merger from master

This commit is contained in:
Joey Caparas 2018-08-07 06:59:18 -07:00
commit 4df73f9a1b
116 changed files with 1675 additions and 8450 deletions

View File

@ -1,71 +0,0 @@
---
description: Overview information about Microsoft Edge, the default browser for Windows 10. This topic includes links to other Microsoft Edge topics.
ms.assetid: 70377735-b2f9-4b0b-9658-4cf7c1d745bb
author: shortpatti
ms.prod: edge
ms.mktglfcycl: general
ms.sitesec: library
title: Microsoft Edge - Deployment Guide for IT Pros (Microsoft Edge for IT Pros)
ms.localizationpriority: high
ms.date: 10/16/2017
---
# Microsoft Edge - Deployment Guide for IT Pros
**Applies to:**
- Windows 10
- Windows 10 Mobile
>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge also introduces new features like Web Note, Reading View, and Cortana that you can use along with your normal web browsing abilities.
Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.
>[!Note]
>For more information about the potential impact of using Microsoft Edge in a large organization, refer to the [Measuring the impact of Microsoft Edge](https://www.microsoft.com/itpro/microsoft-edge/technical-benefits) topic on the Microsoft Edge IT Center.
>If you are looking for Internet Explorer 11 content, please visit the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area.
## In this section
| Topic | Description |
| -----------------------| ----------------------------------- |
|[Change history for Microsoft Edge](change-history-for-microsoft-edge.md) |Lists new and updated topics in the Microsoft Edge documentation for both Windows 10 and Windows 10 Mobile. |
|[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Guidance about how to use both Microsoft Edge and Internet Explorer 11 in your enterprise.|
| [Microsoft Edge requirements and language support](hardware-and-software-requirements.md) |Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list.|
| [Available policies for Microsoft Edge](available-policies.md) |Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings.<br><br>Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. |
| [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) |If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11.<br><br>Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. |
|[Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)|Answering frequently asked questions about Microsoft Edge features, integration, support, and potential problems.
## Interoperability goals and enterprise guidance
Our primary goal is that your modern websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser.
However, if you're running web apps that continue to use:
* ActiveX controls
* x-ua-compatible headers
* &lt;meta&gt; tags
* Enterprise mode or compatibility view to address compatibility issues
* legacy document modes
You'll need to keep running them using IE11. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md).
## Related topics
- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956)
- [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847)
- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760644)
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)

View File

@ -1,26 +1,39 @@
#[Microsoft Edge - Deployment guidance for IT Pros](index.md)
# [Microsoft Edge deployment for IT Pros](index.yml)
##[New Microsoft Edge Group Policies and MDM settings](new-policies.md)
## [(Preview) New Microsoft Edge Group Policies and MDM settings](new-policies.md)
##[Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
## [(Preview) Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
##Group Policy configuration options
###[Home button settings](group-policies/home-button-gp.md)
###[Prelaunch Microsoft Edge and preload tabs](group-policies/prelaunch-preload-gp.md)
###[Search engine customization](group-policies/search-engine-customization-gp.md)
###[Security and privacy management](group-policies/security-privacy-management-gp.md)
###[Start pages settings](group-policies/start-pages-gp.md)
###[Sync browser settings](group-policies/sync-browser-settings-gp.md)
###[Interoperability and enterprise guidance](group-policies/interoperability-enterprise-guidance-gp.md)
##[Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
##[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)
##[Available policies for Microsoft Edge](available-policies.md)
##[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
##[Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)
## [Group policies & configuration options](group-policies/index.yml)
### [All group policies](available-policies.md)
### [Address bar settings](group-policies/address-bar-settings-gp.md)
### [Adobe settings](group-policies/adobe-settings-gp.md)
### [Books Library management](group-policies/books-library-management-gp.md)
### [Browser settings management](group-policies/browser-settings-management-gp.md)
### [Developer settings](group-policies/developer-settings-gp.md)
### [Extensions management](group-policies/extensions-management-gp.md)
### [Favorites management](group-policies/favorites-management-gp.md)
### [Home button settings](group-policies/home-button-gp.md)
### [Interoperability and enterprise guidance](group-policies/interoperability-enterprise-guidance-gp.md)
### [New tab page settings](group-policies/new-tab-page-settings-gp.md)
### [Prelaunch Microsoft Edge and preload tabs](group-policies/prelaunch-preload-gp.md)
### [Search engine customization](group-policies/search-engine-customization-gp.md)
### [Security and privacy management](group-policies/security-privacy-management-gp.md)
### [Start pages settings](group-policies/start-pages-gp.md)
### [Sync browser settings](group-policies/sync-browser-settings-gp.md)
### [Telemetry and data collection](group-policies/telemetry-management-gp.md)
## [Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
## [System requirements](about-microsoft-edge.md#minimum-system-requirements)
## [Supported languages](about-microsoft-edge.md#supported-languages)
## [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
## [Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)

View File

@ -0,0 +1,159 @@
---
description: Overview information about Microsoft Edge, the default browser for Windows 10. This topic includes links to other Microsoft Edge topics.
ms.assetid: 70377735-b2f9-4b0b-9658-4cf7c1d745bb
author: shortpatti
ms.prod: edge
ms.mktglfcycl: general
ms.sitesec: library
title: Microsoft Edge for IT Pros
ms.localizationpriority: medium
ms.date: 07/29/2018
---
# Microsoft Edge deployment for IT Pros
>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.
>[!IMPORTANT]
>The Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, dont include Microsoft Edge or many other Universal Windows Platform (UWP) apps. Systems running the LTSB operating systems do not support these apps because their services get frequently updated with new functionality. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11.
## Minimum system requirements
Some of the components might also need additional system resources. Check the component's documentation for more information.
| Item | Minimum requirements |
| ------------------ | -------------------------------------------- |
| Computer/processor | 1 gigahertz (GHz) or faster (32-bit (x86) or 64-bit (x64)) |
| Operating system | <ul><li>Windows 10 (32-bit or 64-bit)</li><li>Windows 10 Mobile</li></ul><p>**Note**<br> For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](https://go.microsoft.com/fwlink/p/?LinkID=699266) topic. |
| Memory | <ul><li>Windows 10 (32-bit) - 1 GB</li><li>Windows 10 (64-bit) - 2 GB</li></ul> |
| Hard drive space | <ul><li>Windows 10 (32-bit) - 16 GB</li><li>Windows 10 (64-bit) - 20 GB</li></ul> |
| DVD drive | DVD-ROM drive (if installing from a DVD-ROM) |
| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
| Graphics card | Microsoft DirectX 9 or later with Windows Display Driver Model (WDDM) 1.0 driver |
| Peripherals | Internet connection and a compatible pointing device |
 
## Supported languages
Microsoft Edge supports all of the same languages as Windows 10, including:
| Language | Country/Region | Code |
| ------------------------ | -------------- | ------ |
| Afrikaans (South Africa) | South Africa | af-ZA |
| Albanian (Albania) | Albania | sq-AL |
| Amharic | Ethiopia | am-ET |
| Arabic (Saudi Arabia) | Saudi Arabia | ar-SA |
| Armenian | Armenia | hy-AM |
| Assamese | India | as-IN |
| Azerbaijani (Latin, Azerbaijan) | Azerbaijan | az-Latn-AZ |
| Bangla (Bangladesh) | Bangladesh | bn-BD |
| Bangla (India) | India | bn-IN |
| Basque (Basque) | Spain | eu-ES |
| Belarusian (Belarus) | Belarus | be-BY |
| Bosnian (Latin) | Bosnia and Herzegovina | bs-Latn-BA |
| Bulgarian (Bulgaria) | Bulgaria | bg-BG |
| Catalan (Catalan) | Spain | ca-ES |
| Central Kurdish (Arabic) | Iraq | ku-Arab-IQ |
| Cherokee (Cherokee) | United States | chr-Cher-US |
| Chinese (Hong Kong SAR) | Hong Kong Special Administrative Region | zh-HK |
| Chinese (Simplified, China) | People's Republic of China | zh-CN |
| Chinese (Traditional, Taiwan) | Taiwan | zh-TW |
| Croatian (Croatia) | Croatia | hr-HR |
| Czech (Czech Republic) | Czech Republic | cs-CZ |
| Danish (Denmark) | Denmark | da-DK |
| Dari | Afghanistan | prs-AF |
| Dutch (Netherlands) | Netherlands | nl-NL |
| English (United Kingdom) | United Kingdom | en-GB |
| English (United States) | United States | en-US |
| Estonian (Estonia) | Estonia | et-EE |
| Filipino (Philippines) | Philippines | fil-PH |
| Finnish (Finland) | Finland | fi_FI |
| French (Canada) | Canada | fr-CA |
| French (France) | France | fr-FR |
| Galician (Galician) | Spain | gl-ES |
| Georgian | Georgia | ka-GE |
| German (Germany) | Germany | de-DE |
| Greek (Greece) | Greece | el-GR |
| Gujarati | India | gu-IN |
| Hausa (Latin, Nigeria) | Nigeria | ha-Latn-NG |
| Hebrew (Israel) | Israel | he-IL |
| Hindi (India) | India | hi-IN |
| Hungarian (Hungary) | Hungary | hu-HU |
| Icelandic | Iceland | is-IS |
| Igbo | Nigeria | ig-NG |
| Indonesian (Indonesia) | Indonesia | id-ID |
| Irish | Ireland | ga-IE |
| isiXhosa | South Africa | xh-ZA |
| isiZulu | South Africa | zu-ZA |
| Italian (Italy) | Italy | it-IT |
| Japanese (Japan) | Japan | ja-JP |
| Kannada | India | kn-IN |
| Kazakh (Kazakhstan) | Kazakhstan | kk-KZ |
| Khmer (Cambodia) | Cambodia | km-KH |
| K'iche' | Guatemala | quc-Latn-GT |
| Kinyarwanda | Rwanda | rw-RW |
| KiSwahili | Kenya, Tanzania | sw-KE |
| Konkani | India | kok-IN |
| Korean (Korea) | Korea | ko-KR |
| Kyrgyz | Kyrgyzstan | ky-KG |
| Lao (Laos) | Lao P.D.R. | lo-LA |
| Latvian (Latvia) | Latvia | lv-LV |
| Lithuanian (Lithuania) | Lithuania | lt-LT |
| Luxembourgish (Luxembourg) | Luxembourg | lb-LU |
| Macedonian (Former Yugoslav Republic of Macedonia) | Macedonia (FYROM) | mk-MK |
| Malay (Malaysia) | Malaysia, Brunei, and Singapore | ms-MY |
| Malayalam | India | ml-IN |
| Maltese | Malta | mt-MT |
| Maori | New Zealand | mi-NZ |
| Marathi | India | mr-IN |
| Mongolian (Cyrillic) | Mongolia | mn-MN |
| Nepali | Federal Democratic Republic of Nepal | ne-NP |
| Norwegian (Nynorsk) | Norway | nn-NO |
| Norwegian, Bokmål (Norway) | Norway | nb-NO |
| Odia | India | or-IN |
| Polish (Poland) | Poland | pl-PL |
| Portuguese (Brazil) | Brazil | pt-BR |
| Portuguese (Portugal) | Portugal | pt-PT |
| Punjabi | India | pa-IN |
| Punjabi (Arabic) | Pakistan | pa-Arab-PK |
| Quechua | Peru | quz-PE |
| Romanian (Romania) | Romania | ro-RO |
| Russian (Russia) | Russia | ru-RU |
| Scottish Gaelic | United Kingdom | gd-GB |
| Serbian (Cyrillic, Bosnia, and Herzegovina) | Bosnia and Herzegovina | sr-Cyrl-BA |
| Serbian (Cyrillic, Serbia) | Serbia | sr-Cyrl-RS |
| Serbian (Latin, Serbia) | Serbia | sr-Latn-RS |
| Sesotho sa Leboa | South Africa | nso-ZA |
| Setswana (South Africa) | South Africa and Botswana | tn-ZA |
| Sindhi (Arabic) | Pakistan | sd-Arab-PK |
| Sinhala | Sri Lanka | si-LK |
| Slovak (Slovakia) | Slovakia | sk-SK |
| Slovenian (Slovenia) | Slovenia | sl-SL |
| Spanish (Mexico) | Mexico | es-MX |
| Spanish (Spain, International Sort) | Spain | en-ES |
| Swedish (Sweden) | Sweden | sv-SE |
| Tajik (Cyrillic) | Tajikistan | tg-Cyrl-TJ |
| Tamil (India) | India and Sri Lanka | ta-IN |
| Tatar | Russia | tt-RU |
| Telugu | India | te-IN |
| Thai (Thailand) | Thailand | th-TH |
| Tigrinya (Ethiopia) | Ethiopia | ti-ET |
| Turkish (Turkey) | Turkey | tr-TR |
| Turkmen | Turkmenistan | tk-TM |
| Ukrainian (Ukraine) | Ukraine | uk-UA |
| Urdu | Pakistan | ur-PK |
| Uyghur | People's Republic of China | ug-CN |
| Uzbek (Latin, Uzbekistan) | Uzbekistan | uz-Latn-UZ |
| Valencian | Spain | ca-ES-valencia |
| Vietnamese | Vietnam | vi-VN |
| Welsh | United Kingdom | cy-GB |
| Wolof | Senegal | wo-SN |
| Yoruba | Nigeria | yo-NG |
---

View File

@ -16,6 +16,10 @@ ms.date: 07/20/2018
> Applies to: Windows 10, Windows 10 Mobile
Set up a policy setting once and then copy that setting onto many computers.
Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that is linked to a domain, and then apply all of those settings to every computer in the domain.

View File

@ -11,9 +11,12 @@ author: shortpatti
---
# Change history for Microsoft Edge
This topic lists new and updated topics in the Microsoft Edge documentation for both Windows 10 and Windows 10 Mobile.
Discover what's new and updated in the Microsoft Edge for both Windows 10 and Windows 10 Mobile.
For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/).
# [2017](#tab/2017)
## September 2017
|New or changed topic | Description |
@ -25,23 +28,22 @@ For a detailed feature list of what's in the current Microsoft Edge releases, th
|----------------------|-------------|
|[Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](available-policies.md) |Added new Group Policy and MDM settings for the Windows Insider Program. Reformatted for easier readability outside of scrolling table. |
# [2016](#tab/2016)
## November 2016
|New or changed topic | Description |
|----------------------|-------------|
|[Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Added the infographic image and a download link.|
|[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) |Added a note about the 65 second wait before checking for a newer version of the site list .XML file. |
|[Available policies for Microsoft Edge](available-policies.md) |Added notes to the Configure the Enterprise Mode Site List Group Policy and the EnterpriseModeSiteList MDM policy about the 65 second wait before checking for a newer version of the site list .XML file. |
|[Microsoft Edge - Deployment Guide for IT Pros](index.md) |Added a link to the Microsoft Edge infographic, helping you to evaluate the potential impact of using Microsoft Edge in your organization. |
|Microsoft Edge - Deployment Guide for IT Pros |Added a link to the Microsoft Edge infographic, helping you to evaluate the potential impact of using Microsoft Edge in your organization. |
|[Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Added a link to the Microsoft Edge infographic, helping you to evaluate the potential impact of using Microsoft Edge in your organization. |
## July 2016
|New or changed topic | Description |
|----------------------|-------------|
|[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)| Updated to include a note about the Long Term Servicing Branch (LTSB). |
## July 2016
|New or changed topic | Description |
|----------------------|-------------|
|[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) | Content moved from What's New section. |
|[Available policies for Microsoft Edge](available-policies.md) |Updated |
@ -56,3 +58,5 @@ For a detailed feature list of what's in the current Microsoft Edge releases, th
|New or changed topic | Description |
|----------------------|-------------|
|[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. |
---

View File

@ -5,7 +5,7 @@ services:
keywords: Dont add or edit keywords without consulting your SEO champ.
author: shortpatti
ms.author: pashort
ms.date: 07/25/2018
ms.date: 07/29/2018
ms.topic: article
ms.prod: edge
ms.mktglfcycl: explore
@ -15,9 +15,11 @@ ms.sitesec: library
# Address bar settings
>*Supported versions: Microsoft Edge on Windows 10*
I need a description here
[!INCLUDE [allow-address-bar-suggestions-include](../includes/allow-address-bar-suggestions-include.md)]
[!INCLUDE [configure-search-suggestions-address-bar-include](../includes/configure-search-suggestions-address-bar-include.md)]
## Allow Address bar drop-down list suggestions
[!INCLUDE [allow-address-bar-suggestions-include.md](../includes/allow-address-bar-suggestions-include.md)]
## Configure search suggestions in Address bar
[!INCLUDE [configure-search-suggestions-address-bar-include.md](../includes/configure-search-suggestions-address-bar-include.md)]

View File

@ -15,10 +15,12 @@ ms.sitesec: library
# Adobe settings
>*Supported versions: Microsoft Edge on Windows 10*
I need a description here, maybe with scenarios
[!INCLUDE [allow-adobe-flash-include](../includes/allow-adobe-flash-include.md)]
[!INCLUDE [configure-adobe-flash-click-to-run-include](../includes/configure-adobe-flash-click-to-run-include.md)]
## Allow Adobe Flash
[!INCLUDE [allow-adobe-flash-include.md](../includes/allow-adobe-flash-include.md)]
## Configure the Adobe Flash Click-to-Run setting
[!INCLUDE [configure-adobe-flash-click-to-run-include.md](../includes/configure-adobe-flash-click-to-run-include.md)]

View File

@ -15,13 +15,17 @@ ms.sitesec: library
# Books Library management
>*Supported versions: Microsoft Edge on Windows 10*
I need a description here, maybe with scenarios
[!INCLUDE [allow-shared-folder-books-include](../includes/allow-shared-folder-books-include.md)]
[!INCLUDE [allow-config-updates-books-include](../includes/allow-config-updates-books-include.md)]
## Allow a shared books folder
[!INCLUDE [allow-shared-folder-books-include.md](../includes/allow-shared-folder-books-include.md)]
[!INCLUDE [allow-ext-telemetry-books-tab-include](../includes/allow-ext-telemetry-books-tab-include.md)]
## Allow configuration updates for the Books Library
[!INCLUDE [allow-config-updates-books-include.md](../includes/allow-config-updates-books-include.md)]
[!INCLUDE [always-enable-book-library-include](../includes/always-enable-book-library-include.md)]
## Allow extended telemetry for the Books tab
[!INCLUDE [allow-ext-telemetry-books-tab-include.md](../includes/allow-ext-telemetry-books-tab-include.md)]
## Always show the Books Library in Microsoft Edge
[!INCLUDE [always-enable-book-library-include.md](../includes/always-enable-book-library-include.md)]

View File

@ -15,7 +15,6 @@ ms.sitesec: library
# Browser settings management
>*Supported versions: Microsoft Edge on Windows 10*
I need a description here, maybe with scenarios

View File

@ -15,7 +15,7 @@ ms.sitesec: library
# Developer settings
>*Supported versions: Microsoft Edge on Windows 10*
I need a description here, maybe with scenarios
## Allow Developer Tools
[!INCLUDE [allow-dev-tools-include](../includes/allow-dev-tools-include.md)]

View File

@ -15,7 +15,7 @@ ms.sitesec: library
# Extensions management
>*Supported versions: Microsoft Edge on Windows 10*
I need a description here, maybe with scenarios
## Allow Extensions
[!INCLUDE [allow-extensions-include](../includes/allow-extensions-include.md)]

View File

@ -1,8 +1,8 @@
---
title: Microsoft Edge - Favorites management
description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
description:
services:
keywords: Dont add or edit keywords without consulting your SEO champ.
keywords:
author: shortpatti
ms.author: pashort
ms.date: 07/25/2018
@ -15,7 +15,7 @@ ms.sitesec: library
# Favorites management
>*Supported versions: Microsoft Edge on Windows 10*
I need a description here, maybe with scenarios
## Configure Favorites Bar
@ -28,4 +28,4 @@ I need a description here, maybe with scenarios
[!INCLUDE [prevent-changes-to-favorites-include](../includes/prevent-changes-to-favorites-include.md)]
## Provision Favorites
[!INCLUDE [provision-favorites-shortdesc](../shortdesc/provision-favorites-shortdesc.md)]
[!INCLUDE [provision-favorites-include](../includes/provision-favorites-include.md)]

View File

@ -14,12 +14,12 @@ ms.sitesec: library
Microsoft Edge shows the home button and by clicking it the Start page loads by default. You can configure the Home button to load the New tab page or a URL defined in the Set Home button URL policy. You can also configure Microsoft Edge to hide the home button.
## Policies
- [Configure Home button](../new-policies.md#configure-home-button)
- [Set Home button URL](../new-policies.md#set-home-button-url)
- [Unlock Home Button](../new-policies.md#unlock-home-button)
## Relevant group policies
- [Configure Home button](#configure-home-button)
- [Set Home button URL](#set-home-button-url)
- [Unlock Home button](#unlock-home-button)
## Configuration options
@ -29,3 +29,13 @@ Microsoft Edge shows the home button and by clicking it the Start page loads by
![Hide home button](../images/home-button-hide-v4-sm.png)
## Configure Home button
[!INCLUDE [configure-home-button-include.md](../includes/configure-home-button-include.md)]
## Set Home button URL
[!INCLUDE [set-home-button-url-include](../includes/set-home-button-url-include.md)]
## Unlock Home button
[!INCLUDE [unlock-home-button-include.md](../includes/unlock-home-button-include.md)]

View File

@ -1,205 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Microsoft Edge Group Policy configuration options
metadata:
document_id:
title: Microsoft Edge Group Policy configuration options
description: Learn about the different configuration options available in Microsoft Edge on Windows 10.
text: Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
keywords: Microsoft Edge, Windows 10
ms.localizationpriority: high
author: shortpatti
ms.author: pashort
ms.date: 07/23/2018
ms.topic: article
ms.devlang: na
sections:
- title: Learn about...
- items:
- type: markdown
text: Get ready to deploy Microsoft Edge.
- items:
- type: list
style: cards
className: cardsE
columns: 3
items:
- href: \browsers\edge\group-policies
html: <p>Learn about the Always On VPN deployment and where to get started.</p>
image:
src: https://docs.microsoft.com/media/common/i_get-started.svg
title: Begin your journey
- href: \windows-server\remote\remote-access\vpn\vpn-map-da
html: <p>Learn how Always On VPN has expanded the VPN functionality beyond the capabilities of DirectAccess.</p>
image:
src: https://docs.microsoft.com/media/common/i_quick-start.svg
title: DirectAccess and Always On VPN feature comparison
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\always-on-vpn-enhancements
html: <p>Learn about the key improvements in integration, security, connectivity, networking control, and compatibility.</p>
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
title: Enhancements in Always On VPN
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\always-on-vpn-technology-overview
html: <p>Learch about the technologies used in the Always On VPN deployment.</p>
image:
src: https://docs.microsoft.com/media/common/i_overview.svg
title: Technology overview
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\deploy\always-on-vpn-adv-options
html: <p>Learn about the advanced VPN features you can add to improve the security and availability of your VPN connection.</p>
image:
src: https://docs.microsoft.com/media/common/i_advanced.svg
title: Extend Always On VPN with advanced features
- title: Get started...
items:
- type: paragraph
text: 'Deploy Always On VPN connections for domain-joined Windows 10 client computers. You can also migrate from DirectAccess to Always On VPN and configure conditional access using Azure AD.'
- type: list
style: cards
className: cardsE
columns: 3
items:
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\deploy\always-on-vpn-deploy-deployment
html: <p>Discover what's needed to deploy VPN connections.</p>
image:
src: https://docs.microsoft.com/media/common/i_architecture.svg
title: Deployment workflow and scenarios
- href: \windows-server\remote\remote-access\da-always-on-vpn-migration\da-always-on-migration-overview
html: <p>Start planning the migration from DirectAccess to Always On VPN.</p>
image:
src: https://docs.microsoft.com/media/common/i_upgrade.svg
title: Migrate from DirectAccess
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\deploy\always-on-vpn-deploy-planning
html: <p>Start planning and preparing your Always On VPN deployment.</p>
image:
src: https://docs.microsoft.com/media/common/i_guidelines.svg
title: Plan the Always On VPN deployment
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\deploy\vpn-deploy-server-infrastructure
html: <p>Start setting up and configuring the VPN infrastructure along with the Windows 10 client VPN connectivity.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: Deploy the VPN infrastructure
- href: \windows-server\remote\remote-access\vpn\ad-ca-vpn-connectivity-windows10
html: <p>Fine-tune how VPN users access your resources using Azure AD conditional access.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: Configure conditional access
- items:
- type: list
style: cards
className: cardsL
items:
- title: Troubleshoot Always On VPN
html: <p><a class="barLink" href="/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting#vpnprofileps1-script-issues">VPN_Profile.ps1 script issues</a></p>
<p><a class="barLink" href="/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting#always-on-vpn-client-connection-issues">Always On VPN client connection issues</a></p>
<p><a class="barLink" href="/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting#azure-ad-conditional-access-connection-issues">Azure AD Conditional Access connection issues</a></p>
<p><a class="barLink" href="/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting#error-codes">Error codes</a></p><br>
<p><a class="barLink" href="/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting#logs">Log files</a></p></div>
- title: Additional resources
html: <p><a class="barLink" href="https://docs.microsoft.com/windows/access-protection/vpn/vpn-guide">Windows 10 VPN Technical Guide</a></p>
<p><a class="barLink" href="https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/vpnv2-csp">VPNv2 CSP</a></p>
<p><a class="barLink" href="https://technet.microsoft.com/library/hh831740.aspx">Active Directory Certificate Services Overview</a></p>
<p><a class="barLink" href="https://technet.microsoft.com/library/cc730705.aspx">Certificate Templates</a></p>
<p><a class="barLink" href="https://social.technet.microsoft.com/wiki/contents/articles/2901.public-key-infrastructure-design-guidance.aspx">Public Key Infrastructure Design Guidance</a></p><p></p>
<p><a class="barLink" href="https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx">AD CS Step by Step Guide - Two Tier PKI Hierarchy Deployment</a></p>

View File

@ -0,0 +1,231 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Microsoft Edge group policies
metadata:
document_id:
title: Microsoft Edge group policies
description: Learn how to configure group policies in Microsoft Edge on Windows 10.
text: Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
keywords: Microsoft Edge, Windows 10, Windows 10 Mobile
ms.localizationpriority: medium
author: shortpatti
ms.author: pashort
ms.date: 07/26/2018
ms.topic: article
ms.devlang: na
sections:
- title:
- items:
- type: markdown
text: Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
- items:
- type: list
style: cards
className: cardsE
columns: 3
items:
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies?branch=pr-en-us-10183
html: <p>View all available group policies for Microsoft Edge on Windows 10.</p>
image:
src: https://docs.microsoft.com/media/common/i_policy.svg
title: All group policies
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/address-bar-settings-gp?branch=pr-en-us-10183
html: <p>Learn how you can configure Microsoft Edge to show search suggestions in the address bar.</p>
image:
src: https://docs.microsoft.com/media/common/i_http.svg
title: Address bar settings
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/adobe-settings-gp?branch=pr-en-us-10183
html: <p>Learn how you can configure Microsoft Edge to load Adobe Flash content automatically.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: Adobe Flash settings
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/books-library-management-gp?branch=pr-en-us-10183
html: <p>Learn how you can set up and use the books library, such as using a shared books folder for students and teachers.</p>
image:
src: https://docs.microsoft.com/media/common/i_library.svg
title: Books library management
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/browser-settings-management-gp?branch=pr-en-us-10183
html: <p>Learn how you can customize the browser settings, such as printing and saving browsing history, plus more.</p>
image:
src: https://docs.microsoft.com/media/common/i_management.svg
title: Browser settings
- href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy
html: <p>Learn how Microsoft Edge kiosk mode works with assigned access to let IT administrators create a tailored browsing experience designed for kiosk devices.</p>
image:
src: https://docs.microsoft.com/media/common/i_categorize.svg
title: Deploy Microsoft Edge kiosk mode
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/developer-settings-gp?branch=pr-en-us-10183
html: <p>Learn how configure Microsoft Edge for development and testing.</p>
image:
src: https://docs.microsoft.com/media/common/i_config-tools.svg
title: Developer tools & settings
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp?branch=pr-en-us-10183
html: <p>Learn how you use Microsoft Edge and Internet Explorer together for a full browsing experience.</p>
image:
src: https://docs.microsoft.com/media/common/i_management.svg
title: Enterprise mode
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/extensions-management-gp?branch=pr-en-us-10183
html: <p>Learn how you can configure Microsoft Edge to either prevent or allow users to install and run unverified extensions.</p>
image:
src: https://docs.microsoft.com/media/common/i_extensions.svg
title: Extensions management
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/favorites-management-gp?branch=pr-en-us-10183
html: <p>Learn how you can provision a standard favorites list as well as keep the favorites lists in sync between IE11 and Microsoft Edge.</p>
image:
src: https://docs.microsoft.com/media/common/i_link.svg
title: Favorites management
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/home-button-gp?branch=pr-en-us-10183
html: <p>Learn how you can customize the home button or hide it.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: Home button settings
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/new-tab-page-settings-gp?branch=pr-en-us-10183
html: <p>Learn how to configure the New tab page in Microsoft Edge.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: New tab page settings
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/prelaunch-preload-gp?branch=pr-en-us-10183
html: <p>Learn how pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: Prelaunch Microsoft Edge and preload tabs
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/search-engine-customization-gp?branch=pr-en-us-10183
html: <p>Learn how you can set the default search engine and configure additional ones.</p>
image:
src: https://docs.microsoft.com/media/common/i_search.svg
title: Search engine management
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/security-privacy-management-gp?branch=pr-en-us-10183
html: <p>Learn how you can keep your environment and users safe from attacks.</p>
image:
src: https://docs.microsoft.com/media/common/i_security-management.svg
title: Security & privacy management
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/start-pages-gp?branch=pr-en-us-10183
html: <p>Learn how to configure the Start pages in Microsoft Edge.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: Start page settings
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/sync-browser-settings-gp?branch=pr-en-us-10183
html: <p>Learn how to you can prevent the "browser" group from syncing and prevent users from turning on the the Sync your Settings toggle.</p>
image:
src: https://docs.microsoft.com/media/common/i_sync.svg
title: Sync browser settings
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/telemetry-management-gp?branch=pr-en-us-10183
html: <p>Learn how you can configure Microsoft Edge to collect certain data.</p>
image:
src: https://docs.microsoft.com/media/common/i_data-collection.svg
title: Telemetry and data collection

View File

@ -12,12 +12,30 @@ ms.sitesec: library
# Interoperability and enterprise guidance
>*Supported versions: Microsoft Edge on Windows 10*
Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support.
>[!TIP]
> If you are running an earlier version of Internet Explorer, then we recommend upgrading to IE11, so any legacy apps continue to work correctly.
**Technology not supported by Microsoft Edge**
- ActiveX controls
- x-ua-compatible headers
- &lt;meta&gt; tags
- Legacy document modes
>[!TIP]
>You can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](../emie-to-improve-compatibility.md).
If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically.
Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
**Policies**
## Relevant group policies
1. [Configure the Enterprise Mode Site List](#configure-the-enterprise-mode-site-list)
2. [Send all intranet sites to Internet Explorer 11](#send-all-intranet-sites-to-internet-explorer-11)
@ -27,7 +45,6 @@ Using Enterprise Mode means that you can continue to use Microsoft Edge as your
![Use Enterprise Mode with Microsoft Edge to improve compatibility](../images/use-enterprise-mode-with-microsoft-edge-sm.png)
## Configure the Enterprise Mode Site List
[!INCLUDE [configure-enterprise-mode-site-list-include](../includes/configure-enterprise-mode-site-list-include.md)]

View File

@ -15,11 +15,10 @@ Microsoft Edge pre-launches as a background process during Windows startup when
Additionally, Microsoft Edge preloads the Start and New tab pages during Windows sign in, which minimizes the amount of time required to start Microsoft Edge and load a new tab. You can also configure Microsoft Edge to prevent preloading of tabs.
## Policies
## Relevant group policies
- [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](../new-policies.md#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed)
- [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](../new-policies.md#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
- [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed)
- [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
## Configuration options
@ -28,4 +27,12 @@ Additionally, Microsoft Edge preloads the Start and New tab pages during Windows
![Prelauch Microsoft Edge and preload Start and New tab pages](../images/prelaunch-edge-and-preload-tabs-sm.png)
![Only prelaunch Microsoft Edge during Windows startup](../images/prelaunch-edge-only-sm.png)
![Only prelaunch Microsoft Edge during Windows startup](../images/prelaunch-edge-only-sm.png)
## Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
[!INCLUDE [allow-prelaunch-include](../includes/allow-prelaunch-include.md)]
## Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
[!INCLUDE [allow-tab-preloading-include](../includes/allow-tab-preloading-include.md)]

View File

@ -10,7 +10,7 @@ ms.date: 07/25/2018
By default, Microsoft Edge uses the default search engine specified in App settings, which lets users make changes to it. You can configure Microsoft Edge to use the policy-set search engine specified in the OpenSearch XML file. You can also prevent users from making changes to the search engine settings.
**Policies**
## Relevant group policies
- [Set default search engine](#set-default-search-engine)
- [Allow search engine customization](#allow-search-engine-customization)

View File

@ -3,25 +3,18 @@ title: Microsoft Edge - Security and privacy management
description: Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows. While most websites are safe, some sites have been designed to steal personal information or gain access to your systems resources.
ms.author: pashort
author: shortpatti
ms.date: 07/25/2018
ms.date: 07/27/2018
---
# Security and privacy management
>*Supported versions: Microsoft Edge on Windows 10*
Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows. While most websites are safe, some sites are malicious in nature, like stealing personal information or gain access to your systems resources. By no longer supporting VBScript, JScript, VML, Browser Helper Objects, Toolbars, ActiveX controls, and Internet Explorer document modes, Microsoft Edge significantly reduces attacks making the browser more secure.
Microsoft Edge is designed with improved security in mind, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. Because Microsoft Edge is designed like a Universal Windows app, changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the different content processes all live within app container sandboxes.
Microsoft Edge runs in 64-bit not just by default, but anytime its running on a 64-bit operating system. Because Microsoft Edge doesnt support legacy ActiveX controls or 3rd-party binary extensions, theres no longer a reason to run 32-bit processes on a 64-bit system.
The value of running 64-bit all the time is that it strengthens Windows Address Space Layout Randomization (ASLR), randomizing the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find sensitive memory components.
| | |
|---|---|
| **Windows Hello** | Authenticates the user and the website with asymmetric cryptography. |
| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any site that is thought to be a phishing site. SmartScreen also helps to defend against installing malicious software or file downloads, even from trusted sites. |
| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically. |
| **Microsoft EdgeHTML** | Defends against hacking through the following security standards features:<ul><li>Support for the W3C standard for Content Security Policy (CSP), which helps web developers defend their sites against cross-site scripting attacks.</li><li>Support for the HTTP Strict Transport Security (HSTS) feature, which is IETF-standard compliant, and helps to ensure that connections to sites are always secure.</li></ul> |
| **Code integrity and image loading restrictions** | Prevents malicious DLLs from loading or injecting into the content processes. Only signed images are allowed to load in Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can&#39;t load. |
| **Memory corruption mitigations** | Defends against memory corruption weaknesses and vulnerabilities with the use of [CWE-416: Use After Free](http://cwe.mitre.org/data/definitions/416.html) (UAF). |
| **Memory Garbage Collector (MemGC) mitigation** | Replaces Memory Protector and helps to defend the browser from UAF vulnerabilities by freeing memory from the programmer and automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory. |
| **Control Flow Guard** | Compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only going to function entry points with known addresses. Control Flow Guard is a Microsoft Visual Studio technology. |
## Configure cookies
@ -46,3 +39,14 @@ Microsoft Edge helps to defend from increasingly sophisticated and prevalent web
[!INCLUDE [prevent-localhost-address-for-webrtc-include](../includes/prevent-localhost-address-for-webrtc-include.md)]
| | |
|---|---|
| **[Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Authenticates the user and the website with asymmetric cryptography technology. Microsoft Edge natively supports Windows Hello as a more personal, seamless, and secure way to authenticate on the web, powered by an early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/). |
| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any site that is thought to be a phishing site. SmartScreen also helps to defend against installing malicious software or file downloads, even from trusted sites. |
| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically. |
| **Microsoft EdgeHTML** | Defends against hacking through the following security standards features:<ul><li>Support for the W3C standard for Content Security Policy (CSP), which helps web developers defend their sites against cross-site scripting attacks.</li><li>Support for the HTTP Strict Transport Security (HSTS) feature, which is IETF-standard compliant, and helps to ensure that connections to sites are always secure.</li></ul> |
| **Code integrity and image loading restrictions** | Prevents malicious DLLs from loading or injecting into the content processes. Only signed images are allowed to load in Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can&#39;t load. |
| **Memory corruption mitigations** | Defends against memory corruption weaknesses and vulnerabilities with the use of [CWE-416: Use After Free](http://cwe.mitre.org/data/definitions/416.html) (UAF). |
| **Memory Garbage Collector (MemGC) mitigation** | Replaces Memory Protector and helps to defend the browser from UAF vulnerabilities by freeing memory from the programmer and automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory. |
| **Control Flow Guard** | Compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only going to function entry points with known addresses. Control Flow Guard is a Microsoft Visual Studio technology. |

View File

@ -9,13 +9,13 @@ ms.mktglfcycl: explore
ms.sitesec: library
---
# Start pages
# Start pages configuration options
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
Microsoft Edge loads the pages specified in App settings as the default Start pages. You can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes.
**Policies**
## Relevant group policies
- [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with)
- [Configure Start Pages](#configure-start-pages)
@ -35,7 +35,7 @@ Microsoft Edge loads the pages specified in App settings as the default Start pa
[!INCLUDE [disable-lockdown-of-start-pages-include](../includes/disable-lockdown-of-start-pages-include.md)]
## Configuration options
### Configuration options
| **Configure Open Microsoft Edge With** | **Configure Start Pages** | **Disabled Lockdown of Start Pages** | **Outcome** |
| --- | --- | --- | --- |

View File

@ -3,19 +3,18 @@ title: Microsoft Edge - Sync browser settings options
description: By default, the “browser” group syncs automatically between the users devices, letting users make changes.
ms.author: pashort
author: shortpatti
ms.date: 07/23/2018
ms.date: 08/06/2018
---
# Sync browser settings options
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
By default, the “browser” group syncs automatically between the users devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the Sync your Settings toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy.
By default, the “browser” group syncs automatically between the users devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy.
## Policies
- [Do not sync browser settings](../available-policies.md#do-not-sync-browser-settings)
- [Prevent users from turning on browser syncing](../new-policies.md#prevent-users-from-turning-on-browser-syncing)
## Relevant policies
- [Do not sync browser settings](#do-not-sync-browser-settings)
- [Prevent users from turning on browser syncing](#prevent-users-from-turning-on-browser-syncing)
## Configuration options
@ -27,6 +26,13 @@ By default, the “browser” group syncs automatically between the users dev
## Verify the configuration
To verify if syncing is turned on or off:
1. In the upper-right corner of Microsoft Edge, click the ellipses \(**...**\).
1. In the upper-right corner of Microsoft Edge, click **More** \(**...**\).
2. Click **Settings**.
3. Under Account, see if the setting is toggled on or off.<p>![Verify configuration](../images/sync-settings.PNG)
3. Under Account, see if the setting is toggled on or off.<p>![Verify configuration](../images/sync-settings.PNG)
## Do not sync browser settings
[!INCLUDE [do-not-sync-browser-settings-include](../includes/do-not-sync-browser-settings-include.md)]
## Prevent users from turning on browser syncing
[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](../includes/prevent-users-to-turn-on-browser-syncing-include.md)]

View File

@ -0,0 +1,27 @@
---
title: Microsoft Edge - Telemetry and data collection
description:
ms.author: pashort
author: shortpatti
ms.date: 07/29/2018
---
# Telemetry and data collection
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
## Allow extended telemetry for the Books tab
[!INCLUDE [allow-ext-telemetry-books-tab-include.md](../includes/allow-ext-telemetry-books-tab-include.md)]
## Configure collection of browsing data for Microsoft 365 Analytics
[!INCLUDE [configure-browser-telemetry-for-m365-analytics-include](../includes/configure-browser-telemetry-for-m365-analytics-include.md)]
## Configure Do Not Track
[!INCLUDE [configure-do-not-track-include.md](../includes/configure-do-not-track-include.md)]
## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
[!INCLUDE [prevent-live-tile-pinning-start-include](../includes/prevent-live-tile-pinning-start-include.md)]

File diff suppressed because one or more lines are too long

Binary file not shown.

Before

Width:  |  Height:  |  Size: 97 KiB

After

Width:  |  Height:  |  Size: 96 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 113 KiB

After

Width:  |  Height:  |  Size: 110 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 96 KiB

After

Width:  |  Height:  |  Size: 94 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 110 KiB

After

Width:  |  Height:  |  Size: 109 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 95 KiB

After

Width:  |  Height:  |  Size: 93 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 112 KiB

After

Width:  |  Height:  |  Size: 110 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 325 KiB

After

Width:  |  Height:  |  Size: 273 KiB

View File

@ -7,10 +7,11 @@
### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled |0 |0 |Prevented/not allowed. Hide the Address bar drop-down functionality and disable the _Show search and site suggestions as I type_ toggle in Settings. |![Most restricted value](../images/check-gn.png) |
|Enabled or not configured **(default)** |1 |1 |Allowed. Show the Address bar drop-down list and make it available. | |
>[!div class="mx-tableFixed"]
>|Group Policy |MDM |Registry |Description |Most restricted |
>|---|:---:|:---:|---|:---:|
>|Disabled |0 |0 |Prevented/not allowed. Hide the Address bar drop-down functionality and disable the _Show search and site suggestions as I type_ toggle in Settings. |![Most restricted value](../images/check-gn.png) |
>|Enabled or not configured **(default)** |1 |1 |Allowed. Show the Address bar drop-down list and make it available. | |
---
### ADMX info and settings

View File

@ -9,7 +9,7 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Disabled |0 |0 |Prevented/not allowed |
|Enabled<br>**(default)** |1 |1 |Allowed |
|Enabled **(default)** |1 |1 |Allowed |
---
### ADMX info and settings

View File

@ -6,10 +6,11 @@
### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |Prevented/not allowed. Users can configure the _Clear browsing data_ option in Settings. | |
|Enabled |1 |1 |Allowed. Clear the browsing data upon exit automatically. |![Most restricted value](../images/check-gn.png) |
>[!div class="mx-tableFixed"]
>|Group Policy |MDM |Registry |Description |Most restricted |
>|---|:---:|:---:|---|:---:|
>|Disabled or not configured **(default)** |0 |0 |Prevented/not allowed. Users can configure the _Clear browsing data_ option in Settings. | |
>|Enabled |1 |1 |Allowed. Clear the browsing data upon exit automatically. |![Most restricted value](../images/check-gn.png) |
---

View File

@ -1,4 +1,4 @@
<!-- ## Allow Start and New Tab page preload (aka: AllowStartAndNewTabPagePreload) -->
<!-- ## Allow Microsoft Edge to load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed (aka: AllowStartAndNewTabPagePreload) -->
>*Supported versions: Microsoft Edge on Windows 10, version 1802*<br>
>*Default setting: Enabled or not configured (Allowed)*
@ -8,10 +8,11 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Enabled or not configured<br>**(default)** |0 |0 |Allowed. Preload Start and New tab pages. | |
|Disabled |1 |1 |Prevented/not allowed. |![Most restricted value](../images/check-gn.png) |
|Disabled |0 |0 |Prevented/not allowed. |![Most restricted value](../images/check-gn.png) |
|Enabled or not configured<br>**(default)** |1 |1 |Allowed. Preload Start and New tab pages. | |
---
### Configuration options
For more details about configuring the prelaunch and preload options, see [Prelaunch Microsoft Edge and preload tabs in the background](../group-policies/prelaunch-preload-gp.md).
@ -19,7 +20,7 @@ For more details about configuring the prelaunch and preload options, see [Prela
### ADMX info and settings
#### ADMX info
- **GP English name:** Allow Microsoft Edge to start and load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed
- **GP English name:** Allow Microsoft Edge to load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed
- **GP name:** AllowTabPreloading
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx

View File

@ -1,5 +1,5 @@
<!-- ## Allow web content on New Tab page -->
>*Supported versions: Microsoft Edge on Windows 10*<br>
>*Supported versions: Microsoft Edge on Windows 10*<br>
>*Default setting: Enabled (Default New tab page loads)*

View File

@ -15,17 +15,7 @@
### Configuration options
| **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
| --- | --- | --- | --- |
| Not configured (default) | Disabled | Disabled or not configured (default) | Default search engine specified in App settings. Users cannot make changes. |
| Not configured (default) | Enabled or not configured (default) | Disabled or not configured (default) | Default search engine specified in App settings. Users can make changes to the default search engine at any time. |
| Disabled | Disabled | Disabled or not configured (default) | Users cannot add, remove, or change any of the search engines, but they can set a default search engine. |
| Disabled | Enabled or not configured (default) | Disabled or not configured (default) | Users can add new search engines or change the default search engine, in Settings. |
| Enabled | Disabled | Disabled or not configured (default) | Set the default search engine preventing users from making changes. |
| Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
---
For more details about configuring the search engine, see [Search engine customization](../group-policies/search-engine-customization-gp.md).
### ADMX info and settings
#### ADMX info

View File

@ -4,6 +4,7 @@
[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
>[!IMPORTANT]
>For this policy to work, enable the Allow Telemetry policy with the _Enhanced_ option and enable the Configure the Commercial ID policy by providing the Commercial ID.
@ -23,6 +24,8 @@
>>**_Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection and Preview Builds\\_**
>><ul><li>Allow Telemetry = Enabled, _Enhanced_</li><li>Configure the Commercial ID = String of the Commercial ID</li><li>Configure collection of browsing data for Microsoft 365 Analytics</li></ul>
### ADMX info and settings
#### ADMX info
- **GP English name:** Configure collection of browsing data for Microsoft 365 Analytics
@ -44,7 +47,7 @@
- **Value type:** REG_DWORD
### Related policies
- Allow Telemetry: Determine the highest level of Windows diagnostic data sent to Microsoft. When you enable this policy, users can change their Telemetry Settings but prevent users from choosing a higher level than configured.
- Allow Telemetry: Allows Microsoft to run diagnostics on the device and troubleshoot. The default setting for Allow Telemetry is set to _Enhanced_ (2 for MDM).
- Configure the Commercial ID: Define the Commercial ID used to associate the device's telemetry data as belonging to a given organization.

View File

@ -10,7 +10,7 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Disabled or not configured<br>**(default)** |0 |0 |Turned off. Microsoft Edge does not check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps. |
|Enabled |1 |1 |Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 second, but uses the existing file. To add the location to your site list, enter it in the **{URI}** box.<p>For details on how to configure the Enterprise Mode Site List, see the [Instructions](#instructions) section below. |
|Enabled |1 |1 |Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 second, but uses the existing file. To add the location to your site list, enter it in the **{URI}** box.<p>For details on how to configure the Enterprise Mode Site List, see [Interoperability and enterprise guidance](../group-policies/interoperability-enterprise-guidance-gp.md). |
---
### ADMX info and settings
@ -50,66 +50,6 @@
- [Enterprise Mode and the Enterprise Mode Site List XML file](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode#enterprise-mode-and-the-enterprise-mode-site-list-xml-file). The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. Using Enterprise Mode Site List Manager (schema v.2), you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also be launched in a specific compat mode, so it always renders correctly. Your users can easily view this site list by typing about:compat in either Microsoft Edge or IE11.
### Scenarios
Certain sites or web apps still use ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology, which Microsoft Edge does not support. If you have web sites or web apps that still use this technology and need IE11 to run, you must use Enterprise Mode and the Enterprise Mode Site List to address common compatibility issues with legacy apps. Enterprise Mode is a compatibility
mode that runs on Internet Explorer 11 and Microsoft Edge on Windows 10 devices.
### Instructions
You build your Enterprise Mode list with the Enterprise Mode Site List Manager and apply it with Group Policy.
<!-- work on these instructions. it seems like it doesn't flow from this policy to the Use the Enterprise Mode IE website list policy. Give me more reasons to click on the link. and why is it equivalent to the this policy? -->
To turn it on for IE 11, you enable [Use the Enterprise Mode IE website list](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list),
which is the equivalent to this Microsoft Edge policy.
>[!NOTE]
>We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it is stored locally on your user's computer so if the centralized file location is unavailable, they can still use Enterprise Mode.
- [Step 1. Turn on Enterprise Mode](#step-1-turn-on-enterprise-mode)
- [Step 2. (Optional) Import your Enterprise Mode Site List](#step-2-optional-import-your-enterprise-mode-site-list)
- [Step 3. Add sites to your list](#step-3-add-sites-to-your-list)
- [Step 4. Send all intranet sites to Internet Explorer 11](#step-5-send-all-intranet-sites-to-internet-explorer-11)
#### Step 1. Turn on Enterprise Mode
[!INCLUDE [turn-on-enterprise-mode-and-use-a-site-list](../../enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md)]
#### Step 2. (Optional) Import your Enterprise Mode Site List
[!INCLUDE [import-into-the-enterprise-mode-site-list-mgr-include](../../includes/import-into-the-enterprise-mode-site-list-mgr-include.md)]
#### Step 3. Add sites to your list
1. In the Enterprise Mode Site List Manager, click **Add**.
2. In the **URL** box, type or paste the URL for the website experiencing compatibility problems, like *\<domain\>*.com or *\<domain\>*.com/*\<path\>*.<p>You do not need to include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
3. In the **Notes about URL**, enter any comments about the website.<p>Administrators can only see comments while they are in this tool.
4. Click in the **Open in IE** column next to the URL that should open in IE11.<p>The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, Enterprise Mode is automatically selected.
5. Click **Save** to validate your website and to add it to the site list for your enterprise.<p>If your site passes validation, it is added to the global compatibility list. If the site fails to pass validation, an error message displays explaining the problem. You can either cancel the site or ignore the validation problem and add it to your list anyway.
6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your Group Policy setting.
#### Step 4. Send all intranet sites to Internet Explorer 11
Enabling the Send all intranet sites to Internet Explorer 11 policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.
1. In Group Policy Editor, navigate to:<p>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**
2. Click **Enabled** and then refresh the policy and then vew the affected sites in Microsoft Edge.<p>A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.
### Troubleshooting
- If an XML already exists, make sure it is syntactically correct.
- If an update or delete operation failed, check if the entry already exists in the site list.
- If a user is not able to sign in, the account might not have access. Check if the account is marked as active.
- Check if the Enterprise Mode Site List is loaded correctly by browsing to "about:compat" in both Microsoft Edge and Internet Explorer. Deselect the Microsoft Compatibility List to see your custom entries.
<hr>

View File

@ -1,5 +1,5 @@
<!-- ##Configure Favorites Bar -->
>*Supported versions: Microsoft Edge on Windows 10, new major release*<br>
>*Supported versions: Microsoft Edge on Windows 10, new major release*
>*Default setting: Not configured (Hidden)*
@ -8,11 +8,12 @@
### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Not configured<br>**(default)** |Blank |Blank |Hide the favorites bar but show it on the Start and New tab pages. The favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes. |
|Disabled |0 |0 |Hide the favorites bar on all pages. Also, the favorites bar toggle, in Settings, is set to Off and disabled preventing users from making changes. Microsoft Edge also hides the “show bar/hide bar” option in the context menu. |
|Enabled |1 |1 |Show the favorites bar on all pages. Also, the favorites bar toggle, in Settings, is set to On and disabled preventing users from making changes. Microsoft Edge also hides the “show bar/hide bar” option in the context menu. |
>[!div class="mx-tableFixed"]
>|Group Policy |MDM |Registry |Description |
>|---|:---:|:---:|---|
>|Not configured **(default)** |Blank |Blank |Hide the favorites bar but show it on the Start and New tab pages. The favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes. |
>|Disabled |0 |0 |Hide the favorites bar on all pages. Also, the favorites bar toggle, in Settings, is set to Off and disabled preventing users from making changes. Microsoft Edge also hides the “show bar/hide bar” option in the context menu. |
>|Enabled |1 |1 |Show the favorites bar on all pages. Also, the favorites bar toggle, in Settings, is set to On and disabled preventing users from making changes. Microsoft Edge also hides the “show bar/hide bar” option in the context menu. |
---
### ADMX info and settings

View File

@ -18,7 +18,7 @@
### Configuration options
For more details about configuring the different Home button options, see [Home button](../group-policies/home-button-gp.md).
For more details about configuring the different Home button options, see [Home button configuration options](../group-policies/home-button-gp.md).
>[!TIP]
>If you want to make changes to this policy:<ol><li>Enable the **Unlock Home Button** policy.</li><li>Make changes to the **Configure Home button** policy or **Set Home button URL** policy.</li><li>Disable the **Unlock Home Button** policy.</li></ol>

View File

@ -22,7 +22,7 @@
### Configuration options
For more details about configuring the Start pages, see [Start pages](../group-policies/start-pages-gp.md).
For more details about configuring the Start pages, see [Start pages configuration options](../group-policies/start-pages-gp.md).
>[!TIP]

View File

@ -14,7 +14,7 @@
### Configuration options
For more details about configuring the Start pages, see [Start pages](../group-policies/start-pages-gp.md).
For more details about configuring the Start pages, see [Start pages configuration options](../group-policies/start-pages-gp.md).
### ADMX info and settings
#### ADMX info

View File

@ -14,7 +14,7 @@
### Configuration options
For more details about configuring the Start pages, see [Start pages](../group-policies/start-pages-gp.md).
For more details about configuring the Start pages, see [Start pages configuration options](../group-policies/start-pages-gp.md).
### ADMX info and settings

View File

@ -1,5 +1,5 @@
<!-- ## Do not sync browser settings -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>
>*Supported versions: Microsoft Edge on Windows 10*<br>
>*Default setting: Disabled or not configured (Allowed/turned on)*
[!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)]
@ -9,7 +9,7 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Disabled or not configured<br>**(default)** |0 |0 |Allowed/turned on. The “browser” group syncs automatically between users devices and lets users to make changes. |
|Enabled |2 |2 |Prevented/turned off. The “browser” group does not use the Sync your Settings option. |
|Enabled |2 |2 |Prevented/turned off. The “browser” group does not use the _Sync your Settings_ option. |
---
### Configuration options
@ -22,14 +22,14 @@ For more details about configuring the browser syncing options, see [Sync browse
### ADMX info and settings
#### ADMX info
- **GP English name:** Do not sync browser settings
- **GP name:** DoNotSyncBrowserSetting
- **GP name:** DoNotSyncBrowserSettings
- **GP path:** Windows Components/Sync your settings
- **GP ADMX file name:** SettingSync.admx
#### MDM settings
- **MDM name:** [Experience/DoNotSyncBrowserSetting](../available-policies.md#do-not-sync-browser-settings)
- **MDM name:** [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/DoNotSyncBrowserSetting
- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/DoNotSyncBrowserSettings
- **Data type:** Integer
#### Registry settings

View File

@ -24,7 +24,7 @@ For more details about configuring the browser syncing options, see [Sync browse
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Experience/[PreventUsersFromTurningOnBrowserSyncing](../new-policies.md#prevent-users-from-turning-on-browser-syncing)
- **MDM name:** Experience/[PreventUsersFromTurningOnBrowserSyncing](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-preventusersfromturningonbrowsersyncing)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/PreventUsersFromTurningOnBrowserSyncing
- **Data type:** String

View File

@ -13,20 +13,10 @@
|Enabled |1 |1 |Microsoft Edge uses the policy-set search engine specified in the OpenSearch XML file. Users cannot change the default search engine.<p><p>Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.<p><p>If you want users to use the default Microsoft Edge settings for each market set the string to **EDGEDEFAULT**.<p><p>If you would like users to use Microsoft Bing as the default search engine set the string to **EDGEBING**. |![Most restricted value](../images/check-gn.png) |
---
### Configuration options
| **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
| --- | --- | --- | --- |
| Not configured (default) | Disabled | Disabled or not configured (default) | Default search engine specified in App settings. Users cannot make changes. |
| Not configured (default) | Enabled or not configured (default) | Disabled or not configured (default) | Default search engine specified in App settings. Users can make changes to the default search engine at any time. |
| Disabled | Disabled | Disabled or not configured (default) | Users cannot add, remove, or change any of the search engines, but they can set a default search engine. |
| Disabled | Enabled or not configured (default) | Disabled or not configured (default) | Users can add new search engines or change the default search engine, in Settings. |
| Enabled | Disabled | Disabled or not configured (default) | Set the default search engine preventing users from making changes. |
| Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
---
![Set default search engine configurations](../images/set-default-search-engine-v4-sm.png)
For more details about configuring the search engine, see [Search engine customization](../group-policies/search-engine-customization-gp.md).
### ADMX info and settings
#### ADMX info

View File

@ -15,7 +15,7 @@
### Configuration options
For more details about configuring the different Home button options, see [Home button](../group-policies/home-button-gp.md).
For more details about configuring the different Home button options, see [Home button configuration options](../group-policies/home-button-gp.md).
### ADMX info and settings

View File

@ -15,7 +15,7 @@
### Configuration options
For more details about configuring the different Home button options, see [Home button](../group-policies/home-button-gp.md).
For more details about configuring the different Home button options, see [Home button configuration options](../group-policies/home-button-gp.md).
### ADMX info and settings
#### ADMX info

163
browsers/edge/index.yml Normal file
View File

@ -0,0 +1,163 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Microsoft Edge Group Policy configuration options
metadata:
document_id:
title: Microsoft Edge Group Policy configuration options
description:
text: Learn how to deploy and configure group policies in Microsoft Edge on Windows 10. Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
keywords: Microsoft Edge, Windows 10
ms.localizationpriority: medium
author: shortpatti
ms.author: pashort
ms.date: 07/26/2018
ms.topic: article
ms.devlang: na
sections:
- title:
- items:
- type: markdown
text: Learn about interoperability goals and enterprise guidance along with system requirements, language support and frequently asked questions.
- items:
- type: list
style: cards
className: cardsE
columns: 3
items:
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/about-microsoft-edge?branch=pr-en-us-10183
html: <p>Learn about Microsoft Edge, including system requirements and language support</p>
image:
src: https://docs.microsoft.com/media/common/i_overview.svg
title: Microsoft Edge overview
- href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/new-policies
html: <p>Learn more about the latest group policies and features added to Microsoft Edge.</p>
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
title: What's new
- href: https://www.microsoft.com/en-us/WindowsForBusiness/Compare
html: <p>Learn about the supported features & functionality in each Windows edition.</p>
image:
src: https://docs.microsoft.com/media/common/i_config-tools.svg
title: Compare Windows 10 Editions
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/security-privacy-management-gp?branch=pr-en-us-10183
html: <p>Learn how Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows.</p>
image:
src: https://docs.microsoft.com/media/common/i_security-management.svg
title: Security & protection
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp?branch=pr-en-us-10183
html: <p>Learch how you can use the Enterprise Mode site list for websites and apps that have compatibility problems in Microsoft Edge.</p>
image:
src: https://docs.microsoft.com/media/common/i_management.svg
title: Interoperability & enterprise guidance
- href: https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/index?branch=pr-en-us-10183
html: <p>Learn about the advanced VPN features you can add to improve the security and availability of your VPN connection.</p>
image:
src: https://docs.microsoft.com/media/common/i_policy.svg
title: Group policies & configuration options
- items:
- type: list
style: cards
className: cardsL
items:
- title: Microsoft Edge resources
html: <p><a class="barLink" href="https://docs.microsoft.com/en-us/microsoft-edge/deploy/about-microsoft-edge.md#minimum-system-requirements">Minimum system requirements</a></p>
<p><a class="barLink" href="https://docs.microsoft.com/en-us/microsoft-edge/deploy/about-microsoft-edge.md#supported-languages">Supported languages</a></p>
<p><a class="barLink" href="https://docs.microsoft.com/en-us/microsoft-edge/deploy/change-history-for-microsoft-edge">Document change history</a></p>
<p><a class="barLink" href="https://www.microsoft.com/en-us/WindowsForBusiness/Compare">Compare Windows 10 Editions</a></p>
<p><a class="barLink" href="https://blogs.windows.com/msedgedev">Microsoft Edge Dev blog</a></p>
<p><a class="barLink" href="https://twitter.com/MSEdgeDev">Microsoft Edge Dev on Twitter</a></p>
<p><a class="barLink" href="hhttps://developer.microsoft.com/microsoft-edge/platform/changelog/">Microsoft Edge changelog</a></p>
<p><a class="barLink" href="https://www.microsoft.com/itpro/microsoft-edge/technical-benefits">Measuring the impact of Microsoft Edge</a></p>
- title: Internet Explorer 11 resources
html: <p><a class="barLink" href="https://go.microsoft.com/fwlink/p/?LinkId=760644">Deploy Internet Explorer 11 (IE11) - IT Pros</a></p>
<p><a class="barLink" href="https://go.microsoft.com/fwlink/p/?LinkId=760646">Internet Explorer Administration Kit 11 (IEAK 11)</a></p>
<p><a class="barLink" href="https://go.microsoft.com/fwlink/p/?linkid=290956">Download Internet Explorer 11</a></p>
- title: Additional resources
html: <p><a class="barLink" href="https://go.microsoft.com/fwlink/p/?LinkId=617921">Group Policy and the Group Policy Management Console (GPMC)</a></p>
<p><a class="barLink" href="https://go.microsoft.com/fwlink/p/?LinkId=617922">Group Policy and the Local Group Policy Editor</a></p>
<p><a class="barLink" href="https://go.microsoft.com/fwlink/p/?LinkId=617923">Group Policy and the Advanced Group Policy Management (AGPM)</a></p>
<p><a class="barLink" href="https://go.microsoft.com/fwlink/p/?LinkId=617924">Group Policy and Windows PowerShell</a></p>

View File

@ -6,7 +6,7 @@ ms.author: pashort
ms.prod: edge
ms.sitesec: library
title: Deploy Microsoft Edge kiosk mode
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/25/2018
---
@ -137,7 +137,7 @@ With this method, you can use Microsoft Intune or other MDM services to configur
1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
2. Configure the following MDM settings to control a web browser app on the kiosk device.
2. Configure the following MDM settings to control a web browser app on the kiosk device and then restart the device.
| | |
|---|---|
@ -149,7 +149,6 @@ With this method, you can use Microsoft Intune or other MDM services to configur
| **[SetHomeButtonURL](new-policies.md#set-home-button-url)**<p>![](images/icon-thin-line-computer.png) | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
---
<br>
3. Restart the device and sign in using the kiosk app user account.
**_Congratulations!_** Youve finished setting up a kiosk or digital signage and configuring policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
@ -216,7 +215,7 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
| [AllowSideloadingOfExtensions](new-policies.md#allow-sideloading-of-extensions)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) |
| [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) |
| [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) |
| [AllowTabPreloading](new-policies.md#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) |
| [AllowTabPreloading](new-policies.md#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) |
| [AllowWebContentOnNewTabPage](available-policies.md#allow-web-content-on-new-tab-page)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) |
| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) |
| [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) |

View File

@ -1,13 +1,13 @@
---
description: Microsoft Edge now has new Group Policies and MDM Settings for IT administrators to configure Microsoft Edge. The new policies allow you to enable/disabled full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
ms.assetid:
author: shortpatti
ms.author: pashort
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
title: New Microsoft Edge Group Policies and MDM settings
ms.localizationpriority:
ms.localizationpriority: medium
author: shortpatti
ms.author: pashort
ms.date: 07/25/2018
---
@ -18,7 +18,7 @@ ms.date: 07/25/2018
The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17713+. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
We are discontinuing the use of the **Configure Favorites** group policy. Use the **[Provision Favorites](available-policies.md#provision-favorites)** instead.
We are discontinuing the **Configure Favorites** group policy. Use the **[Provision Favorites](available-policies.md#provision-favorites)** instead.
@ -26,14 +26,14 @@ We are discontinuing the use of the **Configure Favorites** group policy. Use th
>>
>>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**_Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\_**
<p>
<!-- add links to the below policies -->
<!-- links to the policies -->
| **Group Policy** | **New/update?** | **MDM Setting** | **New/update?** |
| --- | --- | --- | --- |
| [Allow fullscreen mode](#allow-fullscreen-mode) | New | [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode) | New |
| [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](#allow-prelaunch) | New | [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | New |
| [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | New | [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | New |
| [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | New | [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | New |
| [Allow printing](#allow-printing) | New | [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | New |
| [Allow Saving History](#allow-saving-history) | New | [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | New |
| [Allow sideloading of Extensions](#allow-sideloading-of-extensions) | New | [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | New |
@ -44,10 +44,10 @@ We are discontinuing the use of the **Configure Favorites** group policy. Use th
| [Configure kiosk mode](#configure-kiosk-mode) | New | [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | New |
| [Configure kiosk reset after idle timeout](#configure-kiosk-reset-after-idle-timeout) | New | [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | New |
| [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with) | New | [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | New |
| [Do not sync browser settings](available-policies.md#do-not-sync-browser-settings) | -- | Experience/DoNotSyncBrowserSetting | New |
| [Do not sync browser settings](available-policies.md#do-not-sync-browser-settings) | -- | [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting) | New |
| [Prevent certificate error overrides](#prevent-certificate-error-overrides) | New | [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | New |
| [Prevent users from turning on browser syncing](#preventusersfromturningonbrowsersyncing) | New | Experience/PreventUsersFromTurningOnBrowserSyncing | New |
| [Prevent turning off required extensions](#prevent-turning-off-required-extensions) | New | PreventTurningOffRequiredExtensions | New |
| [Prevent turning off required extensions](#prevent-turning-off-required-extensions) | New | [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-preventusersfromturningonbrowsersyncing) | New |
| [Set Home button URL](#set-home-button-url) | New | [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | New |
| [Set New Tab page URL](#set-new-tab-page-url) | New | [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | New |
| [Show message when opening sites in Internet Explorer](#showmessagewhenopeninginteretexplorersites) | Updated | [ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) | Updated |
@ -63,7 +63,7 @@ We are discontinuing the use of the **Configure Favorites** group policy. Use th
## Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
[!INCLUDE [allow-prelaunch-include](includes/allow-prelaunch-include.md)]
## Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
## Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
[!INCLUDE [allow-tab-preloading-include](includes/allow-tab-preloading-include.md)]
## Allow printing
@ -75,7 +75,6 @@ We are discontinuing the use of the **Configure Favorites** group policy. Use th
## Allow sideloading of Extensions
[!INCLUDE [allow-sideloading-extensions-include.md](includes/allow-sideloading-extensions-include.md)]
## Configure collection of browsing data for Microsoft 365 Analytics
[!INCLUDE [configure-browser-telemetry-for-m365-analytics-include](includes/configure-browser-telemetry-for-m365-analytics-include.md)]

View File

@ -15,7 +15,7 @@ author: shortpatti
>Applies to: Windows 10, Windows 10 Mobile
Microsoft Edge is designed with significant security improvements, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows.
Microsoft Edge is designed with improved security in mind, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows.
## Help to protect against web-based security threats
While most websites are safe, some sites have been designed to steal personal information or gain access to your systems resources. Thieves by nature dont care about rules, and will use any means to take advantage of victims, most often using trickery or hacking:

View File

@ -1 +1 @@
Microsoft Edge allows preloading of the Start and New tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
Microsoft Edge allows preloading of the Start and New tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.

View File

@ -42,7 +42,7 @@ Management of SEMM with Configuration Manager requires the installation of Micro
#### Download SEMM scripts for Configuration Manager
After Microsoft Surface UEFI Manager is installed on the client Surface device, SEMM is deployed and managed with PowerShell scripts. You can download samples of the [SEMM management scripts](https://gallery.technet.microsoft.com/Sample-PowerShell-for-5eb5f03c) from the TechNet Gallery Script Center.
After Microsoft Surface UEFI Manager is installed on the client Surface device, SEMM is deployed and managed with PowerShell scripts. You can download samples of the [SEMM management scripts](https://www.microsoft.com/en-us/download/details.aspx?id=46703) from the Download Center.
## Deploy Microsoft Surface UEFI Manager
@ -269,7 +269,7 @@ The following code fragment, found on lines 352-363, is used to write this regis
### Settings names and IDs
To configure Surface UEFI settings or permissions for Surface UEFI settings, you must refer to each setting by either its setting name or setting ID. With each new update for Surface UEFI, new settings may be added. The best way to get a complete list of the settings available on a Surface device, along with the settings name and settings IDs, is to use the ShowSettingsOptions.ps1 script from [SEMM management scripts for Configuration Manager](https://gallery.technet.microsoft.com/Sample-PowerShell-for-5eb5f03c) in the TechNet Gallery Script Center.
To configure Surface UEFI settings or permissions for Surface UEFI settings, you must refer to each setting by either its setting name or setting ID. With each new update for Surface UEFI, new settings may be added. The best way to get a complete list of the settings available on a Surface device, along with the settings name and settings IDs, is to use the ShowSettingsOptions.ps1 script from SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/en-us/download/details.aspx?id=46703)
The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device.
@ -424,4 +424,4 @@ Removal of SEMM from a device deployed with Configuration Manager using these sc
>When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package the device will prompt for the certificate thumbprint before ownership is taken.
>For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken.
>For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken.

Binary file not shown.

Before

Width:  |  Height:  |  Size: 138 KiB

After

Width:  |  Height:  |  Size: 186 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 300 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 154 KiB

After

Width:  |  Height:  |  Size: 242 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 290 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 114 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 241 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 241 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 74 KiB

After

Width:  |  Height:  |  Size: 98 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 73 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 43 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 80 KiB

After

Width:  |  Height:  |  Size: 107 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 120 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 196 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 106 KiB

View File

@ -7,10 +7,10 @@ ms.technology: Windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: high
ms.localizationpriority: medium
author: lenewsad
ms.author: lanewsad
ms.date: 07/11/2018
ms.date: 08/03/2018
---
# Use the Set up School PCs app
@ -46,7 +46,7 @@ USB drives are, by default, FAT32-formatted, and are unable to save more than 4
5. Set **File system** to **NTFS**.
6. Click **Start** to format the drive.
### Prepare existing PC account for new setup
### Prepare existing PC account for new setup
Apply new packages to factory reset or new PCs. If you apply it to a PC that's already set up, you may lose the accounts and data.
If a PC has already been set up, and you want to apply a new package, reset the PC to a clean state.
@ -68,12 +68,12 @@ This section offers recommendations to prepare you for the best possible setup e
### Run the same Windows 10 build on the admin device and the student PCs
We recommend you run the IT administrator or technical teacher's device on the same Windows 10 build as the student PCs.
### Student PCs should meet OS requirements for the app
Check the minimum OS requirements in the Set up School PCs app. We recommend using the latest Set up School PCs app along with the latest Windows 10 images on the student PCs.
### Student PCs should meet OS requirements for the app
Check the OS requirements in the Set up School PCs app. We recommend using the latest Set up School PCs app along with the latest Windows 10 images on the student PCs.
To check the app's OS requirements, go to the Microsoft Store and locate the Set up School PCs app. In the app's description, go to **System Requirements > OS**.
### Use app on a PC that is connected to your school's network
### Use app on a PC that is connected to your school's network
We recommend that you run the Set up School PCs app on a computer that's connected to your school's network. That way the app can gather accurate information about your school's wireless networks and cloud subscriptions. If it's not connected, you'll need to enter the information manually.
> [!NOTE]
@ -82,7 +82,7 @@ We recommend that you run the Set up School PCs app on a computer that's connect
>* Open Wi-Fi networks that require the user to accept Terms of Use.
### Run app on an open network or network that requires a basic password
Don't use Set up School PCs over a certification-based network, or one where you have to enter credentials in a browser. If you need to set up numerous devices over Wi-Fi, make sure that your network configuration can support it.
Don't use Set up School PCs over a certification-based network, or one where you have to enter credentials in a browser. If you need to set up many devices over Wi-Fi, make sure that your network configuration can support it.
We recommend that you:
* Configure your DHCP so at least 200 IP addresses are available for your devices. Having available IP addresses will allow you to set up many devices simultaneously.
@ -92,16 +92,17 @@ We recommend that you:
> Only use the provisioning package on PCs that you want to configure and lock down for students. After you apply the provisioning package to a student PC, the PC must be reset to remove the settings.
### Use an additional USB drive
You can set up PCs at the same time. Just save the provisioning package to an additional USB drive. Then plug them in at the same time during deployment.
To set up more than one PC at the same time, save the provisioning package to additional USB drives. Then plug the USBs in at the same time during setup.
### Limit changes to school-optimized settings
### Limit changes to school-optimized settings
We strongly recommend that you avoid changing preset policies. Changes can slow down setup, performance, and sign-in time.
## Create the provisioning package
We strongly recommend that you avoid changing preset policies. Changes can slow down setup, performance, and the time it takes to sign in.
## Create the provisioning package
The **Set up School PCs** app guides you through the configuration choices for the student PCs.
### Sign-in
### Sign in
1. Open the Set up School PCs app on your PC and click **Get started**.
![Launch the Set up School PCs app](images/suspc_getstarted_050817.png)
@ -120,10 +121,10 @@ a. Click **Work or school account** > **Continue**.
1. Click **Accept** to allow Set up School PCs to access your account throughout setup.
2. When your account name appears on the page, as shown in the image below, click **Next.**
![Verify that the account you selected shows up](images/suspc_createpackage_signin.png)
![Verify that the account you selected shows up](images/suspc-createpackage-signin-1807.png)
### Wireless network
Add and save a wireless network profile to provision on each student PC. Only skip Wi-Fi setup if you have an Ethernet connection.
Add and save the wireless network profile that you want student PCs to connect to. Only skip Wi-Fi setup if you have an Ethernet connection.
Select your school's Wi-Fi network from the list of available wireless networks, or click **Add a wireless network** to manually configure it. Then click **Next.**
@ -139,41 +140,54 @@ To make sure all device names are unique, Set up School PCs automatically append
### Settings
Select additional settings to include in the provisioning package. To begin, select the operating system on your student PCs.
Select additional settings to include in the provisioning package. To begin, select the operating system on your student PCs.
![Screenshot of the Current OS version page with the Select OS version menu selected, showing 6 Windows 10 options. All other settings on page are unavailable to select.](images/suspc-current-os-version-1807.png)
![Configure student PC settings page showing 5 settings with checkboxes and 1 setting with browser button](images/suspc-configure-student-settings-1807.png)
Setting selections vary based on the OS version you select. The example screenshot below shows the settings that become available when you select **Windows 10 version 1703**. The option to **Enable Autopilot Reset** is not available for this version of Windows 10.
Setting selections vary based on the OS version you select. The following table lists all possible settings, descriptions, and important notes to consider. After you've made your selections, click **Next**.
![Example screenshot of the Current OS version page, with Windows 10 version 1803 selected. 4 available settings and 1 unavailable setting are shown, and none are selected.](images/suspc-available-student-settings-1807.png)
> [!NOTE]
> The [**Time zone** setting](use-set-up-school-pcs-app.md#time-zone), shown in the sidebar of the screenshot below, is not made available to versions of Windows 10 in S mode. If you select a version in S mode, you will not be asked to configure the time zone.
|Setting |What happens if I select it? |Note|
|---------|---------|---------|
|Remove apps pre-installed by the device manufacturer | Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.|
|Allow local storage (not recommended for shared devices) | Lets students save files to the Desktop and Documents folder on the Student PC. |Not recommended if the device will be part of a shared cart or lab.|
|Optimize device for a single student, instead of a shared cart or lab |Optimizes the device for use by a single student, rather than many students. |Recommended option only if the device is not shared with other students in the school. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
|Let guests sign in to these PCs |Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.|
|Enable Windows Autopilot Reset | Lets you remotely reset a students PC from the lock screen, apply the devices original settings, and enroll it in device management (Azure AD and MDM). |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.|
|Lock screen background|Change the default screen lock background to a custom image.|Click **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.|
The following table describes each setting and lists the applicable Windows 10 versions. To find out if a setting is available in your version of Windows 10, look for an *X* in the setting row and in the version column.
|Setting |1703|1709|1803|What happens if I select it? |Note|
|---------|---------|---------|---------|---------|---------|
|Remove apps pre-installed by the device manufacturer |X|X|X| Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.|
|Allow local storage (not recommended for shared devices) |X|X|X| Lets students save files to the Desktop and Documents folder on the Student PC. |Not recommended if the device will be part of a shared cart or lab.|
|Optimize device for a single student, instead of a shared cart or lab |X|X|X|Optimizes the device for use by a single student, rather than many students. |Recommended option only if the device is not shared with other students in the school. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
|Let guests sign in to these PCs |X|X|X|Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.|
|Enable Autopilot Reset |Not available|X|X| Lets you remotely reset a students PC from the lock screen, apply the devices original settings, and enroll it in device management (Azure AD and MDM). |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.|
|Lock screen background|X|X|X|Change the default screen lock background to a custom image.|Click **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.|
### Take a Test app
After you've made your selections, click **Next**.
![Configure student PC settings page showing 5 settings, with two settings selected. Lock screen background image is the default image. Cursor is hovering over the blue Next button.](images/suspc-current-os-version-next-1807.png)
### Time zone
> [!WARNING]
> If you are using the Autounattend.xml file to reimage your school PCs, do not specify a time zone in the file. If you set the time zone in the file *and* in this app, you will encounter an error.
Choose the time zone where your school's PCs are used. This setting ensures that all PCs are provisioned in the same time zone. When you're done, click **Next**.
![Choose PC time zone page with the time zone menu expanded to show all time zone selections.](images/suspc-time-zone-1807.png)
### Take a Test
Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments, Windows locks down the student PC so that students can't access anything else on the device.
1. Select **Yes** to create a Take a Test button on the sign-in screens of your students' PCs.
![Set up Take a Test app page with "Yes" selected to create an app button. Page also has two checkboxes for additional settings and one text field for the assessment URL.](images/suspc_createpackage_takeatestpage_073117.png)
2. Select from the advanced settings. The following table lists available settings and their descriptions.
|Setting |Description |
|---------|---------|
|Allow keyboard auto-suggestions | Allows app to suggest words as the student types on the PC's keyboard. |
|Allow teachers to monitor online tests | Enables screen capture in the Take a Test app. |
![Set up Take a Test app page with "Yes" selected to create an app button. Page also has two checkboxes for additional settings and one text field for the assessment URL.](images/suspc-take-a-test-1807.png)
2. Select from the advanced settings. Available settings inclue:
* Allow keyboard auto-suggestions: Allows app to suggest words as the student types on the PC's keyboard.
* Allow teachers to monitor online tests: Enables screen capture in the Take a Test app.
3. Enter the URL where the test is hosted. When students log in to the Take a Test account, they'll be able to click or enter the link to view the assessment.
4. Click **Next**.
### Add recommended apps
### Recommended apps
Choose from a list of recommended Microsoft Store apps to install on student PCs. Then click **Next**. After they're assigned, apps are pinned to the student's Start menu.
![Add recommended apps screen with 7 icons of recommended apps and selection boxes. Skip button is enabled and Next button is disabled. ](images/suspc-add-recommended-apps-1807.png)
@ -186,23 +200,25 @@ The following table lists the recommended apps you'll see.
|Minecraft: Education Edition | Free trial|
|Other apps fit for the classroom |Select from WeDo 2.0 LEGO®, Arduino IDE, Ohbot, Sesavis Visual, and EV3 Programming|
If you receive an error and are unable to add the selected apps, click **Skip**. Contact your IT admin to get these apps later.
### Summary
1. Review all of the settings for accuracy and completeness. Check carefully. To make changes to a saved package, you have to start over.
2. To make changes now, click any page along the left side of the window.
3. When finished, click **Accept**.
![Example image of the Summary screen, showing the user's configurations for Sign-in, Wireless network, Device names, Settings, Take a Test, and Recommended apps. Accept button is active and the page contains three links on the right-hand side to help and support.](images/suspc_createpackage_summary_073117.png)
![Example image of the Summary screen, showing the user's configurations for Sign-in, Wireless network, Device names, Settings, Time zone, Take a Test. Accept button is available and the page contains three links on the right-hand side to help and support.](images/suspc-createpackage-summary-1807.png)
### Insert USB
1. Insert a USB drive. The **Save** button will light up when your computer detects the USB.
2. Choose your USB drive from the list and click **Save**.
![Insert a USB drive now screen with USB drive selection highlighted. Save button is blue and active.](images/suspc_savepackage_insertusb.png)
![Insert a USB drive now screen with USB drive selection highlighted. Save button is blue and active.](images/suspc-savepackage-insertusb-1807.png)
3. When the package is ready, you'll see the filename and package expiration date. You can also click **Add a USB** to save the same provisioning package to another USB drive. When you're done, remove the USB drive and click **Next**.
![Your provisioning package is ready screen with package details, active Next button, and grayed-out Add a USB button.](images/suspc_savepackage_ppkgisready.png)
![Your provisioning package is ready screen with package filename and expiration date. Shows an active blue, Next button, and a gray Add a USB button.](images/suspc-savepackage-ppkgisready-1807.png)
## Run package - Get PCs ready
Complete each step on the **Get PCs ready** page to prepare student PCs for set-up. Then click **Next**.
@ -231,8 +247,8 @@ When used in context of the Set up School PCs app, the word *package* refers to
![Screen with message telling user to remove the USB drive.](images/suspc_setup_removemediamessage.png)
4. If you did not set up the package to do Azure AD Join, go through the rest of the Windows device setup experience. If you did configure the package for Azure AD Join, the computer is ready for use and no further configurations are required.
4. If you didn't set up the package with Azure AD Join, continue the Windows device setup experience. If you did configure the package with Azure AD Join, the computer is ready for use and no further configurations are required.
If successful, you'll see a setup complete message. The PCs start up on the lock screen with your school's custom background. Upon first use, students and teachers will be able to connect to your school's network and resources.
If successful, you'll see a setup complete message. The PCs start up on the lock screen, with your school's custom background. Upon first use, students and teachers can connect to your school's network and resources.

View File

@ -7,7 +7,7 @@ ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.date: 11/01/2017
ms.date: 08/01/2017
ms.topic: conceptual
ms.localizationpriority: medium
---
@ -43,22 +43,31 @@ There are a couple of things we need to know when you pay for apps. You can add
**To manage Allow users to shop setting**
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com)
2. Click **Manage**, and then click **Settings**.
3. On **Shop**, turn on or turn off **Allow users to shop**.
2. Select **Manage**, and then select **Settings**.
3. On **Shop**, , under **Shopping behavior**, turn on or turn off **Allow users to shop**.
![manage settings to control Basic Purchaser role assignment](images/sfb-allow-shop-setting.png)
## Allow app requests
People in your org can request license for apps that they need, or that others need. When **All app requests** is turned on, app requests are sent to org admins. Admins for your tenant will receive an email with the request, and can decide about making the purchase.
**To manage All app requests**
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com)
2. Select **Manage**, and then select **Settings**.
3. On **Shop**, under **Shopping behavior** turn on or turn off **Allow app requests**.
## Acquire apps
**To acquire an app**
1. Sign in to http://businessstore.microsoft.com
2. Click **Shop**, or use Search to find an app.
3. Click the app you want to purchase.
2. Select **Shop for my group**, or use Search to find an app.
3. Select the app you want to purchase.
4. On the product description page, choose your license type - either online or offline.
5. Free apps will be added to **Products & services**. For apps with a price, you can set the quantity you want to buy. Type the quantity and click **Next**.
6. If you dont have a payment method saved in **Billing - Payment methods**, we will prompt you for one.
7. Add your credit card or debit card info, and click **Next**. Your card info is saved as a payment option on **Billing - Payment methods**.
5. Free apps will be added to **Products & services**. For apps with a price, you can set the quantity you want to buy. Type the quantity and select **Next**.
6. If you dont have a payment method saved in **Billing & payments**, we will prompt you for one.
7. Add your credit card or debit card info, and select **Next**. Your card info is saved as a payment option on **Billing & payments - Payment methods**.
Youll also need to have your business address saved on **Billing - Account profile**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](https://docs.microsoft.com/microsoft-store/update-microsoft-store-for-business-account-settings#organization-tax-information).
Youll also need to have your business address saved on **My organization - Profile**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](https://docs.microsoft.com/microsoft-store/update-microsoft-store-for-business-account-settings#organization-tax-information).
Microsoft Store adds the app to your inventory. From **Products & services**, you can:
- Distribute the app: add to private store, or assign licenses
@ -67,12 +76,4 @@ Microsoft Store adds the app to your inventory. From **Products & services**, yo
For info on distributing apps, see [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md).
For info on offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
## Request apps
People in your org can request additional licenses for apps that are in your organization's private store. When **Allow app requests** is turned on, people in your org can respond to a notification about app license availability. Admins for your tenant will receive an email with the request, and can decide about making the purchase.
**To manage Allow app requests**
1. Sign in to http://businessstore.microsoft.com
2. Click **Manage**, click **Settings**, and then click **Distribute**.
3. Under **Private store** turn on, or turn off **Allow app requests**.
For info on offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).

View File

@ -8,7 +8,7 @@ ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.topic: conceptual
ms.date: 6/28/2018
ms.date: 07/31/2018
---
# Microsoft Store for Business and Education release history
@ -17,6 +17,10 @@ Microsoft Store for Business and Education regularly releases new and improved f
Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)
## June 2018
- **Change order within private store collection** - Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection.
- **Performance improvements in private store** - We continue to work on performance improvements in the private store. Now, most products new to your inventory are available in your private store within 15 minutes of adding them. [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)
## May 2018
- **Immersive Reader app available in Microsoft Store for Education** - This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it.

View File

@ -8,7 +8,7 @@ ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.topic: conceptual
ms.date: 6/28/2018
ms.date: 07/31/2018
---
# What's new in Microsoft Store for Business and Education
@ -17,14 +17,9 @@ Microsoft Store for Business and Education regularly releases new and improved f
## Latest updates for Store for Business and Education
**June 2018**
| | |
|--------------------------------------|---------------------------------|
| ![Private store icon](images/private-store-icon.png) |**Change order within private store collection**<br /><br /> Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
| ![performance icon](images/perf-improvement-icon.png) |**Performance improvements in private store**<br /><br /> We continue to work on performance improvements in the private store. Now, most products new to your inventory are available in your private store within 15 minutes of adding them. <br /><br /> [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance) <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
**July 2018**
Weve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new feature
<!---
Weve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
@ -38,6 +33,10 @@ Weve been working on bug fixes and performance improvements to provide you a
## Previous releases and updates
[June 2018](release-history-microsoft-store-business-education.md#june-2018)
- Change order within private store collection
- Performance improvements in private store
[May 2018](release-history-microsoft-store-business-education.md#may-2018)
- Immersive Reading app available in Microsoft Store for Education
@ -76,5 +75,4 @@ Weve been working on bug fixes and performance improvements to provide you a
- Manage prepaid Office 365 subscriptions
- Manage Office 365 subscriptions acquired by partners
- Edge extensions in Microsoft Store
- Search results in Microsoft Store for Business
- Search results in Microsoft Store for Business

View File

@ -365,7 +365,7 @@ Node that can be used to perform signature updates for Windows Defender.
Supported operations are Get and Execute.
<a href="" id="offlinescan"></a>**OfflineScan**
Added in Windows 10, version 1803. OfflineScan action starts a Windows Defender offline scan on the computer where you run the command. This command causes the computer reboot and start in Windows Defender offline mode to begin the scan.
Added in Windows 10, version 1803. OfflineScan action starts a Windows Defender offline scan on the computer where you run the command. After the next OS reboot, the device will start in Windows Defender offline mode to begin the scan.
Supported operations are Get and Execute.
@ -374,12 +374,3 @@ Supported operations are Get and Execute.
[Configuration service provider reference](configuration-service-provider-reference.md)
 
 

View File

@ -364,9 +364,9 @@ Added in Windows 10, next major version. Specifies if an app is nonremovable by
This setting allows the IT admin to set an app to be nonremovable, or unable to be uninstalled by a user. This is useful in enterprise and education scenarios, where the IT admin might want to ensure that everyone always has certain apps and they won't be removed accidentally. This is also useful when there are multiple users per device, and you want to ensure that one user doesnt remove it for all users.
This setting requires admin permission. This can only be set per device, not per user. You can query the setting using AppInvetoryQuery or AppInventoryResults.
NonRemovable requires admin permission. This can only be set per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
Value type is integer. Supported operations are Add, Get, and Replace.
Valid values:
- 0 app is not in the nonremovable app policy list
@ -382,12 +382,12 @@ Add an app to the nonremovable app policy list
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/Test123/NonRemovable</LocURI>
<LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>0</Data>
<Data>1</Data>
</Item>
</Add>
<Final/>
@ -403,7 +403,7 @@ Delete an app from the nonremovable app policy list
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/Test123/NonRemovable</LocURI>
<LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable</LocURI>
</Target>
</Item>
</Delete>
@ -412,7 +412,7 @@ Delete an app from the nonremovable app policy list
</SyncML>
```
Get list of apps in the nonremovable app policy list
Get the status for a particular app
```
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
@ -420,7 +420,7 @@ Get list of apps in the nonremovable app policy list
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/Test123/NonRemovable</LocURI>
<LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable</LocURI>
</Target>
</Item>
</Get>
@ -429,9 +429,9 @@ Get list of apps in the nonremovable app policy list
</SyncML>
```
Replace an app in the nonremovable app policy list
Data 0 = app is not in the app policy list
Data 1 = app is in the app policy list
Replace an app in the nonremovable app policy list
Data 0 = app is not in the app policy list
Data 1 = app is in the app policy list
```
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
@ -439,7 +439,7 @@ Data 1 = app is in the app policy list
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/Test123/NonRemovable</LocURI>
<LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>

View File

@ -495,7 +495,6 @@ The XML below is for Windows 10, next major version.
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DFFormat>

Binary file not shown.

Before

Width:  |  Height:  |  Size: 22 KiB

After

Width:  |  Height:  |  Size: 31 KiB

View File

@ -27,6 +27,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [What's new in Windows 10, version 1703](#whatsnew10)
- [What's new in Windows 10, version 1709](#whatsnew1709)
- [What's new in Windows 10, version 1803](#whatsnew1803)
- [What's new in Windows 10, next major version](#whatsnewnext)
- [Change history in MDM documentation](#change-history-in-mdm-documentation)
- [Breaking changes and known issues](#breaking-changes-and-known-issues)
- [Get command inside an atomic command is not supported](#getcommand)
@ -1357,6 +1358,101 @@ For details about Microsoft mobile device management protocols for Windows 10 s
</tbody>
</table>
## <a href="" id="whatsnewnext"></a>What's new in Windows 10, next major version
<table class="mx-tdBreakAll">
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<thead>
<tr class="header">
<th>New or updated topic</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
<td style="vertical-align:top"><p>Added the following new policies in Windows 10, next major version:</p>
<ul>
<li>ApplicationManagement/LaunchAppAfterLogOn</li>
<li>ApplicationManagement/ScheduleForceRestartForUpdateFailures </li>
<li>Authentication/EnableFastFirstSignIn</li>
<li>Authentication/EnableWebSignIn</li>
<li>Authentication/PreferredAadTenantDomainName</li>
<li>Defender/CheckForSignaturesBeforeRunningScan</li>
<li>Defender/DisableCatchupFullScan </li>
<li>Defender/DisableCatchupQuickScan </li>
<li>Defender/EnableLowCPUPriority</li>
<li>Defender/SignatureUpdateFallbackOrder</li>
<li>Defender/SignatureUpdateFileSharesSources</li>
<li>DeviceGuard/EnableSystemGuard</li>
<li>DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</li>
<li>DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</li>
<li>DeviceInstallation/PreventDeviceMetadataFromNetwork</li>
<li>DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</li>
<li>DmaGuard/DeviceEnumerationPolicy</li>
<li>Experience/AllowClipboardHistory</li>
<li>Experience/DoNotSyncBrowserSetting</li>
<li>Experience/PreventUsersFromTurningOnBrowserSyncing</li>
<li>Security/RecoveryEnvironmentAuthentication</li>
<li>TaskManager/AllowEndTask</li>
<li>Update/EngagedRestartDeadlineForFeatureUpdates</li>
<li>Update/EngagedRestartSnoozeScheduleForFeatureUpdates</li>
<li>Update/EngagedRestartTransitionScheduleForFeatureUpdates</li>
<li>Update/SetDisablePauseUXAccess</li>
<li>Update/SetDisableUXWUAccess</li>
<li>WindowsDefenderSecurityCenter/DisableClearTpmButton</li>
<li>WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning</li>
<li>WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl</li>
<li>WindowsLogon/DontDisplayNetworkSelectionUI</li>
</ul>
</td></tr>
<tr>
<td style="vertical-align:top">[PassportForWork CSP](passportforwork-csp.md)</td>
<td style="vertical-align:top"><p>Added new settings in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)</td>
<td style="vertical-align:top"><p>Added NonRemovable setting under AppManagement node in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)</td>
<td style="vertical-align:top"><p>Added new configuration service provider in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[WindowsLicensing CSP](windowslicensing-csp.md)</td>
<td style="vertical-align:top"><p>Added S mode settings and SyncML examples in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[SUPL CSP](supl-csp.md)</td>
<td style="vertical-align:top"><p>Added 3 new certificate nodes in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node Health/ProductStatus in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node AllowStandardUserEncryption in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[DevDetail CSP](devdetail-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node SMBIOSSerialNumber in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Wifi CSP](wifi-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node WifiCost in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
<td style="vertical-align:top"><p>Added new settings in Windows 10, next major version.</p>
</td></tr>
</tbody>
</table>
## Breaking changes and known issues
### <a href="" id="getcommand"></a>Get command inside an atomic command is not supported
@ -1623,6 +1719,35 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
## Change history in MDM documentation
### August 2018
<table class="mx-tdBreakAll">
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<thead>
<tr class="header">
<th>New or updated topic</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
<td style="vertical-align:top"><p>Added new settings in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
<td style="vertical-align:top"><p>Added the following new policies in Windows 10, next major version:</p>
<ul>
<li>Experience/DoNotSyncBrowserSetting</li>
<li>Experience/PreventUsersFromTurningOnBrowserSyncing</li>
</ul>
</td></tr>
</tbody>
</table>
### July 2018
<table class="mx-tdBreakAll">
@ -1729,7 +1854,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<tbody>
<tr>
<td style="vertical-align:top">[Wifi CSP](wifi-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node WifiCost.</p>
<td style="vertical-align:top"><p>Added a new node WifiCost in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)</td>
@ -1741,7 +1866,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</td></tr>
<tr>
<td style="vertical-align:top">[Bitlocker CSP](bitlocker-csp.md)</td>
<td style="vertical-align:top"><p>Added new node AllowStandardUserEncryption.</p>
<td style="vertical-align:top"><p>Added new node AllowStandardUserEncryption in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>

View File

@ -91,7 +91,7 @@ ms.date: 07/30/2018
<a href="#experience-donotshowfeedbacknotifications">Experience/DoNotShowFeedbackNotifications</a>
</dd>
<dd>
<a href="#experience-donotsyncbrowsersetting">Experience/DoNotSyncBrowserSetting</a>
<a href="#experience-donotsyncbrowsersetting">Experience/DoNotSyncBrowserSettings</a>
</dd>
<dd>
<a href="#experience-preventusersfromturningonbrowsersyncing">Experience/PreventUsersFromTurningOnBrowserSyncing</a>
@ -1399,7 +1399,7 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="experience-donotsyncbrowsersetting"></a>**Experience/DoNotSyncBrowserSetting**
<a href="" id="experience-donotsyncbrowsersetting"></a>**Experience/DoNotSyncBrowserSettings**
<!--SupportedSKUs-->
<table>
@ -1434,14 +1434,10 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
By default, the "browser" group syncs automatically between users devices and allowing users to choose to make changes. The "browser" group uses the **Sync your Settings** option in Settings to sync information like history and favorites. Enabling this policy prevents the "browser" group from using the **Sync your Settings** option. If you want syncing turned off by default but not disabled, select the Allow users to turn "browser" syncing option.
[!INCLUDE [do-not-sync-browser-settings-shortdesc](../../../browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md)]
Related policy: PreventUsersFromTurningOnBrowserSyncing.
Value type is integer. Supported values:
- 0 (default) - Allowed/turned on. The "browser" group syncs automatically between users devices and lets users to make changes.
- 2 - Prevented/turned off. The "browser" group does not use the **Sync your Settings** option.
Related policy:
PreventUsersFromTurningOnBrowserSyncing
<!--/Description-->
<!--ADMXMapped-->
@ -1453,7 +1449,12 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
Supported values:
- 0 (default) - Allowed/turned on. The "browser" group syncs automatically between users devices and lets users to make changes.
- 2 - Prevented/turned off. The "browser" group does not use the _Sync your Settings_ option.
Value type is integer.
<!--/SupportedValues-->
<!--Example-->
@ -1501,25 +1502,21 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
By default, the "browser" group syncs automatically between the users devices, letting users make changes. With this policy, though, you can prevent the "browser" group from syncing and prevent users from turning on the Sync your Settings toggle in Settings. If you want syncing turned off by default but not disabled, select the Allow users to turn "browser" syncing option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.
[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../../../browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
Related policy: DoNotSyncBrowserSetting
Related policy:
DoNotSyncBrowserSettings
Value type is integer. Supported values:
- 0 - Allowed/turned on. Users can sync the browser settings.
- 1 (default) - Prevented/turned off.
This policy only works with the Experience/DoNotSyncBrowserSetting policy, and for this policy to work correctly, you must set Experience/DoNotSynBrowserSettings to 2 (enabled). By default, when you set this policy and the Experience/DoNotSyncBrowserSetting policy to 0 (disabled or not configured), the browser settings sync automatically. However, with this policy, you can prevent the syncing of browser settings and prevent users from turning on the Sync your Settings option. Additionally, you can prevent syncing the browser settings but give users a choice to turn on syncing.
If you want to prevent syncing of browser settings and prevent users from turning it on:
1. Set Experience/DoNotSyncBrowserSetting to 2 (enabled).
1. Set Experience/DoNotSyncBrowserSettings to 2 (enabled).
1. Set this policy (Experience/PreventUsersFromTurningOnBrowserSyncing) to 1 (enabled or not configured).
If you want to prevent syncing of browser settings but give users a choice to turn on syncing:
1. Set Experience/DoNotSyncBrowserSetting to 2 (enabled).
1. Set Experience/DoNotSyncBrowserSettings to 2 (enabled).
1. Set this policy (Experience/PreventUsersFromTurningOnBrowserSyncing) to 0 (disabled).
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
@ -1531,7 +1528,12 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
Supported values:
- 0 - Allowed/turned on. Users can sync the browser settings.
- 1 (default) - Prevented/turned off.
Value type is integer.
<!--/SupportedValues-->
<!--Example-->
@ -1540,15 +1542,12 @@ ADMX Info:
**Validation procedure:**
Microsoft Edge on your PC:
1. Select More > Settings.
1. Select **More > Settings**.
1. See if the setting is enabled or disabled based on your setting.
<!--/Validation-->
<!--/Policy-->
<<<<<<< HEAD
=======
>>>>>>> 3c06afe9875ad82fff960313bea663f49a2f7d2c
<hr/>
Footnote:

View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 07/03/2018
ms.date: 08/03/2018
---
# Policy DDF file
@ -1406,30 +1406,6 @@ Related policy:
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ForceEnabledExtensions</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>This setting lets you decide which extensions should be always enabled.</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>HomePages</NodeName>
<DFProperties>
@ -1654,6 +1630,47 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PreventTurningOffRequiredExtensions</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
<DFProperties>
@ -8614,6 +8631,52 @@ Related policy:
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Privacy</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>DisablePrivacyExperience</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Security</NodeName>
<DFProperties>
@ -10528,34 +10591,6 @@ Related policy:
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>ForceEnabledExtensions</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue></DefaultValue>
<Description>This setting lets you decide which extensions should be always enabled.</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>ForceEnabledExtensions_List</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>ForceEnabledExtensions</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>HomePages</NodeName>
<DFProperties>
@ -10806,6 +10841,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
<MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>PreventTurningOffRequiredExtensions</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue></DefaultValue>
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>PreventTurningOffRequiredExtensions_Prompt</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>PreventTurningOffRequiredExtensions</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
<DFProperties>
@ -18546,6 +18626,54 @@ Related policy:
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Privacy</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>DisablePrivacyExperience</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>OOBE.admx</MSFT:ADMXMapped>
<MSFT:ADMXCategory>OOBE~AT~WindowsComponents~OOBE</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>DisablePrivacyExperience</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Security</NodeName>
<DFProperties>
@ -22272,30 +22400,6 @@ Related policy:
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ForceEnabledExtensions</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>This setting lets you decide which extensions should be always enabled.</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>HomePages</NodeName>
<DFProperties>
@ -22520,6 +22624,47 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PreventTurningOffRequiredExtensions</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
<DFProperties>
@ -27063,7 +27208,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
</DFProperties>
</Node>
<Node>
<NodeName>DoNotSyncBrowserSetting</NodeName>
<NodeName>DoNotSyncBrowserSettings</NodeName>
<DFProperties>
<AccessType>
<Add />
@ -27098,7 +27243,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
<Replace />
</AccessType>
<Description>You can configure Microsoft Edge to allow users to turn on the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. When enabled and you enable the Do not sync browser setting policy, browser settings sync automatically. If disabled, users have the option to sync the browser settings.
Related policy: DoNotSyncBrowserSetting
Related policy: DoNotSyncBrowserSettings
1 (default) = Do not allow users to turn on syncing, 0 = Allows users to turn on syncing</Description>
<DFFormat>
<int/>
@ -34352,38 +34497,6 @@ Default: Disabled.</Description>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Microsoft network server: Amount of idle time required before suspending a session
This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.
Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished.
For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy.
Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsAlways</NodeName>
<DFProperties>
@ -36623,6 +36736,30 @@ The options are:
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DisablePrivacyExperience</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>EnableActivityFeed</NodeName>
<DFProperties>
@ -41468,6 +41605,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>AllowDeviceNameInDiagnosticData</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>AllowEmbeddedMode</NodeName>
<DFProperties>
@ -44073,7 +44234,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
</DFProperties>
</Node>
<Node>
<NodeName>UpdateNotificationKioskMode</NodeName>
<NodeName>UpdateNotificationLevel</NodeName>
<DFProperties>
<AccessType>
<Add />
@ -49551,34 +49712,6 @@ Related policy:
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>ForceEnabledExtensions</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue></DefaultValue>
<Description>This setting lets you decide which extensions should be always enabled.</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>ForceEnabledExtensions_List</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>ForceEnabledExtensions</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>HomePages</NodeName>
<DFProperties>
@ -49829,6 +49962,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
<MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>PreventTurningOffRequiredExtensions</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue></DefaultValue>
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>PreventTurningOffRequiredExtensions_Prompt</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>PreventTurningOffRequiredExtensions</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
<DFProperties>
@ -54899,7 +55077,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
</DFProperties>
</Node>
<Node>
<NodeName>DoNotSyncBrowserSetting</NodeName>
<NodeName>DoNotSyncBrowserSettings</NodeName>
<DFProperties>
<AccessType>
<Get />
@ -54935,7 +55113,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>You can configure Microsoft Edge to allow users to turn on the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. When enabled and you enable the Do not sync browser setting policy, browser settings sync automatically. If disabled, users have the option to sync the browser settings.
Related policy: DoNotSyncBrowserSetting
Related policy: DoNotSyncBrowserSettings
1 (default) = Do not allow users to turn on syncing, 0 = Allows users to turn on syncing</Description>
<DFFormat>
<int/>
@ -63004,41 +63182,6 @@ Default: Disabled.</Description>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>15</DefaultValue>
<Description>Microsoft network server: Amount of idle time required before suspending a session
This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.
Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished.
For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy.
Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="99999"></MSFT:SupportedValues>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
<MSFT:GPRegistryMappedName>Microsoft network server: Amount of idle time required before suspending session</MSFT:GPRegistryMappedName>
<MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsAlways</NodeName>
<DFProperties>
@ -63402,7 +63545,7 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<DefaultValue>3</DefaultValue>
<Description>Network security LAN Manager authentication level
This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
@ -63455,7 +63598,7 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<DefaultValue>536870912</DefaultValue>
<Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
@ -63493,7 +63636,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<DefaultValue>536870912</DefaultValue>
<Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
@ -65452,6 +65595,34 @@ The options are:
<MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>DisablePrivacyExperience</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>OOBE.admx</MSFT:ADMXMapped>
<MSFT:ADMXCategory>OOBE~AT~WindowsComponents~OOBE</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>DisablePrivacyExperience</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>EnableActivityFeed</NodeName>
<DFProperties>
@ -69810,12 +69981,12 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>SmartScreen.admx</MSFT:ADMXMapped>
<MSFT:ADMXCategory>SmartScreen~AT~WindowsComponents~SmartScreen~Shell</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>ConfigureAppInstallControl</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
@ -70823,6 +70994,34 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>AllowDeviceNameInDiagnosticData</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>AllowDeviceNameInDiagnosticData</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>AllowDeviceNameInDiagnosticData</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>AllowEmbeddedMode</NodeName>
<DFProperties>
@ -72934,7 +73133,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
<MSFT:SupportedValues low="0" high="30"></MSFT:SupportedValues>
<MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>EngagedRestartTransitionSchedule</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
@ -72962,7 +73161,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
<MSFT:SupportedValues low="0" high="30"></MSFT:SupportedValues>
<MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>EngagedRestartTransitionScheduleForFeatureUpdates</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
@ -73677,7 +73876,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
</DFProperties>
</Node>
<Node>
<NodeName>UpdateNotificationKioskMode</NodeName>
<NodeName>UpdateNotificationLevel</NodeName>
<DFProperties>
<AccessType>
<Get />
@ -73699,7 +73898,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
<MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
<MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>UpdateNotificationKioskMode</MSFT:ADMXPolicyName>
<MSFT:ADMXPolicyName>UpdateNotificationLevel</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>

View File

@ -41,7 +41,7 @@ The following diagram shows the Reboot configuration service provider management
<p style="margin-left: 20px">The supported operations are Get, Add, Replace, and Delete.</p>
<a href="" id="schedule-dailyrecurrent"></a>**Schedule/DailyRecurrent**
<p style="margin-left: 20px">This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. For example: 2015-12-15T07:36:25Z</p>
<p style="margin-left: 20px">This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00. </p>
<p style="margin-left: 20px">The supported operations are Get, Add, Replace, and Delete.</p>

View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 03/22/2018
ms.date: 08/02/2018
---
# WindowsDefenderApplicationGuard CSP
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in the Application Guard. This CSP was added in Windows 10, version 1709.
@ -19,20 +21,19 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se
![windowsdefenderapplicationguard csp](images/provisioning-csp-windowsdefenderapplicationguard.png)
<a href="" id="windowsdefenderapplicationguard"></a>**./Device/Vendor/MSFT/WindowsDefenderApplicationGuard**
<p style="margin-left: 20px">Root node. Supported operation is Get.</p>
<p style="margin-left: 20px"></p>
Root node. Supported operation is Get.
<a href="" id="settings"></a>**Settings**
<p style="margin-left: 20px">Interior node. Supported operation is Get.</p>
Interior node. Supported operation is Get.
<a href="" id="allowwindowsdefenderapplicationguard"></a>**Settings/AllowWindowsDefenderApplicationGuard**
<p style="margin-left: 20px">Turn on Windows Defender Application Guard in Enterprise Mode. Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
Turn on Windows Defender Application Guard in Enterprise Mode. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
- 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment.
- 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container.
<a href="" id="clipboardfiletype"></a>**Settings/ClipboardFileType**
<p style="margin-left: 20px">Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
- 0 - Disables content copying.
- 1 - Allow text copying.
@ -40,7 +41,7 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se
- 3 - Allow text and image copying.
<a href="" id="clipboardsettings"></a>**Settings/ClipboardSettings**
<p style="margin-left: 20px">This policy setting allows you to decide how the clipboard behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete</p>
This policy setting allows you to decide how the clipboard behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete
- 0 (default) - Completely turns Off the clipboard functionality for the Application Guard.
- 1 - Turns On clipboard operation from an isolated session to the host
@ -51,7 +52,7 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se
> Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
<a href="" id="printingsettings"></a>**Settings/PrintingSettings**
<p style="margin-left: 20px">This policy setting allows you to decide how the print functionality behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
This policy setting allows you to decide how the print functionality behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
- 0 - Disables all print functionality (default)
- 1 - Enables only XPS printing
@ -70,13 +71,13 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se
- 15 - Enables all printing
<a href="" id="blocknonenterprisecontent"></a>**Settings/BlockNonEnterpriseContent**
<p style="margin-left: 20px">This policy setting allows you to decide whether websites can load non-enterprise content in Microsoft Edge and Internet Explorer. Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
This policy setting allows you to decide whether websites can load non-enterprise content in Microsoft Edge and Internet Explorer. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
- 0 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Windows Defender Application Guard.
- 1 (default) - Non-enterprise sites can open outside of the Windows Defender Application Guard container, directly in Internet Explorer and Microsoft Edge.
- 0 (default) - Non-enterprise content embedded in enterprise sites is allowed to open outside of the Windows Defender Application Guard container, directly in Internet Explorer and Microsoft Edge..
- 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Windows Defender Application Guard.
<a href="" id="allowpersistence"></a>**Settings/AllowPersistence**
<p style="margin-left: 20px">This policy setting allows you to decide whether data should persist across different sessions in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
This policy setting allows you to decide whether data should persist across different sessions in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
- 0 - Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user log-off.
- 1 - Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
@ -93,29 +94,62 @@ Added in Windows 10, version 1803. This policy setting allows you to determine w
- 0 (default) - The user cannot download files from Edge in the container to the host file system. When the policy is not configured, it is the same as disabled (0).
- 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system.
<a href="" id="status"></a>**Status**
<p style="margin-left: 20px">Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device. Value type is integer. Supported operation is Get.
<a href="" id="filetrustcriteria"></a>**Settings/FileTrustCriteria**
Placeholder for future use. Do not use in production code.
Bit 0 - Set to 1 when WDAG is enabled into enterprise manage mode
<a href="" id="filetrustoriginremovablemedia"></a>**Settings/FileTrustOriginRemovableMedia**
Placeholder for future use. Do not use in production code.
<a href="" id="filetrustoriginnetworkshare"></a>**Settings/FileTrustOriginNetworkShare**
Placeholder for future use. Do not use in production code.
<a href="" id="filetrustoriginmarkoftheweb"></a>**Settings/FileTrustOriginMarkOfTheWeb**
Placeholder for future use. Do not use in production code.
<a href="" id="certificatethumbprints"></a>**Settings/CertificateThumbprints**
Added in Windows 10, next major version. This policy setting allows certain Root Certificates to be shared with the Windows Defender Application Guard container.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
If you enable this setting, certificates with a thumbprint matching the ones specified will be transferred into the container. You can specify multiple certificates using a comma to separate the thumbprints for each certificate you want to transfer.
Example: b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924
If you disable or dont configure this setting, certificates are not shared with the Windows Defender Application Guard container.
<a href="" id="allowcameramicrophoneredirection"></a>**Settings/AllowCameraMicrophoneRedirection**
Added in Windows 10, next major version. The policy allows you to determine whether applications inside Windows Defender Application Guard can access the devices camera and microphone when these settings are enabled on the users device.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
If you enable this policy, applications inside Windows Defender Application Guard will be able to access the camera and microphone on the users device.
If you disable or don't configure this policy, applications inside Windows Defender Application Guard will be unable to access the camera and microphone on the users device.
> [!Important]
> If you turn on this policy, a compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge. To prevent unauthorized access, we recommend that camera and microphone privacy settings be turned off on the user's device when they are not needed.
<a href="" id="status"></a>**Status**
Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device. Value type is integer. Supported operation is Get.
Bit 0 - Set to 1 when WDAG is enabled into enterprise manage mode
Bit 1 - Set to 1 when the client machine is Hyper-V capable
Bit 2 - Set to 1 when the client machine has a valid OS license and SKU
Bit 3 - Set to 1 when WDAG installed on the client machine
Bit 4 - Set to 1 when required Network Isolation Policies are configured
Bit 5 - Set to 1 when the client machine meets minimum hardware requirements
</p>
<a href="" id="installwindowsdefenderapplicationguard"></a>**InstallWindowsDefenderApplicationGuard**
<p style="margin-left: 20px">Initiates remote installation of Application Guard feature. Supported operations are Get and Execute.</p>
Initiates remote installation of Application Guard feature. Supported operations are Get and Execute.
- Install - Will initiate feature install
- Uninstall - Will initiate feature uninstall
<a href="" id="audit"></a>**Audit**
<p style="margin-left: 20px">Interior node. Supported operation is Get</p>
Interior node. Supported operation is Get
<a href="" id="auditapplicationguard"></a>**Audit/AuditApplicationGuard**
<p style="margin-left: 20px">This policy setting allows you to decide whether auditing events can be collected from Application Guard. Value type in integer. Supported operations are Add, Get, Replace, and Delete.</p>
This policy setting allows you to decide whether auditing events can be collected from Application Guard. Value type in integer. Supported operations are Add, Get, Replace, and Delete.
- 0 (default) - - Audit event logs aren't collected for Application Guard.
- 1 - Application Guard inherits its auditing policies from Microsoft Edge and starts to audit system events specifically for Application Guard.

View File

@ -6,17 +6,19 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 03/22/2018
ms.date: 08/02/2018
---
# WindowsDefenderApplicationGuard DDF file
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **WindowsDefenderApplicationGuard** configuration service provider.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
This XML is for Windows 10, version 1803.
This XML is for Windows 10, next major version.
``` syntax
<?xml version="1.0" encoding="UTF-8"?>
@ -42,7 +44,7 @@ This XML is for Windows 10, version 1803.
<Permanent />
</Scope>
<DFType>
<MIME>com.microsoft/1.2/MDM/WindowsDefenderApplicationGuard</MIME>
<MIME>com.microsoft/1.3/MDM/WindowsDefenderApplicationGuard</MIME>
</DFType>
</DFProperties>
<Node>
@ -248,6 +250,147 @@ This XML is for Windows 10, version 1803.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>FileTrustCriteria</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>FileTrustOriginRemovableMedia</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>FileTrustOriginNetworkShare</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>FileTrustOriginMarkOfTheWeb</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>CertificateThumbprints</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<CaseSense>
<CIS />
</CaseSense>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>AllowCameraMicrophoneRedirection</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Status</NodeName>

View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

View File

@ -8,7 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: edu, security
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
ms.author: jdecker
---

View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 08/03/2018
---

View File

@ -9,7 +9,7 @@ ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
ms.date: 07/20/2018
ms.localizationpriority: high
ms.localizationpriority: medium
---
# Frequently asked questions and troubleshooting Windows Analytics

View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
ms.date: 07/18/2018
ms.date: 08/01/2018
ms.localizationpriority: medium
---
@ -52,9 +52,9 @@ To enable data sharing, configure your proxy sever to whitelist the following en
| `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
| `https://oca.telemetry.microsoft.com` | Online Crash Analysis; required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
| `https://login.live.com` | Windows Error Reporting (WER); required by Device Health for device tickets. |
| `https://login.live.com` | Windows Error Reporting (WER); required by Device Health. **Note:** WER does *not* use login.live.com to access Microsoft Account consumer services such as Xbox Live. WER uses an anti-spoofing API at that address to enhance the integrity of error reports. |
| `https://www.msftncsi.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
| `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. **Note:** In this context login.live.com is *not* used for access to Microsoft Account consumer services. The endpoint is used only as part of the WIndows Error Reporting protocol to enhance the integrity of error reports. |
| `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
>[!NOTE]

View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.date: 07/18/2018
ms.localizationpriority: high
ms.localizationpriority: medium
---
# SetupDiag

View File

@ -4,7 +4,7 @@ description: How to add devices to Windows Autopilot
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

View File

@ -4,7 +4,7 @@ description: How to configure Windows Autopilot deployment
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

View File

@ -7,7 +7,7 @@ ms.technology: Windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: high
ms.localizationpriority: medium
author: coreyp-at-msft
ms.author: coreyp
ms.date: 06/01/2018

View File

@ -4,7 +4,7 @@ description: How to configure Windows Autopilot deployment
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

View File

@ -4,7 +4,7 @@ description: Listing of Autopilot scenarios
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

View File

@ -7,7 +7,7 @@ ms.technology: Windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: high
ms.localizationpriority: medium
author: coreyp-at-msft
ms.author: coreyp
ms.date: 06/01/2018

View File

@ -4,7 +4,7 @@ description: This topic goes over Windows Autopilot and how it helps setup OOBE
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

Some files were not shown because too many files have changed in this diff Show More