deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-22 02:07:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into App-v-revision

Browse Source
This commit is contained in:
Heidi Lohr 2018-07-25 09:48:42 -07:00
commit 595237e429
100 changed files with 9517 additions and 677 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
browsers/edge/TOC.md
View File

@ -1,9 +1,17 @@
#[Microsoft Edge - Deployment Guide for IT Pros](index.md)
#[Microsoft Edge - Deployment guidance for IT Pros](index.md)
##[New Microsoft Edge Group Policies and MDM settings](new-policies.md)
##[Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
##Group Policy configuration options
###[Home button settings](group-policies/home-button-gp.md)
###[Prelaunch Microsoft Edge and preload tabs](group-policies/prelaunch-preload-gp.md)
###[Search engine customization](group-policies/search-engine-customization-gp.md)
###[Start pages settings](group-policies/start-pages-gp.md)
###[Sync browser settings](group-policies/sync-browser-settings-gp.md)
##[Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
##[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)

9
browsers/edge/available-policies.md
View File

@ -24,9 +24,11 @@ By using Group Policy and Intune, you can set up a policy setting once, and then
> For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
Microsoft Edge works with the following Group Policy settings to help you manage your company's web browser configurations. The Group Policy settings are found in the Group Policy Editor in the following location:
Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\
>*You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:*
>
>      *Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\*
<p>
## Allow a shared books folder
[!INCLUDE [allow-shared-folder-books-include.md](includes/allow-shared-folder-books-include.md)]
@ -64,9 +66,6 @@ Computer Configuration\Administrative Templates\Windows Components\Microsoft Edg
## Allow search engine customization
[!INCLUDE [allow-search-engine-customization-include.md](includes/allow-search-engine-customization-include.md)]
## Allow Start and New Tab page preload
[!INCLUDE [allow-tab-preloading-include](includes/allow-tab-preloading-include.md)]
## Allow web content on New Tab page
[!INCLUDE [allow-web-content-new-tab-page-include.md](includes/allow-web-content-new-tab-page-include.md)]

0
browsers/edge/group-policies/bowsing-history-gp.md Normal file
View File

0
browsers/edge/group-policies/browser-telemetry-gp.md Normal file
View File

0
browsers/edge/group-policies/enterprise-mode-gp.md Normal file
View File

0
browsers/edge/group-policies/extensions-gp.md Normal file
View File

0
browsers/edge/group-policies/favorites-bar-gp.md Normal file
View File

26
browsers/edge/group-policies/home-button-gp.md Normal file
View File

@ -0,0 +1,26 @@
---
title: Microsoft Edge - Home button configuration options
description: Microsoft Edge shows the home button and by clicking it the Start page loads by default.
ms.author: pashort
author: shortpatti
ms.date: 07/23/2018
---
# Home button configuration options
Microsoft Edge shows the home button and by clicking it the Start page loads by default. You can configure the Home button to load the New tab page or a URL defined in the Set Home button URL policy. You can also configure Microsoft Edge to hide the home button.
## Policies
- [Configure Home button](../new-policies.md#configure-home-button)
- [Set Home button URL](../new-policies.md#set-home-button-url)
- [Unlock Home Button](../new-policies.md#unlock-home-button)
## Configuration options
![Show home button and load Start page or New tab page](../images/home-button-start-new-tab-page-v4-sm.png)
![Show home button and load custom URL](../images/home-buttom-custom-url-v4-sm.png)
![Hide home button](../images/home-button-hide-v4-sm.png)

205
browsers/edge/group-policies/index.md Normal file
View File

@ -0,0 +1,205 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Microsoft Edge Group Policy configuration options
metadata:
document_id:
title: Microsoft Edge Group Policy configuration options
description: Learn about the different configuration options available in Microsoft Edge on Windows 10.
text: Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
keywords: Microsoft Edge, Windows 10
ms.localizationpriority: high
author: shortpatti
ms.author: pashort
ms.date: 07/23/2018
ms.topic: article
ms.devlang: na
sections:
- title: Learn about...
- items:
- type: markdown
text: Get ready to deploy Microsoft Edge.
- items:
- type: list
style: cards
className: cardsE
columns: 3
items:
- href: \browsers\edge\group-policies
html: <p>Learn about the Always On VPN deployment and where to get started.</p>
image:
src: https://docs.microsoft.com/media/common/i_get-started.svg
title: Begin your journey
- href: \windows-server\remote\remote-access\vpn\vpn-map-da
html: <p>Learn how Always On VPN has expanded the VPN functionality beyond the capabilities of DirectAccess.</p>
image:
src: https://docs.microsoft.com/media/common/i_quick-start.svg
title: DirectAccess and Always On VPN feature comparison
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\always-on-vpn-enhancements
html: <p>Learn about the key improvements in integration, security, connectivity, networking control, and compatibility.</p>
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
title: Enhancements in Always On VPN
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\always-on-vpn-technology-overview
html: <p>Learch about the technologies used in the Always On VPN deployment.</p>
image:
src: https://docs.microsoft.com/media/common/i_overview.svg
title: Technology overview
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\deploy\always-on-vpn-adv-options
html: <p>Learn about the advanced VPN features you can add to improve the security and availability of your VPN connection.</p>
image:
src: https://docs.microsoft.com/media/common/i_advanced.svg
title: Extend Always On VPN with advanced features
- title: Get started...
items:
- type: paragraph
text: 'Deploy Always On VPN connections for domain-joined Windows 10 client computers. You can also migrate from DirectAccess to Always On VPN and configure conditional access using Azure AD.'
- type: list
style: cards
className: cardsE
columns: 3
items:
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\deploy\always-on-vpn-deploy-deployment
html: <p>Discover what's needed to deploy VPN connections.</p>
image:
src: https://docs.microsoft.com/media/common/i_architecture.svg
title: Deployment workflow and scenarios
- href: \windows-server\remote\remote-access\da-always-on-vpn-migration\da-always-on-migration-overview
html: <p>Start planning the migration from DirectAccess to Always On VPN.</p>
image:
src: https://docs.microsoft.com/media/common/i_upgrade.svg
title: Migrate from DirectAccess
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\deploy\always-on-vpn-deploy-planning
html: <p>Start planning and preparing your Always On VPN deployment.</p>
image:
src: https://docs.microsoft.com/media/common/i_guidelines.svg
title: Plan the Always On VPN deployment
- href: \windows-server\remote\remote-access\vpn\always-on-vpn\deploy\vpn-deploy-server-infrastructure
html: <p>Start setting up and configuring the VPN infrastructure along with the Windows 10 client VPN connectivity.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: Deploy the VPN infrastructure
- href: \windows-server\remote\remote-access\vpn\ad-ca-vpn-connectivity-windows10
html: <p>Fine-tune how VPN users access your resources using Azure AD conditional access.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: Configure conditional access
- items:
- type: list
style: cards
className: cardsL
items:
- title: Troubleshoot Always On VPN
html: <p><a class="barLink" href="/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting#vpnprofileps1-script-issues">VPN_Profile.ps1 script issues</a></p>
<p><a class="barLink" href="/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting#always-on-vpn-client-connection-issues">Always On VPN client connection issues</a></p>
<p><a class="barLink" href="/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting#azure-ad-conditional-access-connection-issues">Azure AD Conditional Access connection issues</a></p>
<p><a class="barLink" href="/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting#error-codes">Error codes</a></p><br>
<p><a class="barLink" href="/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting#logs">Log files</a></p></div>
- title: Additional resources
html: <p><a class="barLink" href="https://docs.microsoft.com/windows/access-protection/vpn/vpn-guide">Windows 10 VPN Technical Guide</a></p>
<p><a class="barLink" href="https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/vpnv2-csp">VPNv2 CSP</a></p>
<p><a class="barLink" href="https://technet.microsoft.com/library/hh831740.aspx">Active Directory Certificate Services Overview</a></p>
<p><a class="barLink" href="https://technet.microsoft.com/library/cc730705.aspx">Certificate Templates</a></p>
<p><a class="barLink" href="https://social.technet.microsoft.com/wiki/contents/articles/2901.public-key-infrastructure-design-guidance.aspx">Public Key Infrastructure Design Guidance</a></p><p></p>
<p><a class="barLink" href="https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx">AD CS Step by Step Guide - Two Tier PKI Hierarchy Deployment</a></p>

0
browsers/edge/group-policies/kiosk-mode-gp.md Normal file
View File

17
browsers/edge/group-policies/new-tab-page-gp.md Normal file
View File

@ -0,0 +1,17 @@
---
title: New tab page
description: Microsoft Edge loads the default New tab page by default. You can configure Microsoft Edge to load a New tab page URL and prevent users from changing it.
ms.author: pashort
author: shortpatti
ms.date: 07/20/2018
---
# New tab page
Microsoft Edge loads the default New tab page by default. You can configure Microsoft Edge to load a New tab page URL and prevent users from changing it. When you enable this policy, and you disable the Allow web content on New tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.
Policy: Set New Tab page URL

0
browsers/edge/group-policies/open-sites-in-ie11-gp.md Normal file
View File

27
browsers/edge/group-policies/prelaunch-preload-gp.md Normal file
View File

@ -0,0 +1,27 @@
---
title: Microsoft Edge - Prelaunch and tab preload configuration options
description: Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge.
ms.author: pashort
author: shortpatti
ms.date: 07/23/2018
---
# Prelaunch Microsoft Edge and preload tabs in the background
Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. You can also configure Microsoft Edge to prevent Microsoft Edge from pre-launching.
Additionally, Microsoft Edge preloads the Start and New tab pages during Windows sign in, which minimizes the amount of time required to start Microsoft Edge and load a new tab. You can also configure Microsoft Edge to prevent preloading of tabs.
## Policies
- [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](../new-policies.md#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
- [Allow Prelaunch ](../new-policies.md#allow-prelaunch)
## Configuration options
![Only preload the Start and New tab pages during Windows startup](../images/preload-tabs-only-sm.png)
![Prelauch Microsoft Edge and preload Start and New tab pages](../images/prelaunch-edge-and-preload-tabs-sm.png)
![Only prelaunch Microsoft Edge during Windows startup](../images/prelaunch-edge-only-sm.png)

0
browsers/edge/group-policies/printing-gp.md Normal file
View File

28
browsers/edge/group-policies/search-engine-customization-gp.md Normal file
View File

@ -0,0 +1,28 @@
---
title: Microsoft Edge - Search engine customization
description: By default, Microsoft Edge uses the default search engine specified in App settings, which lets users make changes to it. You can configure Microsoft Edge to use the policy-set search engine specified in the OpenSearch XML file.
ms.author: pashort
author: shortpatti
ms.date: 07/23/2018
---
# Search engine customization
By default, Microsoft Edge uses the default search engine specified in App settings, which lets users make changes to it. You can configure Microsoft Edge to use the policy-set search engine specified in the OpenSearch XML file. You can also prevent users from making changes to the search engine settings.
## Policies
- [Set default search engine](../available-policies.md#set-default-search-engine)
- [Allow web content on New Tab page](../available-policies.md#allow-web-content-on-new-tab-page)
- [Configure additional search engines](../available-policies.md#configure-additional-search-engines)
## Configuration options
![Set default search engine configurations](../images/set-default-search-engine-v4-sm.png)

36
browsers/edge/group-policies/start-pages-gp.md Normal file
View File

@ -0,0 +1,36 @@
---
title: Start pages
description: Configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages.
ms.author: pashort
author: shortpatti
ms.date: 07/23/2018
---
# Start pages
Microsoft Edge loads the pages specified in App settings as the default Start pages. You can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes.
## Policies
- [Configure Open Microsoft Edge With](../new-policies.md#configure-open-microsoft-edge-with)
- [Configure Start Pages](../available-policies.md#configure-start-pages)
- [Disable Lockdown of Start Pages](../available-policies.md#configure-windows-defender-smartscreen)
## Configuration options
![Load URLs defined in Configure Start Pages](../images/load-urls-defined-in-configure-open-edge-with-main-sm.png)
| **Configure Open Microsoft Edge With** | **Configure Start Pages** | **Disabled Lockdown of Start Pages** | **Outcome** |
| --- | --- | --- | --- |
| Enabled (applies to all options) | Enabled String | Enabled (all configured start pages are editable) | Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to make changes. |
| Disabled or not configured | Enabled String | Enabled (any Start page configured in the Configured Start Pages policy) | Load any start page and let users make changes .|
| Enabled (Start page) | Enabled String | Blank or not configured | Load Start page(s) and prevent users from making changes. |
| Enabled (New tab page) | Enabled String | Blank or not configured | Load New tab page and prevent users from making changes. |
| Enabled (Previous pages) | Enabled String | Blank or not configured | Load previously opened pages and prevent users from making changes. |
| Enabled (A specific page or pages) | Enabled String | Blank or not configured | Load a specific page or pages and prevent users from making changes. |
| Enabled (A specific page or pages) | Enabled String | Enabled (any Start page configured in Configure Start Pages policy) | Load a specific page or pages and let users make changes. |
---

31
browsers/edge/group-policies/sync-browser-settings-gp.md Normal file
View File

@ -0,0 +1,31 @@
---
title: Microsoft Edge - Sync browser settings
description: By default, the “browser” group syncs automatically between the users devices, letting users make changes.
ms.author: pashort
author: shortpatti
ms.date: 07/23/2018
---
# Sync browser settings
By default, the “browser” group syncs automatically between the users devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the Sync your Settings toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy.
## Policies
- [Do not sync browser settings](../available-policies.md#do-not-sync-browser-settings)
- [Prevent users from turning on browser syncing](../new-policies.md#prevent-users-from-turning-on-browser-syncing)
## Configuration options
![Sync browser settings automatically](../images/sync-browser-settings-automatically-sm.png)
![Prevent syncing of browser settings](../images/prevent-syncing-browser-settings-sm.png)
## Verify the configuration
To verify if syncing is turned on or off:
1. In the upper-right corner of Microsoft Edge, click the ellipses \(**...**\).
2. Click **Settings**.
3. Under Account, see if the setting is toggled on or off.<p>![Verify configuration](../images/sync-settings.PNG)

BIN
browsers/edge/images/home-buttom-custom-url-v4-sm.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 94 KiB

After

Width:  |  Height:  |  Size: 141 KiB

BIN
browsers/edge/images/home-buttom-custom-url-v4.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 119 KiB

After

Width:  |  Height:  |  Size: 155 KiB

BIN
browsers/edge/images/home-button-hide-v4-sm.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 65 KiB

After

Width:  |  Height:  |  Size: 77 KiB

BIN
browsers/edge/images/home-button-hide-v4.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 90 KiB

After

Width:  |  Height:  |  Size: 73 KiB

BIN
browsers/edge/images/home-button-start-new-tab-page-v4-sm.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 108 KiB

After

Width:  |  Height:  |  Size: 154 KiB

BIN
browsers/edge/images/home-button-start-new-tab-page-v4.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 176 KiB

7588
browsers/edge/images/load-any-start-page-let-users-make-changes.ai Normal file
View File

File diff suppressed because one or more lines are too long

BIN
browsers/edge/images/load-any-start-page-let-users-make-changes.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 236 KiB

BIN
browsers/edge/images/load-urls-defined-in-configure-open-edge-with-main-sm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 209 KiB

BIN
browsers/edge/images/load-urls-defined-in-configure-open-edge-with-main.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 258 KiB

BIN
browsers/edge/images/load-urls-defined-in-configure-open-edge-with-sm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 257 KiB

BIN
browsers/edge/images/load-urls-defined-in-configure-open-edge-with.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 257 KiB

BIN
browsers/edge/images/prelaunch-edge-and-preload-tabs-sm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

BIN
browsers/edge/images/prelaunch-edge-and-preload-tabs.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 61 KiB

BIN
browsers/edge/images/prelaunch-edge-only-sm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 77 KiB

BIN
browsers/edge/images/prelaunch-edge-only.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

BIN
browsers/edge/images/preload-tabs-only-sm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 79 KiB

BIN
browsers/edge/images/preload-tabs-only.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 61 KiB

BIN
browsers/edge/images/prevent-syncing-browser-settings-sm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 79 KiB

BIN
browsers/edge/images/prevent-syncing-browser-settings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 83 KiB

BIN
browsers/edge/images/set-default-search-engine-v4-sm.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 196 KiB

After

Width:  |  Height:  |  Size: 213 KiB

BIN
browsers/edge/images/set-default-search-engine-v4.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 261 KiB

After

Width:  |  Height:  |  Size: 246 KiB

BIN
browsers/edge/images/sync-browser-settings-automatically-sm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
browsers/edge/images/sync-browser-settings-automatically.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 325 KiB

BIN
browsers/edge/images/use-enterprise-mode-with-microsoft-edge.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 325 KiB

4
browsers/edge/includes/allow-full-screen-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Allow fullscreen mode
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Enabled or not configured (Allowed)*
@ -22,7 +22,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[AllowFullscreen](../new-policies.md#allow-fullscreen-mode)
- **MDM name:** Browser/[AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFullscreen
- **Data type:** Integer

8
browsers/edge/includes/allow-prelaunch-include.md
View File

@ -1,6 +1,6 @@
<!-- Allow Prelaunch
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Enabled or not configured (Allowed)*
[!INCLUDE [allow-prelaunch-shortdesc](../shortdesc/allow-prelaunch-shortdesc.md)]
@ -12,6 +12,10 @@
|Disabled |0 |0 |Prevented/not allowed |![Most restrictive value](../images/check-gn.png) |
|Enabled or not configured<br>**(default)** |1 |1 |Allowed | |
---
### Configuration options
For more details about configuring the prelaunch and preload options, see [Prelaunch Microsoft Edge and preload tabs in the background](../group-policies/prelaunch-preload-gp.md).
### ADMX info and settings
@ -22,7 +26,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[AllowPrelaunch](../new-policies.md#allow-prelaunch)
- **MDM name:** Browser/[AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPrelaunch
- **Data type:** Integer

4
browsers/edge/includes/allow-printing-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Allow printing
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Enabled or not configured (Allowed)*
[!INCLUDE [allow-printing-shortdesc](../shortdesc/allow-printing-shortdesc.md)]
@ -21,7 +21,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[AllowPrinting](../new-policies.md#allow-printing)
- **MDM name:** Browser/[AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPrinting
- **Data type:** Integer

4
browsers/edge/includes/allow-saving-history-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Allow Saving History
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Enabled or not configured (Allowed)*
[!INCLUDE [allow-saving-history-shortdesc](../shortdesc/allow-saving-history-shortdesc.md)]
@ -21,7 +21,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[AllowSavingHistory](../new-policies.md#allow-saving-history)
- **MDM name:** Browser/[AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSavingHistory
- **Data type:** Integer

19
browsers/edge/includes/allow-search-engine-customization-include.md
View File

@ -12,21 +12,9 @@
|Enabled or not configured<br>**(default)** |1 |1 |Allowed | |
---
### Configuration options
| **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
| --- | --- | --- | --- |
| Not configured (default) | Disabled | Disabled or not configured (default) | Default search engine specified in App settings. Users cannot make changes. |
| Not configured (default) | Enabled or not configured (default) | Disabled or not configured (default) | Default search engine specified in App settings. Users can make changes to the default search engine at any time. |
| Disabled | Disabled | Disabled or not configured (default) | Users cannot add, remove, or change any of the search engines, but they can set a default search engine. |
| Disabled | Enabled or not configured (default) | Disabled or not configured (default) | Users can add new search engines or change the default search engine, in Settings. |
| Enabled | Disabled | Disabled or not configured (default) | Set the default search engine preventing users from making changes. |
| Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
---
![Set default search engine configurations](../images/set-default-search-engine-v4-sm.png)
For more details about configuring the search engine, see [Search engine customization](../group-policies/search-engine-customization-gp.md).
### ADMX info and settings
@ -56,8 +44,9 @@
- [Configure additional search engines](../available-policies.md#configure-additional-search-engines): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
### Related topics
- [Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy): This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
- [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery): Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites.
- [!INCLUDE [man-connections-win-comp-services-shortdesc-include](man-connections-win-comp-services-shortdesc-include.md)]
- [!INCLUDE [search-provider-discovery-shortdesc-include](search-provider-discovery-shortdesc-include.md)]
<hr>

4
browsers/edge/includes/allow-sideloading-extensions-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Allow sideloading of Extensions
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Enabled (Allowed)*
[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
@ -21,7 +21,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[AllowSideloadingExtensions](../new-policies.md#allow-sideloading-of-extensions)
- **MDM name:** Browser/[AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSideloadingExtensions
- **Data type:** Integer

6
browsers/edge/includes/allow-tab-preloading-include.md
View File

@ -12,6 +12,10 @@
|Disabled |1 |1 |Prevented/not allowed. |![Most restricted value](../images/check-gn.png) |
---
### Configuration options
For more details about configuring the prelaunch and preload options, see [Prelaunch Microsoft Edge and preload tabs in the background](../group-policies/prelaunch-preload-gp.md).
### ADMX info and settings
#### ADMX info
@ -21,7 +25,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[AllowTabPreloading](../new-policies.md#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
- **MDM name:** Browser/[AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowTabPreloading
- **Data type:** Integer

2
browsers/edge/includes/allow-web-content-new-tab-page-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Allow web content on New Tab page
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Enabled (Default New tab page loads)*

4
browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
View File

@ -1,5 +1,5 @@
<!-- Configure collection of browsing data for Microsoft 365 Analytics
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Disabled or not configured (No data collected or sent)*
[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
@ -28,7 +28,7 @@
#### MDM settings
- **MDM name:** Browser/[ConfigureTelemetryForMicrosoft365Analytics](../new-policies.md#configure-collection-of-browsing-data-for-microsoft-365-analytics)
- **MDM name:** Browser/[ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureTelemetryForMicrosoft365Analytics
- **Data type:** Integer

6
browsers/edge/includes/configure-cookies-include.md
View File

@ -28,8 +28,8 @@
- **Data type:** Integer
#### Registry settings
** |<ul><li>**Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
**Value name:** Cookies
**Value type:** REG_DWORD
- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
- **Value name:** Cookies
- **Value type:** REG_DWORD
<hr>

4
browsers/edge/includes/configure-do-not-track-include.md
View File

@ -8,9 +8,9 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Not configured |Blank |Blank |Do not send tracking information but let users choose to send tracking information to sites they visit. | |
|Not configured<br>**(default)** |Blank |Blank |Do not send tracking information but let users choose to send tracking information to sites they visit. | |
|Disabled |1 |1 |Never send tracking information. | |
|Enabled<br>**(default)** |1 |1 |Send tracking information. |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Send tracking information. |![Most restricted value](../images/check-gn.png) |
---
### ADMX info and settings

4
browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Configure kiosk reset after idle timeout
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: 5 minutes*
[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]
@ -21,7 +21,7 @@ You must set the Configure kiosk mode policy to enabled (1 - InPrivate public br
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ConfigureKioskResetAfterIdleTimeout](../new-policies.md#configure-kiosk-reset-after-idle-timeout)
- **MDM name:** Browser/[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
- **Data type:** Integer

17
browsers/edge/includes/configure-enterprise-mode-site-list-include.md
View File

@ -7,10 +7,10 @@
### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |Turned off. Microsoft Edge does not check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps. | |
|Enabled |1 |1 |Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 second, but uses the existing file. To add the location to your site list, enter it in the **{URI}** box.<p>For details on how to configure the Enterprise Mode Site List, see the [Instructions](#instructions) section below. | |
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Disabled or not configured<br>**(default)** |0 |0 |Turned off. Microsoft Edge does not check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps. |
|Enabled |1 |1 |Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 second, but uses the existing file. To add the location to your site list, enter it in the **{URI}** box.<p>For details on how to configure the Enterprise Mode Site List, see the [Instructions](#instructions) section below. |
---
### ADMX info and settings
@ -70,8 +70,7 @@ which is the equivalent to this Microsoft Edge policy.
- [Step 1. Turn on Enterprise Mode](#step-1-turn-on-enterprise-mode)
- [Step 2. (Optional) Import your Enterprise Mode Site List](#step-2-optional-import-your-enterprise-mode-site-list)
- [Step 3. Add sites to your list](#step-3-add-sites-to-your-list)
- [Step 4. Turn on Enterprise Mode and use a site list](#step-4-set-up-microsoft-edge-to-use-the-enterprise-mode-site-list)
- [Step 5. Send all intranet sites to Internet Explorer 11](#step-5-send-all-intranet-sites-to-internet-explorer-11)
- [Step 4. Send all intranet sites to Internet Explorer 11](#step-5-send-all-intranet-sites-to-internet-explorer-11)
#### Step 1. Turn on Enterprise Mode
@ -95,11 +94,7 @@ which is the equivalent to this Microsoft Edge policy.
6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your Group Policy setting.
#### Step 4. Set up Microsoft Edge to use the Enterprise Mode Site List
add the steps here, if there are steps
#### Step 5. Send all intranet sites to Internet Explorer 11
#### Step 4. Send all intranet sites to Internet Explorer 11
Enabling the Send all intranet sites to Internet Explorer 11 policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.

2
browsers/edge/includes/configure-favorites-bar-include.md
View File

@ -23,7 +23,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ConfigureFavoritesBar](../new-policies.md#configure-favorites-bar)
- **MDM name:** Browser/[ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)
- **Supported devices:** Desktop and Mobile
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureFavoritesBar
- **Data type:** Integer

4
browsers/edge/includes/configure-favorites-include.md
View File

@ -1,2 +1,4 @@
<!-- ## Configure Favorites -->
>Use [Provision Favorites](../available-policies.md#provision-favorites) in place of this policy.
>Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy in place of Configure Favorites.
<hr>

19
browsers/edge/includes/configure-home-button-include.md
View File

@ -1,4 +1,4 @@
<!-- ## Configure Home Button
<!-- ## Configure Home button
>*Supported versions: Microsoft Edge on Windows 10*<br> -->
>*Default setting: Disabled or not configured (Show home button and load the Start page)*
@ -12,33 +12,28 @@
|---|:---:|:---:|---|
|Disabled or not configured<br>**(default)** |0 |0 |Show home button and load the Start page. |
|Enabled |1 |1 |Show home button and load the New tab page. |
|Enabled |2 |2 |Show home button and load the custom URL defined in the Set Home Button URL policy. |
|Enabled |2 |2 |Show home button and load the custom URL defined in the Set Home button URL policy. |
|Enabled |3 |3 |Hide home button. |
---
>[!TIP]
>If you want to make changes to this policy:<ol><li>Enable the **Unlock Home Button** policy.</li><li>Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.</li><li>Disable the **Unlock Home Button** policy.</li></ol>
### Configuration options
![Show home button and load Start page or New tab page](../images/home-button-start-new-tab-page-v4-sm.png)
For more details about configuring the different Home button options, see [Home button](../group-policies/home-button-gp.md).
![Show home button and load custom URL](../images/home-buttom-custom-url-v4-sm.png)
>[!TIP]
>If you want to make changes to this policy:<ol><li>Enable the **Unlock Home Button** policy.</li><li>Make changes to the **Configure Home button** policy or **Set Home button URL** policy.</li><li>Disable the **Unlock Home Button** policy.</li></ol>
![Hide home button](../images/home-button-hide-v4-sm.png)
### ADMX info and settings
#### ADMX info
- **GP English name:** Configure Home Button
- **GP English name:** Configure Home button
- **GP name:** ConfigureHomeButton
- **GP element:** ConfigureHomeButtonDropdown
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ConfigureHomeButton](../new-policies.md#configure-home-button)
- **MDM name:** Browser/[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)
- **Supported devices:** Desktop and Mobile
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton
- **Data type:** Integer

4
browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
View File

@ -1,6 +1,6 @@
<!-- ## Configure kiosk mode
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Not configured*
[!INCLUDE [configure-kiosk-mode-shortdesc](../shortdesc/configure-kiosk-mode-shortdesc.md)]
@ -26,7 +26,7 @@ For this policy to work, you must configure Microsoft Edge in assigned access; o
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ConfigureKioskMode](../new-policies.md#configure-kiosk-mode)
- **MDM name:** Browser/[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
- **Data type:** Integer

20
browsers/edge/includes/configure-open-edge-with-include.md
View File

@ -1,6 +1,6 @@
<!-- Configure Open Microsoft Edge With
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Enabled (A specific page or pages)*
[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
@ -20,20 +20,14 @@
|Enabled<br>**(default)** |3 |3 |Load a specific page or pages. |
---
### Configuration options
For more details about configuring the Start pages, see [Start pages](../group-policies/start-pages-gp.md).
>[!TIP]
>If you want to make changes to this policy:<ol><li>Set the **Disabled Lockdown of Start Pages** policy to not configured.</li><li>Make changes to the **Configure Open Microsoft With** policy.</li><li>Enable the **Disabled Lockdown of Start Pages** policy.</li></ol>
### Configuration options
| **Configure Open Microsoft Edge With** | **Configure Start Pages** | **Disabled Lockdown of Start Pages** | **Outcome** |
| --- | --- | --- | --- |
| Enabled (applies to all options) | Enabled String | Enabled (all configured start pages are editable) | Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to make changes. |
| Disabled or not configured | Enabled String | Enabled (any Start page configured in the Configured Start Pages policy) | Load any start page and let users make changes .|
| Enabled (Start page) | Enabled String | Blank or not configured | Load Start page(s) and prevent users from making changes. |
| Enabled (New tab page) | Enabled String | Blank or not configured | Load New tab page and prevent users from making changes. |
| Enabled (Previous pages) | Enabled String | Blank or not configured | Load previously opened pages and prevent users from making changes. |
| Enabled (A specific page or pages) | Enabled String | Blank or not configured | Load a specific page or pages and prevent users from making changes. |
| Enabled (A specific page or pages) | Enabled String | Enabled (any Start page configured in Configure Start Pages policy) | Load a specific page or pages and let users make changes. |
---
### ADMX info and settings
@ -44,7 +38,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ConfigureOpenEdgeWith](../new-policies.md#configure-open-microsoft-edge-with)
- **MDM name:** Browser/[ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureOpenEdgeWith
- **Data type:** Integer

2
browsers/edge/includes/configure-password-manager-include.md
View File

@ -1,6 +1,6 @@
<!-- ## Configure Password Manager -->
>*Supported versions: Microsoft Edge on Windows 10*<br>
>*Default setting: Enabled (Allowed/users can change the setting)
>*Default setting: Enabled (Allowed/users can change the setting)*
[!INCLUDE [configure-password-manager-shortdesc](../shortdesc/configure-password-manager-shortdesc.md)]

4
browsers/edge/includes/configure-start-pages-include.md
View File

@ -9,10 +9,12 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Not configured |Blank |Blank |Load the pages specified in App settings as the default Start pages. |
|Enabled |String |String |Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\><p>**Version 1703 or later:**<br>If you do not want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non-domain-joined devices when it's the only configured URL.<p>**Version 1810:**<br>When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy. |
|Enabled |String |String |Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:<p><p>&nbsp;&nbsp;&nbsp;&nbsp;\<support.contoso.com\>\<support.microsoft.com\><p>**Version 1703 or later:**<br>If you do not want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non-domain-joined devices when it's the only configured URL.<p>**Version 1810:**<br>When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy. |
---
### Configuration options
For more details about configuring the Start pages, see [Start pages](../group-policies/start-pages-gp.md).
### ADMX info and settings
#### ADMX info

10
browsers/edge/includes/disable-lockdown-of-start-pages-include.md
View File

@ -12,6 +12,11 @@
|Enabled |1 |1 |Unlocked. Users can make changes to all configured start pages.<p><p>When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
---
### Configuration options
For more details about configuring the Start pages, see [Start pages](../group-policies/start-pages-gp.md).
### ADMX info and settings
#### ADMX info
- **GP English name:** Disable lockdown of Start pages
@ -20,7 +25,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[DisableLockdownOfStartPages]()
- **MDM name:** Browser/[DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages
- **Data type:** Integer
@ -39,9 +44,8 @@
- [Configure Open Microsoft Edge With](../new-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
### Related topics
[Microsoft browser extension policy](aka.ms/browser policy)
[!INCLUDE [browser-extension-policy-shortdesc-include](browser-extension-policy-shortdesc-include.md)]
<hr>

21
browsers/edge/includes/do-not-sync-browser-settings-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Do not sync browser settings
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Disabled or not configured (Allowed/turned on)*
[!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)]
@ -14,26 +14,9 @@
### Configuration options
#### Sync the browser settings automatically:
**Disable** both the Do not sync browser settings Prevent users from turning on browser syncing policies.
For more details about configuring the browser syncing options, see [Sync browser settings](../group-policies/sync-browser-settings-gp.md).
#### Prevent syncing of browser settings and prevent users from turning it on:
1. **Enable** the Do not sync browser settings policy.
2. **Enable** or dont configure this policy (Prevented/turned off).
#### Prevent syncing of browser settings and give users a choice to turn on syncing:
1. **Enable** the Do not sync browser settings policy.
2. **Disable** this policy (Allowed/turned on).
#### Syncing turned off by default but not disabled:
1. **Enable** the Do not sync browser setting policy.
2. Select the _Allow users to turn “browser” syncing_ option.
#### Verify configuration
To verify if syncing is turned on or off:
1. In the upper-right corner of Microsoft Edge, click the ellipses \(**...**\).
2. Click **Settings**.
3. Under Account, see if the setting is toggled on or off.<p>![Verify configuration](../images/sync-settings.PNG)
### ADMX info and settings

20
browsers/edge/includes/do-not-sync-include.md
View File

@ -13,10 +13,22 @@
---
### ADMX info and settings
| |
|---|
|**ADMX info**<ul><li>**GP English name:** Do not sync</li><li>**GP name:** AllowSyncMySettings</li><li>**GP path:** Windows Components/Microsoft Edge</li><li>**GP ADMX file name:** MicrosoftEdge.admx</li></ul>**MDM settings**<ul><li>**MDM name:** Experience/[AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings)</li><li>**Supported devices:** Desktop</li><li>**URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings </li><li>**Data type:** Integer</li></ul>**Registry**<ul><li>**Path:** HKLM\Software\Policies\Microsoft\Windows\SettingSync</li><li>**Value name:** DisableSettingSync</li><li>**Value type:** REG_DWORD</li></ul> |
---
#### ADMX info
- **GP English name:** Do not sync
- **GP name:** AllowSyncMySettings
- **GP path:** Windows Components/Sync your settings
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Experience/[AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings
- **Data type:** Integer
#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\Windows\SettingSync
- **Value name:** DisableSettingSyn
- **Value type:** REG_DWORD
### Related topics
[About sync setting on Microsoft Edge on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices): Learn about what settings are sync'ed.

10
browsers/edge/includes/keep-fav-sync-ie-edge-include.md
View File

@ -12,16 +12,6 @@
|Enabled |1 |1 |Turned on/syncing. |![Most restricted value](../images/check-gn.png) |
---
### Configuration options
### Configuration options
| **Keep favorites in sync between IE and Microsoft Edge** | **Provision Favorites** | **Outcome** |
| --- | --- | --- |
| Disabled or not configured (default) | Disabled or not configured (default) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
| Enabled (turned on/syncing) | Disabled or not configured (default) | **Turned on/syncing**. Syncs favorites between Internet Explorer and Microsoft Edge. |
| Enabled (turned on/syncing) | Enabled (provision list of favorites) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
| Disabled or not configured (default) | Enabled (provision list of Favorites) | **Turned on/syncing**. Syncs favorites between Internet Explorer and Microsoft Edge. |
---
### ADMX info and settings
### ADMX info
- **GP English name:** Keep favorites in sync between Internet Explorer and Microsoft Edge

6
browsers/edge/includes/prevent-certificate-error-overrides-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Prevent certificate error overrides
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Disabled or not configured (Allowed/turned off)*
[!INCLUDE [prevent-certificate-error-overrides-shortdesc](../shortdesc/prevent-certificate-error-overrides-shortdesc.md)]
@ -18,13 +18,13 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[PreventCertErrorOverrides](../new-policies.md#prevent-certificate-error-overrides)
- **MDM name:** Browser/[PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)
- **Supported devices:** Desktop and Mobile
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventCertErrorOverrides
- **Data type:** Integer
#### Registry settings
- **Path:** Software\Policies\Microsoft\MicrosoftEdge\Internet Setting
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Setting
- **Value name:** PreventCertErrorOverrides
- **Value type:** REG_DWORD

10
browsers/edge/includes/prevent-live-tile-pinning-start-include.md
View File

@ -1,6 +1,6 @@
<!-- ## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start -->
>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
>*Default setting: Disabled or not configured (Collected and sent)*
>*Default setting: Disabled or not configured (Collect and send)*
[!INCLUDE [prevent-edge-from-gathering-live-tile-info-shortdesc](../shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md)]
@ -9,7 +9,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |Collect and send Live Tile metadata. | |
|Enabled |1 |1 |Not collected and sent. |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Do not collect. |![Most restricted value](../images/check-gn.png) |
---
### ADMX info and settings
@ -26,8 +26,8 @@
- **Data type:** Integer
#### Registry settings
**<ul><li>**Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
**Value name:** PreventLiveTileDataCollection
**Value type:** REG_DWORD
- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
- **Value name:** PreventLiveTileDataCollection
- **Value type:** REG_DWORD
<hr>

2
browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
View File

@ -8,7 +8,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |Allowed. Shows localhost IP addresses. | |
|Disabled or not configured<br>**(default)** |0 |0 |Allowed. Show localhost IP addresses. | |
|Enabled |1 |1 |Prevented. |![Most restricted value](../images/check-gn.png) |
---

2
browsers/edge/includes/prevent-turning-off-required-extensions-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Prevent turning off required extensions
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Disabled or not configured (Allowed)*
[!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../shortdesc/prevent-turning-off-required-extensions-shortdesc.md)]

13
browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
View File

@ -1,6 +1,6 @@
<!-- Prevent users from turning on browser syncing
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Enabled or not configured (Prevented/turned off)*
[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
@ -13,14 +13,9 @@
---
### Configuration options
<!-- put the grids in a document that categorizes the policies -->
| **Do not sync browser settings** | **Prevent users from turning on browser syncing** | **Result** |
| --- | --- | --- |
| Disabled or not configured (0 default) Turned on. Let users make changes | Disabled (0 default) | Sync browser settings automatically. |
| Disabled or not configured (0 default) Turned on. Let users make changes | Enabled or not configured (1) | Sync browser settings automatically. |
| Enabled (2) Prevented/turned off | Disabled (0 default) | Prevent syncing of browser settings and let users choose to turn it on. |
| Enabled (2) Turned off | Enabled or not configured (1) | Prevent syncing of browser settings and prevents users from turning on syncing. |
---
For more details about configuring the browser syncing options, see [Sync browser settings](../group-policies/sync-browser-settings-gp.md).
### ADMX info and settings
#### ADMX info

9
browsers/edge/includes/provision-favorites-include.md
View File

@ -15,15 +15,6 @@
|Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file**, and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as: <ul><li>HTTP location: "SiteList"=http://localhost:8080/URLs.html</li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:\Users\\Documents\URLs.html</li></ul></li></ol> |![Most restricted value](../images/check-gn.png) |
---
### Configuration options
| **Keep favorites in sync between IE and Microsoft Edge** | **Provision Favorites** | **Results** |
| --- | --- | --- |
| Disabled or not configured (default) | Disabled or not configured (default) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
| Enabled (turned on/syncing) | Disabled or not configured (default) | **Turned on/syncing**. Syncs favorites between Internet Explorer and Microsoft Edge. |
| Enabled (turned on/syncing) | Enabled (provision list of favorites) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
| Disabled or not configured (default) | Enabled (provision list of Favorites) | **Turned on/syncing**. Syncs favorites between Internet Explorer and Microsoft Edge. |
---
### ADMX info and settings
#### ADMX info
- **GP English name:** Provision Favorites

4
browsers/edge/includes/send-all-intranet-sites-ie-include.md
View File

@ -13,11 +13,9 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |All sites, including intranet sites, open in Microsoft Edge automatically. |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.<p>Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.<ol><li>In Group Policy Editor, navigate to:<br>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**</li><li>Click **Enabled** and then refresh the policy and then vew the affected sites in Microsoft Edge.<br><br>A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.</li></ol>| |
|Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.<p><p>Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.<ol><li>In Group Policy Editor, navigate to:<br><br>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**<p></li><li>Click **Enabled**, refresh the policy, and then view the affected sites in Microsoft Edge.<p><p>A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.</li></ol>| |
---
### Configuration options
### ADMX info and settings
#### ADMX info

26
browsers/edge/includes/set-home-button-url-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Set Home Button URL
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
<!-- ## Set Home button URL
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Disabled or not configured (Blank)*
[!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
@ -9,35 +9,25 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Disabled or not configured<br>**(default)** |Blank |Blank |Show the home button and loads the Start page and locks down the home button to prevent users from changing what page loads. |
|Enabled - String |String |String |A custom URL loads when clicking the home button. You must also enable the [Configure Home Button](../new-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option.<p>Enter a URL in string format, for example, https://www.msn.com. |
|Enabled - String |String |String |Load a custom URL for the home button. You must also enable the [Configure Home button](../new-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option.<p>Enter a URL in string format, for example, https://www.msn.com. |
---
### Configuration options
#### Show the home button, load a custom URL, and let users make changes:
1. **Configure Home Button:** Enable and select the _Show the home button & set a specific page_ option.
2. **Set Home Button URL:** Enter a URL in string format, for example, https://www.bing.com.
3. **Unlock Home Button:** Enable to let users make changes.
#### Show the home button, load a custom URL, and prevent users from making changes:
1. **Configure Home Button:** Enable and select the _Show the home button & set a specific page_ option.
2. **Set Home Button URL:** Enter a URL in string format, for example, https://www.bing.com.
3. **Unlock Home Button:** Leave disabled or not configured.
#### Hide the home button:
Enable the **Configure Home Button** policy and select the _Hide home button_ option.
For more details about configuring the different Home button options, see [Home button](../group-policies/home-button-gp.md).
### ADMX info and settings
#### ADMX info
- **GP English name:** Set Home Button URL
- **GP English name:** Set Home button URL
- **GP name:** SetHomeButtonURL
- **GP element:** SetHomeButtonURLPrompt
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[SetHomeButtonURL](../new-policies.md#set-home-button-url)
- **MDM name:** Browser/[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)
- **Supported devices:** Desktop and Mobile
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL
- **Data type:** String
@ -49,7 +39,7 @@ Enable the **Configure Home Button** policy and select the _Hide home button_ op
### Related policies
- [Configure Home Button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
- [Configure Home button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
- [Unlock Home button](../new-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]

4
browsers/edge/includes/set-new-tab-url-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Set New Tab page URL
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Disabled or not configured (Blank)*
[!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]
@ -20,7 +20,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[SetNewTabPageURL](../new-policies.md#set-new-tab-page-url)
- **MDM name:** Browser/[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL
- **Data type:** String

2
browsers/edge/includes/show-message-opening-sites-ie-include.md
View File

@ -22,7 +22,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ShowMessageWhenOpeningSitesInInternetExplorer](../new-policies.md#show-message-when-opening-sites-in-internet-explorer)
- **MDM name:** Browser/[ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInternetExplorer
- **Data type:** Integer

11
browsers/edge/includes/unlock-home-button-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Unlock Home Button
>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
>*Default setting: Disabled or not configured (Home button is locked)*
[!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
@ -12,6 +12,11 @@
|Enabled |1 |1 |Let users make changes. |
---
### Configuration options
For more details about configuring the different Home button options, see [Home button](../group-policies/home-button-gp.md).
### ADMX info and settings
#### ADMX info
- **GP English name:** Unlock Home Button
@ -20,7 +25,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[UnlockHomeButton](../new-policies.md#unlock-home-button)
- **MDM name:** Browser/[UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/UnlockHomeButton
- **Data type:** Integer
@ -32,7 +37,7 @@
### Related policies
- [Configure Home Button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
- [Configure Home button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
- [Set Home button URL](../new-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]

73
browsers/edge/microsoft-edge-kiosk-mode-deploy.md
View File

@ -7,7 +7,7 @@ ms.prod: edge
ms.sitesec: library
title: Deploy Microsoft Edge kiosk mode
ms.localizationpriority: high
ms.date: 07/18/2018
ms.date: 07/23/2018
---
# Deploy Microsoft Edge kiosk mode (Preview)
@ -56,6 +56,8 @@ The multi-app Microsoft Edge kiosk mode types include:
## Lets get started!
Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Edge in assigned access. You can set up Microsoft Edge kiosk mode in assigned access using:
- **Windows Settings.** (Build 17723) Best for physically setting up a single device as a kiosk. With this method, you set up assigned access and configure the kiosk or digital sign device using Settings. You can configure Microsoft Edge in single-app (kiosk type Full-screen or public browsing) and define a single URL for the Home button, Start page, and New tab page. You can also set the reset after an idle timeout.
- **Microsoft Intune or other MDM service.** Best for setting up multiple devices as a kiosk. With this method, you configure Microsoft Edge in assigned access and configure how Microsoft Edge behaves when its running in kiosk mode with assigned access.
>[!NOTE]
@ -74,6 +76,63 @@ Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Ed
>[!Important]
>If you are using a local account as a kiosk account in Intune or provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
### Use Windows Settings
>Preview build 17723
Windows Settings is the simplest and easiest way to set up one or a couple of devices because you must perform these steps on each device. This method is ideal for small businesses.
1. In Windows Settings, select **Accounts** \> **Other people**.
2. Under **Set up a kiosk**, select **Assigned access**.
3. Select **Get started**.
4. Create a standard user account or choose an existing account for your kiosk.
5. Select **Next**.
6. On the **Choose a kiosk app** page, select **Microsoft Edge.**
7. Select **Next**.
8. Select how Microsoft Edge displays when running in kiosk mode:
- **As a digital sign or interactive display**, the default URL shows in full screen, without browser controls.
- **As a public browser**, the default URL shows in a browser view with limited browser controls.
9. Select **Next**.
10. Enter the URL that you want to load when the kiosk launches.
>[!NOTE]
>The URL sets the Home button, Start page, and New tab page.
11. Microsoft Edge in kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue. If **Continue** is not selected, Microsoft Edge resets to the default URL. You can accept the default value of **5 minutes**, or you can choose your own idle timer value.
12. Select **Next**, and then select **Close**.
13. Close **Settings** to save your choices automatically and apply them the next time the user account logs on.
14. Configure the policies for Microsoft Edge kiosk mode. For details on the valid kiosk policy settings, see [Related policies](#related-policies).
15. Validate the Microsoft Edge kiosk mode by restarting the device and signing in with the local kiosk account.
**_Congratulations!_** Youve finished setting up Microsoft Edge in assigned access and a kiosk or digital sign, and configured browser policies for Microsoft Edge kiosk mode.
**_Next steps._**
- Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
- If you want to make changes to your kiosk, you can quickly change the display option and default URL for Microsoft Edge.
1. Go to **Start** \> **Settings** \> **Accounts** \> **Other people**.
2. Under **Set up a kiosk**, select **Assigned access**.
3. Make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge**.
### Use Microsoft Intune or other MDM service
With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge kiosk mode in assigned access and how it behaves on a kiosk device.
@ -128,6 +187,8 @@ With this method, you can use a provisioning package to configure Microsoft Edge
**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
---
## Relevant policies
Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser).
@ -202,6 +263,7 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ![Not supported](images/148766.png) = Not applicable or not supported <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ![Supported](images/148767.png) = Supported
---
## Related topics
@ -223,13 +285,15 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
- **[Create a provisioning page for Windows 10](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package):** Learn to use Windows Configuration Designer (WCD) to create a provisioning package (.ppkg) for configuring devices running Windows 10. The WCD wizard options provide a simple interface to configure desktop, mobile, and kiosk device settings.
## Known issues with RS_PRERELEASE build 17713+
---
## Known issues with RS_PRERELEASE build 17723
- When you set up Microsoft Edge kiosk mode on a single-app kiosk device you must set the “ConfigureKioskMode” policy because the default behavior is not honored.
- **Expected behavior** Microsoft Edge kiosk mode launches in full-screen mode.
- **Actual behavior** Normal Microsoft Edge launches.
- When you enable or set the “Configure Favorites bar” policy to 1, the favorites bar does not show in Microsoft Edge kiosk mode.
- When you enable or set the “ConfigureFavoritesBar” policy to 1, the favorites bar does not show in Microsoft Edge kiosk mode.
- **Expected behavior** Microsoft Edge kiosk mode shows the favorites bar.
- **Actual behavior** The favorites bar is hidden.
@ -241,6 +305,7 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
- **Expected behavior** Books are disabled in _Settings and more_ menu.
- **Actual behavior** Books are accessible in _Settings and more_ menu.
---
## Provide feedback or get support
@ -248,6 +313,8 @@ To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Micro
**_For multi-app kiosk only._** If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
---
## Feature comparison of kiosk mode and kiosk browser app
In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.

48
browsers/edge/new-policies.md
View File

@ -8,7 +8,7 @@ ms.mktglfcycl: explore
ms.sitesec: library
title: New Microsoft Edge Group Policies and MDM settings
ms.localizationpriority:
ms.date: 07/19/2018
ms.date: 07/23/2018
---
# New Microsoft Edge Group Policies and MDM settings (Preview)
@ -18,40 +18,40 @@ ms.date: 07/19/2018
The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17713+. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
We are discontinuing the use of the **Configure Favorites** group policy. Use the **[Provision Favorites](available-policies.md#provision-favorites)** in place of Configure Favorites.
We are discontinuing the use of the **Configure Favorites** group policy. Use the **[Provision Favorites](available-policies.md#provision-favorites)** instead.
>You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:
>
>>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;*Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\*
>>You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:
>>
>>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**_Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\_**
<p>
<!-- add links to the below policies -->
| **Group Policy** | **New/update?** | **MDM Setting** | **New/update?** |
| --- | --- | --- | --- |
| [Allow fullscreen mode](#allow-fullscreen-mode) | New | AllowFullscreen | New |
| [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | New | PreventTabPreloading | New |
| [Allow Prelaunch](#allow-prelaunch) | New | AllowPrelaunch | New |
| [Allow printing](#allow-printing) | New | AllowPrinting | New |
| [Allow Saving History](#allow-saving-history) | New | AllowSavingHistory | New |
| [Allow sideloading of Extensions](#allow-sideloading-of-extensions) | New | AllowSideloadingOfExtensions | New |
| [Allow fullscreen mode](#allow-fullscreen-mode) | New | [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode) | New |
| [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | New | [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | New |
| [Allow Prelaunch](#allow-prelaunch) | New | [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | New |
| [Allow printing](#allow-printing) | New | [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | New |
| [Allow Saving History](#allow-saving-history) | New | [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | New |
| [Allow sideloading of Extensions](#allow-sideloading-of-extensions) | New | [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | New |
| [Allow web content on new tab page](available-policies.md#allow-web-content-on-new-tab-page) | -- | [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | New |
| [Configure collection of browsing data for Microsoft 365 Analytics](#configure-collection-of-browsing-data-for-microsoft-365-analytics) | New | ConfigureTelemetryForMicrosoft365Analytics | New |
| [Configure Favorites Bar](#configure-favorites-bar) | New | ConfigureFavoritesBar | New |
| [Configure Home Button](#configure-home-button) | New | ConfigureHomeButton | New |
| [Configure kiosk mode](#configure-kiosk-mode) | New | ConfigureKioskMode | New |
| [Configure kiosk reset after idle timeout](#configure-kiosk-reset-after-idle-timeout) | New | ConfigureKioskResetAfterIdleTimeout | New |
| [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with) | New | ConfigureOpenMicrosoftEdgeWith | New |
| [Configure collection of browsing data for Microsoft 365 Analytics](#configure-collection-of-browsing-data-for-microsoft-365-analytics) | New | [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | New |
| [Configure Favorites Bar](#configure-favorites-bar) | New | [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | New |
| [Configure Home button](#configure-home-button) | New | [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | New |
| [Configure kiosk mode](#configure-kiosk-mode) | New | [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | New |
| [Configure kiosk reset after idle timeout](#configure-kiosk-reset-after-idle-timeout) | New | [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | New |
| [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with) | New | [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | New |
| [Do not sync browser settings](available-policies.md#do-not-sync-browser-settings) | -- | Experience/DoNotSyncBrowserSetting | New |
| [Prevent certificate error overrides](#prevent-certificate-error-overrides) | New | PreventCertErrorOverrides | New |
| [Prevent users from turning on browser syncing](#preventusersfromturningonbrowsersyncing) | New | PreventUsersFromTurningOnBrowserSyncing | New |
| [Prevent certificate error overrides](#prevent-certificate-error-overrides) | New | [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | New |
| [Prevent users from turning on browser syncing](#preventusersfromturningonbrowsersyncing) | New | Experience/PreventUsersFromTurningOnBrowserSyncing | New |
| [Prevent turning off required extensions](#prevent-turning-off-required-extensions) | New | PreventTurningOffRequiredExtensions | New |
| [Set Home button URL](#set-home-button-url) | New | SetHomeButtonURL | New |
| [Set New Tab page URL](#set-new-tab-page-url) | New | SetNewTabPageURL | New |
| [Show message when opening sites in Internet Explorer](#showmessagewhenopeninginteretexplorersites) | Updated | ShowMessageWhenOpeningInteretExplorerSites | Updated |
| [Unlock Home button](#unlock-home-button) | New | UnlockHomeButton | New |
| [Set Home button URL](#set-home-button-url) | New | [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | New |
| [Set New Tab page URL](#set-new-tab-page-url) | New | [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | New |
| [Show message when opening sites in Internet Explorer](#showmessagewhenopeninginteretexplorersites) | Updated | [ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) | Updated |
| [Unlock Home button](#unlock-home-button) | New | [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | New |
---
@ -82,7 +82,7 @@ We are discontinuing the use of the **Configure Favorites** group policy. Use th
## Configure Favorites Bar
[!INCLUDE [configure-favorites-bar-include.md](includes/configure-favorites-bar-include.md)]
## Configure Home Button
## Configure Home button
[!INCLUDE [configure-home-button-include.md](includes/configure-home-button-include.md)]
## Configure kiosk mode

2
browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
View File

@ -1 +1 @@
Microsoft Edge pre-launches during Windows startup when the system is idle, and each time Microsoft Edge closes by default. When Microsoft Edge pre-launches, it runs as a background process waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent Microsoft Edge from pre-launching.
Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. You can also configure Microsoft Edge to prevent Microsoft Edge from pre-launching.

2
browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
View File

@ -1 +1 @@
By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the [[Set default search engine]](../available-policies.md#set-default-search-engine) policy. With this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.
By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. With this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.

2
browsers/edge/shortdesc/configure-home-button-shortdesc.md
View File

@ -1 +1 @@
Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the Home button to load the New tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the Home button to load the New tab page or a URL defined in the Set Home button URL policy. You can also configure Microsoft Edge to hide the home button.

2
browsers/edge/shortdesc/set-home-button-url-shortdesc.md
View File

@ -1 +1 @@
By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.

2
browsers/edge/shortdesc/unlock-home-button-shortdesc.md
View File

@ -1 +1 @@
By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies.
By default, when you enable the Configure Home button policy or provide a URL in the Set Home button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home button or Set Home button URL policies.

2
browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
View File

@ -48,7 +48,7 @@ If you get an error during the Windows Update process, see [Fix the problem with
5. Try to reinstall IE11 from either Windows Update (if you saw it in Step 3) or from the [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=327753) website.
If these steps didn't fix your problem, see [Troubleshooting a failed installation of Internet Explorer 11](https://go.microsoft.com/fwlink/p/?LinkId=304130).
 

30
mdop/index.md
View File

@ -7,7 +7,7 @@ ms.pagetype: mdop
ms.mktglfcycl: manage
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 07/24/2018
---
# MDOP Information Experience
@ -36,14 +36,14 @@ The following table provides links to the product documentation for the MDOP pro
<p><strong>AGPM 4.0</strong> - Windows Vista SP1, Windows 7, Windows Server 2008, Windows Server 2008 R2</p>
<p><strong>AGPM 3.0</strong>- Windows Vista SP1, Windows Server 2008</p>
<p><strong>AGPM 2.5</strong> - Windows Vista, Windows Server 2003</p></td>
<td align="left"><p>[Overview of Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/p/?LinkId=232980)(https://go.microsoft.com/fwlink/p/?LinkId=232980)</p>
<p>[AGPM 4.0 SP3](https://technet.microsoft.com/library/mt346468.aspx) (https://technet.microsoft.com/library/mt346468.aspx)</p>
<p>[AGPM 4.0 SP2](https://go.microsoft.com/fwlink/p/?LinkId=325035) (https://go.microsoft.com/fwlink/p/?LinkId=325035)</p>
<td align="left"><p>[Overview of Microsoft Advanced Group Policy Management](agpm/index.md)</p>
<p>[AGPM 4.0 SP3](agpm/whats-new-in-agpm-40-sp3.md)</p>
<p>[AGPM 4.0 SP2](agpm/whats-new-in-agpm-40-sp2.md)</p>
<p>[AGPM 4.0 SP1](https://go.microsoft.com/fwlink/p/?LinkId=286715) (https://go.microsoft.com/fwlink/p/?LinkId=286715)</p>
<p>[AGPM 4.0](https://go.microsoft.com/fwlink/p/?LinkId=232964) (https://go.microsoft.com/fwlink/p/?LinkId=232964)</p>
<p>[AGPM 3.0](https://go.microsoft.com/fwlink/p/?LinkId=232967) (https://go.microsoft.com/fwlink/p/?LinkId=232967)</p>
<p>[AGPM 2.5](https://go.microsoft.com/fwlink/p/?LinkId=232969) (https://go.microsoft.com/fwlink/p/?LinkId=232969)</p>
<p>[AGPM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232275) (https://go.microsoft.com/fwlink/p/?LinkId=232275)</p></td>
<p>[AGPM 4.0](agpm/whats-new-in-agpm-40-sp1.md)</p>
<p>[AGPM 3.0](agpm/whats-new-in-agpm-30.md)</p>
<p>[AGPM 2.5](agpm/agpm-25-navengl.md)</p>
<p>[AGPM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232275)</p></td>
</tr>
<tr class="even">
<td align="left"><p><strong>Microsoft Application Virtualization</strong> (App-V) lets you make applications available to end user computers without installing the applications directly on those computers.</p></td>
@ -57,14 +57,13 @@ The following table provides links to the product documentation for the MDOP pro
<p>[About Microsoft Application Virtualization 4.6 SP1](appv-v4/about-microsoft-application-virtualization-46-sp1.md)</p>
<p>[About Microsoft Application Virtualization 4.6](appv-v4/about-microsoft-application-virtualization-46.md)</p>
<p>[About Microsoft Application Virtualization 4.5](appv-v4/about-microsoft-application-virtualization-45.md)</p>
<p>[SoftGrid](https://go.microsoft.com/fwlink/p/?LinkId=232981) (https://go.microsoft.com/fwlink/p/?LinkId=232981)</p>
<p>[App-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231902) (https://go.microsoft.com/fwlink/p/?LinkId=231902)</p>
<p>[App-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231902)</p>
<p>[App-V 5.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309570) (https://go.microsoft.com/fwlink/p/?LinkId=309570)</p></td>
</tr>
<tr class="odd">
<td align="left"><p><strong>Microsoft BitLocker Administration and Monitoring</strong> (MBAM) provides an administrative interface to enterprise-wide BitLocker drive encryption.</p></td>
<td align="left"><p>[Microsoft BitLocker Administration and Monitoring 2.5](mbam-v25/index.md)</p>
<p>[MBAM 2.5 Video Demonstration: Deploying MBAM 2.5](https://go.microsoft.com/fwlink/?LinkId=518206) (https://go.microsoft.com/fwlink/?LinkId=518206)</p>
<p>[MBAM 2.5 Video Demonstration: Deploying MBAM 2.5](https://go.microsoft.com/fwlink/?LinkId=518206) </p>
<p>[About MBAM 2.5 SP1](mbam-v25/about-mbam-25-sp1.md)</p>
<p>[About MBAM 2.0 SP1](mbam-v2/about-mbam-20-sp1.md)</p>
<p>[Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide](mbam-v2/index.md)</p>
@ -105,7 +104,7 @@ The following table provides links to the product documentation for the MDOP pro
<td align="left"><p>[Microsoft Enterprise Desktop Virtualization 2.0](medv-v2/index.md)</p>
<p>[About MED-V 1.0 SP1](medv-v1/about-med-v-10-sp1.md)</p>
<p>[Microsoft Enterprise Desktop Virtualization 1.0](medv-v1/index.md)</p>
<p>[MED-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231903) (https://go.microsoft.com/fwlink/p/?LinkId=231903)</p></td>
</td>
</tr>
<tr class="odd">
<td align="left"><p><strong>Microsoft User Experience Virtualization</strong> (UE-V) captures settings to apply to computers accessed by the user including desktop computers, laptop computers, and VDI sessions.</p></td>
@ -141,10 +140,6 @@ In addition to the product documentation available online, supplemental product
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><strong>MDOP Videos</strong></p></td>
<td align="left"><p>For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](https://go.microsoft.com/fwlink/p/?LinkId=234275) (https://go.microsoft.com/fwlink/p/?LinkId=234275).</p></td>
</tr>
<tr class="even">
<td align="left"><p><strong>MDOP Virtual Labs</strong></p></td>
<td align="left"><p>For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](https://go.microsoft.com/fwlink/p/?LinkId=234276) (https://go.microsoft.com/fwlink/p/?LinkId=234276).</p></td>
@ -168,9 +163,6 @@ In addition to the product documentation available online, supplemental product
MDOP is a suite of products that can help streamline desktop deployment, management, and support across the enterprise. MDOP is available as an additional subscription for Software Assurance customers.
<a href="" id="evaluate-mdop"></a>**Evaluate MDOP**
MDOP is also available for test and evaluation to [MSDN](http://msdn.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) and [TechNet](http://technet.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) subscribers in accordance with MDSN and TechNet agreements.
<a href="" id="download-mdop"></a>**Download MDOP**
MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331).

53
windows/client-management/mdm/defender-csp.md
View File

@ -12,6 +12,8 @@ ms.date: 07/19/2018
# Defender CSP
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
@ -176,6 +178,57 @@ An interior node to group information about Windows Defender health status.
Supported operation is Get.
<a href="" id="health-productstatus"></a>**Health/ProductStatus**
Added in Windows 10, next major version. Provide the current state of the product. This is a bitmask flag value that can represent one or multiple product states from below list.
Data type is integer. Supported operation is Get.
Supported product status values:
- No status = 0
- Service not running = 1 << 0
- Service started without any malware protection engine = 1 << 1
- Pending full scan due to threat action = 1 << 2
- Pending reboot due to threat action = 1 << 3
- ending manual steps due to threat action = 1 << 4
- AV signatures out of date = 1 << 5
- AS signatures out of date = 1 << 6
- No quick scan has happened for a specified period = 1 << 7
- No full scan has happened for a specified period = 1 << 8
- System initiated scan in progress = 1 << 9
- System initiated clean in progress = 1 << 10
- There are samples pending submission = 1 << 11
- Product running in evaluation mode = 1 << 12
- Product running in non-genuine Windows mode = 1 << 13
- Product expired = 1 << 14
- Off-line scan required = 1 << 15
- Service is shutting down as part of system shutdown = 1 << 16
- Threat remediation failed critically = 1 << 17
- Threat remediation failed non-critically = 1 << 18
- No status flags set (well initialized state) = 1 << 19
- Platform is out of date = 1 << 20
- Platform update is in progress = 1 << 21
- Platform is about to be outdated = 1 << 22
- Signature or platform end of life is past or is impending = 1 << 23
- Windows SMode signatures still in use on non-Win10S install = 1 << 24
Example:
``` syntax
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncBody>
<Get>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/Defender/Health/ProductStatus</LocURI>
</Target>
</Item>
</Get>
<Final/>
</SyncBody>
</SyncML>
```
<a href="" id="health-computerstate"></a>**Health/ComputerState**
Provide the current state of the device.

26
windows/client-management/mdm/defender-ddf.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 01/29/20178
ms.date: 07/12/2018
---
# Defender DDF file
@ -17,7 +17,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Defende
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is the current version for this CSP.
The XML below is for Windows 10, next major version.
``` syntax
<?xml version="1.0" encoding="UTF-8"?>
@ -43,7 +43,7 @@ The XML below is the current version for this CSP.
<Permanent />
</Scope>
<DFType>
<MIME>com.microsoft/1.1/MDM/Defender</MIME>
<MIME>com.microsoft/1.2/MDM/Defender</MIME>
</DFType>
</DFProperties>
<Node>
@ -286,6 +286,26 @@ The XML below is the current version for this CSP.
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>ProductStatus</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ComputerState</NodeName>
<DFProperties>

BIN
windows/client-management/mdm/images/provisioning-csp-defender.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 29 KiB

After

Width:  |  Height:  |  Size: 32 KiB

24
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 07/16/2018
ms.date: 07/23 /2018
---
# What's new in MDM enrollment and management
@ -1638,6 +1638,18 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</thead>
<tbody>
<tr>
<td style="vertical-align:top">[WindowsLicensing CSP](windowslicensing-csp.md)</td>
<td style="vertical-align:top"><p>Added S mode settings.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[SUPL CSP](supl-csp.md)</td>
<td style="vertical-align:top"><p>Added 3 new certificate nodes.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node Health/ProductStatus.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node AllowStandardUserEncryption.</p>
</td></tr>
@ -1651,9 +1663,18 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<ul>
<li>ApplicationManagement/LaunchAppAfterLogOn</li>
<li>ApplicationManagement/ScheduleForceRestartForUpdateFailures </li>
<li>Defender/CheckForSignaturesBeforeRunningScan</li>
<li>Defender/DisableCatchupFullScan </li>
<li>Defender/DisableCatchupQuickScan </li>
<li>Defender/EnableLowCPUPriority</li>
<li>Defender/SignatureUpdateFallbackOrder </li>
<li>Defender/SignatureUpdateFileSharesSources </li>
<li>DmaGuard/DeviceEnumerationPolicy</li>
<li>Experience/AllowClipboardHistory</li>
<li>TaskManager/AllowEndTask</li>
<li>WindowsDefenderSecurityCenter/DisableClearTpmButton</li>
<li>WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning</li>
<li>WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl</li>
<li>WindowsLogon/DontDisplayNetworkSelectionUI</li>
</ul>
<p>Recent changes:</p>
@ -1714,7 +1735,6 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<li>Update/EngagedRestartTransitionScheduleForFeatureUpdates</li>
<li>Update/SetDisablePauseUXAccess</li>
<li>Update/SetDisableUXWUAccess</li>
<li>Update/UpdateNotificationKioskMode</li>
</ul>
</td></tr>
<tr>

116
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 07/03/2018
ms.date: 07/23/2018
---
# Policy CSP
@ -468,6 +468,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-browser.md#browser-allowflashclicktorun" id="browser-allowflashclicktorun">Browser/AllowFlashClickToRun</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-allowfullscreenmode" id="browser-allowfullscreenmode">Browser/AllowFullScreenMode</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-allowinprivate" id="browser-allowinprivate">Browser/AllowInPrivate</a>
</dd>
@ -480,15 +483,33 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-browser.md#browser-allowpopups" id="browser-allowpopups">Browser/AllowPopups</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-allowprelaunch" id="browser-allowprelaunch">Browser/AllowPrelaunch</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-allowprinting" id="browser-allowprinting">Browser/AllowPrinting</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-allowsavinghistory" id="browser-allowsavinghistory">Browser/AllowSavingHistory</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-allowsearchenginecustomization" id="browser-allowsearchenginecustomization">Browser/AllowSearchEngineCustomization</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar" id="browser-allowsearchsuggestionsinaddressbar">Browser/AllowSearchSuggestionsinAddressBar</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-allowsideloadingofextensions" id="browser-allowsideloadingofextensions">Browser/AllowSideloadingOfExtensions</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-allowsmartscreen" id="browser-allowsmartscreen">Browser/AllowSmartScreen</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-allowtabpreloading" id="browser-allowtabpreloading">Browser/AllowTabPreloading</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-allowwebcontentonnewtabpage" id="browser-allowwebcontentonnewtabpage">Browser/AllowWebContentOnNewTabPage</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-alwaysenablebookslibrary" id="browser-alwaysenablebookslibrary">Browser/AlwaysEnableBooksLibrary</a>
</dd>
@ -498,6 +519,24 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-browser.md#browser-configureadditionalsearchengines" id="browser-configureadditionalsearchengines">Browser/ConfigureAdditionalSearchEngines</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-configurefavoritesbar" id="browser-configurefavoritesbar">Browser/ConfigureFavoritesBar</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-configurehomebutton" id="browser-configurehomebutton">Browser/ConfigureHomeButton</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-configurekioskmode" id="browser-configurekioskmode">Browser/ConfigureKioskMode</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-configurekioskresetafteridletimeout" id="browser-configurekioskresetafteridletimeout">Browser/ConfigureKioskResetAfterIdleTimeout</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-configureopenmicrosoftedgewith" id="browser-configureopenmicrosoftedgewith">Browser/ConfigureOpenMicrosoftEdgeWith</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-configuretelemetryformicrosoft365analytics" id="browser-configuretelemetryformicrosoft365analytics">Browser/ConfigureTelemetryForMicrosoft365Analytics</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-disablelockdownofstartpages" id="browser-disablelockdownofstartpages">Browser/DisableLockdownOfStartPages</a>
</dd>
@ -513,6 +552,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-browser.md#browser-firstrunurl" id="browser-firstrunurl">Browser/FirstRunURL</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-forceenabledextensions" id="browser-forceenabledextensions">Browser/ForceEnabledExtensions</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-homepages" id="browser-homepages">Browser/HomePages</a>
</dd>
@ -522,6 +564,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-browser.md#browser-preventaccesstoaboutflagsinmicrosoftedge" id="browser-preventaccesstoaboutflagsinmicrosoftedge">Browser/PreventAccessToAboutFlagsInMicrosoftEdge</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-preventcerterroroverrides" id="browser-preventcerterroroverrides">Browser/PreventCertErrorOverrides</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-preventfirstrunpage" id="browser-preventfirstrunpage">Browser/PreventFirstRunPage</a>
</dd>
@ -534,9 +579,6 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles" id="browser-preventsmartscreenpromptoverrideforfiles">Browser/PreventSmartScreenPromptOverrideForFiles</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-preventtabpreloading" id="browser-preventtabpreloading">Browser/PreventTabPreloading</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc" id="browser-preventusinglocalhostipaddressforwebrtc">Browser/PreventUsingLocalHostIPAddressForWebRTC</a>
</dd>
@ -549,12 +591,21 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-browser.md#browser-setdefaultsearchengine" id="browser-setdefaultsearchengine">Browser/SetDefaultSearchEngine</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-sethomebuttonurl" id="browser-sethomebuttonurl">Browser/SetHomeButtonURL</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-setnewtabpageurl" id="browser-setnewtabpageurl">Browser/SetNewTabPageURL</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-showmessagewhenopeningsitesininternetexplorer" id="browser-showmessagewhenopeningsitesininternetexplorer">Browser/ShowMessageWhenOpeningSitesInInternetExplorer</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-syncfavoritesbetweenieandmicrosoftedge" id="browser-syncfavoritesbetweenieandmicrosoftedge">Browser/SyncFavoritesBetweenIEAndMicrosoftEdge</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-unlockhomebutton" id="browser-unlockhomebutton">Browser/UnlockHomeButton</a>
</dd>
<dd>
<a href="./policy-csp-browser.md#browser-usesharedfolderforbooks" id="browser-usesharedfolderforbooks">Browser/UseSharedFolderForBooks</a>
</dd>
@ -942,6 +993,18 @@ The following diagram shows the Policy configuration service provider in tree fo
### DeviceInstallation policies
<dl>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids" id="deviceinstallation-allowinstallationofmatchingdeviceids">DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</a>
</dd>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses" id="deviceinstallation-allowinstallationofmatchingdevicesetupclasses">DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</a>
</dd>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork" id="deviceinstallation-preventdevicemetadatafromnetwork">DeviceInstallation/PreventDeviceMetadataFromNetwork</a>
</dd>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings" id="deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings">DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</a>
</dd>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids" id="deviceinstallation-preventinstallationofmatchingdeviceids">DeviceInstallation/PreventInstallationOfMatchingDeviceIDs</a>
</dd>
@ -3356,9 +3419,6 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-update.md#update-setedurestart" id="update-setedurestart">Update/SetEDURestart</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-updatenotificationkioskmode" id="update-updatenotificationkioskmode">Update/UpdateNotificationKioskMode</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-updateserviceurl" id="update-updateserviceurl">Update/UpdateServiceUrl</a>
</dd>
@ -3505,6 +3565,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableappbrowserui" id="windowsdefendersecuritycenter-disableappbrowserui">WindowsDefenderSecurityCenter/DisableAppBrowserUI</a>
</dd>
<dd>
<a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablecleartpmbutton" id="windowsdefendersecuritycenter-disablecleartpmbutton">WindowsDefenderSecurityCenter/DisableClearTpmButton</a>
</dd>
<dd>
<a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabledevicesecurityui" id="windowsdefendersecuritycenter-disabledevicesecurityui">WindowsDefenderSecurityCenter/DisableDeviceSecurityUI</a>
</dd>
@ -3523,6 +3586,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenotifications" id="windowsdefendersecuritycenter-disablenotifications">WindowsDefenderSecurityCenter/DisableNotifications</a>
</dd>
<dd>
<a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning" id="windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning">WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning</a>
</dd>
<dd>
<a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablevirusui" id="windowsdefendersecuritycenter-disablevirusui">WindowsDefenderSecurityCenter/DisableVirusUI</a>
</dd>
@ -3547,6 +3613,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidetpmtroubleshooting" id="windowsdefendersecuritycenter-hidetpmtroubleshooting">WindowsDefenderSecurityCenter/HideTPMTroubleshooting</a>
</dd>
<dd>
<a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol" id="windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol">WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl</a>
</dd>
<dd>
<a href="./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-phone" id="windowsdefendersecuritycenter-phone">WindowsDefenderSecurityCenter/Phone</a>
</dd>
@ -3673,11 +3742,14 @@ The following diagram shows the Policy configuration service provider in tree fo
- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
- [DataUsage/SetCost3G](./policy-csp-datausage.md#datausage-setcost3g)
- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
@ -4078,33 +4150,50 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Browser/AllowExtensions](./policy-csp-browser.md#browser-allowextensions)
- [Browser/AllowFlash](./policy-csp-browser.md#browser-allowflash)
- [Browser/AllowFlashClickToRun](./policy-csp-browser.md#browser-allowflashclicktorun)
- [Browser/AllowFullScreenMode](./policy-csp-browser.md#browser-allowfullscreenmode)
- [Browser/AllowInPrivate](./policy-csp-browser.md#browser-allowinprivate)
- [Browser/AllowMicrosoftCompatibilityList](./policy-csp-browser.md#browser-allowmicrosoftcompatibilitylist)
- [Browser/AllowPasswordManager](./policy-csp-browser.md#browser-allowpasswordmanager)
- [Browser/AllowPopups](./policy-csp-browser.md#browser-allowpopups)
- [Browser/AllowPrelaunch](./policy-csp-browser.md#browser-allowprelaunch)
- [Browser/AllowPrinting](./policy-csp-browser.md#browser-allowprinting)
- [Browser/AllowSavingHistory](./policy-csp-browser.md#browser-allowsavinghistory)
- [Browser/AllowSearchEngineCustomization](./policy-csp-browser.md#browser-allowsearchenginecustomization)
- [Browser/AllowSearchSuggestionsinAddressBar](./policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
- [Browser/AllowSideloadingOfExtensions](./policy-csp-browser.md#browser-allowsideloadingofextensions)
- [Browser/AllowSmartScreen](./policy-csp-browser.md#browser-allowsmartscreen)
- [Browser/AllowTabPreloading](./policy-csp-browser.md#browser-allowtabpreloading)
- [Browser/AllowWebContentOnNewTabPage](./policy-csp-browser.md#browser-allowwebcontentonnewtabpage)
- [Browser/AlwaysEnableBooksLibrary](./policy-csp-browser.md#browser-alwaysenablebookslibrary)
- [Browser/ClearBrowsingDataOnExit](./policy-csp-browser.md#browser-clearbrowsingdataonexit)
- [Browser/ConfigureAdditionalSearchEngines](./policy-csp-browser.md#browser-configureadditionalsearchengines)
- [Browser/ConfigureFavoritesBar](./policy-csp-browser.md#browser-configurefavoritesbar)
- [Browser/ConfigureHomeButton](./policy-csp-browser.md#browser-configurehomebutton)
- [Browser/ConfigureKioskMode](./policy-csp-browser.md#browser-configurekioskmode)
- [Browser/ConfigureKioskResetAfterIdleTimeout](./policy-csp-browser.md#browser-configurekioskresetafteridletimeout)
- [Browser/ConfigureOpenMicrosoftEdgeWith](./policy-csp-browser.md#browser-configureopenmicrosoftedgewith)
- [Browser/ConfigureTelemetryForMicrosoft365Analytics](./policy-csp-browser.md#browser-configuretelemetryformicrosoft365analytics)
- [Browser/DisableLockdownOfStartPages](./policy-csp-browser.md#browser-disablelockdownofstartpages)
- [Browser/EnableExtendedBooksTelemetry](./policy-csp-browser.md#browser-enableextendedbookstelemetry)
- [Browser/EnterpriseModeSiteList](./policy-csp-browser.md#browser-enterprisemodesitelist)
- [Browser/ForceEnabledExtensions](./policy-csp-browser.md#browser-forceenabledextensions)
- [Browser/HomePages](./policy-csp-browser.md#browser-homepages)
- [Browser/LockdownFavorites](./policy-csp-browser.md#browser-lockdownfavorites)
- [Browser/PreventAccessToAboutFlagsInMicrosoftEdge](./policy-csp-browser.md#browser-preventaccesstoaboutflagsinmicrosoftedge)
- [Browser/PreventCertErrorOverrides](./policy-csp-browser.md#browser-preventcerterroroverrides)
- [Browser/PreventFirstRunPage](./policy-csp-browser.md#browser-preventfirstrunpage)
- [Browser/PreventLiveTileDataCollection](./policy-csp-browser.md#browser-preventlivetiledatacollection)
- [Browser/PreventSmartScreenPromptOverride](./policy-csp-browser.md#browser-preventsmartscreenpromptoverride)
- [Browser/PreventSmartScreenPromptOverrideForFiles](./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles)
- [Browser/PreventTabPreloading](./policy-csp-browser.md#browser-preventtabpreloading)
- [Browser/PreventUsingLocalHostIPAddressForWebRTC](./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc)
- [Browser/ProvisionFavorites](./policy-csp-browser.md#browser-provisionfavorites)
- [Browser/SendIntranetTraffictoInternetExplorer](./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer)
- [Browser/SetDefaultSearchEngine](./policy-csp-browser.md#browser-setdefaultsearchengine)
- [Browser/SetHomeButtonURL](./policy-csp-browser.md#browser-sethomebuttonurl)
- [Browser/SetNewTabPageURL](./policy-csp-browser.md#browser-setnewtabpageurl)
- [Browser/ShowMessageWhenOpeningSitesInInternetExplorer](./policy-csp-browser.md#browser-showmessagewhenopeningsitesininternetexplorer)
- [Browser/SyncFavoritesBetweenIEAndMicrosoftEdge](./policy-csp-browser.md#browser-syncfavoritesbetweenieandmicrosoftedge)
- [Browser/UnlockHomeButton](./policy-csp-browser.md#browser-unlockhomebutton)
- [Browser/UseSharedFolderForBooks](./policy-csp-browser.md#browser-usesharedfolderforbooks)
- [Camera/AllowCamera](./policy-csp-camera.md#camera-allowcamera)
- [Cellular/LetAppsAccessCellularData](./policy-csp-cellular.md#cellular-letappsaccesscellulardata)
@ -4126,7 +4215,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
- [DataUsage/SetCost3G](./policy-csp-datausage.md#datausage-setcost3g)
- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
- [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning)
- [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring)
@ -4193,6 +4281,10 @@ The following diagram shows the Policy configuration service provider in tree fo
- [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
- [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
- [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
- [DeviceLock/MinimumPasswordAge](./policy-csp-devicelock.md#devicelock-minimumpasswordage)
@ -4776,7 +4868,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Update/SetDisablePauseUXAccess](./policy-csp-update.md#update-setdisablepauseuxaccess)
- [Update/SetDisableUXWUAccess](./policy-csp-update.md#update-setdisableuxwuaccess)
- [Update/SetEDURestart](./policy-csp-update.md#update-setedurestart)
- [Update/UpdateNotificationKioskMode](./policy-csp-update.md#update-updatenotificationkioskmode)
- [Update/UpdateServiceUrl](./policy-csp-update.md#update-updateserviceurl)
- [Update/UpdateServiceUrlAlternate](./policy-csp-update.md#update-updateserviceurlalternate)
- [UserRights/AccessCredentialManagerAsTrustedCaller](./policy-csp-userrights.md#userrights-accesscredentialmanagerastrustedcaller)
@ -4814,12 +4905,14 @@ The following diagram shows the Policy configuration service provider in tree fo
- [WindowsDefenderSecurityCenter/CompanyName](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-companyname)
- [WindowsDefenderSecurityCenter/DisableAccountProtectionUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableaccountprotectionui)
- [WindowsDefenderSecurityCenter/DisableAppBrowserUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableappbrowserui)
- [WindowsDefenderSecurityCenter/DisableClearTpmButton](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablecleartpmbutton)
- [WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabledevicesecurityui)
- [WindowsDefenderSecurityCenter/DisableEnhancedNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableenhancednotifications)
- [WindowsDefenderSecurityCenter/DisableFamilyUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablefamilyui)
- [WindowsDefenderSecurityCenter/DisableHealthUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablehealthui)
- [WindowsDefenderSecurityCenter/DisableNetworkUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenetworkui)
- [WindowsDefenderSecurityCenter/DisableNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenotifications)
- [WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning)
- [WindowsDefenderSecurityCenter/DisableVirusUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablevirusui)
- [WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disallowexploitprotectionoverride)
- [WindowsDefenderSecurityCenter/Email](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-email)
@ -4828,6 +4921,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hideransomwaredatarecovery)
- [WindowsDefenderSecurityCenter/HideSecureBoot](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidesecureboot)
- [WindowsDefenderSecurityCenter/HideTPMTroubleshooting](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidetpmtroubleshooting)
- [WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol)
- [WindowsDefenderSecurityCenter/Phone](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-phone)
- [WindowsDefenderSecurityCenter/URL](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-url)
- [WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace)

706
windows/client-management/mdm/policy-csp-browser.md
View File

File diff suppressed because it is too large Load Diff

301
windows/client-management/mdm/policy-csp-deviceinstallation.md
View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 03/12/2018
ms.date: 07/23/2018
---
# Policy CSP - DeviceInstallation
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
@ -19,6 +21,18 @@ ms.date: 03/12/2018
## DeviceInstallation policies
<dl>
<dd>
<a href="#deviceinstallation-allowinstallationofmatchingdeviceids">DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</a>
</dd>
<dd>
<a href="#deviceinstallation-allowinstallationofmatchingdevicesetupclasses">DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</a>
</dd>
<dd>
<a href="#deviceinstallation-preventdevicemetadatafromnetwork">DeviceInstallation/PreventDeviceMetadataFromNetwork</a>
</dd>
<dd>
<a href="#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings">DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</a>
</dd>
<dd>
<a href="#deviceinstallation-preventinstallationofmatchingdeviceids">DeviceInstallation/PreventInstallationOfMatchingDeviceIDs</a>
</dd>
@ -28,6 +42,290 @@ ms.date: 03/12/2018
</dl>
<hr/>
<!--Policy-->
<a href="" id="deviceinstallation-allowinstallationofmatchingdeviceids"></a>**DeviceInstallation/AllowInstallationOfMatchingDeviceIDs**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.
If you enable this policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow installation of devices that match any of these device IDs*
- GP name: *DeviceInstall_IDs_Allow*
- GP path: *System/Device Installation/Device Installation Restrictions*
- GP ADMX file name: *deviceinstallation.admx*
<!--/ADMXBacked-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="deviceinstallation-allowinstallationofmatchingdevicesetupclasses"></a>**DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is allowed to install. Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.
If you enable this policy setting, Windows is allowed to install or update device drivers whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow installation of devices using drivers that match these device setup classes*
- GP name: *DeviceInstall_Classes_Allow*
- GP path: *System/Device Installation/Device Installation Restrictions*
- GP ADMX file name: *deviceinstallation.admx*
<!--/ADMXBacked-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="deviceinstallation-preventdevicemetadatafromnetwork"></a>**DeviceInstallation/PreventDeviceMetadataFromNetwork**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to prevent Windows from retrieving device metadata from the Internet.
If you enable this policy setting, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box (Control Panel > System and Security > System > Advanced System Settings > Hardware tab).
If you disable or do not configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows retrieves device metadata from the Internet.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent device metadata retrieval from the Internet*
- GP name: *DeviceMetadata_PreventDeviceMetadataFromNetwork*
- GP path: *System/Device Installation*
- GP ADMX file name: *DeviceSetup.admx*
<!--/ADMXBacked-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings"></a>**DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.
If you enable this policy setting, Windows is prevented from installing or updating the device driver for any device that is not described by either the "Allow installation of devices that match any of these device IDs" or the "Allow installation of devices for these device classes" policy setting.
If you disable or do not configure this policy setting, Windows is allowed to install or update the device driver for any device that is not described by the "Prevent installation of devices that match any of these device IDs," "Prevent installation of devices for these device classes," or "Prevent installation of removable devices" policy setting.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent installation of devices not described by other policy settings*
- GP name: *DeviceInstall_Unspecified_Deny*
- GP path: *System/Device Installation/Device Installation Restrictions*
- GP ADMX file name: *deviceinstallation.admx*
<!--/ADMXBacked-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
@ -159,6 +457,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in the next major release of Windows 10.
<!--/Policies-->

72
windows/client-management/mdm/policy-csp-update.md
View File

@ -177,9 +177,6 @@ ms.date: 07/18/2018
<dd>
<a href="#update-setedurestart">Update/SetEDURestart</a>
</dd>
<dd>
<a href="#update-updatenotificationkioskmode">Update/UpdateNotificationKioskMode</a>
</dd>
<dd>
<a href="#update-updateserviceurl">Update/UpdateServiceUrl</a>
</dd>
@ -3398,74 +3395,6 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="update-updatenotificationkioskmode"></a>**Update/UpdateNotificationKioskMode**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy allows you to define what Windows Update notifications users see. This policy doesnt control how and when updates are downloaded and installed.
Valid values:
- 0 (default) Use the default Windows Update notifications
- 1 Turn off all notifications, excluding restart warnings
- 2 Turn off all notifications, including restart warnings
> [!Important]
> If you choose not to get update notifications and also define the policy “Configure Automatic Updates” so that devices arent automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Display options for update notifications*
- GP name: *UpdateNotificationKioskMode*
- GP path: *Windows Components/Windows Update*
- GP ADMX file name: *WindowsUpdate.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="update-updateserviceurl"></a>**Update/UpdateServiceUrl**
@ -3648,7 +3577,6 @@ Footnote:
- [Update/ScheduledInstallTime](#update-scheduledinstalltime)
- [Update/SetDisablePauseUXAccess](#update-setdisablepauseuxaccess)
- [Update/SetDisableUXWUAccess](#update-setdisableuxwuaccess)
- [Update/UpdateNotificationKioskMode](#update-updatenotificationkioskmode)
- [Update/UpdateServiceUrl](#update-updateserviceurl)
<!--EndIoTCore-->

239
windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
View File

@ -6,11 +6,14 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 03/12/2018
ms.date: 07/12/2018
---
# Policy CSP - WindowsDefenderSecurityCenter
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
@ -27,6 +30,9 @@ ms.date: 03/12/2018
<dd>
<a href="#windowsdefendersecuritycenter-disableappbrowserui">WindowsDefenderSecurityCenter/DisableAppBrowserUI</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-disablecleartpmbutton">WindowsDefenderSecurityCenter/DisableClearTpmButton</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-disabledevicesecurityui">WindowsDefenderSecurityCenter/DisableDeviceSecurityUI</a>
</dd>
@ -45,6 +51,9 @@ ms.date: 03/12/2018
<dd>
<a href="#windowsdefendersecuritycenter-disablenotifications">WindowsDefenderSecurityCenter/DisableNotifications</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning">WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-disablevirusui">WindowsDefenderSecurityCenter/DisableVirusUI</a>
</dd>
@ -69,6 +78,9 @@ ms.date: 03/12/2018
<dd>
<a href="#windowsdefendersecuritycenter-hidetpmtroubleshooting">WindowsDefenderSecurityCenter/HideTPMTroubleshooting</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol">WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-phone">WindowsDefenderSecurityCenter/Phone</a>
</dd>
@ -252,6 +264,80 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disablecleartpmbutton"></a>**WindowsDefenderSecurityCenter/DisableClearTpmButton**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Disable the Clear TPM button in Windows Security.
Enabled:
The Clear TPM button will be unavailable for use.
Disabled:
The Clear TPM button will be available for use on supported systems.
Not configured:
Same as Disabled.
Supported values:
- 0 - Disabled (default)
- 1 - Enabled
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Disable the Clear TPM button*
- GP name: *DeviceSecurity_DisableClearTpmButton*
- GP path: *Windows Components/Windows Security/Device security*
- GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disabledevicesecurityui"></a>**WindowsDefenderSecurityCenter/DisableDeviceSecurityUI**
@ -613,6 +699,80 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning"></a>**WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected.
Enabled:
Users will not be shown a recommendation to update their TPM Firmware.
Disabled:
Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware.
Not configured:
Same as Disabled.
Supported values:
- 0 - Disabled (default)
- 1 - Enabled
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Hide the TPM Firmware Update recommendation.*
- GP name: *DeviceSecurity_DisableTpmFirmwareUpdateWarning*
- GP path: *Windows Components/Windows Security/Device security*
- GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disablevirusui"></a>**WindowsDefenderSecurityCenter/DisableVirusUI**
@ -1081,6 +1241,82 @@ Valid values:
<hr/>
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol"></a>**WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting hides the Windows Security notification area control.
The user needs to either sign out and sign in or reboot the computer for this setting to take effect.
Enabled:
Windows Security notification area control will be hidden.
Disabled:
Windows Security notification area control will be shown.
Not configured:
Same as Disabled.
Supported values:
- 0 - Disabled (default)
- 1 - Enabled
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Hide Windows Security Systray*
- GP name: *Systray_HideSystray*
- GP path: *Windows Components/Windows Security/Systray*
- GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-phone"></a>**WindowsDefenderSecurityCenter/Phone**
@ -1194,6 +1430,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in the next major release of Windows 10.
<!--/Policies-->

2
windows/deployment/update/waas-manage-updates-wufb.md
View File

@ -29,7 +29,7 @@ Windows Update for Business enables information technology administrators to kee
Specifically, Windows Update for Business allows for:
- The creation of deployment rings, where administrators can specify which devices go first in an update wave, and which ones will come later (to ensure any quality bars are met).
- The creation of deployment rings, where administrators can specify which devices go first in an update wave, and which ones will come later (to allow for reliability and performance testing on a subset of systems before rolling out updates across the organization).
- Selectively including or excluding drivers as part of Microsoft-provided updates
- Integration with existing management tools such as Windows Server Update Services (WSUS), System Center Configuration Manager, and Microsoft Intune.
- Peer-to-peer delivery for Microsoft updates, which optimizes bandwidth efficiency and reduces the need for an on-site server caching solution.

202
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
View File

@ -2853,6 +2853,208 @@ The following fields are available:
- **PluginName** Name of the specific remediation for each generic plugin event.
- **Result** Results of the detection or perform action phases of the remediation system.
## Sediment Service events
>[!NOTE]
>Events from this provider are sent with the installation of KB4023057 and any subsequent Windows update. For details, see [this support article](https://support.microsoft.com/help/4023057).
### Microsoft.Windows.SedimentService.Applicable
Indicates whether a given plugin is applicable.
The following fields are available:
- **CV** Correlation vector.
- **DetectedCondition** Boolean true if detect condition is true and perform action will be run.
- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **IsSelfUpdateEnabledInOneSettings** True/False based on whether self update is enabled.
- **IsSelfUpdateNeeded** True/False based on whether a newer version is available.
- **PackageVersion** Version of the package.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
### Microsoft.Windows.SedimentService.Completed
Indicates whether a given plugin has completed its work.
The following fields are available:
- **CV** Correlation vector.
- **FailedReasons** String reason for any plugin failures.
- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **PackageVersion** Current package version of Remediation.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** Result of the service execution.
- **SedimentServiceCheckTaskFunctional** Result of checking if the scheduled task is functional.
- **SedimentServiceCurrentBytes** Current number of bytes the service is consuming.
- **SedimentServiceKillService** True/False based on whether the service should be stopped.
- **SedimentServiceMaximumBytes** Maximum bytes the service can consume.
- **SedimentServiceRetrievedKillService** True/False whether the kill service information was retrieved.
- **SedimentServiceStopping** True/False indicating whether the service was found to be stopping.
- **SedimentServiceTaskFunctional** True/False if scheduled task is functional. If task is not functional this indicates plugins will be run.
- **SedimentServiceTotalIterations** Number of iterations service will wait before running again.
### Microsoft.Windows.SedimentService.Error
Indicates whether an error condition occurs in the plugin.
The following fields are available:
- **Message** String message containing information from the service.
- **PackageVersion** Version of the package.
- **HResult** Return value from the plugin result.
### Microsoft.Windows.SedimentService.FallbackError
Indicates whether an error occurs for a fallback in the plugin.
The following fields are available:
- **s0** Fallback error level.
- **wilResult** Result for Windows Installer Logging function.
### Microsoft.Windows.SedimentService.Information
General information returned from the plugin.
The following fields are available:
- **HResult** Result of the plugin execution.
- **Message** Information collected from the plugin based on the purpose of the plugin.
- **PackageVersion** Version of the package.
### Microsoft.Windows.SedimentService.Started
Indicates that a given plugin has started.
The following fields are available:
- **CV** Correlation vector
- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **PackageVersion** Version of the package.
- **PluginName** Name of the plugin running.
- **Result** Return code from the plugin result.
### Microsoft.Windows.SedimentService.wilResult
Result from the windows internal library.
The following fields are available:
- **callContext** List of telemetry activities containing this error.
- **currentContextId** Identifier for the newest telemetry activity containing this error.
- **currentContextMessage** Custom message associated with the newest telemetry activity containing this error (if any).
- **currentContextName** Name of the newest telemetry activity containing this error.
- **failureType** Indicates what type of failure was observed (exception, returned error, logged error or fail fast.
- **failureId** Identifier assigned to this failure.
- **filename** The name of the source file where the error occurred.
- **hresult** Failure error code.
- **lineNumber** Line number within the source file where the error occurred.
- **message** Custom message associated with the failure (if any).
- **module** Name of the binary where the error occurred.
- **originatingContextId** Identifier for the oldest telemetry activity containing this error.
- **originatingContextMessage** Custom message associated with the oldest telemetry activity containing this error (if any).
- **originatingContextName** Name of the oldest telemetry activity containing this error.
- **threadId** Identifier of the thread the error occurred on.
## Sediment Launcher events
>[!NOTE]
>Events from this provider are sent with the installation of KB4023057 and any subsequent Windows update. For details, see [this support article](https://support.microsoft.com/help/4023057).
### Microsoft.Windows.SedimentLauncher.Applicable
Indicates whether a given plugin is applicable.
The following fields are available:
- **CV** Correlation vector.
- **DetectedCondition** Boolean true if detect condition is true and action will be run.
- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **IsSelfUpdateEnabledInOneSettings** True/False based on whether self update is enabled.
- **IsSelfUpdateNeeded** True/False based on whether a newer version is available.
- **PackageVersion** Version of the package.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
### Microsoft.Windows.SedimentLauncher.Completed
Indicates whether a given plugin has completed its work.
The following fields are available:
- **CV** Correlation vector.
- **FailedReasons** String reason for any plugin failures.
- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **PackageVersion** Current package version of Remediation.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** Result of the service execution.
- **SedLauncherExecutionResult** Final result of launcher running the plugins from the dll.
### Microsoft.Windows.SedimentLauncher.Error
Error occurred during execution of the plugin.
The following fields are available:
- **Message** Information message returned from a plugin containing only information internal to plugin execution.
- **PackageVersion** Version of the package.
- **HResult** Return value from the plugin result.
### Microsoft.Windows.SedimentLauncher.FallbackError
Error occurred during execution of the plugin fallback.
The following fields are available:
- **s0** Fallback error level for plugin.
- **wilResult** Result from executing Windows Installer Logging based function.
### Microsoft.Windows.SedimentLauncher.Information
General information returned from the plugin.
The following fields are available:
- **HResult** Result of the plugin execution.
- **Message** Information collected from the plugin based on the purpose of the plugin.
- **PackageVersion** Version of the package.
### Microsoft.Windows.SedimentLauncher.Started
Indicates that a given plugin has started.
The following fields are available:
- **CV** Correlation vector.
- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **PackageVersion** Version of the package.
- **PluginName** Name of the plugin running.
- **Result** Return code from the plugin result.
### Microsoft.Windows.SedimentLauncher.wilResult
Result from the windows internal library.
The following fields are available:
- **callContext** List of telemetry activities containing this error.
- **currentContextId** Identifier for the newest telemetry activity containing this error.
- **currentContextMessage** Custom message associated with the newest telemetry activity containing this error (if any).
- **currentContextName** Name of the newest telemetry activity containing this error.
- **failurecount** Number of failures seen.
- **failureType** Indicates what type of failure was observed (exception, returned error, logged error or fail fast.
- **failureId** Identifier assigned to this failure.
- **filename** The name of the source file where the error occurred.
- **function** Name of the function where the error occurred.
- **hresult** Failure error code.
- **lineNumber** Line number within the source file where the error occurred.
- **message** Custom message associated with the failure (if any).
- **module** Name of the binary where the error occurred.
- **originatingContextId** Identifier for the oldest telemetry activity containing this error.
- **originatingContextMessage** Custom message associated with the oldest telemetry activity containing this error (if any).
- **originatingContextName** Name of the oldest telemetry activity containing this error.
- **threadId** Identifier of the thread the error occurred on.
## Setup events

20
windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
View File

@ -25,7 +25,7 @@ Install the Remote Server Administration Tools for Windows 10 on a computer runn
Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information.
Domain controllers of Windows Hello for Business deployments need one Group Policy setting, which enables automatic certificate enrollment for the newly create domain controller authentication certificate. This policy setting ensures domain controllers (new and existing) autoamtically request and renew the correct domain controller certifcate.
Domain controllers of Windows Hello for Business deployments need one Group Policy setting, which enables automatic certificate enrollment for the newly create domain controller authentication certificate. This policy setting ensures domain controllers (new and existing) automatically request and renew the correct domain controller certificate.
Hybrid Azure AD joined devices needs one Group Policy settings:
* Enable Windows Hello for Business
@ -36,7 +36,7 @@ Domain controllers automatically request a certificate from the *Domain Controll
To continue automatic enrollment and renewal of domain controller certificates that understand newer certificate template and superseded certificate template configurations, create and configure a Group Policy object for automatic certificate enrollment and link the Group Policy object to the Domain Controllers OU.
#### Create a Domain Controller Automatic Certifiacte Enrollment Group Policy object
#### Create a Domain Controller Automatic Certificate Enrollment Group Policy object
Sign-in a domain controller or management workstations with _Domain Admin_ equivalent credentials.
@ -47,7 +47,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
5. Right-click the **Domain Controller Auto Certificate Enrollment** Group Policy object and click **Edit**.
6. In the navigation pane, expand **Policies** under **Computer Configuration**.
7. Expand **Windows Settings**, **Security Settings**, and click **Public Key Policies**.
8. In the details pane, right-click **Certificate Services Client <EFBFBD> Auto-Enrollment** and select **Properties**.
8. In the details pane, right-click **Certificate Services Client - Auto-Enrollment** and select **Properties**.
9. Select **Enabled** from the **Configuration Model** list.
10. Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box.
11. Select the **Update certificates that use certificate templates** check box.
@ -58,7 +58,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
Sign-in a domain controller or management workstations with _Domain Admin_ equivalent credentials.
1. Start the **Group Policy Management Console** (gpmc.msc)
2. In the navigation pane, expand the domain and expand the node that has your Active Directory domain name. Right-click the **Domain Controllers** organizational unit and click **Link an existing GPO<EFBFBD>**
2. In the navigation pane, expand the domain and expand the node that has your Active Directory domain name. Right-click the **Domain Controllers** organizational unit and click **Link an existing GPO**
3. In the **Select GPO** dialog box, select **Domain Controller Auto Certificate Enrollment** or the name of the domain controller certificate enrollment Group Policy object you previously created and click **OK**.
### Windows Hello for Business Group Policy
@ -100,16 +100,16 @@ The best way to deploy the Windows Hello for Business Group Policy object is to
The application of the Windows Hello for Business Group Policy object uses security group filtering. This enables you to link the Group Policy object at the domain, ensuring the Group Policy object is within scope to all users. However, the security group filtering ensures only the users included in the *Windows Hello for Business Users* global group receive and apply the Group Policy object, which results in the provisioning of Windows Hello for Business.
1. Start the **Group Policy Management Console** (gpmc.msc)
2. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and click **Link an existing GPO<EFBFBD>**
2. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and click **Link an existing GPO**
3. In the **Select GPO** dialog box, select **Enable Windows Hello for Business** or the name of the Windows Hello for Business Group Policy object you previously created and click **OK**.
Just to reassure, linking the **Windows Hello for Business** Group Policy object to the domain ensures the Group Policy object is in scope for all domain users. However, not all users will have the policy settings applied to them. Only users who are members of the Windows Hello for Business group receive the policy settings. All others users ignore the Group Policy object.
Just to reassure, linking the **Windows Hello for Business** Group Policy object to the domain ensures the Group Policy object is in scope for all domain users. However, not all users will have the policy settings applied to them. Only users who are members of the Windows Hello for Business group receive the policy settings. All other users ignore the Group Policy object.
## Other Related Group Policy settings
### Windows Hello for Business
There are other Windows Hello for Business policy settings you can configure to manage your Windows Hello for Business deployment. These policy settings are computer-based policy setting; so they are applicable to any user that sign-in from a computer with these policy settings.
There are other Windows Hello for Business policy settings you can configure to manage your Windows Hello for Business deployment. These policy settings are computer-based policy setting so they are applicable to any user that sign-in from a computer with these policy settings.
#### Use a hardware security device
@ -117,7 +117,7 @@ The default configuration for Windows Hello for Business is to prefer hardware p
You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials. Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business.
Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiven during anti-hammering and PIN lockout activities. Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object.
Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiven during anti-hammering and PIN lockout activities. Therefore, some organization may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object.
#### Use biometrics
@ -144,7 +144,7 @@ Windows 10 provides eight PIN Complexity Group Policy settings that give you gra
## Add users to the Windows Hello for Business Users group
Users must receive the Windows Hello for Business group policy settings and have the proper permission to provision Windows Hello for Business . You can provide users with these settings and permissions by adding the users or groups to the **Windows Hello for Business Users** group. Users and groups who are not members of this group will not attempt to enroll for Windows Hello for Business.
Users must receive the Windows Hello for Business group policy settings and have the proper permission to provision Windows Hello for Business. You can provide users with these settings and permissions by adding the users or groups to the **Windows Hello for Business Users** group. Users and groups who are not members of this group will not attempt to enroll for Windows Hello for Business.
### Section Review
> [!div class="checklist"]
@ -168,4 +168,4 @@ Users must receive the Windows Hello for Business group policy settings and have
4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
6. Configure Windows Hello for Business policy settings (*You are here*)
7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)

2
windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
View File

@ -422,7 +422,7 @@ There are no default locations included with WIP, you must add each of your netw
<tr>
<td>Network domains</td>
<td>corp.contoso.com,region.contoso.com</td>
<td>Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.<br><br>If you have multiple resources, you must separate them using the "," delimiter.</td>
<td>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.<br><br>If you have multiple resources, you must separate them using the "," delimiter.</td>
</tr>
<tr>
<td>Proxy servers</td>