Privacy and security on Windows are so bad that there seems to be very little that people agree on.
On the top of this discussion you can find a link to ikel’s guide, so there’s that.
Also, in the guide there’s a way to disable telemetry via group policies. This is only available in Enterprise and Education versions. You can download Windows Enterprise in Microsoft’s site (Evaluation something is what the page is called - it asks an email but accepts anything), and you’ll have to use Microsoft Activation Script from massgravel’s github. It’s up to you if the risks are worth it.
On there you’ll also see a recommendation to only install software from the Store, since that’s the only way to run software in a sandbox. MS now requires a MS account to use the Store, so to get more security you need to get a MS account, link it to your OS and create some holes in your firewall/DNS block to allow it to talk back to the mothership. So, to get more security, you need to get less security. And a lot less privacy. It’s up to you. (if you have a lot of wrong opinions, trusting Microsoft/Apple/Google/etc is increasingly a security issue on top of a privacy one, but a lot of people - PG included - don’t seem to consider this in any threat model)
You can also set up NextDNS on your router and enable their Windows telemetry list, just in case.
Also, search digitalblossom in github. They have some scripts that add a bunch of urls and ips to the firewall and to the hosts file. Yes, it’s badness enumeration, but what do you have to lose? I tested then in a VM and they didn’t seem to break anything. For Win10, but MS telemetry urls probably didn’t change much in 11.
Edit : download anything you need to a USB drive, software, scripts, Mullvad Browser, VPN software, etc, format your hd and reinstall windows without internet and without creating a MS account. Install everything before turning internet on.
That’s all I can remember.