deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

reworking the edge content

Browse Source
This commit is contained in:
Patti Short 2018-07-26 11:54:05 -07:00
parent 25c69753dc
commit 64e7cb3924
7 changed files with 65 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
browsers/edge/TOC.md
View File

@ -1,10 +1,11 @@
#[Microsoft Edge - Deployment guidance for IT Pros](index.yml)
#[Microsoft Edge for IT Pros](index.yml)
##[New Microsoft Edge Group Policies and MDM settings](new-policies.md)
##[Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
##[Group Policy configuration options](group-policies/index.yml)
##[Microsoft Edge configuration options](group-policies/index.yml)
###[All group policies](available-policies.md)
###[Home button settings](group-policies/home-button-gp.md)
###[Prelaunch Microsoft Edge and preload tabs](group-policies/prelaunch-preload-gp.md)
###[Search engine customization](group-policies/search-engine-customization-gp.md)
@ -15,9 +16,11 @@
##[Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
##[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)
##[System requirements](about-microsoft-edge.md#minimum-system-requirements)
##[Supported languages](about-microsoft-edge.md#supported-languages)
##[Available policies for Microsoft Edge](available-policies.md)
##[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)

67
browsers/edge/about-microsoft-edge.md
View File

@ -27,75 +27,11 @@ Microsoft Edge is designed with significant security improvements, helping to de
Microsoft Edge is the first browser to natively support Windows Hello as a more personal, seamless, and secure way to authenticate on the web, powered by an early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/).
## Interoperability goals and enterprise guidance
Our primary goal is that your modern websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser.
However, if you're running web apps that continue to use:
* ActiveX controls
* x-ua-compatible headers
* <meta> tags
* Enterprise mode or compatibility view to address compatibility issues
* legacy document modes
You'll need to keep running them using IE11. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md).
### Enterprise guidance
Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956).
We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10.
If you're having trouble deciding whether Microsoft Edge is good for your organization, you can take a look at this infographic about the potential impact of using Microsoft Edge in an organization.
![Microsoft Edge infographic](images/microsoft-edge-infographic-sm.png)<br>
[Click to enlarge](img-microsoft-edge-infographic-lg.md)<br>
[Click to download image](https://www.microsoft.com/download/details.aspx?id=53892)
#### Microsoft Edge
Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
- **Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on webpages.
- **Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout that's optimized for your screen size. While in reading view, you can also save webpages or PDF files to your reading list, for later viewing.
- **Cortana.** Cortana is automatically enabled on Microsoft Edge. Microsoft Edge lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
- **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
#### IE11
IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.
- **Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
- **Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.
- **More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
- **Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
- **Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
- **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment, and includes more than 1,600 Group Policies and preferences for granular control.
## Security and privacy
| | |
|---|---|
| **[Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Authenticates the user and the website with asymmetric cryptography technology. |
| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any site that is thought to be a phishing site. SmartScreen also helps to defend against installing malicious software or file downloads, even from trusted sites. |
| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically. |
| **Microsoft EdgeHTML** | Defends against hacking through the following security standards features:<ul><li>Support for the W3C standard for Content Security Policy (CSP), which helps web developers defend their sites against cross-site scripting attacks.</li><li>Support for the HTTP Strict Transport Security (HSTS) feature, which is IETF-standard compliant, and helps to ensure that connections to sites are always secure.</li></ul> |
| **Code integrity and image loading restrictions** | Prevents malicious DLLs from loading or injecting into the content processes. Only signed images are allowed to load in Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can&#39;t load. |
| **Memory corruption mitigations** | Defends against memory corruption weaknesses and vulnerabilities with the use of [CWE-416: Use After Free](http://cwe.mitre.org/data/definitions/416.html) (UAF). |
| **Memory Garbage Collector (MemGC) mitigation** | Replaces Memory Protector and helps to defend the browser from UAF vulnerabilities by freeing memory from the programmer and automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory. |
| **Control Flow Guard** | Compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only going to function entry points with known addresses. Control Flow Guard is a Microsoft Visual Studio technology. |
## Minimum system requirements
Some of the components in this table might also need additional system resources. Check the component's documentation for more information.
Some of the components might also need additional system resources. Check the component's documentation for more information.
| Item | Minimum requirements |
@ -231,3 +167,4 @@ Microsoft Edge supports all of the same languages as Windows 10, including:
| Yoruba | Nigeria | yo-NG |
 
---

6
browsers/edge/group-policies/index.yml
View File

@ -2,15 +2,15 @@
documentType: LandingData
title: Microsoft Edge Group Policy configuration options
title: Microsoft Edge group policies
metadata:
document_id:
title: Microsoft Edge Group Policy configuration options
title: Microsoft Edge group policies
description: Learn how to deploy and configure group policies in Microsoft Edge on Windows 10.
description: Learn how to configure group policies in Microsoft Edge on Windows 10.
text: Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.

34
browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
View File

@ -12,12 +12,33 @@ ms.sitesec: library
# Interoperability and enterprise guidance
>*Supported versions: Microsoft Edge on Windows 10*
default browser for Windows 10 and Windows 10 Mobile
goal is that all websites work in Microsoft Edge but at the same time if you have apps that use any of the following legacy technologies, you must keep running them in Internet Explorer 11:
* ActiveX controls
* x-ua-compatible headers
* &lt;meta&gt; tags
* Enterprise mode or compatibility view to address compatibility issues
* legacy document modes
>[!TIP]
>You can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md).
If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically.
Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
**Policies**
## Use Enterprise Mode in Microsoft Edge
1. [Configure the Enterprise Mode Site List](#configure-the-enterprise-mode-site-list)
2. [Send all intranet sites to Internet Explorer 11](#send-all-intranet-sites-to-internet-explorer-11)
@ -28,14 +49,15 @@ Using Enterprise Mode means that you can continue to use Microsoft Edge as your
![Use Enterprise Mode with Microsoft Edge to improve compatibility](../images/use-enterprise-mode-with-microsoft-edge-sm.png)
## Configure the Enterprise Mode Site List
### Configure the Enterprise Mode Site List
[!INCLUDE [configure-enterprise-mode-site-list-include](../includes/configure-enterprise-mode-site-list-include.md)]
## Send all intranet sites to Internet Explorer 11
### Send all intranet sites to Internet Explorer 11
[!INCLUDE [send-all-intranet-sites-ie-include](../includes/send-all-intranet-sites-ie-include.md)]
## Show message when opening sites in Internet Explorer
### Show message when opening sites in Internet Explorer
[!INCLUDE [show-message-opening-sites-ie-include](../includes/show-message-opening-sites-ie-include.md)]
## (IE11 policy) Send all sites not included in the Enterprise Mode Site List to Microsoft Edge
### (IE11 policy) Send all sites not included in the Enterprise Mode Site List to Microsoft Edge
[!INCLUDE [ie11-send-all-sites-not-in-site-list-include](../includes/ie11-send-all-sites-not-in-site-list-include.md)]

32
browsers/edge/group-policies/security-privacy-management-gp.md
View File

@ -3,34 +3,48 @@ title: Microsoft Edge - Security and privacy management
description: Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows. While most websites are safe, some sites have been designed to steal personal information or gain access to your systems resources.
ms.author: pashort
author: shortpatti
ms.date: 07/25/2018
ms.date: 07/27/2018
---
# Security and privacy management
>*Supported versions: Microsoft Edge on Windows 10*
Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows. While most websites are safe, some sites are malicious in nature, like stealing personal information or gain access to your systems resources. By no longer supporting VBScript, JScript, VML, Browser Helper Objects, Toolbars, ActiveX controls, and Internet Explorer document modes, Microsoft Edge significantly reduces attacks making the browser more secure.
Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows. While most websites are safe, some sites are malicious in nature, like stealing personal information or gain access to your systems resources. By no longer supporting VBScript, JScript, VML, Browser Helper Objects, Toolbars, ActiveX controls, and Internet Explorer document modes, Microsoft Edge significantly reduces attacks making the browser more secure.
| | |
|---|---|
| **[Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Authenticates the user and the website with asymmetric cryptography technology. Microsoft Edge natively supports Windows Hello as a more personal, seamless, and secure way to authenticate on the web, powered by an early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/). |
| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any site that is thought to be a phishing site. SmartScreen also helps to defend against installing malicious software or file downloads, even from trusted sites. |
| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically. |
| **Microsoft EdgeHTML** | Defends against hacking through the following security standards features:<ul><li>Support for the W3C standard for Content Security Policy (CSP), which helps web developers defend their sites against cross-site scripting attacks.</li><li>Support for the HTTP Strict Transport Security (HSTS) feature, which is IETF-standard compliant, and helps to ensure that connections to sites are always secure.</li></ul> |
| **Code integrity and image loading restrictions** | Prevents malicious DLLs from loading or injecting into the content processes. Only signed images are allowed to load in Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can&#39;t load. |
| **Memory corruption mitigations** | Defends against memory corruption weaknesses and vulnerabilities with the use of [CWE-416: Use After Free](http://cwe.mitre.org/data/definitions/416.html) (UAF). |
| **Memory Garbage Collector (MemGC) mitigation** | Replaces Memory Protector and helps to defend the browser from UAF vulnerabilities by freeing memory from the programmer and automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory. |
| **Control Flow Guard** | Compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only going to function entry points with known addresses. Control Flow Guard is a Microsoft Visual Studio technology. |
## Relevant group policies
## Configure cookies
### Configure cookies
[!INCLUDE [configure-cookies-include](../includes/configure-cookies-include.md)]
## Configure Password Manager
### Configure Password Manager
[!INCLUDE [configure-password-manager-include](../includes/configure-password-manager-include.md)]
## Configure Windows Defender SmartScreen
### Configure Windows Defender SmartScreen
[!INCLUDE [configure-windows-defender-smartscreen-include](../includes/configure-windows-defender-smartscreen-include.md)]
## Prevent bypassing Windows Defender SmartScreen prompts for files
### Prevent bypassing Windows Defender SmartScreen prompts for files
[!INCLUDE [prevent-bypassing-win-defender-files-include](../includes/prevent-bypassing-win-defender-files-include.md)]
## Prevent bypassing Windows Defender SmartScreen prompts for sites
### Prevent bypassing Windows Defender SmartScreen prompts for sites
[!INCLUDE [prevent-bypassing-win-defender-sites-include](../includes/prevent-bypassing-win-defender-sites-include.md)]
## Prevent certificate error overrides
### Prevent certificate error overrides
[!INCLUDE [prevent-certificate-error-overrides-include](../includes/prevent-certificate-error-overrides-include.md)]
## Prevent using Localhost IP address for WebRTC
### Prevent using Localhost IP address for WebRTC
[!INCLUDE [prevent-localhost-address-for-webrtc-include](../includes/prevent-localhost-address-for-webrtc-include.md)]

2
browsers/edge/group-policies/sync-browser-settings-gp.md
View File

@ -12,7 +12,7 @@ ms.date: 07/23/2018
By default, the “browser” group syncs automatically between the users devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the Sync your Settings toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy.
## Policies
## Relevant policies
- [Do not sync browser settings](../available-policies.md#do-not-sync-browser-settings)
- [Prevent users from turning on browser syncing](../new-policies.md#prevent-users-from-turning-on-browser-syncing)

2
browsers/edge/index.yml
View File

@ -142,7 +142,7 @@ sections:
- title: Microsoft Edge resources
html: <p><a class="barLink" href="https://docs.microsoft.com/en-us/microsoft-edge/deploy/change-history-for-microsoft-edge">Change history</a></p>
html: <p><a class="barLink" href="https://docs.microsoft.com/en-us/microsoft-edge/deploy/change-history-for-microsoft-edge">Document change history</a></p>
<p><a class="barLink" href="https://www.microsoft.com/en-us/WindowsForBusiness/Compare">Compare Windows 10 Editions</a></p>