Re: Or... no snooping at all
The better option is to install (say) Linux Mint, then (say) VirtualBox, and finally Windows (your preferred version) inside the virtual machine. Then disable all Windows internet connectivity. Absolutely and finally.
Although I like the idea (also because it brings some much needed stability to Windows), I suspect this will be a swine to manage in a production environment. That said, you do have a point in that it may be worth blocking Win10 from talking to its masters but that approach has a problem in both VM and "naked" version: you still need it to patch, and that is pretty much an open gateway.
You don't know what it transmits during patch time - that might as well be a condensed archive from all the data it has managed to grab so far but had to buffer because it was blocked until then.