For a Mac/*nix gentleman, I've been doing an awful lot of Windows stuff of late. Today was discovering why certain services don't operate with external firewalls and proxy servers.
According to this Technet article, the following domains are required for successful Windows Updates:
http://windowsupdate.microsoft.com http://*.windowsupdate.microsoft.com https://*.windowsupdate.microsoft.com http://*.update.microsoft.com https://*.update.microsoft.com http://*.windowsupdate.com http://download.windowsupdate.com http://download.microsoft.com http://*.download.windowsupdate.com http://wustat.windows.com http://ntservicepack.microsoft.com
And according to this knowledgebase article, these URLs are required to be bypassed if you're running a proxy server, otherwise Windows Activation will fail:
http://go.microsoft.com/ https://sls.microsoft.com/ https://sls.microsoft.com:443 http://crl.microsoft.com/pki/crl/products/MicrosoftRootAuthority.crl http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl https://activation.sls.microsoft.com
And finally, these URLs are required for your daily dose of nostalgially bad web design:
It reminds me of all the domains I had to whitelist in NoScript to access my student email in Outlook Web Access. As much as I dislike and not trust Google thesedays, I only needed one domain for Gmail to work back then.
And as an aside, this is the second post in 2015 to start with "That's a lot of...". Make of that what you will. I wouldn't recommend overthinking it, or anything for that matter. I wonder if I can make ten? Sounds like a challenge :3.