this isn't needed. Other than that, allowing outgoing traffic in port 53 -dns- is required for normal name resolution when web browsing. Of course, all this is vain if Microsoft compromised W10 at the kernel level, which wouldn't surprise me in the least.
My point is we should treat W10 with caution at all times, and never get a false sense of security. Use it if is necessary, but if privacy is important the linux/freeBSD is the road to go.