The traffic to r20swj13mr.microsoft.com appears to only occur the first time that Internet Explorer 11 is opened after the monthly IE Microsoft patch(es) is/are applied. That seems to be the only time we see it and then not every time.
We see traffic over TCP port 443 to r20swj13mr.microsoft.com twice upon opening IE. One session for the 32-bit instance and one session for the 64-bit instance.
It may have always done this - maybe we are just noticing it.
It would be interesting to know what r20swj13mr.microsoft.com is used for.
I guess that we can always block it at the firewall or hosts file.