allow windows update through windows firewall (windows 11)

1. open windows defender firewall

2. click outgoing rules

3. create new rule

    a. select custom

    b. click next button

    c. next to services click customize

    d. select 'apply to this service'

    e. select Windows update (wuauserv)

    f. click ok

    g. click next        

4. Protocols and ports 

    a. select protocol type: TCP

    b. select local port: specific ports

    c. enter: 49152-65535

    d. select remote port: specific ports

    e. enter: 443

    f. click next

5. Scope

a. find Remote IP address

b. select 'these UP addresses'

c. click add button 

d. click 'This IP address of subnet'

e. enter: 20.242.39.171

f. click ok button, 

        (Note this IP address connection was found by observing windows update, and resolves to Microsoft, Datacentre, Chicago. 52.252.180.154 was also noted but update seems to work with only 20.242.39.171, note IP addresses may change in future and these don't seem linked to URLs)

6. Action (General tab):

b. set allow the connection

        b. click next

7. Profile: (tab: Advanced)

a. untick Domain 

b. untick Private 

 (note your external facing connection should be set to public for minimal privileges)

8. Name: give the rule a name 'custom windows update'

    a. click finish

Now try: Setting->Windows update->Check for updates 

You can then toggle this new rule to enabled / disabled the outgoing Windows update connection as needed.