Before update 19043.844, it was possible to disable Certificate Network Retrieval for Certificate Path Validation in Security Configuration Management. Windows validates certificate path via ctldl.windowsupdate.com. Disabling Network Retrieval in 19043.844 prevented internet from working and blacklisting ctldl.windowsupdate.com domain resolution prevented successful login to some non-Microsoft applications and accounts. Certificate Revocation could still be disabled without problems, but not Certificate Network Retrieval. Windows Update and related services were all disabled. Installing AllowedCert.cab and DisallowedCert.cab did not resolve the problem. Changing related settings in Internet Explorer was also fruitless. This happened across all 4 laptops that were updated to Windows 10 19043.844. Certificate Network Retrieval via ctldl.windowsupdate.com became a new type of telemetry...
Setup firewall to block all outgoing communications and allow only ones that you like And with few tools to add ip's to hosts file you are the man in power
As I mentioned, blocking ctldl.windowsupdate.com domain resulted in some programs refusing to login because they somehow verify certificates.