From 7ecb866b55423fc932f78cc92594c8076e09db10 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 18 Jul 2018 19:43:09 -0700 Subject: [PATCH 01/12] add downlevel in toc --- windows/security/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index d96b9d9dc8..cf34540df2 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -15,6 +15,7 @@ ##### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md) ##### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md) #### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md) +##### [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md) ##### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md) ###### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md) ###### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) From 3ffc403c01a23f66bc1d3769fcba3639384f6bb5 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 18 Jul 2018 19:46:53 -0700 Subject: [PATCH 02/12] typo --- ...ard-downlevel-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index f663a3e628..46f931e363 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -60,7 +60,7 @@ Review the following details to verify minimum system requirements: >[!NOTE] >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. -- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in you environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites) +- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in your environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites) 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604). From 269a77fbcbf4cd88b225a8ce61a774c094dd7ccb Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 18 Jul 2018 19:57:58 -0700 Subject: [PATCH 03/12] fix broken link --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index cf34540df2..f7efa0b32e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -15,7 +15,7 @@ ##### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md) ##### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md) #### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md) -##### [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md) +##### [Onboard previous versions of Windows](windows-defender-atp\onboard-downlevel-windows-defender-advanced-threat-protection.md) ##### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md) ###### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md) ###### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) From 9122c26833284e27a7c8970137ba91ad4feaedb4 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 19 Jul 2018 06:53:10 -0700 Subject: [PATCH 04/12] updated the data type for set home button url and changed the preview build --- browsers/edge/TOC.md | 2 ++ browsers/edge/includes/set-home-button-url-include.md | 2 +- browsers/edge/new-policies.md | 6 +++--- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/browsers/edge/TOC.md b/browsers/edge/TOC.md index 2f744948aa..74016c002c 100644 --- a/browsers/edge/TOC.md +++ b/browsers/edge/TOC.md @@ -1,6 +1,8 @@ #[Microsoft Edge - Deployment Guide for IT Pros](index.md) +##[New Microsoft Edge Group Policies and MDM settings](new-policies.md) +##[Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md) ##[Change history for Microsoft Edge](change-history-for-microsoft-edge.md) diff --git a/browsers/edge/includes/set-home-button-url-include.md b/browsers/edge/includes/set-home-button-url-include.md index ff3eaabf96..221783e102 100644 --- a/browsers/edge/includes/set-home-button-url-include.md +++ b/browsers/edge/includes/set-home-button-url-include.md @@ -40,7 +40,7 @@ Enable the **Configure Home Button** policy and select the _Hide home button_ op - **MDM name:** Browser/[SetHomeButtonURL](../new-policies.md#set-home-button-url) - **Supported devices:** Desktop and Mobile - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL -- **Data type:** Integer +- **Data type:** String #### Registry settings - **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings diff --git a/browsers/edge/new-policies.md b/browsers/edge/new-policies.md index 647a1677f7..12f8077bd3 100644 --- a/browsers/edge/new-policies.md +++ b/browsers/edge/new-policies.md @@ -8,15 +8,15 @@ ms.mktglfcycl: explore ms.sitesec: library title: New Microsoft Edge Group Policies and MDM settings ms.localizationpriority: -ms.date: 07/18/2018 +ms.date: 07/19/2018 --- # New Microsoft Edge Group Policies and MDM settings (Preview) > Applies to: Microsoft Edge on Windows 10
-> Preview build 17718 +> Preview build 17713+ -The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17718. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions. +The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17713+. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions. You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:

      Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\ From 44bbe7fbbe149c4368001b6e5d4dddb3c9a83cc0 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 19 Jul 2018 10:10:18 -0700 Subject: [PATCH 05/12] removed the Windows Settings information and added a note around the local account as a kiosk account --- ...turning-off-required-extensions-include.md | 4 +- .../edge/microsoft-edge-kiosk-mode-deploy.md | 56 +---------- .../mdm/policy-csp-browser.md | 97 ++++++++++--------- 3 files changed, 53 insertions(+), 104 deletions(-) diff --git a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md index 8b6ea6acbf..cacc2d7504 100644 --- a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md +++ b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md @@ -8,8 +8,8 @@ |Group Policy |Description | |---|---| -|Disabled or not configured
**(default)** |Provide a semi-colon delimited list of extension PFNs. For example, adding _Microsoft.OneNoteWebClipper8wekyb3d8bbwe_ or _Microsoft.OfficeOnline8wekyb3d8bbwe_ prevents a user from turning off the OneNote Web Clipper and Office Online extension. After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. | -|Enabled |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. | +|Disabled or not configured
**(default)** |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. | +|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding _Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_ prevents a user from turning off the OneNote Web Clipper and Office Online extension. After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. | --- ### ADMX info and settings diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index 3782e2169c..38ef98b09d 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -56,8 +56,6 @@ The multi-app Microsoft Edge kiosk mode types include: ## Let’s get started! Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Edge in assigned access. You can set up Microsoft Edge kiosk mode in assigned access using: -- **Windows Settings.** Best for physically setting up a single device as a kiosk. With this method, you set up assigned access and configure the kiosk or digital sign device using Settings. You can configure Microsoft Edge in single-app (kiosk type – Full-screen or public browsing) and define a single URL for the Home button, Start page, and New tab page. You can also set the idle timer to restart the kiosk session after a period of inactivity. - - **Microsoft Intune or other MDM service.** Best for setting up multiple devices as a kiosk. With this method, you configure Microsoft Edge in assigned access and configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access. >[!NOTE] @@ -73,58 +71,8 @@ Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Ed - Configuration and deployment service, such as Windows PowerShell, Microsoft Intune or other MDM service, or Windows Configuration Designer. With these methods, you must have the [AppUserModelID](https://docs.microsoft.com/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app); this does not apply to the Windows Settings method. -### Use Windows Settings - -Windows Settings is the simplest and easiest way to set up one or a couple of devices because you must perform these steps on each device. This method is ideal for small businesses. - -1. In Windows Settings, select **Accounts** \> **Other people**. - -2. Under **Set up a kiosk**, select **Assigned access**. - -3. Select **Get started**. - -4. Create a standard user account or choose an existing account for your kiosk. - -5. Select **Next**. - -6. On the **Choose a kiosk app** page, select **Microsoft Edge.** - -7. Select **Next**. - -8. Select how Microsoft Edge displays when running in kiosk mode: - - - **As a digital sign or interactive display**, the default URL shows in full screen, without browser controls. - - - **As a public browser**, the default URL shows in a browser view with limited browser controls. - -9. Select **Next**. - -10. Enter the URL that you want to load when the kiosk launches. - - >[!NOTE] - >The URL sets the Home button, Start page, and New tab page. - -11. Microsoft Edge in kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue. If **Continue** is not selected, Microsoft Edge resets to the default URL. You can accept the default value of **5 minutes**, or you can choose your own idle timer value. - -12. Select **Next**, and then select **Close**. - -13. Close **Settings** to save your choices automatically and apply them the next time the user account logs on. - -14. Configure the policies for Microsoft Edge kiosk mode. For details on the valid kiosk policy settings, see [Related policies](#related-policies). - -15. Validate the Microsoft Edge kiosk mode by restarting the device and signing in with the local kiosk account. - -**_Congratulations!_** You’ve finished setting up Microsoft Edge in assigned access and a kiosk or digital sign, and configured browser policies for Microsoft Edge kiosk mode. - -**_Next steps._** -- Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app. -- If you want to make changes to your kiosk, you can quickly change the display option and default URL for Microsoft Edge. - - 1. Go to **Start** \> **Settings** \> **Accounts** \> **Other people**. - - 2. Under **Set up a kiosk**, select **Assigned access**. - - 3. Make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge**. +>[!Important] +>If you are using a local account as a kiosk account in Intune or provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk. ### Use Microsoft Intune or other MDM service diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 1a68801067..6ba1d564bf 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -239,9 +239,8 @@ ms.date: 07/18/2018 Added in Windows 10, version 1703. -By default, Microsoft Edge shows the Address bar drop-down list and makes it available. When enabled (default setting), this policy takes precedence over the [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) policy. If you want to minimize network connections from Microsoft Edge to Microsoft service, we recommend disabling this policy, which hides the Address bar drop-down list functionality. When disabled, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.   +[!INCLUDE [allow-address-bar-drop-down-shortdesc](../../../browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md)] -Most restricted value is 0. @@ -253,11 +252,12 @@ ADMX Info: -The following list shows the supported values: +Allowed values: -- 0 – Not allowed. Address bar drop-down is disabled, which also disables the user-defined setting, "Show search and site suggestions as I type."  -- 1 (default) – Allowed. Address bar drop-down is enabled. +- 0 – Prevented/not allowed. Hide the Address bar drop-down functionality and disable the _Show search and site suggestions as I type_ toggle in Settings.  +- 1 (default) – Allowed. Show the Address bar drop-down list and make it available. +Most restricted value: 0 @@ -300,9 +300,7 @@ The following list shows the supported values: -By default, users can choose to use Autofill for filling in form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill. - -Most restricted value is 0. +[!INCLUDE [configure-autofill-shortdesc](../../../browsers/edge/shortdesc/configure-autofill-shortdesc.md)] @@ -314,11 +312,13 @@ ADMX Info: -The following list shows the supported values: +Allowed values: -- 0 – Not allowed. +- Blank - Users can choose to use AutoFill. +- 0 – Prevented/not allowed. - 1 (default) – Allowed. +Most restricted value: 0 To verify AllowAutofill is set to 0 (not allowed): @@ -373,17 +373,18 @@ To verify AllowAutofill is set to 0 (not allowed): > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. -By default, the device allows Microsoft Edge on Windows 10 Mobile. Disabling this policy disables the Microsoft Edge tile, and when clicking the tile, a message opens indicating that the administrator disabled Internet browsing. +The device allows Microsoft Edge on Windows 10 Mobile by default. With this policy, you can disable the Microsoft Edge tile, and when clicking the tile, a message opens indicating that the administrator disabled Internet browsing. + -Most restricted value is 0. -The following list shows the supported values: +Allowed values: -- 0 – Not allowed. +- 0 – Prevented/not allowed. - 1 (default) – Allowed. +Most restricted value: 0 @@ -426,14 +427,14 @@ The following list shows the supported values: -By default, Microsoft Edge automatically updates the configuration data for the Books Library. Enabling this policy prevents Microsoft Edge from updating the configuration data. +Microsoft Edge automatically updates the configuration data for the Books Library. Disabling this policy prevents Microsoft Edge from updating the configuration data. -The following list shows the supported values: +Allowed values: -- 0 - Disable. Microsoft Edge cannot retrieve a configuration -- 1 - Enable (default). Microsoft Edge can retrieve a configuration for Books Library +- 0 - Prevented/not allowed. +- 1 (default). Allowed. Microsoft Edge updates the configuration data for the Books Library automatically. @@ -493,7 +494,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – Block all cookies from all sites. - 1 – Block only cookies from third party websites. @@ -567,7 +568,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -628,7 +629,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - Blank/Null (default) Not configured - Does not send tracking information, but allow users to choose whether to send tracking information to sites they visit. - 0 (Disabled) - Never sends tracking information. @@ -697,7 +698,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -756,7 +757,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -815,7 +816,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – Adobe Flash content is automatically loaded and run by Microsoft Edge. - 1 (default) – Users must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. @@ -942,7 +943,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -1006,7 +1007,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – Not enabled. - 1 (default) – Enabled. @@ -1067,7 +1068,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -1407,7 +1408,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -1468,7 +1469,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -1596,7 +1597,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -1800,7 +1801,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) - Disable. Use default visibility of the Books Library. The Library will be only visible in countries or regions where it’s available. - 1 - Enable. Always show the Books Library, regardless of countries or region of activation. @@ -1861,7 +1862,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 – (default) Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings. - 1 – Browsing data is cleared on exit. @@ -1940,7 +1941,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) – Additional search engines are not allowed. - 1 – Additional search engines are allowed. @@ -2437,7 +2438,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) – Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages.  - 1 – Disable lockdown of the Start pages and allow users to modify them. @@ -2498,7 +2499,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) - Disable. No additional diagnostic data. - 1 - Enable. Additional diagnostic data for schools. @@ -2562,7 +2563,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - Not configured. The device checks for updates from Microsoft Update. - Set to a URL location of the enterprise site list. @@ -2850,7 +2851,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 - Disabled. Do not lockdown Favorites. - 1 - Enabled. Lockdown Favorites. @@ -2909,7 +2910,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) – Users can access the about:flags page in Microsoft Edge. - 1 – Users can't access the about:flags page in Microsoft Edge. @@ -3037,7 +3038,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) – Employees see the First Run webpage. - 1 – Employees don't see the First Run webpage. @@ -3098,7 +3099,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) – Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge. - 1 – Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge. @@ -3159,7 +3160,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) – Off. - 1 – On. @@ -3218,7 +3219,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) – Off. - 1 – On. @@ -3280,7 +3281,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) – Allow pre-launch and preload. - 1 – Prevent pre-launch and preload. @@ -3343,7 +3344,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) – The localhost IP address is shown. - 1 – The localhost IP address is hidden. @@ -3474,7 +3475,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) - All websites, including intranet sites, open in Microsoft Edge automatically. - 1 - Only intranet sites open in Internet Explorer 11 automatically. @@ -3544,7 +3545,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) - The default search engine is set to the one specified in App settings. - 1 - Allows you to configure the default search engine for your employees. @@ -3808,7 +3809,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 (default) – Synchronization is off. - 1 – Synchronization is on. @@ -3944,7 +3945,7 @@ ADMX Info: -The following list shows the supported values: +Allowed values: - 0 - No shared folder. - 1 - Use a shared folder. From 114881a440da3650945ef931b0019f9731a9aec1 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 19 Jul 2018 10:28:51 -0700 Subject: [PATCH 06/12] change the preview build number to 17713+ --- .../includes/prevent-turning-off-required-extensions-include.md | 2 +- browsers/edge/microsoft-edge-kiosk-mode-deploy.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md index cacc2d7504..f8d5229e4c 100644 --- a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md +++ b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md @@ -9,7 +9,7 @@ |Group Policy |Description | |---|---| |Disabled or not configured
**(default)** |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. | -|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding _Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_ prevents a user from turning off the OneNote Web Clipper and Office Online extension. After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. | +|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following the OneNote Web Clipper and Office Online extension prevents users from turning it off:

_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_

After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. | --- ### ADMX info and settings diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index 38ef98b09d..fa07a98bf1 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -13,7 +13,7 @@ ms.date: 07/18/2018 # Deploy Microsoft Edge kiosk mode (Preview) >Applies to: Microsoft Edge on Windows 10
->Preview build 17718 +>Preview build 17713+ Microsoft Edge kiosk mode works with assigned access to let IT administrators create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc). From 2d36418c31d538a65439ac097c8103503b0ec3bc Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 19 Jul 2018 11:27:39 -0700 Subject: [PATCH 07/12] changed the build # in the known issues section and renamed a section --- browsers/edge/microsoft-edge-kiosk-mode-deploy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index fa07a98bf1..9c9232315b 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -128,7 +128,7 @@ With this method, you can use a provisioning package to configure Microsoft Edge **_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app. -## Related policies +## Relevant policies Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser). @@ -223,7 +223,7 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie - **[Create a provisioning page for Windows 10](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package):** Learn to use Windows Configuration Designer (WCD) to create a provisioning package (.ppkg) for configuring devices running Windows 10. The WCD wizard options provide a simple interface to configure desktop, mobile, and kiosk device settings. -## Known issues with RS_PRERELEASE build 17718 +## Known issues with RS_PRERELEASE build 17713+ - When you set up Microsoft Edge as your kiosk app and define the URL in assigned access Settings the URL, Microsoft Edge may not get launched with the configured URL. - **Expected behavior** – Microsoft Edge kiosk mode opens the URL on startup. From a1d3e864fd5696e7bb095df4ceb5b6b42a228142 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 19 Jul 2018 11:54:44 -0700 Subject: [PATCH 08/12] not sure why this is all of a sudden an error --- .../edge/shortdesc/allow-address-bar-drop-down-shortdesc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md index 85e85e81fc..bcb24a6173 100644 --- a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md +++ b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md @@ -1 +1 @@ -Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the [Configure search suggestions in Address bar](../available-policies.md#configure-search-suggestions-in-address-bar) policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the Show search and site suggestions as I type toggle in Settings. \ No newline at end of file +Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the [Configure search suggestions in Address bar](../available-policies.md#configure-search-suggestions-in-address-bar) policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings. \ No newline at end of file From d05a6dd806af23b7ba7f43bb84c870dbb042160e Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 19 Jul 2018 13:52:40 -0700 Subject: [PATCH 09/12] updated invalid links --- browsers/edge/available-policies.md | 6 +++--- browsers/edge/new-policies.md | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 7c3c8a5909..b610ebb83c 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -51,9 +51,7 @@ If you disable or don’t configure this policy, Microsoft Edge does not use a s ## Allow Address bar drop-down list suggestions >*Supported versions: Windows 10, version 1703 or later* -By default, Microsoft Edge shows the Address bar drop-down list and makes it available. If you want to minimize network connections from Microsoft Edge to Microsoft service, we recommend disabling this policy. Disabling this policy turns off the Address bar drop-down list functionality. - -When disabled, Microsoft Edge also disables the user-defined policy Show search and site suggestions as I type. Because the drop-down shows the search suggestions, this policy takes precedence over the [Configure search suggestions in Address bar](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies#configure-search-suggestions-in-address-bar) policy. +[!INCLUDE [allow-address-bar-drop-down-shortdesc](shortdesc/allow-address-bar-drop-down-shortdesc.md)] **Microsoft Intune to manage your MDM settings** | | | @@ -307,6 +305,8 @@ This policy setting specifies whether Do Not Track requests to websites is allow ## Configure Favorites >*Supported versions: Microsoft Edge on Windows 10, version 1511 or later* + + This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their favorites by adding or removing items at any time. If you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed. diff --git a/browsers/edge/new-policies.md b/browsers/edge/new-policies.md index 12f8077bd3..da43ce9f80 100644 --- a/browsers/edge/new-policies.md +++ b/browsers/edge/new-policies.md @@ -18,8 +18,9 @@ ms.date: 07/19/2018 The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17713+. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions. -You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:

      Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\ - +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor: +>*Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\* +

From 85595900a4646bb0aa34ff48866978a1788333fc Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 19 Jul 2018 14:10:05 -0700 Subject: [PATCH 10/12] fix indents --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index d96b9d9dc8..994dbfc37f 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -80,7 +80,7 @@ ######## [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) ######## [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) -###### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md) +##### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md) ###### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md) ####### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md) ####### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) From 2d6c97cc46261af0865975c034b7fe40ecd57749 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 19 Jul 2018 14:18:22 -0700 Subject: [PATCH 11/12] update location of auto-ir --- windows/security/threat-protection/TOC.md | 3 +-- windows/security/threat-protection/windows-defender-atp/TOC.md | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 994dbfc37f..35d132c1d6 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -80,12 +80,11 @@ ######## [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) ######## [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) -##### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md) ###### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md) ####### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md) ####### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) - +#### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md) #### [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md) ####API and SIEM support diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index fa8be23611..e0acbff6f6 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -72,11 +72,12 @@ ###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) ###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) -### [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md) ### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md) #### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md) #### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) +## [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md) + ## [Protect data with conditional access](conditional-access-windows-defender-advanced-threat-protection.md) ##API and SIEM support ### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) From 4551500778c73d18c04fcc866644885b95b4a031 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 19 Jul 2018 14:20:21 -0700 Subject: [PATCH 12/12] added new settings --- windows/client-management/mdm/defender-csp.md | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 8d0e9d0859..1de854c1a4 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 07/18/2018 +ms.date: 07/19/2018 --- # Defender CSP @@ -114,6 +114,9 @@ The following table describes the supported values: | 46 | Behavior | | 47 | Vulnerability | | 48 | Policy | +| 49 | EUS (Enterprise Unwanted Software)| +| 50 | Ransomware | +| 51 | ASR Rule |   @@ -126,19 +129,17 @@ The data type is a integer. The following list shows the supported values: -- 0 = Unknown -- 1 = Detected -- 2 = Cleaned -- 3 = Quarantined -- 4 = Removed -- 5 = Allowed -- 6 = Blocked -- 102 = Clean failed -- 103 = Quarantine failed -- 104 = Remove failed -- 105 = Allow failed -- 106 = Abandoned -- 107 = Block failed +- 0 = Active +- 1 = Action failed +- 2 = Manual steps required +- 3 = Full scan required +- 4 = Reboot required +- 5 = Remediated with non critical failures +- 6 = Quarantined +- 7 = Removed +- 8 = Cleaned +- 9 = Allowed +- 10 = No Status ( Cleared) Supported operation is Get.