mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
Merge branch 'master' into v-tea-CI-103336
This commit is contained in:
Teresa-Motiv
commit
3cf43a81cc
@ -6562,12 +6562,12 @@
|
||||
},
|
||||
{
|
||||
"source_path": "windows/manage/manage-inventory-windows-store-for-business.md",
|
||||
"redirect_url": "/microsoft-store/app-inventory-managemement-windows-store-for-business",
|
||||
"redirect_url": "/microsoft-store/app-inventory-management-windows-store-for-business",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "store-for-business/app-inventory-managemement-windows-store-for-business.md",
|
||||
"redirect_url": "/microsoft-store/app-inventory-managemement-microsoft-store-for-business",
|
||||
"redirect_url": "/microsoft-store/app-inventory-management-microsoft-store-for-business",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
@ -14968,13 +14968,13 @@
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "windows/windows-10/windows-10-landing.yml",
|
||||
"redirect_url": "/windows/hub/windows-10",
|
||||
"source_path": "windows/hub/windows-10-landing.yml",
|
||||
"redirect_url": "/windows/windows-10",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "windows/security/threat-protection/windows-defender-atp/improverequestperformance-new.md",
|
||||
"redirect_url": "windows/security/threat-protection/microsoft-defender-atp/improve-request-performance",
|
||||
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
@ -15046,6 +15046,11 @@
|
||||
"source_path": "windows/device-security/index.md",
|
||||
"redirect_url": "/windows/security/threat-protection",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md",
|
||||
"redirect_url": "/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11",
|
||||
"redirect_document_id": true
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,7 +4,7 @@ description: Microsoft Edge, by default, allows users to use the F12 developer t
|
||||
services:
|
||||
keywords:
|
||||
ms.localizationpriority: medium
|
||||
managre: dougkim
|
||||
manager: dougkim
|
||||
author: eavena
|
||||
ms.author: eravena
|
||||
ms.date: 10/02/2018
|
||||
|
||||
@ -20,7 +20,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|-----------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented. Hide the Address bar drop-down list and disable the *Show search and site suggestions as I type* toggle in Settings. |  |
|
||||
| Disabled | 0 | 0 | Prevented. Hide the Address bar drop-down list and disable the *Show search and site suggestions as I type* toggle in Settings. |  |
|
||||
| Enabled or not configured **(default)** | 1 | 1 | Allowed. Show the Address bar drop-down list and make it available. | |
|
||||
|
||||
---
|
||||
|
||||
@ -20,7 +20,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|------------------------------------------|:---:|:--------:|------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured **(default)** | 0 | 0 | Prevented. Users can configure the *Clear browsing data* option in Settings. | |
|
||||
| Enabled | 1 | 1 | Allowed. Clear the browsing data upon exit automatically. |  |
|
||||
| Enabled | 1 | 1 | Allowed. Clear the browsing data upon exit automatically. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented. |  |
|
||||
| Disabled | 0 | 0 | Prevented. |  |
|
||||
| Enabled or not configured<br>**(default)** | 1 | 1 | Allowed. Microsoft Edge updates the configuration data for the Books Library automatically. | |
|
||||
|
||||
---
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------|:---:|:--------:|------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented. Users can still search to find items on their device. |  |
|
||||
| Disabled | 0 | 0 | Prevented. Users can still search to find items on their device. |  |
|
||||
| Enabled<br>**(default)** | 1 | 1 | Allowed. | |
|
||||
|
||||
---
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------|:---:|:--------:|-------------|:------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Enabled | 1 | 1 | Allowed | |
|
||||
|
||||
---
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Show the Books Library only in countries or regions where supported. |  |
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Show the Books Library only in countries or regions where supported. |  |
|
||||
| Enabled | 1 | 1 | Show the Books Library, regardless of the device’s country or region. | |
|
||||
|
||||
---
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Gather and send only basic diagnostic data. |  |
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Gather and send only basic diagnostic data. |  |
|
||||
| Enabled | 1 | 1 | Gather all diagnostic data. For this policy to work correctly, you must set the diagnostic data in *Settings > Diagnostics & feedback* to **Full**. | |
|
||||
|
||||
---
|
||||
|
||||
@ -20,7 +20,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Enabled<br>**(default)** | 1 | 1 | Allowed | |
|
||||
|
||||
---
|
||||
|
||||
@ -20,7 +20,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Enabled or not configured<br>**(default)** | 1 | 1 | Allowed | |
|
||||
|
||||
---
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Enabled or not configured<br>**(default)** | 1 | 1 | Allowed | |
|
||||
|
||||
---
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------------------------|:---:|:--------:|-------------|:-------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Enabled or not configured<br>**(default)** | 1 | 1 | Allowed | |
|
||||
|
||||
---
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------------------------|:---:|:--------:|-------------|:-------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Enabled or not configured<br>**(default)** | 1 | 1 | Allowed | |
|
||||
|
||||
---
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Enabled or not configured<br>**(default)** | 1 | 1 | Allowed | |
|
||||
|
||||
---
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Disabled | 0 | 0 | Prevented |  |
|
||||
| Enabled or not configured<br>**(default)** | 1 | 1 | Allowed | |
|
||||
|
||||
---
|
||||
|
||||
@ -20,12 +20,12 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Prevented. Microsoft Edge downloads book files to a per-user folder for each user. |  |
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Prevented. Microsoft Edge downloads book files to a per-user folder for each user. |  |
|
||||
| Enabled | 1 | 1 | Allowed. Microsoft Edge downloads book files to a shared folder. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy, which you can find:<p>**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**<p>Also, the users must be signed in with a school or work account. | |
|
||||
|
||||
---
|
||||
|
||||
|
||||
|
||||
|
||||
### ADMX info and settings
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|----------------------------|:---:|:--------:|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured | 0 | 0 | Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** group policy, which you can find:<p>**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**<p>For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). |  |
|
||||
| Disabled or not configured | 0 | 0 | Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** group policy, which you can find:<p>**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**<p>For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). |  |
|
||||
| Enabled<br>**(default)** | 1 | 1 | Allowed. | |
|
||||
|
||||
---
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------------------------|:---:|:--------:|-------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Prevented. |  |
|
||||
| Disabled | 0 | 0 | Prevented. |  |
|
||||
| Enabled or not configured<br>**(default)** | 1 | 1 | Allowed. Preload Start and New Tab pages. | |
|
||||
|
||||
---
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Show the Books Library only in countries or regions where supported. |  |
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Show the Books Library only in countries or regions where supported. |  |
|
||||
| Enabled | 1 | 1 | Show the Books Library, regardless of the device’s country or region. | |
|
||||
|
||||
---
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Prevented. Use the search engine specified in App settings.<p><p>If you enabled this policy and now want to disable it, all previously configured search engines get removed. |  |
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Prevented. Use the search engine specified in App settings.<p><p>If you enabled this policy and now want to disable it, all previously configured search engines get removed. |  |
|
||||
| Enabled | 1 | 1 | Allowed. Add up to five additional search engines and set any one of them as the default.<p><p>For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). | |
|
||||
|
||||
---
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled | 0 | 0 | Load and run Adobe Flash content automatically. | |
|
||||
| Enabled or not configured<br>**(default)** | 1 | 1 | Do not load or run Adobe Flash content and require action from the user. |  |
|
||||
| Enabled or not configured<br>**(default)** | 1 | 1 | Do not load or run Adobe Flash content and require action from the user. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------|:-----:|:--------:|-----------------------------------|:------------------------------------------------:|
|
||||
| Not configured<br>**(default)** | Blank | Blank | Users can choose to use Autofill. | |
|
||||
| Disabled | 0 | no | Prevented. |  |
|
||||
| Disabled | 0 | no | Prevented. |  |
|
||||
| Enabled | 1 | yes | Allowed. | |
|
||||
|
||||
---
|
||||
|
||||
@ -29,7 +29,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|-----------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | No data collected or sent |  |
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | No data collected or sent |  |
|
||||
| Enabled | 1 | 1 | Send intranet history only | |
|
||||
| Enabled | 2 | 2 | Send Internet history only | |
|
||||
| Enabled | 3 | 3 | Send both intranet and Internet history | |
|
||||
|
||||
@ -18,8 +18,8 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|-----------------------------------------------|:------------------------------------------------:|
|
||||
| Enabled | 0 | 0 | Block all cookies from all sites. |  |
|
||||
| Enabled | 1 | 1 | Block only coddies from third party websites. | |
|
||||
| Enabled | 0 | 0 | Block all cookies from all sites. |  |
|
||||
| Enabled | 1 | 1 | Block only cookies from third party websites. | |
|
||||
| Disabled or not configured<br>**(default)** | 2 | 2 | Allow all cookies from all sites. | |
|
||||
|
||||
---
|
||||
|
||||
@ -20,7 +20,7 @@ ms.topic: include
|
||||
|---------------------------------|:-----:|:--------:|---------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Not configured<br>**(default)** | Blank | Blank | Do not send tracking information but let users choose to send tracking information to sites they visit. | |
|
||||
| Disabled | 0 | 0 | Never send tracking information. | |
|
||||
| Enabled | 1 | 1 | Send tracking information. |  |
|
||||
| Enabled | 1 | 1 | Send tracking information. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -9,9 +9,9 @@ ms.topic: include
|
||||
---
|
||||
|
||||
|
||||
| | |
|
||||
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| **Single-app**<p><a href="/images/Picture1.png" alt="Full-sized view single-app digital/interactive signage" target="_blank"></a><p>**Digital/interactive signage**<p>Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.<ul><li>**Digital signage** does not require user interaction.<p>***Example.*** Use digital signage for things like a rotating advertisement or menu.<p></li><li>**Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet.<p>***Example.*** Use interactive signage for things like a building business directory or restaurant order/pay station.</li></ul><p>**Policy setting** = Not configured (0 default)<p> | <p> <p><a href="/images/Picture2.png" alt="Full-sized view single-app public browsing" target="_blank"></a> <p><strong>Public browsing</strong><p>Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.<p>The single-app public browsing mode is the only kiosk mode that has an <strong>End session</strong> button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.<p><em><strong>Example.</strong></em> A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps. <p><strong>Policy setting</strong> = Enabled (1) |
|
||||
| **Multi-app**<p><a href="/images/Picture5.png" alt="Full-sized view multi-app normal browsing" target="_blank"></a><p>**Normal browsing**<p>Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.<p>Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.<p>**Policy setting** = Not configured (0 default) | <p> <p><a href="/images/Picture6.png" alt="Full-sized view multi-app public browsing" target="_blank"></a><p><strong>Public browsing</strong><p>Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.<p>In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support. <p><em><strong>Example.</strong></em> A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.<p><strong>Policy setting</strong> = Enabled (1) |
|
||||
| | |
|
||||
|----------|------|
|
||||
|**Single-app**<p><a href="/images/Picture1.png" alt="Full-sized view single-app digital/interactive signage" target="_blank"></a><p>**Digital/interactive signage**<p>Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.<ul><li>**Digital signage** does not require user interaction.<p>***Example.*** Use digital signage for things like a rotating advertisement or menu.<p></li><li>**Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet.<p>***Example.*** Use interactive signage for things like a building business directory or restaurant order/pay station.</li></ul><p>**Policy setting** = Not configured (0 default)<p> | <p> <p><a href="/images/Picture2.png" alt="Full-sized view single-app public browsing" target="_blank"></a> <p><strong>Public browsing</strong><p>Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.<p>The single-app public browsing mode is the only kiosk mode that has an <strong>End session</strong> button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.<p><em><strong>Example.</strong></em> A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps. <p><strong>Policy setting</strong> = Enabled (1) |
|
||||
| **Multi-app**<p><a href="/images/Picture5.png" alt="Full-sized view multi-app normal browsing" target="_blank"></a><p>**Normal browsing**<p>Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.<p>Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.<p>**Policy setting** = Not configured (0 default) | <p> <p><a href="/images/Picture6.png" alt="Full-sized view multi-app public browsing" target="_blank"></a><p><strong>Public browsing</strong><p>Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.<p>In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support. <p><em><strong>Example.</strong></em> A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.<p><strong>Policy setting</strong> = Enabled (1) |
|
||||
|
||||
---
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|--------------------------|:-----:|:--------:|--------------------------------------------------------|:------------------------------------------------:|
|
||||
| Not configured | Blank | Blank | Users can choose to save and manage passwords locally. | |
|
||||
| Disabled | 0 | no | Not allowed. |  |
|
||||
| Disabled | 0 | no | Not allowed. |  |
|
||||
| Enabled<br>**(default)** | 1 | yes | Allowed. | |
|
||||
|
||||
---
|
||||
|
||||
@ -20,7 +20,7 @@ ms.topic: include
|
||||
|---------------------------|:-----:|:--------:|-------------------------------------------------|:------------------------------------------------:|
|
||||
| Not configured | Blank | Blank | Users can choose to use Pop-up Blocker. | |
|
||||
| Disabled<br>**(default)** | 0 | 0 | Turned off. Allow pop-up windows to open. | |
|
||||
| Enabled | 1 | 1 | Turned on. Prevent pop-up windows from opening. |  |
|
||||
| Enabled | 1 | 1 | Turned on. Prevent pop-up windows from opening. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------|:-----:|:--------:|---------------------------------------------|:------------------------------------------------:|
|
||||
| Not configured<br>**(default)** | Blank | Blank | Users can choose to see search suggestions. | |
|
||||
| Disabled | 0 | 0 | Prevented. Hide the search suggestions. |  |
|
||||
| Disabled | 0 | 0 | Prevented. Hide the search suggestions. |  |
|
||||
| Enabled | 1 | 1 | Allowed. Show the search suggestions. | |
|
||||
|
||||
---
|
||||
|
||||
@ -20,13 +20,13 @@ ms.topic: include
|
||||
|----------------|:-----:|:--------:|-----------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Not configured | Blank | Blank | Users can choose to use Windows Defender SmartScreen. | |
|
||||
| Disabled | 0 | 0 | Turned off. Do not protect users from potential threats and prevent users from turning it on. | |
|
||||
| Enabled | 1 | 1 | Turned on. Protect users from potential threats and prevent users from turning it off. |  |
|
||||
| Enabled | 1 | 1 | Turned on. Protect users from potential threats and prevent users from turning it off. |  |
|
||||
|
||||
---
|
||||
|
||||
To verify Windows Defender SmartScreen is turned off (disabled):
|
||||
1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
|
||||
2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.<p>
|
||||
2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.<p>
|
||||
|
||||
|
||||
### ADMX info and settings
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|----------------|:---:|:--------:|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Not configured | 0 | 0 | Locked. Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy are not editable. |  |
|
||||
| Not configured | 0 | 0 | Locked. Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy are not editable. |  |
|
||||
| Enabled | 1 | 1 | Unlocked. Users can make changes to all configured start pages.<p><p>When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
|
||||
|
||||
---
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Allowed/turned on. Users can choose what to sync to their device. | |
|
||||
| Enabled | 2 | 2 | Prevented/turned off. Disables the *Sync your Settings* toggle and prevents syncing. |  |
|
||||
| Enabled | 2 | 2 | Prevented/turned off. Disables the *Sync your Settings* toggle and prevents syncing. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Turned off/not syncing | |
|
||||
| Enabled | 1 | 1 | Turned on/syncing |  |
|
||||
| Enabled | 1 | 1 | Turned on/syncing |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Allowed | |
|
||||
| Enabled | 1 | 1 | Prevented |  |
|
||||
| Enabled | 1 | 1 | Prevented |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s). | |
|
||||
| Enabled | 1 | 1 | Prevented/turned on. |  |
|
||||
| Enabled | 1 | 1 | Prevented/turned on. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|----------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Allowed/turned off. Users can ignore the warning and continue to the site. | |
|
||||
| Enabled | 1 | 1 | Prevented/turned on. |  |
|
||||
| Enabled | 1 | 1 | Prevented/turned on. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Allowed/turned on. Override the security warning to sites that have SSL errors. | |
|
||||
| Enabled | 1 | 1 | Prevented/turned on. |  |
|
||||
| Enabled | 1 | 1 | Prevented/turned on. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Allowed/unlocked. Users can add, import, and make changes to the Favorites list. | |
|
||||
| Enabled | 1 | 1 | Prevented/locked down. |  |
|
||||
| Enabled | 1 | 1 | Prevented/locked down. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|--------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Allowed. Load the First Run webpage. | |
|
||||
| Enabled | 1 | 1 | Prevented. |  |
|
||||
| Enabled | 1 | 1 | Prevented. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|--------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Collect and send Live Tile metadata. | |
|
||||
| Enabled | 1 | 1 | Do not collect data. |  |
|
||||
| Enabled | 1 | 1 | Do not collect data. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: include
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|---------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | Allowed. Show localhost IP addresses. | |
|
||||
| Enabled | 1 | 1 | Prevented. |  |
|
||||
| Enabled | 1 | 1 | Prevented. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ ms.topic: include
|
||||
| Group Policy | Description | Most restricted |
|
||||
|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | Users can customize the favorites list, such as adding folders, or adding and removing favorites. | |
|
||||
| Enabled | Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file** and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as: <ul><li>HTTP location: "SiteList"=<https://localhost:8080/URLs.html></li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:/Users/Documents/URLs.html</li></ul></li></ol> |  |
|
||||
| Enabled | Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file** and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as: <ul><li>HTTP location: "SiteList"=<https://localhost:8080/URLs.html></li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:/Users/Documents/URLs.html</li></ul></li></ol> |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | All sites, including intranet sites, open in Microsoft Edge automatically. |  |
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | All sites, including intranet sites, open in Microsoft Edge automatically. |  |
|
||||
| Enabled | 1 | 1 | Only intranet sites open in Internet Explorer 11 automatically.<p><p>Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.<ol><li>In Group Policy Editor, navigate to:<p><p>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**</li><li>Click **Enable** and then refresh the policy to view the affected sites in Microsoft Edge.<p><p>A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.</li></ol> | |
|
||||
|
||||
---
|
||||
|
||||
@ -20,7 +20,7 @@ ms.topic: include
|
||||
|---------------------------------|:-----:|:--------:|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Not configured<br>**(default)** | Blank | Blank | Use the search engine specified in App settings. If you don't configure this policy and disable the [Allow search engine customization](../group-policies/search-engine-customization-gp.md#allow-search-engine-customization) policy, users cannot make changes. | |
|
||||
| Disabled | 0 | 0 | Remove or don't use the policy-set search engine and use the search engine for the market, letting users make changes. | |
|
||||
| Enabled | 1 | 1 | Use the policy-set search engine specified in the OpenSearch XML file, preventing users from making changes.<p><p>Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.<p><p>If you want your users to use the default Microsoft Edge settings for each market, then set the string to **EDGEDEFAULT**.<p><p>If you would like your users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**. |  |
|
||||
| Enabled | 1 | 1 | Use the policy-set search engine specified in the OpenSearch XML file, preventing users from making changes.<p><p>Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.<p><p>If you want your users to use the default Microsoft Edge settings for each market, then set the string to **EDGEDEFAULT**.<p><p>If you would like your users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**. |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@ ms.topic: include
|
||||
|
||||
| Group Policy | MDM | Registry | Description | Most restricted |
|
||||
|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | No additional message displays. |  |
|
||||
| Disabled or not configured<br>**(default)** | 0 | 0 | No additional message displays. |  |
|
||||
| Enabled | 1 | 1 | Show an additional message stating that a site has opened in IE11. | |
|
||||
| Enabled | 2 | 2 | Show an additional message with a *Keep going in Microsoft Edge* link to allow users to open the site in Microsoft Edge. | |
|
||||
|
||||
|
||||
@ -92,7 +92,7 @@ sections:
|
||||
|
||||
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp
|
||||
|
||||
html: <p>Learch how you can use the Enterprise Mode site list for websites and apps that have compatibility problems in Microsoft Edge.</p>
|
||||
html: <p>Learn how you can use the Enterprise Mode site list for websites and apps that have compatibility problems in Microsoft Edge.</p>
|
||||
|
||||
image:
|
||||
|
||||
|
||||
@ -33,7 +33,7 @@ sections:
|
||||
- type: markdown
|
||||
text: "
|
||||
Even if you still have legacy apps in your organization, you can default to the secure, modern experience of Microsoft Edge and provide a consistent level of compatibility with existing legacy applications.<br>
|
||||
<table><tr><td><img src='images/compat1.png' width='192' height='192'><br>**Test your site on Microsoft Edge**<br>Test your site on Microsoft Edge for free instantly, with remote browser testing powered by BrowserStack. You can also use the linting tool sonarwhal to assess your site's accessibility, speed, security, and more.<br><a href='https://developer.microsoft.com/microsoft-edge/tools/remote/'>Test your site on Microsoft Edge for free on BrowserStack</a><br><a href='https://sonarwhal.com/'>Use sonarwhal to improve your website.</a></td><td><img src='images/compat2.png' width='192' height='192'><br>**Improve compatibility with Enterprise Mode**<br>With Enterprise Mode you can use Microsoft Edge as your default browser, while ensuring apps continue working on IE11.<br><a href='https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility'>Use Enterprse mode to improve compatibility</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list'>Turn on Enterprise Mode and use a site list</a><br><a href='https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal'>Enterprise Site List Portal</a><br><a href='https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2017/04/25/the-ultimate-browser-strategy-on-windows-10/'>Ultimate browser strategy on Windows 10</a></td><td><img src='images/compat3.png' width='192' height='192'><br>**Web Application Compatibility Lab Kit**<br>The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge.<br><a href='web-app-compat-toolkit'>Find out more</a></td></tr>
|
||||
<table><tr><td><img src='images/compat1.png' width='192' height='192'><br>**Test your site on Microsoft Edge**<br>Test your site on Microsoft Edge for free instantly, with remote browser testing powered by BrowserStack. You can also use the linting tool sonarwhal to assess your site's accessibility, speed, security, and more.<br><a href='https://developer.microsoft.com/microsoft-edge/tools/remote/'>Test your site on Microsoft Edge for free on BrowserStack</a><br><a href='https://sonarwhal.com/'>Use sonarwhal to improve your website.</a></td><td><img src='images/compat2.png' width='192' height='192'><br>**Improve compatibility with Enterprise Mode**<br>With Enterprise Mode you can use Microsoft Edge as your default browser, while ensuring apps continue working on IE11.<br><a href='https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility'>Use Enterprise mode to improve compatibility</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list'>Turn on Enterprise Mode and use a site list</a><br><a href='https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal'>Enterprise Site List Portal</a><br><a href='https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2017/04/25/the-ultimate-browser-strategy-on-windows-10/'>Ultimate browser strategy on Windows 10</a></td><td><img src='images/compat3.png' width='192' height='192'><br>**Web Application Compatibility Lab Kit**<br>The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge.<br><a href='web-app-compat-toolkit'>Find out more</a></td></tr>
|
||||
</table>
|
||||
"
|
||||
- title: Security
|
||||
|
||||
@ -147,7 +147,7 @@ You need to set up your computers for data collection by running the provided Po
|
||||
|
||||
**To set up Enterprise Site Discovery**
|
||||
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
|
||||
|
||||
### WMI only: Set up your firewall for WMI data
|
||||
If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
|
||||
@ -171,13 +171,13 @@ You can determine which zones or domains are used for data collection, using Pow
|
||||
|
||||
**To set up data collection using a domain allow list**
|
||||
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
|
||||
|
||||
>**Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
|
||||
|
||||
**To set up data collection using a zone allow list**
|
||||
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
|
||||
|
||||
>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
|
||||
|
||||
@ -447,7 +447,7 @@ After you’ve collected your data, you’ll need to turn Enterprise Site Discov
|
||||
|
||||
**To stop collecting data, using PowerShell**
|
||||
|
||||
- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`.
|
||||
- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`.
|
||||
|
||||
>**Note**<br>Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
|
||||
|
||||
|
||||
@ -179,7 +179,7 @@ Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam
|
||||
<p><b>Example</b>
|
||||
<pre class="syntax">
|
||||
<docMode>
|
||||
<domain exclude="false">fakrikam.com
|
||||
<domain exclude="false">fabrikam.com
|
||||
<path docMode="7">/products</path>
|
||||
</domain>
|
||||
</docMode></pre></td>
|
||||
|
||||
@ -54,6 +54,6 @@ You can build and manage your Enterprise Mode Site List is by using any generic
|
||||
### Add a single site to the site list
|
||||
|
||||
|
||||
### Add mulitple sites to the site list
|
||||
### Add multiple sites to the site list
|
||||
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
ms.localizationpriority: low
|
||||
ms.mktglfcycl: deploy
|
||||
ms.pagetype: appcompat
|
||||
description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
|
||||
description: How to turn Enterprise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
|
||||
author: eavena
|
||||
ms.prod: ie11
|
||||
ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
|
||||
|
||||
@ -27,7 +27,7 @@ You must continue using IE11 if web apps use any of the following:
|
||||
If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11.
|
||||
|
||||
>[!TIP]
|
||||
>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).
|
||||
>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).
|
||||
|
||||
|
||||
|Technology |Why it existed |Why we don't need it anymore |
|
||||
@ -35,5 +35,7 @@ If you have uninstalled IE11, you can download it from the Microsoft Store or th
|
||||
|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | |
|
||||
|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | |
|
||||
|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. |
|
||||
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -76,7 +76,7 @@
|
||||
###[New group policy settings for Internet Explorer 11](ie11-deploy-guide/new-group-policy-settings-for-ie11.md)
|
||||
###[Set the default browser using Group Policy](ie11-deploy-guide/set-the-default-browser-using-group-policy.md)
|
||||
###[ActiveX installation using group policy](ie11-deploy-guide/activex-installation-using-group-policy.md)
|
||||
###[Group Policy and compatibility with Internet Explorer 11](ie11-deploy-guide/group-policy-compatability-with-ie11.md)
|
||||
###[Group Policy and compatibility with Internet Explorer 11](ie11-deploy-guide/group-policy-compatibility-with-ie11.md)
|
||||
###[Group policy preferences and Internet Explorer 11](ie11-deploy-guide/group-policy-preferences-and-ie11.md)
|
||||
###[Administrative templates and Internet Explorer 11](ie11-deploy-guide/administrative-templates-and-ie11.md)
|
||||
###[Enable and disable add-ons using administrative templates and group policy](ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md)
|
||||
|
||||
@ -147,7 +147,7 @@ You need to set up your computers for data collection by running the provided Po
|
||||
|
||||
**To set up Enterprise Site Discovery**
|
||||
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
|
||||
|
||||
### WMI only: Set up your firewall for WMI data
|
||||
If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
|
||||
@ -171,13 +171,13 @@ You can determine which zones or domains are used for data collection, using Pow
|
||||
|
||||
**To set up data collection using a domain allow list**
|
||||
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
|
||||
|
||||
>**Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
|
||||
|
||||
**To set up data collection using a zone allow list**
|
||||
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
|
||||
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
|
||||
|
||||
>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
|
||||
|
||||
@ -447,7 +447,7 @@ After you’ve collected your data, you’ll need to turn Enterprise Site Discov
|
||||
|
||||
**To stop collecting data, using PowerShell**
|
||||
|
||||
- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`.
|
||||
- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`.
|
||||
|
||||
>**Note**<br>Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
|
||||
|
||||
|
||||
@ -179,7 +179,7 @@ Where <a href="https://fabrikam.com" data-raw-source="https://fabrikam.com">http
|
||||
<p><b>Example</b>
|
||||
<pre class="syntax">
|
||||
<docMode>
|
||||
<domain exclude="false">fakrikam.com
|
||||
<domain exclude="false">fabrikam.com
|
||||
<path docMode="7">/products</path>
|
||||
</domain>
|
||||
</docMode></pre></td>
|
||||
|
||||
@ -34,7 +34,7 @@ Use the topics in this section to learn about Group Policy and how to use it to
|
||||
|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Info about many of the new group policy settings added for Internet Explorer 11. |
|
||||
|[Group Policy management tools](group-policy-objects-and-ie11.md) |Guidance about how to use Microsoft Active Directory Domain Services (AD DS) to manage your Group Policy settings. |
|
||||
|[ActiveX installation using group policy](activex-installation-using-group-policy.md) |Info about using the ActiveX Installer Service (AXIS) and Group Policy to manage your ActiveX control deployment. |
|
||||
|[Group Policy and compatibility with Internet Explorer 11](group-policy-compatability-with-ie11.md) |Our Group Policy recommendations for security, performance, and compatibility with previous versions of IE, regardless of which Zone the website is in. |
|
||||
|[Group Policy and compatibility with Internet Explorer 11](group-policy-compatibility-with-ie11.md) |Our Group Policy recommendations for security, performance, and compatibility with previous versions of IE, regardless of which Zone the website is in. |
|
||||
|[Group policy preferences and Internet Explorer 11](group-policy-preferences-and-ie11.md) |Info about Group Policy preferences, as compared to Group Policy settings. |
|
||||
|[Administrative templates and Internet Explorer 11](administrative-templates-and-ie11.md) |Info about Administrative Templates, including where to store them and the related Group Policy settings. |
|
||||
|[Enable and disable add\-ons using administrative templates and group policy](enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md) |Guidance about how to use your local Group Policy editor or the CLSID and Administrative Templates to manage your Group Policy objects.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
ms.localizationpriority: medium
|
||||
ms.mktglfcycl: deploy
|
||||
ms.pagetype: appcompat
|
||||
description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
|
||||
description: How to turn Enterprise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
|
||||
author: lomayor
|
||||
ms.prod: ie11
|
||||
ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
|
||||
|
||||
@ -15,7 +15,7 @@ ms.date: 07/27/2017
|
||||
|
||||
|
||||
# Use the ExtRegInf .INS file to specify installation files and mode
|
||||
Info about how to specify your Setup information (.inf) files and the instsallation mode for your custom components.
|
||||
Info about how to specify your Setup information (.inf) files and the installation mode for your custom components.
|
||||
|
||||
|Name |Value |Description |
|
||||
|-----------|---------|------------------------------------------------------------------------------------------------------------------|
|
||||
|
||||
@ -22,7 +22,7 @@ A list of the file types used or created by tools in IEAK 11:
|
||||
|.adm | An admin file (located at `<system_drive>:\Program Files\Windows IEAK 11\policies`), used by Group Policy to define the system policies and restrictions for Windows. You can use the IEAK 11 to change these settings. |
|
||||
|.bat |An ASCII text file that contains a sequence of operating system commands, including the parameters and operators supported by the batch command language. When you run the batch file from a command prompt, the computer processes each command sequentially. |
|
||||
|.bmp, .gif, .jpeg, and .jpg |Image files you can use to customize your toolbar button and favorites list icons. For info, see the [Customize the Toolbar button and Favorites List icons using IEAK 11](guidelines-toolbar-and-favorites-list-ieak11.md) page. |
|
||||
|.cab |A compressed cabinet (.cab) file, created by the Internet Explorer Customization Wizard 11 to store your custom compenent files. We highly recommend that your .cab files be signed for security purposes. For more info, see the [Security features and IEAK 11](security-and-ieak11.md) page. |
|
||||
|.cab |A compressed cabinet (.cab) file, created by the Internet Explorer Customization Wizard 11 to store your custom component files. We highly recommend that your .cab files be signed for security purposes. For more info, see the [Security features and IEAK 11](security-and-ieak11.md) page. |
|
||||
|.cif |A component info file (IESetup.cif), identifying the new or updated components you're going to install with Internet Explorer. Each component file has an associated *ComponentID* that's used by Windows Update Setup to determine whether a new component or an update exists. |
|
||||
|.cmp |Connection profile files that are created by the Connection Manager Administration Kit (CMAK). |
|
||||
|.cms |Service provider files, created by the CMAK tool to specify the configuration of the phone book and many of the other functions of your service profiles. |
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
ms.localizationpriority: medium
|
||||
ms.mktglfcycl: deploy
|
||||
description: How to use the Language Selection page in the IEAK 11 Customization Wizard to choose the lanaguage for your IEAK 11 custom package.
|
||||
description: How to use the Language Selection page in the IEAK 11 Customization Wizard to choose the language for your IEAK 11 custom package.
|
||||
author: lomayor
|
||||
ms.prod: ie11
|
||||
ms.assetid: f9d4ab57-9b1d-4cbc-9398-63f4938df1f6
|
||||
|
||||
@ -17,7 +17,7 @@ ms.date: 07/27/2017
|
||||
# Using Internet Settings (.INS) files with IEAK 11
|
||||
Use the Internet Settings (.ins) files and the Internet Explorer Administration Kit 11 (IEAK 11) to configure your custom browser and its components. You can create multiple versions of your custom package by customizing copies of this file.
|
||||
|
||||
Here's a list of the availble .INS file settings:
|
||||
Here's a list of the available .INS file settings:
|
||||
|
||||
|Setting |Description |
|
||||
|-----------------------------------------|------------------------------------------------------------------------------|
|
||||
|
||||
@ -33,7 +33,7 @@ sections:
|
||||
- type: markdown
|
||||
text: "
|
||||
Find information and tips to help you assess compatibility and prioritize processes as you plan for Internet Explorer 11.<br>
|
||||
<table><tr><td><img src='images/plan1.png' width='192' height='192'><br>**Get started with compatibility**<br>Find out how to extend your company's investment in older web apps through higher compatibility with older rendering engines while moving forward to a more modern browser like Internet Explorer 11.<br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode'>What is Enterprise Mode?</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility'>Tips and tricks to manage Internet Explorer compatibility</a><br><a href='https://www.microsoft.com/download/details.aspx?id=44570'>Download the Enterprise Site Discovery Toolkit</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery'>Collect data using Enterprise Site Discovery</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness'>Manage Windows upgrades with Upgrade Readiness</a><br><a href='https://techcommunity.microsoft.com/t5/Microsoft-Ignite-Content-2017/Windows-Analytics-Plan-and-manage-Windows-10-upgrades-and/td-p/98639'>Demo: Plan and manage Windows 10 upgrades and feature updates with Upgrade Readiness</a></td><td><img src='images/plan2.png' width='192' height='192'><br>**Using Enterprise Mode**<br>Learn how to avoid the commom compatibility problems associated with web apps written and tested on older versions of Internet Explorer by using Enterprise Mode.<br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list'>Turn on Enterprise Mode and use a site list</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool'>Add sites to the Enterprise Mode site list</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager'>Edit the Enterprise Mode site list</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode'>Turn on local control and logging for Enterprise Mode</a></td></tr>
|
||||
<table><tr><td><img src='images/plan1.png' width='192' height='192'><br>**Get started with compatibility**<br>Find out how to extend your company's investment in older web apps through higher compatibility with older rendering engines while moving forward to a more modern browser like Internet Explorer 11.<br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode'>What is Enterprise Mode?</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility'>Tips and tricks to manage Internet Explorer compatibility</a><br><a href='https://www.microsoft.com/download/details.aspx?id=44570'>Download the Enterprise Site Discovery Toolkit</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery'>Collect data using Enterprise Site Discovery</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness'>Manage Windows upgrades with Upgrade Readiness</a><br><a href='https://techcommunity.microsoft.com/t5/Microsoft-Ignite-Content-2017/Windows-Analytics-Plan-and-manage-Windows-10-upgrades-and/td-p/98639'>Demo: Plan and manage Windows 10 upgrades and feature updates with Upgrade Readiness</a></td><td><img src='images/plan2.png' width='192' height='192'><br>**Using Enterprise Mode**<br>Learn how to avoid the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer by using Enterprise Mode.<br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list'>Turn on Enterprise Mode and use a site list</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool'>Add sites to the Enterprise Mode site list</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager'>Edit the Enterprise Mode site list</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode'>Turn on local control and logging for Enterprise Mode</a></td></tr>
|
||||
</table>
|
||||
"
|
||||
- title: Deploy
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
#### [Site planning for Surface Hub 2S](surface-hub-2s-site-planning.md)
|
||||
#### [Surface Hub 2S quick start](surface-hub-2s-quick-start.md)
|
||||
#### [Install and mount Surface Hub 2S](surface-hub-2s-install-mount.md)
|
||||
#### [Customizing installation of Surface Hub 2S](surface-hub-2s-custom-install.md)
|
||||
#### [Customize wall mount of Surface Hub 2S](surface-hub-2s-custom-install.md)
|
||||
#### [Setup worksheet](setup-worksheet-surface-hub.md)
|
||||
#### [Surface Hub 2S ports and keypad overview](surface-hub-2s-port-keypad-overview.md)
|
||||
#### [Connect devices to Surface Hub 2S](surface-hub-2s-connect.md)
|
||||
|
||||
@ -498,7 +498,7 @@ if (![System.String]::IsNullOrEmpty($strRegPoolEntry))
|
||||
$strRegPool = $strRegPoolEntry
|
||||
}
|
||||
|
||||
# Try to SfB-enable the account. Note that it may not work right away as the account needs to propogate to active directory
|
||||
# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory
|
||||
PrintAction "Enabling Skype for Business..."
|
||||
Start-Sleep -s 10
|
||||
$Error.Clear()
|
||||
@ -878,7 +878,7 @@ if (![System.String]::IsNullOrEmpty($strRegPoolEntry))
|
||||
}
|
||||
#>
|
||||
|
||||
# Try to SfB-enable the account. Note that it may not work right away as the account needs to propogate to active directory
|
||||
# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory
|
||||
PrintAction "Enabling Skype for Business on $strRegPool"
|
||||
Start-Sleep -s 10
|
||||
$Error.Clear()
|
||||
@ -1352,7 +1352,7 @@ Validate -Test "ActiveSync devices are allowed" -Condition ($strDefaultAccessLev
|
||||
|
||||
# Check if there exists a device access rule that bans the device type Windows Mail
|
||||
$blockingRules = Get-ActiveSyncDeviceAccessRule | where {($_.AccessLevel -eq 'Block' -or $_.AccessLevel -eq 'Quarantine') -and $_.Characteristic -eq 'DeviceType'-and $_.QueryString -eq 'WindowsMail'}
|
||||
Validate -Test "Windows mail devices are not blocked or quarantined" -Condition ($blockingRules -eq $null -or $blockingRules.Length -eq 0) -FailureMsg "DeviceType Windows Mail is accessible - devices are blocked or quaratined - the surface hub will not be able to send mail or sync its calendar."
|
||||
Validate -Test "Windows mail devices are not blocked or quarantined" -Condition ($blockingRules -eq $null -or $blockingRules.Length -eq 0) -FailureMsg "DeviceType Windows Mail is accessible - devices are blocked or quarantined - the surface hub will not be able to send mail or sync its calendar."
|
||||
|
||||
## End Exchange ##
|
||||
|
||||
@ -1411,7 +1411,7 @@ if ($fHasOnline)
|
||||
}
|
||||
}
|
||||
|
||||
#If there is an on-prem component, we can get the authorative AD user from mailbox
|
||||
#If there is an on-prem component, we can get the authoritative AD user from mailbox
|
||||
if ($fHasOnPrem)
|
||||
{
|
||||
$accountOnPrem = $null
|
||||
|
||||
@ -127,13 +127,13 @@ The administrative features in Windows 10 Enterprise, such as the Microsoft Mana
|
||||
|
||||
### Remote management and monitoring
|
||||
|
||||
Surface Hub supports remote management through mobile device management (MDM), and monitoring through Operations Management Suite (OMS).
|
||||
Surface Hub supports remote management through mobile device management (MDM) solutions such as [Microsoft Intune](https://docs.microsoft.com/en-us/intune/) and monitoring through [Azure Monitor](https://azure.microsoft.com/services/monitor/).
|
||||
|
||||
*Organization policies that this may affect:* <br> Surface Hub doesn't support installing Win32 agents required by most traditional PC management and monitoring tools, such as System Center Operations Manager.
|
||||
|
||||
### Group policy
|
||||
### Group Policy
|
||||
|
||||
Surface Hub does not support group policy, including auditing. Instead, use MDM to apply policies to your Surface Hub. For more information about MDM, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md).
|
||||
Surface Hub does not support Windows Group Policy, including auditing. Instead, use MDM to apply policies to your Surface Hub. For more information about MDM, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md).
|
||||
|
||||
*Organization policies that this may affect:* <br> Use MDM to manage Surface Hub rather than group policy.
|
||||
|
||||
|
||||
@ -88,7 +88,7 @@ This screen is shown only if the device fails to detect a wired network. If you
|
||||
- You can select one of the wireless networks shown. If the network is secured, you'll be taken to a login page. See [Wireless network setup](#wireless) for details.
|
||||
- Click **Skip this step** to skip connecting to a network. You'll be taken to the [Set up for you page](#set-up-for-you).
|
||||
>[!NOTE]
|
||||
>If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
|
||||
>If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)).
|
||||
|
||||
|
||||
|
||||
@ -123,7 +123,7 @@ This page will be shown when the device detects a wired connection with limited
|
||||
|
||||
- You can select a wireless network to use instead of the limited wired connection.
|
||||
- You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you).
|
||||
**Note** If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
|
||||
**Note** If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)).
|
||||
|
||||
|
||||
|
||||
@ -149,7 +149,7 @@ When you click **Next**, the device will attempt to connect to the proxy server.
|
||||
You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you).
|
||||
|
||||
>[!NOTE]
|
||||
>If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
|
||||
>If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)).
|
||||
|
||||
|
||||
|
||||
@ -203,7 +203,7 @@ If you skip setting it up now, you can add a device account later by using the S
|
||||
|
||||
If you click **Skip setting up a device account**, the device will display a dialog box showing what will happen if the device doesn't have a device account. If you choose **Yes, skip this**, you will be sent to the [Name this device page](#name-this-device).
|
||||
|
||||
|
||||
|
||||
|
||||
### What happens?
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
|
||||
<div class="card">
|
||||
<div class="cardImageOuter">
|
||||
<div class="cardImage">
|
||||
<img src="https://docs.microsoft.com/en-us/office/media/icons/get-started-blue.svg" alt="Get started icon" />
|
||||
<img src="https://docs.microsoft.com/office/media/icons/get-started-blue.svg" alt="Get started icon" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="cardText">
|
||||
@ -40,7 +40,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
|
||||
<div class="card">
|
||||
<div class="cardImageOuter">
|
||||
<div class="cardImage">
|
||||
<img src="https://docs.microsoft.com/en-us/office/media/icons/task-checklist-planning-blue.svg" alt="Plan icon" />
|
||||
<img src="https://docs.microsoft.com/office/media/icons/task-checklist-planning-blue.svg" alt="Plan icon" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="cardText">
|
||||
@ -59,7 +59,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
|
||||
<div class="card">
|
||||
<div class="cardImageOuter">
|
||||
<div class="cardImage">
|
||||
<img src="https://docs.microsoft.com/en-us/office/media/icons/deploy-blue.svg" alt="Deploy icon" />
|
||||
<img src="https://docs.microsoft.com/office/media/icons/deploy-blue.svg" alt="Deploy icon" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="cardText">
|
||||
@ -81,7 +81,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
|
||||
<div class="card">
|
||||
<div class="cardImageOuter">
|
||||
<div class="cardImage">
|
||||
<img src="https://docs.microsoft.com/en-us/office/media/icons/process-flow-blue.svg" alt="Manage icon" />
|
||||
<img src="https://docs.microsoft.com/office/media/icons/process-flow-blue.svg" alt="Manage icon" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="cardText">
|
||||
@ -99,7 +99,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
|
||||
<div class="card">
|
||||
<div class="cardImageOuter">
|
||||
<div class="cardImage">
|
||||
<img src="https://docs.microsoft.com/en-us/office/media/icons/security-blue.svg" alt="Secure icon" />
|
||||
<img src="https://docs.microsoft.com/office/media/icons/security-blue.svg" alt="Secure icon" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="cardText">
|
||||
@ -117,7 +117,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
|
||||
<div class="card">
|
||||
<div class="cardImageOuter">
|
||||
<div class="cardImage">
|
||||
<img src="https://docs.microsoft.com/en-us/office/media/icons/connector-blue.svg" alt="Support icon" />
|
||||
<img src="https://docs.microsoft.com/office/media/icons/connector-blue.svg" alt="Support icon" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="cardText">
|
||||
|
||||
@ -19,7 +19,7 @@ ms.localizationpriority: medium
|
||||
You can install additional apps on your Surface Hub to fit your team or organization's needs. There are different methods for installing apps depending on whether you are developing and testing an app, or deploying a released app. This topic describes methods for installing apps for either scenario.
|
||||
|
||||
A few things to know about apps on Surface Hub:
|
||||
- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub. See a [list of apps that work with Surface Hub](https://support.microsoft.com/help/4040382/surface-Apps-that-work-with-Microsoft-Surface-Hub).
|
||||
- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub.
|
||||
- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631) or Windows Team device family.
|
||||
- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from Microsoft Store for Business.
|
||||
- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.
|
||||
|
||||
@ -140,7 +140,7 @@ The following tables include info on Windows 10 settings that have been validate
|
||||
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|
||||
|-------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
|
||||
| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
|
||||
| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | No. | No. | Yes |
|
||||
| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | Yes | Yes | Yes |
|
||||
|
||||
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
|
||||
|
||||
|
||||
@ -138,7 +138,7 @@ You'll need the workspace ID and primary key of your OMS workspace. You can get
|
||||
A confirmation dialog will appear telling you whether or not the OMS configuration was successfully applied to the device. If it was, the device will start sending data to OMS.
|
||||
|
||||
### Enroll using a provisioning package
|
||||
You can use a provisioning package to enroll your Surface Hub. For more infomation, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md).
|
||||
You can use a provisioning package to enroll your Surface Hub. For more information, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md).
|
||||
|
||||
### Enroll using a MDM provider
|
||||
You can enroll Surface Hub into OMS using the SurfaceHub CSP. Intune and Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. For more information, see [Manage Surface Hub settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md).
|
||||
|
||||
@ -29,7 +29,7 @@ Review these dependencies to make sure Surface Hub features will work in your IT
|
||||
| Exchange (Exchange 2013 or later, or Exchange Online) and Exchange ActiveSync | <p>Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.</p>ActiveSync is used to sync the device account’s calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled. |
|
||||
| Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing.|
|
||||
| Mobile device management (MDM) solution (Microsoft Intune, System Center Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. |
|
||||
| Microsoft Operations Managmement Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. |
|
||||
| Microsoft Operations Management Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. |
|
||||
| Network and Internet access | In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. 802.1X Authentication is supported for both wired and wireless connections.</br></br></br>**802.1X authentication:** In Windows 10, version 1703, 802.1X authentication for wired and wireless connections is enabled by default in Surface Hub. If your organization doesn't use 802.1X authentication, there is no configuration required and Surface Hub will continue to function as normal. If you use 802.1X authentication, you must ensure that the authentication certification is installed on Surface Hub. You can deliver the certificate to Surface Hub using the [ClientCertificateInstall CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/clientcertificateinstall-csp) in MDM, or you can [create a provisioning package](provisioning-packages-for-surface-hub.md) and install it during first run or through the Settings app. After the certificate is applied to Surface Hub, 802.1X authentication will start working automatically.</br>**Note:** For more information on enabling 802.1X wired authentication on Surface Hub, see [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md).</br></br>**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.</br></br>**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. Proxy credentials are stored across Surface Hub sessions and only need to be set once. |
|
||||
|
||||
Additionally, note that Surface Hub requires the following open ports:
|
||||
|
||||
@ -87,7 +87,7 @@ If you deployed Skype for Business Cloud PBX with one of the hybrid voice option
|
||||
Set-CalendarProcessing surfacehub2@adatum.com -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
|
||||
```
|
||||
|
||||
11. Enable the mailbox as a meeting device in Skype for Business Online. Run the following cmdlet which enables the acount as a meeting device.
|
||||
11. Enable the mailbox as a meeting device in Skype for Business Online. Run the following cmdlet which enables the account as a meeting device.
|
||||
|
||||
```
|
||||
Get-CsTenant | select registrarpool
|
||||
|
||||
@ -18,7 +18,7 @@ Creating a Surface Hub device account (also known as a Room mailbox) allows Surf
|
||||
|
||||
Unlike standard Room mailboxes that remain disabled by default, you need to enable the Surface Hub 2S device account to sign on to Microsoft Teams and Skype for Business. Surface Hub 2S relies on Exchange ActiveSync, which requires an ActiveSync mailbox policy on the device account. Apply the default ActiveSync mailbox policy that comes with Exchange Online.
|
||||
|
||||
Create the account using the Microsoft 365 admin center or by using PowerShell. You can use Exhange Online PowerShell to configure specific features including:
|
||||
Create the account using the Microsoft 365 admin center or by using PowerShell. You can use Exchange Online PowerShell to configure specific features including:
|
||||
|
||||
- Calendar processing for every Surface Hub device account.
|
||||
- Custom auto replies to scheduling requests.
|
||||
@ -45,7 +45,7 @@ Create the account using the Microsoft 365 admin center or by using PowerShell.
|
||||
### Finalize setup via PowerShell
|
||||
|
||||
- **Skype for Business:** For Skype for Business only (on-premises or online), you can enable the Skype for Business object by running **Enable-CsMeetingRoom** to enable features such as Meeting room prompt for audio and Lobby hold.
|
||||
- **Calling features:** Regardless of your Office 365 licensing configuration, run *Enable-CsMeetingRoom* to enable features such as **Meeting room prompt for audio** and **Lobby hold**.
|
||||
|
||||
- **Calendar:** Set **Calendar Auto processing** for this account.
|
||||
|
||||
## Create account using PowerShell
|
||||
@ -89,4 +89,4 @@ $SfBSession = New-CsOnlineSession -Credential (Get-Credential)
|
||||
Import-PSSession $SfBSession -AllowClobber
|
||||
Enable the Skype for Business meeting room
|
||||
Enable-CsMeetingRoom -Identity account@YourDomain.com -RegistrarPoo(Get-CsTenant).Registrarpool -SipAddressType EmailAddress
|
||||
```
|
||||
```
|
||||
|
||||
@ -79,7 +79,7 @@ Important considerations for mounting systems
|
||||
|
||||
## Mounting methods compatible with Surface Hub 2S
|
||||
|
||||
Rail mounts typically have multiple holes and a set of slots, enabling compatibility across a wide range of displays. A rail attached to the wall and two mounts attached to the display enable you to securely install Surface Hub 2S to a wall. When evaluating rail mounts for compatibility, ensure they meet versatility requirements listed earlier.
|
||||
Surface Hub 2S is compatible with mounts that allow you to place it at angles of 10-70 degrees from the vertical plane. Rail mounts typically have multiple holes and a set of slots, enabling compatibility across a wide range of displays. A rail attached to the wall and two mounts attached to the display enable you to securely install Surface Hub 2S to a wall. When evaluating rail mounts for compatibility, ensure they meet versatility requirements listed earlier.
|
||||
|
||||
<br>
|
||||
***Figure 6. Surface Hub 2S rail mounts***
|
||||
|
||||
@ -18,7 +18,7 @@ You can install additional apps to fit your team or organization's needs.
|
||||
|
||||
## Developer guidelines
|
||||
|
||||
- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub. See a [list of apps that work with Surface Hub](https://support.microsoft.com/help/4040382/surface-Apps-that-work-with-Microsoft-Surface-Hub).
|
||||
- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub.
|
||||
- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631) or Windows Team device family.
|
||||
- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from Microsoft Store for Business.
|
||||
- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.
|
||||
|
||||
@ -18,7 +18,7 @@ You can use Windows Configuration Designer (WCD) to create provisioning packages
|
||||
|
||||
### Install Windows Configuration Designer
|
||||
|
||||
Install Windows Configuration Designer from the Windows Assessment and Deployment Kit (ADK) for Windows 10. Download and install the [ADK for Windows 10, version 1703](https://go.microsoft.com/fwlink/p/?LinkId=845542). For more information, see [Download and install the Windows ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install).
|
||||
Install Windows Configuration Designer from the Windows Assessment and Deployment Kit (ADK) for Windows 10. Download and install the [ADK for Windows 10, version 1703](https://go.microsoft.com/fwlink/p/?LinkId=845542). For more information, see [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install).
|
||||
|
||||
### Add certificates
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ For more information, see [Officially licensed third-party accessories](http://l
|
||||
|
||||
<br>
|
||||
|
||||
If you’re not using licensed accessories, see [Customizing installation of Surface Hub 2S](surface-hub-2s-connect.md).
|
||||
If you’re not using licensed accessories, see [Customize wall mount of Surface Hub 2S](surface-hub-2s-custom-install.md).
|
||||
|
||||
| 1. **Set up your mount first** | |
|
||||
|:------ |:-------- |
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: "Configure Easy Authentication for Surface Hub 2S"
|
||||
description: "Learn how to simplify signing in to Surface Hub 2S using Easy Authentication on your mobile device."
|
||||
title: "Configure password-less phone sign-in for Surface Hub 2S"
|
||||
description: "Learn how to simplify signing in to Surface Hub 2S using password-less phone sign-in on your mobile device."
|
||||
keywords: separate values with commas
|
||||
ms.prod: surface-hub
|
||||
ms.sitesec: library
|
||||
@ -12,14 +12,14 @@ ms.date: 06/20/2019
|
||||
ms.localizationpriority: Normal
|
||||
---
|
||||
|
||||
# Configure Easy Authentication for Surface Hub 2S
|
||||
# Configure password-less phone sign-in for Surface Hub 2S
|
||||
|
||||
Easy Authentication simplifies signing-in to your meetings and files on Surface Hub 2S.
|
||||
Password-less phone sign-in simplifies signing-in to your meetings and files on Surface Hub 2S.
|
||||
|
||||
> [!NOTE]
|
||||
> Easy Authentication requires that your primary email address must match your UPN.
|
||||
> Password-less phone sign-in requires that your primary email address must match your UPN.
|
||||
|
||||
## To set up Easy Authentication
|
||||
## To set up password-less phone sign-in
|
||||
|
||||
1. Download the [Microsoft Authenticator](https://www.microsoft.com/en-us/account/authenticator) app for iPhone or Android to your phone.
|
||||
2. From your PC, go to [https://aka.ms/MFASetup](https://aka.ms/MFASetup) , sign in with your account, and select **Next.**
|
||||
@ -37,3 +37,6 @@ Easy Authentication simplifies signing-in to your meetings and files on Surface
|
||||
1. On Surface Hub, sign into **My meetings and files** and select **Send notification** when prompted.
|
||||
2. Match the number displayed on your phone with the number displayed on Surface Hub to approve your sign-in request.
|
||||
3. If prompted, enter the PIN or biometric ID on your phone to complete sign-in.
|
||||
|
||||
## Learn more
|
||||
For more information, see [Password-less phone sign-in with the Microsoft Authenticator app](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in).
|
||||
|
||||
@ -28,7 +28,7 @@ The figure below shows the location of ports and physical buttons on a keypad at
|
||||
|**Key**|**Component**|**Description**|**Key parameters**|
|
||||
|:--- |:--------- |:----------- |:-------------- |
|
||||
| 1 | **USB C** | **USB 3.1 Gen 1** <br> Use as a walk-up port for plugging in peripherals such as thumb-drives. Guest ports are on each side of the device (4).<br> <br> *NOTE: This is the recommended port for connecting an external camera. Additional camera mount features are incorporated into the design to help support retention of attached cameras.*<br> <br> NOTE: TouchBack and video ingest are not supported on these ports. | Type C <br> <br> 15 W Port (5V/3A) |
|
||||
| 2 | **AC power** | **100-240 V input** <br> Connect to standard AC power and Surface Hub 2S will auto switch to the local power standard such as110 volts in the US and Canada or 220 volts in the UK. <br> <br> *NOTE: When the AC cord is plugged in, the system remains in an off state in which only the system management controller (SMC), real-time clock (RTC), and keypad are running.* | IEC 60320 C14 |
|
||||
| 2 | **AC power** | **100-240 V input** <br> Connect to standard AC power and Surface Hub 2S will auto switch to the local power standard such as110 volts in the US and Canada or 220 volts in the UK. | IEC 60320 C14 |
|
||||
| 3 | **DC power** | **24V DC input port** <br> Use for connecting to mobile battery. | Xbox1 Dual barrel to Anderson connector |
|
||||
| 4 | **Ethernet** | **1000/100/10 Base-T** <br> Use for providing a continuous connection in a corporate environment and related scenarios requiring maximum stability or capacity. | RJ45 |
|
||||
| 5 | **USB-A** | **USB 3.1 Gen 1** <br> Use as a walk-up port for plugging in peripherals such as thumb-drives. | Type A<br>7.5 W Port (5V/1.5A) |
|
||||
|
||||
@ -16,34 +16,34 @@ ms.localizationpriority: Normal
|
||||
|
||||
## Office 365 readiness
|
||||
|
||||
You may use Exchange and Skype for Business on-premises with Surface Hub 2S. However, if you use Exchange Online, Skype for Business Online, Microsoft Teams or Microsoft Whiteboard, and intend to manage Surface Hub 2S with Intune, first review the [Office 365 requirements for endpoints](https://docs.microsoft.com/en-us/office365/enterprise/office-365-endpoints).
|
||||
You may use Exchange and Skype for Business on-premises with Surface Hub 2S. However, if you use Exchange Online, Skype for Business Online, Microsoft Teams or Microsoft Whiteboard, and intend to manage Surface Hub 2S with Intune, first review the [Office 365 requirements for endpoints](https://docs.microsoft.com/office365/enterprise/office-365-endpoints).
|
||||
|
||||
Office 365 endpoints help optimize your network by sending all trusted Office 365 network requests directly through your firewall, bypassing all additional packet level inspection or processing. This feature reduces latency and your perimeter capacity requirements.
|
||||
|
||||
Microsoft regularly updates the Office 365 service with new features and functionality, which may alter required ports, URLs, and IP addresses. To evaluate, configure, and stay up-to-date with changes, subscribe to the [Office 365 IP Address and URL Web service](https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service).
|
||||
Microsoft regularly updates the Office 365 service with new features and functionality, which may alter required ports, URLs, and IP addresses. To evaluate, configure, and stay up-to-date with changes, subscribe to the [Office 365 IP Address and URL Web service](https://docs.microsoft.com/office365/enterprise/office-365-ip-web-service).
|
||||
|
||||
## Device affiliation
|
||||
|
||||
Use Device affiliation to manage user access to the Settings app on Surface Hub 2S.
|
||||
With the Windows 10 Team Edition operating system — that runs on Surface Hub 2S — only authorized users can adjust settings via the settings app. Since choosing the affiliation can impact feature availability, plan appropriately to ensure that users can access features as intended.
|
||||
With the Windows 10 Team Edition operating system — that runs on Surface Hub 2S — only authorized users can adjust settings via the Settings app. Since choosing the affiliation can impact feature availability, plan appropriately to ensure that users can access features as intended.
|
||||
|
||||
> [!NOTE]
|
||||
> You can only set Device affiliation during the initial out-of-box experience (OOBE) setup. If you need to reset Device affiliation, you’ll have to repeat OOBE setup.
|
||||
|
||||
## No affiliation
|
||||
|
||||
No affiliation is like having Surface Hub 2S in a workgroup with a different local Administrator account on each Surface Hub 2S. If you choose No affiliation, you must locally save the [Bitlocker Key to a USB thumb drive](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-key-management-faq). You can still enroll the device with Intune, however only the local admin can access the Settings app using the account credentials configured during OOBE. You can change the Administrator account password from the Settings app.
|
||||
No affiliation is like having Surface Hub 2S in a workgroup with a different local Administrator account on each Surface Hub 2S. If you choose No affiliation, you must locally save the [Bitlocker Key to a USB thumb drive](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-key-management-faq). You can still enroll the device with Intune, however only the local admin can access the Settings app using the account credentials configured during OOBE. You can change the Administrator account password from the Settings app.
|
||||
|
||||
## Active Directory Domain Services
|
||||
|
||||
If you affiliate Surface Hub 2S with on-premises Active Directory Domain Services, you need to manage access to the Settings app via a security group on your domain, ensuring that all SG members have permissions to change settings on Surface Hub 2S. Note also the following:
|
||||
If you affiliate Surface Hub 2S with on-premises Active Directory Domain Services, you need to manage access to the Settings app via a security group on your domain, ensuring that all security group members have permissions to change settings on Surface Hub 2S. Note also the following:
|
||||
|
||||
- When Surface Hub 2S affiliates with your on-premises Active Directory Domain Services, the Bitlocker key is saved in the AD Schema.
|
||||
- When Surface Hub 2S affiliates with your on-premises Active Directory Domain Services, the Bitlocker key can be saved in the AD Schema. For more information, see [Prepare your organization for BitLocker: Planning and policies](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies).
|
||||
- Your organization’s Trusted Root CAs are pushed to the same container in Surface Hub 2S, which means you don’t need to import them using a provisioning package.
|
||||
- You can still enroll the device with Intune to centrally manage settings on your Surface Hub 2S.
|
||||
|
||||
## Azure Active Directory
|
||||
|
||||
When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S.
|
||||
When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Alternatively, you can configure the Device Administrator role to sign in to the Settings app. For more information, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles#device-administrators). Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S.
|
||||
|
||||
If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s Bitlocker key is automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work.
|
||||
|
||||
@ -23,7 +23,7 @@ To begin, sign into Surface Hub 2S with admin credentials, open the **Settings**
|
||||
1. To reset, select **Get Started**.
|
||||
2. When the **Ready to reset this device** window appears, select **Reset**. Surface Hub 2S reinstalls the operating system from the recovery partition and may take up to one hour to complete.
|
||||
3. Run **the first time Setup program** to reconfigure the device.
|
||||
4. If you manage the device using Intune or other mobile device manager (MDM) solution, retire and delete the previous record and re-enroll the new device. For more information, see [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/en-us/intune/devices-wipe).
|
||||
4. If you manage the device using Intune or other mobile device manager (MDM) solution, retire and delete the previous record and re-enroll the new device. For more information, see [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe).
|
||||
|
||||
<br>
|
||||
*Figure 1. Reset and recovery for Surface Hub 2S.*
|
||||
|
||||
@ -39,7 +39,7 @@ Use the Microsoft Surface UEFI Configurator to turn on or off the following UEFI
|
||||
|
||||
## Create UEFI configuration image
|
||||
|
||||
Unlike other Surface devices, you cannot use an MSI file or a Win PE image to apply these settings on Surface Hub 2S. Instead, you need to create a USB image to load into the device. To create a Surface Hub 2S UEFI configuration image, download and install the latest version of the Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. For more information about using UEFI and SEMM, see [Microsoft Surface Enterprise Management Mode](https://docs.microsoft.com/en-us/surface/surface-enterprise-management-mode).
|
||||
Unlike other Surface devices, you cannot use an MSI file or a Win PE image to apply these settings on Surface Hub 2S. Instead, you need to create a USB image to load into the device. To create a Surface Hub 2S UEFI configuration image, download and install the latest version of the Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. For more information about using UEFI and SEMM, see [Microsoft Surface Enterprise Management Mode](https://docs.microsoft.com/surface/surface-enterprise-management-mode).
|
||||
|
||||
## To configure UEFI on Surface Hub 2S
|
||||
|
||||
|
||||
@ -35,7 +35,7 @@ Whether mounted to a wall or installed on the mobile stand, the areas where you
|
||||
- Room temperatures no cooler than 10°C (50° F) and no hotter than 35°C (95° F).
|
||||
- Relative humidity no lower than 20 percent and no higher than 80 percent.
|
||||
|
||||
For detailed room planning guidance and more information about Microsoft Teams Rooms see [Plan Microsoft Teams Rooms.](https://docs.microsoft.com/en-us/MicrosoftTeams/room-systems/skype-room-systems-v2-0)
|
||||
For detailed room planning guidance and more information about Microsoft Teams Rooms see [Plan Microsoft Teams Rooms.](https://docs.microsoft.com/MicrosoftTeams/room-systems/skype-room-systems-v2-0)
|
||||
|
||||
## Managing Surface Hub 2S location
|
||||
|
||||
|
||||
@ -77,7 +77,7 @@ USB type A, side I/O |  | Provides 1 USB 3.0 connection for U
|
||||
USB type A, bottom I/O with blue insulator |  | Provides USB 3.0 connection.
|
||||
3.5mm, bottom I/O |  | Provides analog audio out.
|
||||
Display port, bottom I/O |  | Provides mirrored video out function to another display.
|
||||
IEC/EN60320-C13 receptable with hard switch |  | Provides AC input and compliance with EU power requirements.
|
||||
IEC/EN60320-C13 receptacle with hard switch |  | Provides AC input and compliance with EU power requirements.
|
||||
RJ45, bottom I/O |  | Connects to Ethernet.
|
||||
RJ11, bottom I/O |  | Connects to room control systems.
|
||||
|
||||
|
||||
@ -79,7 +79,7 @@ USB type A, side I/O |  | Provides 1 USB 3.0 connection for U
|
||||
USB type A, bottom I/O with blue insulator |  | Provides USB 3.0 connection.
|
||||
3.5mm, bottom I/O |  | Provides analog audio out.
|
||||
Display port, bottom I/O |  | Provides mirrored video out function to another display.
|
||||
IEC/EN60320-C13 receptable with hard switch |  | Provides AC input and compliance with EU power requirements.
|
||||
IEC/EN60320-C13 receptacle with hard switch |  | Provides AC input and compliance with EU power requirements.
|
||||
RJ45, bottom I/O |  | Connects to Ethernet.
|
||||
RJ11, bottom I/O |  | Connects to room control systems.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Use fully qualified doman name with Surface Hub
|
||||
title: Use fully qualified domain name with Surface Hub
|
||||
description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors.
|
||||
keywords: ["Troubleshoot common problems", "setup issues", "Exchange ActiveSync errors"]
|
||||
author: levinec
|
||||
|
||||
@ -76,7 +76,7 @@ In Replacement PC mode, the power states are only Ready and Off and only change
|
||||
| 0 | S5 | Off |
|
||||
| 5 | S0 | Ready |
|
||||
|
||||
For a control device, anything other than 5 / Ready should be considered off. Each PowerOn command results in two state changes and reponses.
|
||||
For a control device, anything other than 5 / Ready should be considered off. Each PowerOn command results in two state changes and responses.
|
||||
|
||||
| Command | State change| Response |
|
||||
| --- | --- | --- |
|
||||
|
||||
@ -21,7 +21,7 @@ Harness the power of Surface, Windows, and Office connected together through the
|
||||
<div class="card">
|
||||
<div class="cardImageOuter">
|
||||
<div class="cardImage">
|
||||
<img src="https://docs.microsoft.com/en-us/office/media/icons/task-checklist-planning-blue.svg" alt="Plan" />
|
||||
<img src="https://docs.microsoft.com/office/media/icons/task-checklist-planning-blue.svg" alt="Plan" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="cardText">
|
||||
@ -39,7 +39,7 @@ Harness the power of Surface, Windows, and Office connected together through the
|
||||
<div class="card">
|
||||
<div class="cardImageOuter">
|
||||
<div class="cardImage">
|
||||
<img src="https://docs.microsoft.com/en-us/office/media/icons/deploy-blue.svg" alt="Deploy" />
|
||||
<img src="https://docs.microsoft.com/office/media/icons/deploy-blue.svg" alt="Deploy" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="cardText">
|
||||
@ -58,7 +58,7 @@ Harness the power of Surface, Windows, and Office connected together through the
|
||||
<div class="card">
|
||||
<div class="cardImageOuter">
|
||||
<div class="cardImage">
|
||||
<img src="https://docs.microsoft.com/en-us/office/media/icons/process-flow-blue.svg" alt="Manage" />
|
||||
<img src="https://docs.microsoft.com/office/media/icons/process-flow-blue.svg" alt="Manage" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="cardText">
|
||||
@ -80,7 +80,7 @@ Harness the power of Surface, Windows, and Office connected together through the
|
||||
<div class="card">
|
||||
<div class="cardImageOuter">
|
||||
<div class="cardImage">
|
||||
<img src="https://docs.microsoft.com/en-us/office/media/icons/security-blue.svg" alt="Secure" />
|
||||
<img src="https://docs.microsoft.com/office/media/icons/security-blue.svg" alt="Secure" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="cardText">
|
||||
@ -99,7 +99,7 @@ Harness the power of Surface, Windows, and Office connected together through the
|
||||
<div class="card">
|
||||
<div class="cardImageOuter">
|
||||
<div class="cardImage">
|
||||
<img src="https://docs.microsoft.com/en-us/office/media/icons/connector-blue.svg" alt="Support" />
|
||||
<img src="https://docs.microsoft.com/office/media/icons/connector-blue.svg" alt="Support" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="cardText">
|
||||
|
||||
@ -118,7 +118,7 @@ The following steps show you how to create a deployment share for Windows 10 tha
|
||||
|
||||
- Creation of rules and task sequences for Windows deployment
|
||||
|
||||
|
||||
|
||||
|
||||
*Figure 5. The Installation Progress window*
|
||||
|
||||
|
||||
@ -166,6 +166,13 @@ You can select to run a wide range of logs across applications, drivers, hardwar
|
||||
|
||||
|
||||
## Changes and updates
|
||||
### Version 2.41.139.0
|
||||
*Release date: June 24, 2019*<br>
|
||||
This version of Surface Diagnostic Toolkit for Business adds support for the following:
|
||||
- Driver version information included in logs and report.
|
||||
- Ability to provide feedback about the app <br>
|
||||
Please note that even though you turn off telemtry, windows update and feedback still connect to the internet.
|
||||
|
||||
### Version 2.36.139.0
|
||||
*Release date: April 26, 2019*<br>
|
||||
This version of Surface Diagnostic Toolkit for Business adds support for the following:
|
||||
|
||||
@ -17,7 +17,7 @@ manager: dansimp
|
||||
|
||||
# Set up Windows 10 devices using Windows OOBE
|
||||
|
||||
If you are setting up a Windows 10 device invidividually, and network bandwidth is not an issue, you can go through the Windows 10 first-run setup experience, also known as OOBE (out-of-box-experience) to set up the device, and join it to your school's Office 365 and Azure Active Directory.
|
||||
If you are setting up a Windows 10 device individually, and network bandwidth is not an issue, you can go through the Windows 10 first-run setup experience, also known as OOBE (out-of-box-experience) to set up the device, and join it to your school's Office 365 and Azure Active Directory.
|
||||
|
||||
You can watch the video to see how this is done, or follow the step-by-step guide. </br>
|
||||
|
||||
|
||||
@ -962,7 +962,7 @@ Now that you have created your Microsoft Store for Business portal, you’re rea
|
||||
|
||||
You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users to install the apps.
|
||||
|
||||
For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](https://technet.microsoft.com/itpro/windows/manage/app-inventory-managemement-windows-store-for-business).
|
||||
For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](../../store-for-business/app-inventory-management-microsoft-store-for-business.md).
|
||||
|
||||
#### Summary
|
||||
|
||||
|
||||
@ -587,7 +587,7 @@ Now that you have created your Microsoft Store for Business portal, you’re rea
|
||||
|
||||
You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users.
|
||||
|
||||
For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](https://technet.microsoft.com/itpro/windows/manage/app-inventory-managemement-windows-store-for-business).
|
||||
For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](../../store-for-business/app-inventory-management-microsoft-store-for-business.md).
|
||||
|
||||
### Summary
|
||||
|
||||
|
||||
@ -130,7 +130,7 @@ Teachers can:
|
||||
|
||||
## Distribute apps
|
||||
|
||||
Manage and distribute apps to students and others in your organization. Different options are avaialble for admins and teachers.
|
||||
Manage and distribute apps to students and others in your organization. Different options are available for admins and teachers.
|
||||
|
||||
Applies to: IT admins
|
||||
|
||||
|
||||
@ -191,7 +191,7 @@ Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5
|
||||
12. Create a new **Action**.
|
||||
13. Configure the action to **Start a program**.
|
||||
14. In the **Program/script** field, enter **powershell**.
|
||||
15. In the **Add arguments** field, enter **-file "<path to powershell script>"**.
|
||||
15. In the **Add arguments** field, enter **-file "\<path to powershell script>"**.
|
||||
16. Click **OK**.
|
||||
17. Navigate to the **Triggers** tab and create a new trigger.
|
||||
18. Specify the trigger to be **On a schedule**.
|
||||
|
||||
@ -23,7 +23,7 @@ The Windows 10 in S mode self-installer will allow you to test Windows 10 in S m
|
||||
|
||||
Windows 10 in S mode is built to give schools the familiar, robust, and productive experiences you count on from Windows in an experience that's been streamlined for security and performance in the classroom, and built to work with Microsoft Education<sup>[2](#footnote2)</sup>.
|
||||
|
||||
Windows 10 in S mode is different from other editions of Windows 10 as everything that runs on the device is verfied by Microsoft for security and performance. Therefore, Windows 10 in S mode works exclusively with apps from the Microsoft Store. Some accessories and apps compatible with Windows 10 may not work and performance may vary. Certain default settings, features, and apps cannot be changed. When you install Windows 10 in S mode, your existing applications and settings will be deleted and you will only be able to install apps from the Microsoft Store.
|
||||
Windows 10 in S mode is different from other editions of Windows 10 as everything that runs on the device is verified by Microsoft for security and performance. Therefore, Windows 10 in S mode works exclusively with apps from the Microsoft Store. Some accessories and apps compatible with Windows 10 may not work and performance may vary. Certain default settings, features, and apps cannot be changed. When you install Windows 10 in S mode, your existing applications and settings will be deleted and you will only be able to install apps from the Microsoft Store.
|
||||
|
||||
**Configuring Windows 10 in S mode for school use is easy:** Education customers must configure **SetEduPolicies** for use in K-12 schools. For more information on how to do these, see [Use the Set up School PCs app](use-set-up-school-pcs-app.md) and [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
|
||||
|
||||
|
||||
@ -208,7 +208,7 @@ Set up the Take a Test app to give online quizzes and high-stakes assessments. D
|
||||
|
||||
|
||||
|
||||
2. Select from the advanced settings. Available settings inclue:
|
||||
2. Select from the advanced settings. Available settings include:
|
||||
* Allow keyboard auto-suggestions: Allows app to suggest words as the student types on the PC's keyboard.
|
||||
* Allow teachers to monitor online tests: Enables screen capture in the Take a Test app.
|
||||
3. Enter the URL where the test is hosted. When students log in to the Take a Test account, they'll be able to click or enter the link to view the assessment.
|
||||
|
||||
@ -51,7 +51,7 @@ A user account with the AGPM Administrator (Full Control) role, the user account
|
||||
|
||||
### Additional considerations
|
||||
|
||||
- You must be able to edit and deploy a GPO to confige AGPM logging and tracing. See [Editing a GPO](editing-a-gpo.md) and [Deploy a GPO](deploy-a-gpo.md) for additional detail.
|
||||
- You must be able to edit and deploy a GPO to configure AGPM logging and tracing. See [Editing a GPO](editing-a-gpo.md) and [Deploy a GPO](deploy-a-gpo.md) for additional detail.
|
||||
|
||||
### Additional references
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user