Much more simple. MS = evil so every domain name associated with it is blocked. I do not use MS software, have no need to update it, and certainly do not need to submit any telemetry info to them. So it is a non-issue until a guest wants to update their laptop using my wifi.