deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 08:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into App-v-revision

Browse Source
This commit is contained in:
Heidi Lohr 2018-07-19 15:09:46 -07:00
commit 40f6c47338
42 changed files with 1265 additions and 305 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
browsers/edge/available-policies.md
View File

@ -51,9 +51,7 @@ If you disable or dont configure this policy, Microsoft Edge does not use a s
## Allow Address bar drop-down list suggestions
>*Supported versions: Windows 10, version 1703 or later*
By default, Microsoft Edge shows the Address bar drop-down list and makes it available. If you want to minimize network connections from Microsoft Edge to Microsoft service, we recommend disabling this policy. Disabling this policy turns off the Address bar drop-down list functionality.
When disabled, Microsoft Edge also disables the user-defined policy Show search and site suggestions as I type. Because the drop-down shows the search suggestions, this policy takes precedence over the [Configure search suggestions in Address bar](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies#configure-search-suggestions-in-address-bar) policy.
[!INCLUDE [allow-address-bar-drop-down-shortdesc](shortdesc/allow-address-bar-drop-down-shortdesc.md)]
**Microsoft Intune to manage your MDM settings**
| | |
@ -307,6 +305,8 @@ This policy setting specifies whether Do Not Track requests to websites is allow
## Configure Favorites
>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their favorites by adding or removing items at any time.
If you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed.

BIN
browsers/edge/images/set-default-search-engine.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 138 KiB

After

Width:  |  Height:  |  Size: 154 KiB

8
browsers/edge/includes/allow-adobe-flash-include.md
View File

@ -6,10 +6,10 @@
### Allowed values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled |0 |0 |Prevented/not allowed | |
|Enabled<br>**(default)** |1 |1 |Allowed | |
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Disabled |0 |0 |Prevented/not allowed |
|Enabled<br>**(default)** |1 |1 |Allowed |
---
### ADMX info and settings

2
browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
View File

@ -9,7 +9,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |Depending on the device configuration, Microsoft Edge gathers only basic diagnostic data. |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Microsoft Edge gathers both basic and additional diagnostic data. | |
|Enabled |1 |1 |Gathers both basic and additional diagnostic data. | |
---
### ADMX info and settings

8
browsers/edge/includes/allow-sideloading-extensions-include.md
View File

@ -8,7 +8,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured |0 |0 |Prevented/not allowed. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, enable **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** policy, located at Windows Components > App Package Deployment.<p>For the MDM setting, enable **ApplicationManagement/AllowDeveloperUnlock**. |![Most restricted value](../images/check-gn.png) |
|Disabled or not configured |0 |0 |Prevented/not allowed. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, enable **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** policy, located at Windows Components > App Package Deployment.<p>For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enable). |![Most restricted value](../images/check-gn.png) |
|Enabled<br>**(default)** |1 |1 |Allowed. | |
---
@ -33,12 +33,12 @@
### Related policies
- Allows development of Windows Store apps and installing them from an integrated development environment (IDE): When you enable this policy and the **Allow all trusted apps to install** policy, you allow users to develop Windows Store apps and install them directly from an IDE.
- [Allows development of Windows Store apps and installing them from an integrated development environment (IDE)](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowdeveloperunlock): When you enable this policy and the **Allow all trusted apps to install** policy, you allow users to develop Windows Store apps and install them directly from an IDE.
- Allow all trusted apps to install: When you enable this policy, you can manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store apps.
- [Allow all trusted apps to install](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowalltrustedapps): When you enable this policy, you can manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store apps.
### Related topics
[Enable your device for development](https://docs.microsoft.com/en-us/windows/uwp/get-started/enable-your-device-for-development): Configure your Windows 10 device for development and debugging.
[Enable your device for development](https://docs.microsoft.com/en-us/windows/uwp/get-started/enable-your-device-for-development): Access development features, along with other developer-focused settings to make it possible for you to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode.
<hr>

2
browsers/edge/includes/allow-web-content-new-tab-page-include.md
View File

@ -11,7 +11,7 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Not configured |Blank |Blank |Users can choose what loads on the New tab page. |
|Disabled |0 |0 |Load a blank page instead of the default New tab page and prevents users from changing it. |
|Disabled |0 |0 |Load a blank page instead of the default New tab page and prevent users from changing it. |
|Enabled **(default)** |1 |1 |Load the default New tab page. |
---

4
browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
View File

@ -8,8 +8,8 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled |0 |0 |Loads and runs Adobe Flash content automatically. | |
|Enabled or not configured<br>**(default)** |1 |1 |Does not load or run Adobe Flash content automatically, requiring action from the user before the content loads and runs. For example, clicking the **Click-to-Run** button or clicking the content. |![Most restricted value](../images/check-gn.png) |
|Disabled |0 |0 |Load and run Adobe Flash content automatically. | |
|Enabled or not configured<br>**(default)** |1 |1 |Do not load or run Adobe Flash content automatically. Requires action from the user. |![Most restricted value](../images/check-gn.png) |
---
### ADMX info and settings

8
browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
View File

@ -8,10 +8,10 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |Microsoft Edge does not collect or send browsing history data. |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Send intranet history only. | |
|Enabled |2 |2 |Send Internet history only. | |
|Enabled |3 |3 |Send both intranet and Internet history. | |
|Disabled or not configured<br>**(default)** |0 |0 |No data collected or sent |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Send intranet history only | |
|Enabled |2 |2 |Send Internet history only | |
|Enabled |3 |3 |Send both intranet and Internet history | |
---
>[!IMPORTANT]

6
browsers/edge/includes/configure-cookies-include.md
View File

@ -8,9 +8,9 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Enabled |0 |0 |Block all cookies from all sites. |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Block only coddies from third party websites. | |
|Disabled or not configured<br>**(default)** |2 |2 |Allow all cookies from all sites. | |
|Enabled |0 |0 |Block all cookies from all sites |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Block only coddies from third party websites | |
|Disabled or not configured<br>**(default)** |2 |2 |Allow all cookies from all sites | |
---
### ADMX info and settings

8
browsers/edge/includes/configure-do-not-track-include.md
View File

@ -1,6 +1,6 @@
<!-- ## Configure Do Not Track -->
>*Supported versions: Microsoft Edge on Windows 10*<br>
>*Default setting: Not configured (Does not send tracking information)*
>*Default setting: Not configured (Do not send tracking information)*
[!INCLUDE [configure-do-not-track-shortdesc](../shortdesc/configure-do-not-track-shortdesc.md)]
@ -8,9 +8,9 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Not configured |Blank |Blank |Does not send tracking information, but allow users to choose whether to send tracking information to sites they visit. | |
|Disabled |1 |1 |Never sends tracking information. | |
|Enabled<br>**(default)** |1 |1 |Sends tracking information, including to the third parties whose content may be hosted on the sites visited. |![Most restricted value](../images/check-gn.png) |
|Not configured |Blank |Blank |Do not send tracking information but let users choose to send tracking information to sites they visit. | |
|Disabled |1 |1 |Never send tracking information. | |
|Enabled<br>**(default)** |1 |1 |Send tracking information. |![Most restricted value](../images/check-gn.png) |
---
### ADMX info and settings

6
browsers/edge/includes/configure-favorites-include.md
View File

@ -1,6 +1,2 @@
<!-- ## Configure Favorites -->
>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*<br>
>*Default setting: Disabled or not configured*
>>deprecated
>Deprecated. Use [Provision Favorites](../available-policies.md#provision-favorites).

6
browsers/edge/includes/configure-password-manager-include.md
View File

@ -1,6 +1,6 @@
<!-- ## Configure Password Manager -->
>*Supported versions: Microsoft Edge on Windows 10*<br>
>*Default setting: Enabled (Allowed)
>*Default setting: Enabled (Allowed/users can change the setting)
[!INCLUDE [configure-password-manager-shortdesc](../shortdesc/configure-password-manager-shortdesc.md)]
@ -8,7 +8,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Not configured |Blank |Blank |Users can choose whether to save and manage passwords locally. | |
|Not configured |Blank |Blank |Users can choose to save and manage passwords locally. | |
|Disabled |0 |no |Not allowed. |![Most restricted value](../images/check-gn.png) |
|Enabled<br>**(default)** |1 |yes |Allowed. | |
---
@ -16,7 +16,7 @@
Verify not allowed/disabled settings:
1. In the upper-right corner of Microsoft Edge or Microsoft Edge for Windows 10 Mobile, click or tap ellipses (…).
2. Click **Settings** and select **View Advanced settings**.
3. Verify the settings **???** are greyed out.
3. Verify the settings **Save Password** is toggled off or on and is greyed out.
### ADMX info and settings
#### ADMX info

4
browsers/edge/includes/configure-pop-up-blocker-include.md
View File

@ -9,8 +9,8 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Not configured |Blank |Blank |Users can choose to use Pop-up Blocker. | |
|Disabled<br>**(default)** |0 |0 |Turns off Pop-up Blocker letting pop-ups windows appear. | |
|Enabled |1 |1 |Turns on Pop-up Blocker stopping pop-up windows from appearing. |![Most restricted value](../images/check-gn.png) |
|Disabled<br>**(default)** |0 |0 |Turn off Pop-up Blocker letting pop-up windows open. | |
|Enabled |1 |1 |Turn on Pop-up Blocker stopping pop-up windows from opening. |![Most restricted value](../images/check-gn.png) |
---
### ADMX info and settings

4
browsers/edge/includes/configure-search-suggestions-address-bar-include.md
View File

@ -9,8 +9,8 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Not configured<br>**(default)** |Blank |Blank |Users can choose to see search suggestions. | |
|Disabled |0 |0 |Hides the search suggestions. |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Shows the search suggestions. | |
|Disabled |0 |0 |Prevented/not allowed. Hide the search suggestions. |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Allowed. Show the search suggestions. | |
---
### ADMX info and settings

8
browsers/edge/includes/configure-start-pages-include.md
View File

@ -6,10 +6,10 @@
### Allowed values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Not configured |Blank |Blank |Microsoft Edge loads the pages specified in App settings as the default Start pages. | |
|Enabled | | |Enter URLs to the pages, separating multiple pages by using angle brackets in the following format:<p>\<support.contoso.com\>\<support.microsoft.com\><p>**Version 1703 or later:**<br>If you do not want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non-domain-joined devices when it is the only configured URL.<p>**Version 1810:**<br>When you enable the Configure Open Microsoft Edge With policy with an option selected, and you enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy. | |
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Not configured |Blank |Blank |Load the pages specified in App settings as the default Start pages. |
|Enabled |String |String |Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\><p>**Version 1703 or later:**<br>If you do not want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non-domain-joined devices when it's the only configured URL.<p>**Version 1810:**<br>When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy. |
---
### Configuration combinations

4
browsers/edge/includes/configure-windows-defender-smartscreen-include.md
View File

@ -9,8 +9,8 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Not configured |Blank |Blank |Users can choose to use Windows Defender SmartScreen or not. | |
|Disabled |0 |0 |Turned off. Does not protect users from potential threats and preventing users from turning it on. | |
|Enabled |1 |1 |Turned on. Protects users from potential threats and prevents users from turning it off. |![Most restricted value](../images/check-gn.png) |
|Disabled |0 |0 |Turned off. Do not protect users from potential threats and prevent users from turning it on. | |
|Enabled |1 |1 |Turned on. Protect users from potential threats and prevent users from turning it off. |![Most restricted value](../images/check-gn.png) |
---
To verify Windows Defender SmartScreen is turned off (disabled):

74
browsers/edge/includes/disable-lockdown-of-start-pages-include.md
View File

@ -12,19 +12,6 @@
|Enabled |1 |1 |Unlocked. Users can make changes to all configured start pages.<p>When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
---
### Configuration combinations
| **Configure Open Microsoft Edge With** | **Configure Start Pages** | **Disabled Lockdown of Start Pages** | **Outcome** |
| --- | --- | --- | --- |
| Enabled (applies to all options) | Enabled String | Enabled (all configured start pages are editable) | [\#1: Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to edit all configured start pages.](#1-load-the-urls-defined-in-the-configure-open-microsoft-edge-with-policy-and-allow-users-to-edit-all-configured-start-pages) |
| Disabled or not configured | Enabled String | Enabled (any Start page configured in the Configured Start Pages policy) | [\#2: Load any start page and allow users to edit their Start pages.](#2-load-any-start-page-configured-using-the-configured-start-pages-policy-and-allow-users-to-edit-their-start-pages) |
| Enabled (Start page) | Enabled String | Blank or not configured | [\#3: Load Start page(s) and prevent users from changing it.](#3-load-the-start-pages-and-prevent-users-from-making-changes) |
| Enabled (New tab page) | Enabled String | Blank or not configured | [\#4: Load New tab page and prevent users from changing it.](#4-load-the-new-tab-page-and-prevent-users-from-making-changes) |
| Enabled (Previous pages) | Enabled String | Blank or not configured | [\#5: Load previously opened pages and prevent users from changing it.](#5-load-the-previously-opened-pages-that-were-opened-when-microsoft-edge-last-closed-and-prevent-users-from-making-changes) |
| Enabled (A specific page or pages) | Enabled String | Blank or not configured | [\#6: Load a specific page or pages and prevent users from changing it.](#6-load-a-specific-page-or-pages-defined-in-the-configure-start-pages-policy-and-prevent-users-from-making-changes) |
| Enabled (A specific page or pages) | Enabled String | Enabled (any Start page configured in Configure Start Pages policy) | [\#7: Load a specific page or pages and allow users to make changes to their Start page.](#7-load-a-specific-page-or-pages-defined-in-the-configure-start-pages-policy-and-allow-users-to-make-changes-to-their-start-page) |
| N/A | Blank or not configured | N/A | Microsoft Edge loads the pages specified in App settings as the default Start pages. |
---
### ADMX info and settings
#### ADMX info
- **GP English name:** Disable lockdown of Start pages
@ -44,68 +31,7 @@
- **Value type:** REG_SZ
### Scenarios
#### \#1: Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to edit all configured start pages.
1. Enable the **Configure Open Microsoft Edge With** policy. Applies to all options for this policy. <p>
2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
3. Enable the **Disabled Lockdown of Start Pages** policy by selecting *All configured start pages are editable*.
#### \#2: Load any start page and allow users to edit their Start pages.
1. Disable or don't configure the **Configure Open Microsoft Edge With** policy.
2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets in the following format:<p> \<support.contoso.com\>\<support.microsoft.com\>
3. Enable the **Disabled Lockdown of Start Pages** policy by selecting *Start pages are not editable*.
#### \#3: Load Start page(s) and prevent users from changing it.
1. Enable the **Configure Open Microsoft Edge With** policy by selecting *Start page*.<p>
2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
#### \#4: Load New tab page and prevent users from changing it..
1. Enable the **Configure Open Microsoft Edge With** policy by selecting *New tab page*.<p>
2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
#### \#5: Load previously opened pages and prevent users from changing it.
1. Enable the **Configure Open Microsoft Edge With** policy by selecting *Previous pages*.<p>
2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
#### \#6: Load a specific page or pages and prevent users from changing it.
1. Enable the **Configure Open Microsoft Edge With** policy by selecting *A specific page or pages*.<p>
2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
#### \#7: Load a specific page or pages and allow users to make changes to their Start page.
1. Enable the **Configure Open Microsoft Edge With** policy by selecting *A specific page or pages*. <p>
2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
3. Enable **Disabled Lockdown of Start Pages** by selecting *Start pages are not editable*.
### Related Policies

4
browsers/edge/includes/prevent-turning-off-required-extensions-include.md
View File

@ -8,8 +8,8 @@
|Group Policy |Description |
|---|---|
|Disabled or not configured<br>**(default)** |Provide a semi-colon delimited list of extension PFNs. For example, adding _Microsoft.OneNoteWebClipper8wekyb3d8bbwe_ or _Microsoft.OfficeOnline8wekyb3d8bbwe_ prevents a user from turning off the OneNote Web Clipper and Office Online extension. After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
|Enabled |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. |
|Disabled or not configured<br>**(default)** |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. |
|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following the OneNote Web Clipper and Office Online extension prevents users from turning it off:<p>_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_ <p>After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
---
### ADMX info and settings

4
browsers/edge/includes/set-home-button-url-include.md
View File

@ -9,7 +9,7 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Disabled or not configured<br>**(default)** |Blank |Blank |Show the home button and loads the Start page and locks down the home button to prevent users from changing what page loads. |
|Enabled - String |String |String |Enter a URL in string format, for example, https://www.msn.com. A custom URL loads when clicking the home button. You must also enable the [Configure Home Button](../new-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option. |
|Enabled - String |String |String |A custom URL loads when clicking the home button. You must also enable the [Configure Home Button](../new-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option.<p>Enter a URL in string format, for example, https://www.msn.com. |
---
With these values, you can do any of the following configurations:
@ -40,7 +40,7 @@ Enable the **Configure Home Button** policy and select the _Hide home button_ op
- **MDM name:** Browser/[SetHomeButtonURL](../new-policies.md#set-home-button-url)
- **Supported devices:** Desktop and Mobile
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL
- **Data type:** Integer
- **Data type:** String
#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings

76
browsers/edge/microsoft-edge-kiosk-mode-deploy.md
View File

@ -13,7 +13,7 @@ ms.date: 07/18/2018
# Deploy Microsoft Edge kiosk mode (Preview)
>Applies to: Microsoft Edge on Windows 10 <br>
>Preview build 17718
>Preview build 17713+
Microsoft Edge kiosk mode works with assigned access to let IT administrators create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
@ -34,7 +34,7 @@ When you set up Microsoft Edge kiosk mode in single-app assigned access, Microso
The single-app Microsoft Edge kiosk mode types include:
1. **Digital / Interactive signage** devices display a specific site in full-screen mode in which Microsoft Edge runs InPrivate mode. Examples of Digital signage are a rotating advertisement or menu. Examples of Interactive signage are an interactive museum display and restaurant order/pay station.
1. **Digital / Interactive signage** devices display a specific site in full-screen mode in which Microsoft Edge runs InPrivate mode. Examples of Digital signage are a rotating advertisement or menu. Examples of Interactive signage include an interactive museum display or a restaurant order/pay station.
2. **Public browsing** devices run a limited multi-tab version of InPrivate and Microsoft Edge is the only app available. Users cant minimize, close, or open new Microsoft Edge windows or customize Microsoft Edge. Users can clear browsing data, downloads and restart Microsoft Edge by clicking the “End session” button. You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy. A public library or hotel concierge desk are two examples of public browsing in single-app kiosk device.
@ -56,8 +56,6 @@ The multi-app Microsoft Edge kiosk mode types include:
## Lets get started!
Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Edge in assigned access. You can set up Microsoft Edge kiosk mode in assigned access using:
- **Windows Settings.** Best for physically setting up a single device as a kiosk. With this method, you set up assigned access and configure the kiosk or digital sign device using Settings. You can configure Microsoft Edge in single-app (kiosk type Full-screen or public browsing) and define a single URL for the Home button, Start page, and New tab page. You can also set the reset after an idle timeout.
- **Microsoft Intune or other MDM service.** Best for setting up multiple devices as a kiosk. With this method, you configure Microsoft Edge in assigned access and configure how Microsoft Edge behaves when its running in kiosk mode with assigned access.
>[!NOTE]
@ -73,58 +71,8 @@ Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Ed
- Configuration and deployment service, such as Windows PowerShell, Microsoft Intune or other MDM service, or Windows Configuration Designer. With these methods, you must have the [AppUserModelID](https://docs.microsoft.com/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app); this does not apply to the Windows Settings method.
### Use Windows Settings
Windows Settings is the simplest and easiest way to set up one or a couple of devices because you must perform these steps on each device. This method is ideal for small businesses.
1. In Windows Settings, select **Accounts** \> **Other people**.
2. Under **Set up a kiosk**, select **Assigned access**.
3. Select **Get started**.
4. Create a standard user account or choose an existing account for your kiosk.
5. Select **Next**.
6. On the **Choose a kiosk app** page, select **Microsoft Edge.**
7. Select **Next**.
8. Select how Microsoft Edge displays when running in kiosk mode:
- **As a digital sign or interactive display**, the default URL shows in full screen, without browser controls.
- **As a public browser**, the default URL shows in a browser view with limited browser controls.
9. Select **Next**.
10. Enter the URL that you want to load when the kiosk launches.
>[!NOTE]
>The URL sets the Home button, Start page, and New tab page.
11. 11. Microsoft Edge in kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue. If **Continue** is not selected, Microsoft Edge resets to the default URL. You can accept the default value of **5 minutes**, or you can choose your own idle timer value.
12. Select **Next**, and then select **Close**.
13. Close **Settings** to save your choices automatically and apply them the next time the user account logs on.
14. Configure the policies for Microsoft Edge kiosk mode. For details on the valid kiosk policy settings, see [Related policies](#related-policies).
15. Validate the Microsoft Edge kiosk mode by restarting the device and signing in with the local kiosk account.
**_Congratulations!_** Youve finished setting up Microsoft Edge in assigned access and a kiosk or digital sign, and configured browser policies for Microsoft Edge kiosk mode.
**_Next steps._**
- Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
- If you want to make changes to your kiosk, you can quickly change the display option and default URL for Microsoft Edge.
1. Go to **Start** \> **Settings** \> **Accounts** \> **Other people**.
2. Under **Set up a kiosk**, select **Assigned access**.
3. Make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge**.
>[!Important]
>If you are using a local account as a kiosk account in Intune or provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
### Use Microsoft Intune or other MDM service
@ -140,8 +88,8 @@ With this method, you can use Microsoft Intune or other MDM services to configur
| **[ConfigureKioskResetAfterIdleTimeout](new-policies.md#configure-kiosk-reset-after-idle-timeout)**<p>![](images/icon-thin-line-computer.png) | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p>![](images/icon-thin-line-computer.png) | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br>&nbsp;&nbsp;&nbsp;\<https://www.msn.com\>\<https:/www.bing.com\> |
| **[ConfigureHomeButton](new-policies.md#configure-home-button)**<p>![](images/icon-thin-line-computer.png) | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
| **[SetNewTabPageURL](new-policies.md#set-new-tab-page-url)**<p>![](images/icon-thin-line-computer.png) | Set a custom URL for the New tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
| **[SetHomeButtonURL](new-policies.md#set-home-button-url)**<p>![](images/icon-thin-line-computer.png) | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
| **[SetNewTabPageURL](new-policies.md#set-new-tab-page-url)**<p>![](images/icon-thin-line-computer.png) | Set a custom URL for the New tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
| **[SetHomeButtonURL](new-policies.md#set-home-button-url)**<p>![](images/icon-thin-line-computer.png) | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
---
<br>
3. Restart the device and sign in using the kiosk app user account.
@ -166,8 +114,8 @@ With this method, you can use a provisioning package to configure Microsoft Edge
| **[ConfigureKioskResetAfterIdleTimeout](new-policies.md#configure-kiosk-reset-after-idle-timeout)**<p>![](images/icon-thin-line-computer.png) | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p>![](images/icon-thin-line-computer.png) | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br>&nbsp;&nbsp;&nbsp;\<https://www.msn.com\>\<https:/www.bing.com\> |
| **[ConfigureHomeButton](new-policies.md#configure-home-button)**<p>![](images/icon-thin-line-computer.png) | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
| **[SetNewTabPageURL](new-policies.md#set-new-tab-page-url)**<p>![](images/icon-thin-line-computer.png) | Set a custom URL for the New tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
| **[SetHomeButtonURL](new-policies.md#set-home-button-url)**<p>![](images/icon-thin-line-computer.png) | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
| **[SetNewTabPageURL](new-policies.md#set-new-tab-page-url)**<p>![](images/icon-thin-line-computer.png) | Set a custom URL for the New tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
| **[SetHomeButtonURL](new-policies.md#set-home-button-url)**<p>![](images/icon-thin-line-computer.png) | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
---
<br>
4. After youve configured the Microsoft Edge kiosk mode policies, including any of the related policies, its time to build the package.
@ -180,7 +128,7 @@ With this method, you can use a provisioning package to configure Microsoft Edge
**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
## Related policies
## Relevant policies
Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser).
@ -273,15 +221,15 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
- **[AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/en-us/windows/client-management/mdm/assignedaccess-csp):** The AssignedAccess configuration service provider (CSP) sets the device to run in kiosk mode. Once the CSP has executed, then the next user login associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
- **[Create a provisioning page for Windows 10](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package):**. Learn to use Windows Configuration Designer (WCD) to create a provisioning package (.ppkg) for configuring devices running Windows 10. The WCD wizard options provide a simple interface to configure desktop, mobile, and kiosk device settings.
- **[Create a provisioning page for Windows 10](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package):** Learn to use Windows Configuration Designer (WCD) to create a provisioning package (.ppkg) for configuring devices running Windows 10. The WCD wizard options provide a simple interface to configure desktop, mobile, and kiosk device settings.
## Known issues with RS_PRERELEASE build 17718
## Known issues with RS_PRERELEASE build 17713+
- When you set up Microsoft Edge as your kiosk app and define the URL in assigned access Settings the URL, Microsoft Edge may not get launched with the configured URL.
- **Expected behavior** Microsoft Edge kiosk mode opens the URL on startup.
- **Actual behavior** Microsoft Edge kiosk mode may not open with the URL on startup.
- When you set up Microsoft Edge kiosk mode on a single-app kiosk device you must set the “ConfigureKioskMode” policy because the default behavior is not honored.
- When you set up Microsoft Edge kiosk mode on a single-app kiosk device you must set the “ConfigureKioskMode” policy because the default behavior is not honored.
- **Expected behavior** Microsoft Edge kiosk mode launches in full-screen mode.
- **Actual behavior** Normal Microsoft Edge launches.

58
browsers/edge/new-policies.md
View File

@ -8,44 +8,46 @@ ms.mktglfcycl: explore
ms.sitesec: library
title: New Microsoft Edge Group Policies and MDM settings
ms.localizationpriority:
ms.date: 07/18/2018
ms.date: 07/19/2018
---
# New Microsoft Edge Group Policies and MDM settings (Preview)
> Applies to: Microsoft Edge on Windows 10 <br>
> Preview build 17718
> Preview build 17713+
The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17718. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\
The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17713+. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:
>*Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\*
<p>
<!-- add links to the below policies -->
- [Allow fullscreen mode](#allow-fullscreen-mode)
- [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
- [Allow Prelaunch](#allow-prelaunch)
- [Allow printing](#allow-printing)
- [Allow Saving History](#allow-saving-history)
- [Allow sideloading of Extensions](#allow-sideloading-of-extensions)
- [Configure collection of browsing data for Microsoft 365 Analytics](#configure-collection-of-browsing-data-for-microsoft-365-analytics)
- [Configure Favorites Bar](#configure-favorites-bar)
- [Configure Home Button](#configure-home-button)
- [Configure kiosk mode](#configure-kiosk-mode)
- [Configure kiosk reset after idle timeout](#configure-kiosk-reset-after-idle-timeout)
- [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with)
- [Prevent certificate error overrides](#prevent-certificate-error-overrides)
- [Prevent turning off required extensions](#prevent-turning-off-required-extensions)
- [Prevent users from turning on browser syncing](#preventusersfromturningonbrowsersyncing)
- [Set Home button URL](#set-home-button-url)
- [Set New Tab page URL](#set-new-tab-page-url)
- _(Modified)_ [Show message when opening sites in Internet Explorer](#showmessagewhenopeninginteretexplorersites)
- [Unlock Home button](#unlock-home-button)
In addition to the new group policies, we added a couple of new MDM policies to align with the existing group policy counterpart.
- [Experience/DoNotSyncBrowserSetting](#donotsyncbrowsersetting)
- [Browser/AllowWebContentOnNewTabPage](#allowwebcontentonnewtabpage)
| **Group Policy** | **New/update?** | **MDM Setting** | **New/update?** |
| --- | --- | --- | --- |
| [Allow fullscreen mode](#allow-fullscreen-mode) | New | AllowFullscreen | New |
| [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | New | PreventTabPreloading | New |
| [Allow Prelaunch](#allow-prelaunch) | New | AllowPrelaunch | New |
| [Allow printing](#allow-printing) | New | AllowPrinting | New |
| [Allow Saving History](#allow-saving-history) | New | AllowSavingHistory | New |
| [Allow sideloading of Extensions](#allow-sideloading-of-extensions) | New | AllowSideloadingOfExtensions | New |
| Allow web content on new tab page | -- | [Browser/AllowWebContentOnNewTabPage](#allowwebcontentonnewtabpage) | New |
| [Configure collection of browsing data for Microsoft 365 Analytics](#configure-collection-of-browsing-data-for-microsoft-365-analytics) | New | ConfigureTelemetryForMicrosoft365Analytics | New |
| [Configure Favorites Bar](#configure-favorites-bar) | New | ConfigureFavoritesBar | New |
| [Configure Home Button](#configure-home-button) | New | ConfigureHomeButton | New |
| [Configure kiosk mode](#configure-kiosk-mode) | New | ConfigureKioskMode | New |
| [Configure kiosk reset after idle timeout](#configure-kiosk-reset-after-idle-timeout) | New | ConfigureKioskResetAfterIdleTimeout | New |
| [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with) | New | ConfigureOpenMicrosoftEdgeWith | New |
| Do not sync browser settings | -- | [Experience/DoNotSyncBrowserSetting](#donotsyncbrowsersetting) | New |
| [Prevent certificate error overrides](#prevent-certificate-error-overrides) | New | PreventCertErrorOverrides | New |
| [Prevent users from turning on browser syncing](#preventusersfromturningonbrowsersyncing) | New | PreventUsersFromTurningOnBrowserSyncing | New |
| [Prevent turning off required extensions](#prevent-turning-off-required-extensions) | New | PreventTurningOffRequiredExtensions | New |
| [Set Home button URL](#set-home-button-url) | New | SetHomeButtonURL | New |
| [Set New Tab page URL](#set-new-tab-page-url) | New | SetNewTabPageURL | New |
| [Show message when opening sites in Internet Explorer](#showmessagewhenopeninginteretexplorersites) | Updated | ShowMessageWhenOpeningInteretExplorerSites | Updated |
| [Unlock Home button](#unlock-home-button) | New | UnlockHomeButton | New |
---
We are also deprecating the **Configure Favorites** group policy because no MDM equivalent existed. Use the **[Provision Favorites](available-policies.md#provision-favorites)** in place of Configure Favorites.

2
browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
View File

@ -1 +1 @@
Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the [Configure search suggestions in Address bar](../available-policies.md#configure-search-suggestions-in-address-bar) policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the Show search and site suggestions as I type toggle in Settings.
Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the [Configure search suggestions in Address bar](../available-policies.md#configure-search-suggestions-in-address-bar) policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.

2
browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
View File

@ -1 +1 @@
Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.
Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.

2
browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
View File

@ -1 +1 @@
By default, Microsoft Edge does not send Do Not Track requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.
Microsoft Edge does not send Do Not Track requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.

2
browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
View File

@ -1 +1 @@
Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. With this policy, and you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and automatically switch to IE11. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.
Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.

2
browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
View File

@ -1 +1 @@
By default, Microsoft Edge turns off Pop-up Blocker allowing pop-up windows to appear. Enabling this policy turns on Pop-up Blocker stopping pop-up windows from appearing. Dont configure this policy to let users choose to use Pop-up Blocker.
Microsoft Edge turns off Pop-up Blocker allowing pop-up windows to appear. Enabling this policy turns on Pop-up Blocker stopping pop-up windows from appearing. Dont configure this policy to let users choose to use Pop-up Blocker.

2
browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
View File

@ -1 +1 @@
By default, Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software. Also by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns off Windows Defender SmartScreen and prevent users from turning it on. Dont configure this policy to let users choose to turn Windows defender SmartScreen on or off.
Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default. Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns off Windows Defender SmartScreen and prevent users from turning it on. Dont configure this policy to let users choose to turn Windows defender SmartScreen on or off.

2
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -19,7 +19,7 @@ ms.date: 11/28/2017
- Windows 10
From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup).
From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup).
![Remote Desktop Connection client](images/rdp.png)

33
windows/client-management/mdm/defender-csp.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 01/29/2018
ms.date: 07/19/2018
---
# Defender CSP
@ -114,6 +114,9 @@ The following table describes the supported values:
| 46 | Behavior |
| 47 | Vulnerability |
| 48 | Policy |
| 49 | EUS (Enterprise Unwanted Software)|
| 50 | Ransomware |
| 51 | ASR Rule |
 
@ -126,19 +129,17 @@ The data type is a integer.
The following list shows the supported values:
- 0 = Unknown
- 1 = Detected
- 2 = Cleaned
- 3 = Quarantined
- 4 = Removed
- 5 = Allowed
- 6 = Blocked
- 102 = Clean failed
- 103 = Quarantine failed
- 104 = Remove failed
- 105 = Allow failed
- 106 = Abandoned
- 107 = Block failed
- 0 = Active
- 1 = Action failed
- 2 = Manual steps required
- 3 = Full scan required
- 4 = Reboot required
- 5 = Remediated with non critical failures
- 6 = Quarantined
- 7 = Removed
- 8 = Cleaned
- 9 = Allowed
- 10 = No Status ( Cleared)
Supported operation is Get.
@ -185,9 +186,9 @@ The following list shows the supported values:
- 0 = Clean
- 1 = Pending full scan
- 2 = Pending reboot
- 4 = Pending manual steps
- 4 = Pending manual steps (Windows Defender is waiting for the user to take some action, such as restarting the computer or running a full scan)
- 8 = Pending offline scan
- 16 = Pending critical failure
- 16 = Pending critical failure (Windows Defender has failed critically and an Adminsitrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender)
Supported operation is Get.

9
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -1707,6 +1707,15 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<li>Start/StartLayout - added a table of SKU support information.</li>
<li>Start/ImportEdgeAssets - added a table of SKU support information.</li>
</ul>
<p>Added the following new policies in Windows 10, next major version:</p>
<ul>
<li>Update/EngagedRestartDeadlineForFeatureUpdates</li>
<li>Update/EngagedRestartSnoozeScheduleForFeatureUpdates</li>
<li>Update/EngagedRestartTransitionScheduleForFeatureUpdates</li>
<li>Update/SetDisablePauseUXAccess</li>
<li>Update/SetDisableUXWUAccess</li>
<li>Update/UpdateNotificationKioskMode</li>
</ul>
</td></tr>
<tr>
<td style="vertical-align:top">[WiredNetwork CSP](wirednetwork-csp.md)</td>

52
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -763,6 +763,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-defender.md#defender-avgcpuloadfactor" id="defender-avgcpuloadfactor">Defender/AvgCPULoadFactor</a>
</dd>
<dd>
<a href="./policy-csp-defender.md#defender-checkforsignaturesbeforerunningscan" id="defender-checkforsignaturesbeforerunningscan">Defender/CheckForSignaturesBeforeRunningScan</a>
</dd>
<dd>
<a href="./policy-csp-defender.md#defender-cloudblocklevel" id="defender-cloudblocklevel">Defender/CloudBlockLevel</a>
</dd>
@ -778,9 +781,18 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-defender.md#defender-daystoretaincleanedmalware" id="defender-daystoretaincleanedmalware">Defender/DaysToRetainCleanedMalware</a>
</dd>
<dd>
<a href="./policy-csp-defender.md#defender-disablecatchupfullscan" id="defender-disablecatchupfullscan">Defender/DisableCatchupFullScan</a>
</dd>
<dd>
<a href="./policy-csp-defender.md#defender-disablecatchupquickscan" id="defender-disablecatchupquickscan">Defender/DisableCatchupQuickScan</a>
</dd>
<dd>
<a href="./policy-csp-defender.md#defender-enablecontrolledfolderaccess" id="defender-enablecontrolledfolderaccess">Defender/EnableControlledFolderAccess</a>
</dd>
<dd>
<a href="./policy-csp-defender.md#defender-enablelowcpupriority" id="defender-enablelowcpupriority">Defender/EnableLowCPUPriority</a>
</dd>
<dd>
<a href="./policy-csp-defender.md#defender-enablenetworkprotection" id="defender-enablenetworkprotection">Defender/EnableNetworkProtection</a>
</dd>
@ -811,6 +823,12 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-defender.md#defender-schedulescantime" id="defender-schedulescantime">Defender/ScheduleScanTime</a>
</dd>
<dd>
<a href="./policy-csp-defender.md#defender-signatureupdatefallbackorder" id="defender-signatureupdatefallbackorder">Defender/SignatureUpdateFallbackOrder</a>
</dd>
<dd>
<a href="./policy-csp-defender.md#defender-signatureupdatefilesharessources" id="defender-signatureupdatefilesharessources">Defender/SignatureUpdateFileSharesSources</a>
</dd>
<dd>
<a href="./policy-csp-defender.md#defender-signatureupdateinterval" id="defender-signatureupdateinterval">Defender/SignatureUpdateInterval</a>
</dd>
@ -3209,6 +3227,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-update.md#update-autorestartdeadlineperiodindays" id="update-autorestartdeadlineperiodindays">Update/AutoRestartDeadlinePeriodInDays</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-autorestartdeadlineperiodindaysforfeatureupdates" id="update-autorestartdeadlineperiodindaysforfeatureupdates">Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-autorestartnotificationschedule" id="update-autorestartnotificationschedule">Update/AutoRestartNotificationSchedule</a>
</dd>
@ -3242,12 +3263,21 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-update.md#update-engagedrestartdeadline" id="update-engagedrestartdeadline">Update/EngagedRestartDeadline</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-engagedrestartdeadlineforfeatureupdates" id="update-engagedrestartdeadlineforfeatureupdates">Update/EngagedRestartDeadlineForFeatureUpdates</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-engagedrestartsnoozeschedule" id="update-engagedrestartsnoozeschedule">Update/EngagedRestartSnoozeSchedule</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-engagedrestartsnoozescheduleforfeatureupdates" id="update-engagedrestartsnoozescheduleforfeatureupdates">Update/EngagedRestartSnoozeScheduleForFeatureUpdates</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-engagedrestarttransitionschedule" id="update-engagedrestarttransitionschedule">Update/EngagedRestartTransitionSchedule</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-engagedrestarttransitionscheduleforfeatureupdates" id="update-engagedrestarttransitionscheduleforfeatureupdates">Update/EngagedRestartTransitionScheduleForFeatureUpdates</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-excludewudriversinqualityupdate" id="update-excludewudriversinqualityupdate">Update/ExcludeWUDriversInQualityUpdate</a>
</dd>
@ -3317,9 +3347,18 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-update.md#update-setautorestartnotificationdisable" id="update-setautorestartnotificationdisable">Update/SetAutoRestartNotificationDisable</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-setdisablepauseuxaccess" id="update-setdisablepauseuxaccess">Update/SetDisablePauseUXAccess</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-setdisableuxwuaccess" id="update-setdisableuxwuaccess">Update/SetDisableUXWUAccess</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-setedurestart" id="update-setedurestart">Update/SetEDURestart</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-updatenotificationkioskmode" id="update-updatenotificationkioskmode">Update/UpdateNotificationKioskMode</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-updateserviceurl" id="update-updateserviceurl">Update/UpdateServiceUrl</a>
</dd>
@ -4103,12 +4142,16 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Defender/AttackSurfaceReductionOnlyExclusions](./policy-csp-defender.md#defender-attacksurfacereductiononlyexclusions)
- [Defender/AttackSurfaceReductionRules](./policy-csp-defender.md#defender-attacksurfacereductionrules)
- [Defender/AvgCPULoadFactor](./policy-csp-defender.md#defender-avgcpuloadfactor)
- [Defender/CheckForSignaturesBeforeRunningScan](./policy-csp-defender.md#defender-checkforsignaturesbeforerunningscan)
- [Defender/CloudBlockLevel](./policy-csp-defender.md#defender-cloudblocklevel)
- [Defender/CloudExtendedTimeout](./policy-csp-defender.md#defender-cloudextendedtimeout)
- [Defender/ControlledFolderAccessAllowedApplications](./policy-csp-defender.md#defender-controlledfolderaccessallowedapplications)
- [Defender/ControlledFolderAccessProtectedFolders](./policy-csp-defender.md#defender-controlledfolderaccessprotectedfolders)
- [Defender/DaysToRetainCleanedMalware](./policy-csp-defender.md#defender-daystoretaincleanedmalware)
- [Defender/DisableCatchupFullScan](./policy-csp-defender.md#defender-disablecatchupfullscan)
- [Defender/DisableCatchupQuickScan](./policy-csp-defender.md#defender-disablecatchupquickscan)
- [Defender/EnableControlledFolderAccess](./policy-csp-defender.md#defender-enablecontrolledfolderaccess)
- [Defender/EnableLowCPUPriority](./policy-csp-defender.md#defender-enablelowcpupriority)
- [Defender/EnableNetworkProtection](./policy-csp-defender.md#defender-enablenetworkprotection)
- [Defender/ExcludedExtensions](./policy-csp-defender.md#defender-excludedextensions)
- [Defender/ExcludedPaths](./policy-csp-defender.md#defender-excludedpaths)
@ -4118,6 +4161,8 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Defender/ScheduleQuickScanTime](./policy-csp-defender.md#defender-schedulequickscantime)
- [Defender/ScheduleScanDay](./policy-csp-defender.md#defender-schedulescanday)
- [Defender/ScheduleScanTime](./policy-csp-defender.md#defender-schedulescantime)
- [Defender/SignatureUpdateFallbackOrder](./policy-csp-defender.md#defender-signatureupdatefallbackorder)
- [Defender/SignatureUpdateFileSharesSources](./policy-csp-defender.md#defender-signatureupdatefilesharessources)
- [Defender/SignatureUpdateInterval](./policy-csp-defender.md#defender-signatureupdateinterval)
- [Defender/SubmitSamplesConsent](./policy-csp-defender.md#defender-submitsamplesconsent)
- [Defender/ThreatSeverityDefaultAction](./policy-csp-defender.md#defender-threatseveritydefaultaction)
@ -4693,6 +4738,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Update/AllowMUUpdateService](./policy-csp-update.md#update-allowmuupdateservice)
- [Update/AllowUpdateService](./policy-csp-update.md#update-allowupdateservice)
- [Update/AutoRestartDeadlinePeriodInDays](./policy-csp-update.md#update-autorestartdeadlineperiodindays)
- [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](./policy-csp-update.md#update-autorestartdeadlineperiodindaysforfeatureupdates)
- [Update/AutoRestartNotificationSchedule](./policy-csp-update.md#update-autorestartnotificationschedule)
- [Update/AutoRestartRequiredNotificationDismissal](./policy-csp-update.md#update-autorestartrequirednotificationdismissal)
- [Update/BranchReadinessLevel](./policy-csp-update.md#update-branchreadinesslevel)
@ -4703,8 +4749,11 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Update/DetectionFrequency](./policy-csp-update.md#update-detectionfrequency)
- [Update/DisableDualScan](./policy-csp-update.md#update-disabledualscan)
- [Update/EngagedRestartDeadline](./policy-csp-update.md#update-engagedrestartdeadline)
- [Update/EngagedRestartDeadlineForFeatureUpdates](./policy-csp-update.md#update-engagedrestartdeadlineforfeatureupdates)
- [Update/EngagedRestartSnoozeSchedule](./policy-csp-update.md#update-engagedrestartsnoozeschedule)
- [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestartsnoozescheduleforfeatureupdates)
- [Update/EngagedRestartTransitionSchedule](./policy-csp-update.md#update-engagedrestarttransitionschedule)
- [Update/EngagedRestartTransitionScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestarttransitionscheduleforfeatureupdates)
- [Update/ExcludeWUDriversInQualityUpdate](./policy-csp-update.md#update-excludewudriversinqualityupdate)
- [Update/FillEmptyContentUrls](./policy-csp-update.md#update-fillemptycontenturls)
- [Update/ManagePreviewBuilds](./policy-csp-update.md#update-managepreviewbuilds)
@ -4724,7 +4773,10 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Update/ScheduledInstallThirdWeek](./policy-csp-update.md#update-scheduledinstallthirdweek)
- [Update/ScheduledInstallTime](./policy-csp-update.md#update-scheduledinstalltime)
- [Update/SetAutoRestartNotificationDisable](./policy-csp-update.md#update-setautorestartnotificationdisable)
- [Update/SetDisablePauseUXAccess](./policy-csp-update.md#update-setdisablepauseuxaccess)
- [Update/SetDisableUXWUAccess](./policy-csp-update.md#update-setdisableuxwuaccess)
- [Update/SetEDURestart](./policy-csp-update.md#update-setedurestart)
- [Update/UpdateNotificationKioskMode](./policy-csp-update.md#update-updatenotificationkioskmode)
- [Update/UpdateServiceUrl](./policy-csp-update.md#update-updateserviceurl)
- [Update/UpdateServiceUrlAlternate](./policy-csp-update.md#update-updateserviceurlalternate)
- [UserRights/AccessCredentialManagerAsTrustedCaller](./policy-csp-userrights.md#userrights-accesscredentialmanagerastrustedcaller)

97
windows/client-management/mdm/policy-csp-browser.md
View File

@ -239,9 +239,8 @@ ms.date: 07/18/2018
<!--Description-->
Added in Windows 10, version 1703.
By default, Microsoft Edge shows the Address bar drop-down list and makes it available. When enabled (default setting), this policy takes precedence over the [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) policy. If you want to minimize network connections from Microsoft Edge to Microsoft service, we recommend disabling this policy, which hides the Address bar drop-down list functionality. When disabled, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.  
[!INCLUDE [allow-address-bar-drop-down-shortdesc](../../../browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md)]
Most restricted value is 0.
<!--/Description-->
<!--ADMXMapped-->
@ -253,11 +252,12 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not allowed. Address bar drop-down is disabled, which also disables the user-defined setting, "Show search and site suggestions as I type." 
- 1 (default) Allowed. Address bar drop-down is enabled.
- 0 Prevented/not allowed. Hide the Address bar drop-down functionality and disable the _Show search and site suggestions as I type_ toggle in Settings. 
- 1 (default) Allowed. Show the Address bar drop-down list and make it available.
Most restricted value: 0
<!--/SupportedValues-->
<!--/Policy-->
@ -300,9 +300,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
By default, users can choose to use Autofill for filling in form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.
Most restricted value is 0.
[!INCLUDE [configure-autofill-shortdesc](../../../browsers/edge/shortdesc/configure-autofill-shortdesc.md)]
<!--/Description-->
<!--ADMXMapped-->
@ -314,11 +312,13 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not allowed.
- Blank - Users can choose to use AutoFill.
- 0 Prevented/not allowed.
- 1 (default) Allowed.
Most restricted value: 0
<!--/SupportedValues-->
<!--Validation-->
To verify AllowAutofill is set to 0 (not allowed):
@ -373,17 +373,18 @@ To verify AllowAutofill is set to 0 (not allowed):
> [!NOTE]
> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
By default, the device allows Microsoft Edge on Windows 10 Mobile. Disabling this policy disables the Microsoft Edge tile, and when clicking the tile, a message opens indicating that the administrator disabled Internet browsing.
The device allows Microsoft Edge on Windows 10 Mobile by default. With this policy, you can disable the Microsoft Edge tile, and when clicking the tile, a message opens indicating that the administrator disabled Internet browsing.
Most restricted value is 0.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not allowed.
- 0 Prevented/not allowed.
- 1 (default) Allowed.
Most restricted value: 0
<!--/SupportedValues-->
<!--/Policy-->
@ -426,14 +427,14 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
By default, Microsoft Edge automatically updates the configuration data for the Books Library. Enabling this policy prevents Microsoft Edge from updating the configuration data.
Microsoft Edge automatically updates the configuration data for the Books Library. Disabling this policy prevents Microsoft Edge from updating the configuration data.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 - Disable. Microsoft Edge cannot retrieve a configuration
- 1 - Enable (default). Microsoft Edge can retrieve a configuration for Books Library
- 0 - Prevented/not allowed.
- 1 (default). Allowed. Microsoft Edge updates the configuration data for the Books Library automatically.
<!--/SupportedValues-->
<!--/Policy-->
@ -493,7 +494,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Block all cookies from all sites.
- 1 Block only cookies from third party websites.
@ -567,7 +568,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not allowed.
- 1 (default) Allowed.
@ -628,7 +629,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- Blank/Null (default) Not configured - Does not send tracking information, but allow users to choose whether to send tracking information to sites they visit.
- 0 (Disabled) - Never sends tracking information.
@ -697,7 +698,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not allowed.
- 1 (default) Allowed.
@ -756,7 +757,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not allowed.
- 1 (default) Allowed.
@ -815,7 +816,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Adobe Flash content is automatically loaded and run by Microsoft Edge.
- 1 (default) Users must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.
@ -942,7 +943,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not allowed.
- 1 (default) Allowed.
@ -1006,7 +1007,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not enabled.
- 1 (default) Enabled.
@ -1067,7 +1068,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not allowed.
- 1 (default) Allowed.
@ -1407,7 +1408,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not allowed.
- 1 (default) Allowed.
@ -1468,7 +1469,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not allowed.
- 1 (default) Allowed.
@ -1596,7 +1597,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 Not allowed.
- 1 (default) Allowed.
@ -1800,7 +1801,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) - Disable. Use default visibility of the Books Library. The Library will be only visible in countries or regions where its available.
- 1 - Enable. Always show the Books Library, regardless of countries or region of activation.
@ -1861,7 +1862,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.
- 1 Browsing data is cleared on exit.
@ -1940,7 +1941,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) Additional search engines are not allowed.
- 1 Additional search engines are allowed.
@ -2437,7 +2438,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages. 
- 1 Disable lockdown of the Start pages and allow users to modify them.
@ -2498,7 +2499,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) - Disable. No additional diagnostic data.
- 1 - Enable. Additional diagnostic data for schools.
@ -2562,7 +2563,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- Not configured. The device checks for updates from Microsoft Update.
- Set to a URL location of the enterprise site list.
@ -2850,7 +2851,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 - Disabled. Do not lockdown Favorites.
- 1 - Enabled. Lockdown Favorites.
@ -2909,7 +2910,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) Users can access the about:flags page in Microsoft Edge.
- 1 Users can't access the about:flags page in Microsoft Edge.
@ -3037,7 +3038,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) Employees see the First Run webpage.
- 1 Employees don't see the First Run webpage.
@ -3098,7 +3099,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge.
- 1 Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.
@ -3159,7 +3160,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) Off.
- 1 On.
@ -3218,7 +3219,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) Off.
- 1 On.
@ -3280,7 +3281,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) Allow pre-launch and preload.
- 1 Prevent pre-launch and preload.
@ -3343,7 +3344,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) The localhost IP address is shown.
- 1 The localhost IP address is hidden.
@ -3474,7 +3475,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) - All websites, including intranet sites, open in Microsoft Edge automatically.
- 1 - Only intranet sites open in Internet Explorer 11 automatically.
@ -3544,7 +3545,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) - The default search engine is set to the one specified in App settings.
- 1 - Allows you to configure the default search engine for your employees.
@ -3808,7 +3809,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 (default) Synchronization is off.
- 1 Synchronization is on.
@ -3944,7 +3945,7 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
Allowed values:
- 0 - No shared folder.
- 1 - Use a shared folder.

444
windows/client-management/mdm/policy-csp-defender.md
View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 05/14/2018
ms.date: 07/03/2018
---
# Policy CSP - Defender
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
@ -67,6 +69,9 @@ ms.date: 05/14/2018
<dd>
<a href="#defender-avgcpuloadfactor">Defender/AvgCPULoadFactor</a>
</dd>
<dd>
<a href="#defender-checkforsignaturesbeforerunningscan">Defender/CheckForSignaturesBeforeRunningScan</a>
</dd>
<dd>
<a href="#defender-cloudblocklevel">Defender/CloudBlockLevel</a>
</dd>
@ -82,9 +87,18 @@ ms.date: 05/14/2018
<dd>
<a href="#defender-daystoretaincleanedmalware">Defender/DaysToRetainCleanedMalware</a>
</dd>
<dd>
<a href="#defender-disablecatchupfullscan">Defender/DisableCatchupFullScan</a>
</dd>
<dd>
<a href="#defender-disablecatchupquickscan">Defender/DisableCatchupQuickScan</a>
</dd>
<dd>
<a href="#defender-enablecontrolledfolderaccess">Defender/EnableControlledFolderAccess</a>
</dd>
<dd>
<a href="#defender-enablelowcpupriority">Defender/EnableLowCPUPriority</a>
</dd>
<dd>
<a href="#defender-enablenetworkprotection">Defender/EnableNetworkProtection</a>
</dd>
@ -115,6 +129,12 @@ ms.date: 05/14/2018
<dd>
<a href="#defender-schedulescantime">Defender/ScheduleScanTime</a>
</dd>
<dd>
<a href="#defender-signatureupdatefallbackorder">Defender/SignatureUpdateFallbackOrder</a>
</dd>
<dd>
<a href="#defender-signatureupdatefilesharessources">Defender/SignatureUpdateFileSharesSources</a>
</dd>
<dd>
<a href="#defender-signatureupdateinterval">Defender/SignatureUpdateInterval</a>
</dd>
@ -1101,6 +1121,78 @@ Valid values: 0100
<hr/>
<!--Policy-->
<a href="" id="defender-checkforsignaturesbeforerunningscan"></a>**Defender/CheckForSignaturesBeforeRunningScan**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan.
This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate", but it has no effect on scans initiated manually from the user interface.
If you enable this setting, a check for new definitions will occur before running a scan.
If you disable this setting or do not configure this setting, the scan will start using the existing definitions.
Supported values:
- 0 (default) - Disabled
- 1 - Enabled
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Check for the latest virus and spyware definitions before running a scheduled scan*
- GP name: *CheckForSignaturesBeforeRunningScan*
- GP element: *CheckForSignaturesBeforeRunningScan*
- GP path: *Windows Components/Windows Defender Antivirus/Scan*
- GP ADMX file name: *WindowsDefender.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="defender-cloudblocklevel"></a>**Defender/CloudBlockLevel**
@ -1408,6 +1500,146 @@ Valid values: 090
<hr/>
<!--Policy-->
<a href="" id="defender-disablecatchupfullscan"></a>**Defender/DisableCatchupFullScan**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.
If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run.
If you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned off.
Supported values:
- 0 - Disabled
- 1 - Enabled (default)
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Turn on catch-up full scan*
- GP name: *Scan_DisableCatchupFullScan*
- GP element: *Scan_DisableCatchupFullScan*
- GP path: *Windows Components/Windows Defender Antivirus/Scan*
- GP ADMX file name: *WindowsDefender.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="defender-disablecatchupquickscan"></a>**Defender/DisableCatchupQuickScan**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.
If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run.
If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off.
Supported values:
- 0 - Disabled
- 1 - Enabled (default)
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Turn on catch-up quick scan*
- GP name: *Scan_DisableCatchupQuickScan*
- GP element: *Scan_DisableCatchupQuickScan*
- GP path: *Windows Components/Windows Defender Antivirus/Scan*
- GP ADMX file name: *WindowsDefender.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="defender-enablecontrolledfolderaccess"></a>**Defender/EnableControlledFolderAccess**
@ -1471,6 +1703,76 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="defender-enablelowcpupriority"></a>**Defender/EnableLowCPUPriority**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to enable or disable low CPU priority for scheduled scans.
If you enable this setting, low CPU priority will be used during scheduled scans.
If you disable or do not configure this setting, not changes will be made to CPU priority for scheduled scans.
Supported values:
- 0 - Disabled (default)
- 1 - Enabled
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Configure low CPU priority for scheduled scans*
- GP name: *Scan_LowCpuPriority*
- GP element: *Scan_LowCpuPriority*
- GP path: *Windows Components/Windows Defender Antivirus/Scan*
- GP ADMX file name: *WindowsDefender.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="defender-enablenetworkprotection"></a>**Defender/EnableNetworkProtection**
@ -2110,6 +2412,145 @@ Valid values: 01380.
<hr/>
<!--Policy-->
<a href="" id="defender-signatureupdatefallbackorder"></a>**Defender/SignatureUpdateFallbackOrder**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order.
Possible values are:
- InternalDefinitionUpdateServer
- MicrosoftUpdateServer
- MMPC
- FileShares
For example: { InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }
If you enable this setting, definition update sources will be contacted in the order specified. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
If you disable or do not configure this setting, definition update sources will be contacted in a default order.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Define the order of sources for downloading definition updates*
- GP name: *SignatureUpdate_FallbackOrder*
- GP element: *SignatureUpdate_FallbackOrder*
- GP path: *Windows Components/Windows Defender Antivirus/Signature Updates*
- GP ADMX file name: *WindowsDefender.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="defender-signatureupdatefilesharessources"></a>**Defender/SignatureUpdateFileSharesSources**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. For example: "{\\unc1 | \\unc2 }". The list is empty by default.
If you enable this setting, the specified sources will be contacted for definition updates. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
If you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Define file shares for downloading definition updates*
- GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources*
- GP element: *SignatureUpdate_DefinitionUpdateFileSharesSources*
- GP path: *Windows Components/Windows Defender Antivirus/Signature Updates*
- GP ADMX file name: *WindowsDefender.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="defender-signatureupdateinterval"></a>**Defender/SignatureUpdateInterval**
@ -2319,6 +2760,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in the next major release of Windows 10.
<!--/Policies-->

571
windows/client-management/mdm/policy-csp-update.md
View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 05/14/2018
ms.date: 07/18/2018
---
# Policy CSP - Update
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
@ -46,6 +48,9 @@ ms.date: 05/14/2018
<dd>
<a href="#update-autorestartdeadlineperiodindays">Update/AutoRestartDeadlinePeriodInDays</a>
</dd>
<dd>
<a href="#update-autorestartdeadlineperiodindaysforfeatureupdates">Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates</a>
</dd>
<dd>
<a href="#update-autorestartnotificationschedule">Update/AutoRestartNotificationSchedule</a>
</dd>
@ -79,12 +84,21 @@ ms.date: 05/14/2018
<dd>
<a href="#update-engagedrestartdeadline">Update/EngagedRestartDeadline</a>
</dd>
<dd>
<a href="#update-engagedrestartdeadlineforfeatureupdates">Update/EngagedRestartDeadlineForFeatureUpdates</a>
</dd>
<dd>
<a href="#update-engagedrestartsnoozeschedule">Update/EngagedRestartSnoozeSchedule</a>
</dd>
<dd>
<a href="#update-engagedrestartsnoozescheduleforfeatureupdates">Update/EngagedRestartSnoozeScheduleForFeatureUpdates</a>
</dd>
<dd>
<a href="#update-engagedrestarttransitionschedule">Update/EngagedRestartTransitionSchedule</a>
</dd>
<dd>
<a href="#update-engagedrestarttransitionscheduleforfeatureupdates">Update/EngagedRestartTransitionScheduleForFeatureUpdates</a>
</dd>
<dd>
<a href="#update-excludewudriversinqualityupdate">Update/ExcludeWUDriversInQualityUpdate</a>
</dd>
@ -154,9 +168,18 @@ ms.date: 05/14/2018
<dd>
<a href="#update-setautorestartnotificationdisable">Update/SetAutoRestartNotificationDisable</a>
</dd>
<dd>
<a href="#update-setdisablepauseuxaccess">Update/SetDisablePauseUXAccess</a>
</dd>
<dd>
<a href="#update-setdisableuxwuaccess">Update/SetDisableUXWUAccess</a>
</dd>
<dd>
<a href="#update-setedurestart">Update/SetEDURestart</a>
</dd>
<dd>
<a href="#update-updatenotificationkioskmode">Update/UpdateNotificationKioskMode</a>
</dd>
<dd>
<a href="#update-updateserviceurl">Update/UpdateServiceUrl</a>
</dd>
@ -690,11 +713,21 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory.
For Quality Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
Supported values are 2-30 days.
Value type is integer. Default is 7 days.
The default value is 7 days.
Supported values range: 2-30.
Note that the PC must restart for certain updates to take effect.
If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
If you disable or do not configure this policy, the PC will restart according to the default schedule.
If any of the following two policies are enabled, this policy has no effect:
1. No auto-restart with logged on users for scheduled automatic updates installations.
2. Always automatically restart at scheduled time.
<!--/Description-->
<!--ADMXMapped-->
@ -710,6 +743,81 @@ ADMX Info:
<hr/>
<!--Policy-->
<a href="" id="update-autorestartdeadlineperiodindaysforfeatureupdates"></a>**Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
For Feature Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
Value type is integer. Default is 7 days.
Supported values range: 2-30.
Note that the PC must restart for certain updates to take effect.
If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
If you disable or do not configure this policy, the PC will restart according to the default schedule.
If any of the following two policies are enabled, this policy has no effect:
1. No auto-restart with logged on users for scheduled automatic updates installations.
2. Always automatically restart at scheduled time.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Specify deadline before auto-restart for update installation*
- GP name: *AutoRestartDeadline*
- GP element: *AutoRestartDeadlineForFeatureUpdates*
- GP path: *Windows Components/Windows Update*
- GP ADMX file name: *WindowsUpdate.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="update-autorestartnotificationschedule"></a>**Update/AutoRestartNotificationSchedule**
@ -1402,11 +1510,20 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling).
For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
Supported values are 2-30 days.
Value type is integer. Default is 14.
The default value is 0 days (not specified).
Supported value range: 2 - 30.
If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
<!--/Description-->
<!--ADMXMapped-->
@ -1422,6 +1539,80 @@ ADMX Info:
<hr/>
<!--Policy-->
<a href="" id="update-engagedrestartdeadlineforfeatureupdates"></a>**Update/EngagedRestartDeadlineForFeatureUpdates**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
Value type is integer. Default is 14.
Supported value range: 2 - 30.
If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Specify Engaged restart transition and notification schedule for updates*
- GP name: *EngagedRestartTransitionSchedule*
- GP element: *EngagedRestartDeadlineForFeatureUpdates*
- GP path: *Windows Components/Windows Update*
- GP ADMX file name: *WindowsUpdate.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="update-engagedrestartsnoozeschedule"></a>**Update/EngagedRestartSnoozeSchedule**
@ -1458,11 +1649,18 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications.
For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
Supported values are 1-3 days.
Value type is integer. Default is 3 days.
The default value is 3 days.
Supported value range: 1 - 3.
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
<!--/Description-->
<!--ADMXMapped-->
@ -1478,6 +1676,78 @@ ADMX Info:
<hr/>
<!--Policy-->
<a href="" id="update-engagedrestartsnoozescheduleforfeatureupdates"></a>**Update/EngagedRestartSnoozeScheduleForFeatureUpdates**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
Value type is integer. Default is 3 days.
Supported value range: 1 - 3.
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Specify Engaged restart transition and notification schedule for updates*
- GP name: *EngagedRestartTransitionSchedule*
- GP element: *EngagedRestartSnoozeScheduleForFeatureUpdates*
- GP path: *Windows Components/Windows Update*
- GP ADMX file name: *WindowsUpdate.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="update-engagedrestarttransitionschedule"></a>**Update/EngagedRestartTransitionSchedule**
@ -1514,11 +1784,18 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
For Quality Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
Supported values are 2-30 days.
Value type is integer.
The default value is 7 days.
Supported value range: 0 - 30.
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
<!--/Description-->
<!--ADMXMapped-->
@ -1534,6 +1811,78 @@ ADMX Info:
<hr/>
<!--Policy-->
<a href="" id="update-engagedrestarttransitionscheduleforfeatureupdates"></a>**Update/EngagedRestartTransitionScheduleForFeatureUpdates**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
Value type is integer.
Supported value range: 0 - 30.
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Specify Engaged restart transition and notification schedule for updates*
- GP name: *EngagedRestartTransitionSchedule*
- GP element: *EngagedRestartTransitionScheduleForFeatureUpdates*
- GP path: *Windows Components/Windows Update*
- GP ADMX file name: *WindowsUpdate.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="update-excludewudriversinqualityupdate"></a>**Update/ExcludeWUDriversInQualityUpdate**
@ -2871,6 +3220,126 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="update-setdisablepauseuxaccess"></a>**Update/SetDisablePauseUXAccess**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user cannot access the "Pause updates" feature.
Value type is integer. Default is 0. Supported values 0, 1.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP name: *SetDisablePauseUXAccess*
- GP ADMX file name: *WindowsUpdate.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="update-setdisableuxwuaccess"></a>**Update/SetDisableUXWUAccess**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user cannot access the Windows Update scan, download, and install features.
Value type is integer. Default is 0. Supported values 0, 1.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP name: *SetDisableUXWUAccess*
- GP ADMX file name: *WindowsUpdate.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="update-setedurestart"></a>**Update/SetEDURestart**
@ -2929,6 +3398,74 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="update-updatenotificationkioskmode"></a>**Update/UpdateNotificationKioskMode**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy allows you to define what Windows Update notifications users see. This policy doesnt control how and when updates are downloaded and installed.
Valid values:
- 0 (default) Use the default Windows Update notifications
- 1 Turn off all notifications, excluding restart warnings
- 2 Turn off all notifications, including restart warnings
> [!Important]
> If you choose not to get update notifications and also define the policy “Configure Automatic Updates” so that devices arent automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Display options for update notifications*
- GP name: *UpdateNotificationKioskMode*
- GP path: *Windows Components/Windows Update*
- GP ADMX file name: *WindowsUpdate.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="update-updateserviceurl"></a>**Update/UpdateServiceUrl**
@ -3081,6 +3618,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in the next major release of Windows 10.
<!--/Policies-->
@ -3099,11 +3637,18 @@ Footnote:
- [Update/AllowNonMicrosoftSignedUpdate](#update-allownonmicrosoftsignedupdate)
- [Update/AllowUpdateService](#update-allowupdateservice)
- [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](#update-autorestartdeadlineperiodindaysforfeatureupdates)
- [Update/EngagedRestartDeadlineForFeatureUpdates](#update-engagedrestartdeadlineforfeatureupdates)
- [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](#update-engagedrestartsnoozescheduleforfeatureupdates)
- [Update/EngagedRestartTransitionScheduleForFeatureUpdates](#update-engagedrestarttransitionscheduleforfeatureupdates)
- [Update/PauseDeferrals](#update-pausedeferrals)
- [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
- [Update/RequireUpdateApproval](#update-requireupdateapproval)
- [Update/ScheduledInstallDay](#update-scheduledinstallday)
- [Update/ScheduledInstallTime](#update-scheduledinstalltime)
- [Update/SetDisablePauseUXAccess](#update-setdisablepauseuxaccess)
- [Update/SetDisableUXWUAccess](#update-setdisableuxwuaccess)
- [Update/UpdateNotificationKioskMode](#update-updatenotificationkioskmode)
- [Update/UpdateServiceUrl](#update-updateserviceurl)
<!--EndIoTCore-->

1
windows/configuration/TOC.md
View File

@ -122,6 +122,7 @@
#### [UniversalAppUninstall](wcd/wcd-universalappuninstall.md)
#### [UsbErrorsOEMOverride](wcd/wcd-usberrorsoemoverride.md)
#### [WeakCharger](wcd/wcd-weakcharger.md)
#### [WindowsHelloForBusiness](wcd/wcd-windowshelloforbusiness.md)
#### [WindowsTeamSettings](wcd/wcd-windowsteamsettings.md)
#### [WLAN](wcd/wcd-wlan.md)
#### [Workplace](wcd/wcd-workplace.md)

2
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -17,6 +17,8 @@ ms.date: 06/27/2018
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
## June 2018
New or changed topic | Description

33
windows/configuration/wcd/wcd-windowshelloforbusiness.md Normal file
View File

@ -0,0 +1,33 @@
---
title: WindowsHelloForBusiness (Windows 10)
description: This section describes the Windows Hello for Business settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
ms.date: 07/19/2018
---
# WindowsHelloForBusiness (Windows Configuration Designer reference)
>[!WARNING]
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for Windows Hello for Business ](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/) can be used to sign in to Windows on a device configured for [Shared PC mode](wcd-sharedpc.md).
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [SecurityKeys](#securitykeys) | X | | | | |
## SecurityKeys
Select the desired value:
- `0`: security keys for Windows Hello for Business are disabled.
- `1`: security keys for Windows Hello for Business are enabled on [Shared PCs](wcd-sharedpc.md).

3
windows/configuration/wcd/wcd.md
View File

@ -8,7 +8,7 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
ms.date: 04/30/2018
ms.date: 07/19/2018
---
# Windows Configuration Designer provisioning settings (reference)
@ -78,6 +78,7 @@ This section describes the settings that you can configure in [provisioning pack
| [UniversalAppInstall](wcd-universalappinstall.md) | X | X | X | X | X |
| [UniversalAppUninstall](wcd-universalappuninstall.md) | X | X | X | X | X |
| [WeakCharger](wcd-weakcharger.md) |X | X | X | X | |
| [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | X | | | | |
| [WindowsTeamSettings](wcd-windowsteamsettings.md) | | | X | | |
| [WLAN](wcd-wlan.md) | | | | X | |
| [Workplace](wcd-workplace.md) |X | X | X | X | X |

4
windows/security/threat-protection/TOC.md
View File

@ -15,6 +15,7 @@
##### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
##### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
#### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
##### [Onboard previous versions of Windows](windows-defender-atp\onboard-downlevel-windows-defender-advanced-threat-protection.md)
##### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
###### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
###### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
@ -80,12 +81,11 @@
######## [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
######## [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
###### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md)
###### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md)
####### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
####### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
#### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md)
#### [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md)
####API and SIEM support

2
windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
View File

@ -68,7 +68,7 @@ This table indicates the functionality and features that are available in each s
State | Description | [Real-time protection](configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) | [Limited periodic scanning availability](limited-periodic-scanning-windows-defender-antivirus.md) | [File scanning and detection information](customize-run-review-remediate-scans-windows-defender-antivirus.md) | [Threat remediation](configure-remediation-windows-defender-antivirus.md) | [Threat definition updates](manage-updates-baselines-windows-defender-antivirus.md)
:-|:-|:-:|:-:|:-:|:-:|:-:
Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)]]
Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
If you are enrolled in Windows Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks.

3
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -72,11 +72,12 @@
###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
### [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md)
### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
#### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
#### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
## [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md)
## [Protect data with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
##API and SIEM support
### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)

2
windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
View File

@ -60,7 +60,7 @@ Review the following details to verify minimum system requirements:
>[!NOTE]
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in you environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)
- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in your environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).