From 3220c69aa78aad8cf40500e04dafc5e7844573da Mon Sep 17 00:00:00 2001 From: shortpatti Date: Fri, 9 Feb 2018 13:35:52 -0800 Subject: [PATCH 01/20] changed the Applies to format --- browsers/edge/emie-to-improve-compatibility.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md index 433e1061bf..e8a0eece50 100644 --- a/browsers/edge/emie-to-improve-compatibility.md +++ b/browsers/edge/emie-to-improve-compatibility.md @@ -13,14 +13,13 @@ ms.date: 07/27/2017 # Use Enterprise Mode to improve compatibility -**Applies to:** - -- Windows 10 +> Applies to: Windows 10 If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11. Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. + > **Note**
>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714). From 2643efc51fc078993be5d827f466900f2380f631 Mon Sep 17 00:00:00 2001 From: shortpatti Date: Fri, 9 Feb 2018 15:32:13 -0800 Subject: [PATCH 02/20] working in edge files; little to no changes have been made --- browsers/edge/emie-to-improve-compatibility.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md index e8a0eece50..c9cd299705 100644 --- a/browsers/edge/emie-to-improve-compatibility.md +++ b/browsers/edge/emie-to-improve-compatibility.md @@ -97,7 +97,5 @@ You can add the **Send all intranet traffic over to Internet Explorer** Group Po * [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714)   -  - From 778e0b1beae4797e95bc63bdc5a0fd115d8fd8d9 Mon Sep 17 00:00:00 2001 From: shortpatti Date: Fri, 9 Feb 2018 15:56:38 -0800 Subject: [PATCH 03/20] testing out a table format for the long list of Group Policy Settings to see if it's easier to scan through --- browsers/edge/available-policies.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 215e7cc5a8..60781088d9 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -10,12 +10,11 @@ ms.localizationpriority: high ms.date: 09/13/2017 --- + + # Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge -**Applies to:** - -- Windows 10 -- Windows 10 Mobile +> Applies to: Windows 10, Windows 10 Mobile Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. @@ -27,6 +26,12 @@ By using Group Policy and Intune, you can set up a policy setting once, and then ## Group Policy settings Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations: + + +Group Policy Setting | Supported versions | Description +--- | --- | --- +Allow Address bar drop-down list suggestions | Windows 10, version 1703 | This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
If you...Then...
Enable or don't configure this setting (default),employees can see the Address bar drop-down functionality in Microsoft Edge.
Disable this setting,employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."
Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. + ### Allow Address bar drop-down list suggestions - **Supported versions:** Windows 10, version 1703 From 6ce945db8c9ded1c97260bee4f56ab4fb86e8759 Mon Sep 17 00:00:00 2001 From: shortpatti Date: Fri, 9 Feb 2018 16:11:26 -0800 Subject: [PATCH 04/20] added a dropdown for the Group Policy Settings to see if it looks better than the table or the current presentation of the content --- browsers/edge/available-policies.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 60781088d9..e7f367bde9 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -26,12 +26,26 @@ By using Group Policy and Intune, you can set up a policy setting once, and then ## Group Policy settings Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations: - + Group Policy Setting | Supported versions | Description --- | --- | --- Allow Address bar drop-down list suggestions | Windows 10, version 1703 | This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
If you...Then...
Enable or don't configure this setting (default),employees can see the Address bar drop-down functionality in Microsoft Edge.
Disable this setting,employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."
Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. +
+
Allow Address bar drop-down list suggestions + +- **Supported versions:** Windows 10, version 1703 +- **Description:** This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. + + - If you enable or don't configure this setting (default), employees can see the Address bar drop-down functionality in Microsoft Edge. + + - If you disable this setting, employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type". + + > [!Note] + > Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. +
+ ### Allow Address bar drop-down list suggestions - **Supported versions:** Windows 10, version 1703 From 98c8b58347736c21dc36bc3d22136351cd21c1e1 Mon Sep 17 00:00:00 2001 From: shortpatti Date: Sat, 10 Feb 2018 08:21:52 -0800 Subject: [PATCH 05/20] trying to create a drop-down so the user doesn't have to scroll so much --- browsers/edge/available-policies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index e7f367bde9..470bd66f97 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -32,7 +32,7 @@ Group Policy Setting | Supported versions | Description --- | --- | --- Allow Address bar drop-down list suggestions | Windows 10, version 1703 | This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
If you...Then...
Enable or don't configure this setting (default),employees can see the Address bar drop-down functionality in Microsoft Edge.
Disable this setting,employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."
Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. -
+
Allow Address bar drop-down list suggestions - **Supported versions:** Windows 10, version 1703 @@ -45,7 +45,7 @@ Allow Address bar drop-down list suggestions | Windows 10, version 1703 | This p > [!Note] > Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting.
- +
### Allow Address bar drop-down list suggestions - **Supported versions:** Windows 10, version 1703 From 0cbb5e49a34eff750b69fbe93d84bee488a33690 Mon Sep 17 00:00:00 2001 From: shortpatti Date: Sat, 10 Feb 2018 09:07:59 -0800 Subject: [PATCH 06/20] more testing of a drop down for the GP settings --- browsers/edge/available-policies.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 470bd66f97..43a49f5e8e 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -28,13 +28,11 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A -Group Policy Setting | Supported versions | Description +Setting | Supported versions | Description --- | --- | --- Allow Address bar drop-down list suggestions | Windows 10, version 1703 | This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
If you...Then...
Enable or don't configure this setting (default),employees can see the Address bar drop-down functionality in Microsoft Edge.
Disable this setting,employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."
Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. -
Allow Address bar drop-down list suggestions - - **Supported versions:** Windows 10, version 1703 - **Description:** This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. @@ -45,7 +43,7 @@ Allow Address bar drop-down list suggestions | Windows 10, version 1703 | This p > [!Note] > Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting.
-
+ ### Allow Address bar drop-down list suggestions - **Supported versions:** Windows 10, version 1703 From 7414eeecf60e1fc98a4357b8e8e94f67c8860fcf Mon Sep 17 00:00:00 2001 From: shortpatti Date: Sun, 11 Feb 2018 08:52:36 -0800 Subject: [PATCH 07/20] commented out the drop down test section --- browsers/edge/available-policies.md | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 43a49f5e8e..ba29d404b5 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -32,17 +32,20 @@ Setting | Supported versions | Description --- | --- | --- Allow Address bar drop-down list suggestions | Windows 10, version 1703 | This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
If you...Then...
Enable or don't configure this setting (default),employees can see the Address bar drop-down functionality in Microsoft Edge.
Disable this setting,employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."
Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. -
Allow Address bar drop-down list suggestions -- **Supported versions:** Windows 10, version 1703 -- **Description:** This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. - - - If you enable or don't configure this setting (default), employees can see the Address bar drop-down functionality in Microsoft Edge. - - - If you disable this setting, employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type". - - > [!Note] - > Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. + ### Allow Address bar drop-down list suggestions - **Supported versions:** Windows 10, version 1703 From dba2af44fae290f5f06e5f7915525e153dfa6dbc Mon Sep 17 00:00:00 2001 From: shortpatti Date: Mon, 12 Feb 2018 13:07:46 -0800 Subject: [PATCH 08/20] adding comments to the reviewers for clarity purposes --- browsers/edge/available-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index ba29d404b5..7dee5755f6 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -30,7 +30,7 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A Setting | Supported versions | Description --- | --- | --- -Allow Address bar drop-down list suggestions | Windows 10, version 1703 | This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
If you...Then...
Enable or don't configure this setting (default),employees can see the Address bar drop-down functionality in Microsoft Edge.
Disable this setting,employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."
Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. +Allow Address bar drop-down list suggestions | Windows 10, version 1703 | This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
If you...Then...
Enable this setting (default)Employees can see the Address bar drop-down functionality in Microsoft Edge.
Disable this settingEmployees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."
Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. +Group Policy settings +--------------------- -Setting | Supported versions | Description ---- | --- | --- -Allow Address bar drop-down list suggestions | Windows 10, version 1703 | This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
If you...Then...
Enable this setting (default)Employees can see the Address bar drop-down functionality in Microsoft Edge.
Disable this settingEmployees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."
Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. - - +Microsoft Edge works with these Group Policy settings (`Computer +Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to +help you manage your company's web browser configurations: ### Allow Address bar drop-down list suggestions -- **Supported versions:** Windows 10, version 1703 - -- **Description:** This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. - - - If you enable or don't configure this setting (default), employees can see the Address bar drop-down functionality in Microsoft Edge. - - - If you disable this setting, employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type". - - > [!Note] - > Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. +> Supported versions: Windows 10, version 1703 +This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
If you...Then...
Enable this setting (default)Employees can see the Address bar drop-down functionality in Microsoft Edge.
Disable this settingEmployees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."

Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting.

+ ### Allow Adobe Flash -- **Supported versions:** Windows 10 or later +> Supported version: Windows 10 -- **Description:** This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge. - - - If you enable or don't configure this setting (default), employees can use Adobe Flash. - - - If you disable this setting, employees can't use Adobe Flash. +This policy setting lets you decide whether employees can run Adobe Flash on Microsoft Edge.
If you…Then…
Enable or don’t configure this setting (default)Employees can use Adobe Flash.
Disable this settingmployees cannot use Adobe Flash.
### Allow clearing browsing data on exit -- **Supported versions:** Windows 10, version 1703 +> Supported versions: Windows 10, version 1703 -- **Description:** This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes. - - - If you enable this policy setting, clearing browsing history on exit is turned on. - - - If you disable or don't configure this policy setting (default), it can be turned on and configured by the employee in the Clear browsing data options area, under Settings. +This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.
If you…Then…
Enable this settingClear browsing history on exit is turned on. [can employees do anything to this setting at this point? Or is this controlled by the system administrator?]
Disable or don’t configure this setting (default)Employees can turn on and configure the Clear browsing data option under Settings.
### Allow Developer Tools -- **Supported versions:** Windows 10, version 1511 or later +> Supported versions: Windows 10, version 1511 or later -- **Description:** This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge. - - If you enable or don’t configure this setting (default), the F12 Developer Tools are available in Microsoft Edge. - - - If you disable this setting, the F12 Developer Tools aren’t available in Microsoft Edge. +This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.
If you…Then…
Enable this setting (default)The F12 Developer Tools are available on Microsoft Edge.
Disable this settinghe F12 Developer Tools are not available on Microsoft Edge.
### Allow Extensions -- **Supported versions:** Windows 10, version 1607 or later +> Supported versions: Windows 10, version 1607 or later -- **Description:** This policy setting lets you decide whether employees can use Edge Extensions. - - - If you enable or don’t configure this setting, employees can use Edge Extensions. - - - If you disable this setting, employees can’t use Edge Extensions. +This policy setting lets you decide whether employees can use Edge Extensions.
+
If you…Then…
Enable this settingEmployees can use Edge Extensions.
Disable this setting [why would a company disable this setting?]mployees cannot use Edge Extensions.
### Allow InPrivate browsing -- **Supported versions:** Windows 10, version 1511 or later - -- **Description:** This policy setting lets you decide whether employees can browse using InPrivate website browsing. - - - If you enable or don’t configure this setting (default), employees can use InPrivate website browsing. - - - If you disable this setting, employees can’t use InPrivate website browsing. - -### Allow Microsoft Compatibility List -- **Supported versions:** Windows 10, version 1607 or later - -- **Description:** This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. - - - If you enable or don’t configure this setting (default), Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site is automatically rendered as though it’s in whatever version of IE is necessary for it to appear properly. - - - If you disable this setting, the Microsoft Compatibility List isn’t used during browser navigation. - -### Allow search engine customization -- **Supported versions:** Windows 10, version 1703 - -- **Description:** This policy setting lets you decide whether users can change their search engine. - - >[!Important] - >This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). - - - If you enable or don't configure this policy (default), users can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings. - - - If you disable this setting, users can't add search engines or change the default used in the address bar. - -### Allow web content on New Tab page -- **Supported versions:** Windows 10 or later - -- **Description:** This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it. - - - If you enable this setting, Microsoft Edge opens a new tab with the New Tab page. - - - If you disable this setting, Microsoft Edge opens a new tab with a blank page. - - - If you don’t configure this setting (default), employees can choose how new tabs appears. - -### Configure additional search engines -- **Supported versions:** Windows 10, version 1703 - -- **Description:** This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees, but can be made a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting. - - > [!Important] - > This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). - - - If you enable this setting, you can add up to 5 additional search engines. For each additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine, using this format: - - https://www.contoso.com/opensearch.xml - - For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. - - - If you disable this setting (default), any added search engines are removed from your employee's devices. - - - If you don't configure this setting, the search engine list is set to what is specified in App settings. - -### Configure Autofill -- **Supported versions:** Windows 10 or later - -- **Description:** This policy setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. By default, employees can choose whether to use Autofill. - - - If you enable this setting, employees can use Autofill to automatically fill in forms while using Microsoft Edge. - - - If you disable this setting, employees can’t use Autofill to automatically fill in forms while using Microsoft Edge. - - - If you don’t configure this setting (default), employees can choose whether to use Autofill to automatically fill in forms while using Microsoft Edge. - -### Configure cookies -- **Supported versions:** Windows 10 or later - -- **Description:** This setting lets you configure how to work with cookies. - - - If you enable this setting, you must also decide whether to: - - **Allow all cookies (default):** Allows all cookies from all websites. - - - **Block all cookies:** Blocks all cookies from all websites. - - - **Block only 3rd-party cookies:** Blocks only cookies from 3rd-party websites. - - - If you disable or don't configure this setting, all cookies are allowed from all sites. - -### Configure Do Not Track -- **Supported versions:** Windows 10 or later - -- **Description:** This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests aren’t sent, but employees can choose to turn on and send requests. - - - If you enable this setting, Do Not Track requests are always sent to websites asking for tracking info. - - - If you disable this setting, Do Not Track requests are never sent to websites asking for tracking info. - - - If you don’t configure this setting (default), employees can choose whether to send Do Not Track requests to websites asking for tracking info. - -### Configure Favorites -- **Supported versions:** Windows 10, version 1511 or later - -- **Description:** This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. - - - If you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed. - - - If you disable or don’t configure this setting, employees will see the Favorites that they set in the Favorites hub. - -### Configure Password Manager -- **Supported versions:** Windows 10 or later - -- **Description:** This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on. - - - If you enable this setting (default), employees can use Password Manager to save their passwords locally. - - - If you disable this setting, employees can’t use Password Manager to save their passwords locally. - - - If you don’t configure this setting, employees can choose whether to use Password Manager to save their passwords locally. - -### Configure Pop-up Blocker -- **Supported versions:** Windows 10 or later - -- **Description:** This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on. - - - If you enable this setting (default), Pop-up Blocker is turned on, stopping pop-up windows from appearing. - - - If you disable this setting, Pop-up Blocker is turned off, letting pop-ups windows appear. - - - If you don’t configure this setting, employees can choose whether to use Pop-up Blocker. - -### Configure search suggestions in Address bar -- **Supported versions:** Windows 10 or later - -- **Description:** This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge. - - - If you enable this setting, employees can see search suggestions in the Address bar of Microsoft Edge. - - - If you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge. - - - If you don’t configure this setting (default), employees can choose whether search suggestions appear in the Address bar of Microsoft Edge. - -### Configure Start pages -- **Supported versions:** Windows 10, version 1511 or later - -- **Description:** This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees won't be able to change this after you set it. - - - If you enable this setting, you can configure one or more Start pages. If this setting is enabled, you must also include URLs to the pages, separating multiple pages by using angle brackets in this format: - - - - - If you disable or don’t configure this setting (default), your default Start page is the webpage specified in App settings. - -### Configure the Adobe Flash Click-to-Run setting -- **Supported versions:** Windows 10, version 1703 - -- **Description:** This policy setting lets you decide whether employees must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. - - - If you enable or don’t configure the Adobe Flash Click-to-Run setting, an employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. - - - If you disable this setting, Adobe Flash content is automatically loaded and run by Microsoft Edge. - -### Configure the Enterprise Mode Site List -- **Supported versions:** Windows 10 or later - -- **Description:** This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps. - - - If you enable this setting, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. If you use this option, you must also add the location to your site list in the **{URI}** box. When configured, any site on the list will always open in Internet Explorer 11. - - - If you disable or don’t configure this setting (default), Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. - - >[!Note] - >If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.

- >If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one. - -### Configure Windows Defender SmartScreen -- **Supported versions:** Windows 10 or later - -- **Description:** This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on. - - - If you enable this setting, Windows Defender SmartScreen is turned on and employees can’t turn it off. - - - If you disable this setting, Windows Defender SmartScreen is turned off and employees can’t turn it on. - - - If you don’t configure this setting (default), employees can choose whether to use Windows Defender SmartScreen. - -### Disable lockdown of Start pages -- **Supported versions:** Windows 10, version 1703 - -- **Description:** This policy setting lets you disable the lock down of Start pages, letting employees modify the Start pages when the "Configure Start pages" setting is in effect. - - >[!Important] - >This setting only applies when you're using the “Configure Start pages" setting and can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). - - - If you enable this setting, you can't lock down any Start pages that are configured using the "Configure Start pages" setting, which means that employees can modify them. - - - If you disable or don't configure this setting (default), employees can't change any Start pages configured using the "Configure Start pages" setting, thereby locking down the Start pages. - -### Keep favorites in sync between Internet Explorer and Microsoft Edge -- **Supported versions:** Windows 10, version 1703 - -- **Description:** This setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge, including additions, deletions, changes, and position. - - >[!Note] - >Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. - - - If you enable this setting, employees can sync their favorites between Internet Explorer and Microsoft Edge. - - - If you disable or don't configure this setting (default), employees can’t sync their favorites between Internet Explorer and Microsoft Edge. - -### Prevent access to the about:flags page -- **Supported versions:** Windows 10, version 1607 or later - -- **Description:** This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features. - - - If you enable this policy setting, employees can’t access the about:flags page. - - - If you disable or don’t configure this setting (default), employees can access the about:flags page. - -### Prevent bypassing Windows Defender SmartScreen prompts for files -- **Supported versions:** Windows 10, version 1511 or later - -- **Description:** This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files. - - - If you enable this setting, employees can’t ignore Windows Defender SmartScreen warnings and they’re blocked from downloading the unverified files. - - - If you disable or don’t configure this setting (default), employees can ignore Windows Defender SmartScreen warnings and continue the download process. - -### Prevent bypassing Windows Defender SmartScreen prompts for sites -- **Supported versions:** Windows 10, version 1511 or later - -- **Description:** This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites. - - - If you enable this setting, employees can’t ignore Windows Defender SmartScreen warnings and they’re blocked from continuing to the site. - - - If you disable or don’t configure this setting (default), employees can ignore Windows Defender SmartScreen warnings and continue to the site. - -### Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start -- **Supported versions:** Windows 10, version 1703 - -- **Description:** This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu. - - - If you enable this setting, Microsoft Edge won't gather the Live Tile metadata, providing a minimal experience when a user pins a Live Tile to the Start menu. - - - If you disable or don't configure this setting (default), Microsoft Edge gathers the Live Tile metadata, providing a fuller and more complete experience when a user pins a Live Tile to the Start menu. - -### Prevent the First Run webpage from opening on Microsoft Edge -- **Supported versions:** Windows 10, version 1703 - -- **Description:** This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time. - - - If you enable this setting, employees won't see the First Run page when opening Microsoft Edge for the first time. - - - If you disable or don't configure this setting (default), employees will see the First Run page when opening Microsoft Edge for the first time. - -### Prevent using Localhost IP address for WebRTC -- **Supported versions:** Windows 10, version 1511 or later - -- **Description:** This policy setting lets you decide whether an employee’s Localhost IP address shows while making calls using the WebRTC protocol. By default, this setting is turned off. - - - If you enable this setting, Localhost IP addresses are hidden while making calls using the WebRTC protocol. - - - If you disable or don’t configure this setting (default), Localhost IP addresses are shown while making calls using the WebRTC protocol. - -### Send all intranet sites to Internet Explorer 11 -- **Supported versions:** Windows 10 or later - -- **Description:** This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge. - - - If you enable this setting, all intranet sites are automatically opened using Internet Explorer 11. - - - If you disable or don’t configure this setting (default), all websites, including intranet sites, are automatically opened using Microsoft Edge. - -### Set default search engine -- **Supported versions:** Windows 10, version 1703 - -- **Description:** This policy setting lets you configure the default search engine for your employees. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. - - >[!Important] - >This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).

- >If you'd like your employees to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. - - - If you enable this setting, you can choose a default search engine for your employees. To choose the default engine, you must add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine, using this format: - - https://fabrikam.com/opensearch.xml - - - If you disable this setting, the policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market. - - - If you don't configure this setting (default), the default search engine is set to the one specified in App settings. - -### Show message when opening sites in Internet Explorer -- **Supported versions:** Windows 10, version 1607 and later - -- **Description:** This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. - - - If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. - - - If you disable or don’t configure this setting (default), the default app behavior occurs and no additional page appears. +> Supported versions: Windows 10, version 1511 or later + +This policy setting lets you decide whether employees can browse using InPrivate website browsing.
If you…Then…
Enable this setting (default)Employees can use InPrivate website browsing.
Disable this setting [why would a company disable this setting?]Employees cannot use InPrivate website browsing.
+ +Allow Microsoft Compatibility List | Windows 10, version 1607 or later| This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. @Reviewer: Is this supposed to be a link to another topic? Is the topic Use Enterprise Mode to improve compatibility emie-to-improve-compatibility.md?
If you…Then…
Enable this setting (default)Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation [are the updates really applied “during browser navigation?”]. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly.
Disable this settingBrowser navigation does not use the Microsoft Compatibility List.
+ +Allow search engine customization | Windows 10, version 1703 | This policy setting lets you decide whether users can change their search engine. Important. You can only use this setting with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
If you…Then…
Enable or don’t configure this setting (default)Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings.
Disable this settingEmployees cannot add search engines or change the default used in the Address bar.
+Allow web content on New Tab page | Windows 10 | This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it.
+ + + + +
If you…Then…
Enable this settingMicrosoft Edge opens a new tab with the New Tab page.
Disable this settingMicrosoft Edge opens a new tab with a blank page.
Do not configure this setting (default)Employees can choose how new tabs appear.
+Configure additional search engines | Windows 10, version 1703 | This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees but can make a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting.
+ + + + +
If you…Then…
Enable this settingYou can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format: `https://www.contoso.com/opensearch.xml>` For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic.
Disable this setting (default)Any added search engines are removed from the employee’s device. [is this implying that Bing is the only search engine on the employee’s device?]
Do not configure this settingThe search engine list is set to what is specified in App settings. [what’s the difference between “don’t configure this setting”, “Enable this setting”, and “Disable this setting”?]
+Configure Autofill | Windows 10 | This policy setting lets you decide whether employees can use Autofill the form fields automatically while using Microsoft Edge. By default, employees can choose whether to use Autofill.
+ + + + +
If you…Then…
Enable this settingEmployees can use Autofill to populate form fields automatically while using Microsoft Edge
Disable this settingEmployees can’t use Autofill to populate form fields automatically while using Microsoft Edge.
Do not configure this setting (default)Employees can choose whether to use Autofill to populate the form fields automatically while using Microsoft Edge.
+Configure cookies | Windows 10 | This setting lets you configure how to work with cookies.
+ + + +
If you…Then…
Enable this setting (default)You must also decide whether to:
  • **Allow all cookies (default)** from all websites.
  • **Block all cookies** from all websites.
  • **Block only 3rd-party cookies** from 3rd-party websites.
Disable or do not configure this settingAll cookies are allowed from all sites.
+Configure Do Not Track | Windows 10 | This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests are never sent, but employees can choose to turn on and send requests.
+ + + + +
If you…Then…
Enable this settingDo Not Track requests are always sent to websites asking for tracking information.
Disable this settingDo Not Track requests are never sent to websites asking for tracking information.
Do not configure this setting (default)Employees can choose whether to send Do Not Track requests to websites asking for tracking information.
Configure Favorites | Windows 10, version 1511 or later | This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. [what is the default setting, enabled or disabled? I’m guessing it’s Disabled is the default.]
+ + + +
If you…Then…
Enable this settingYou must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy.
Disable or do not configure this settingEmployees will see the Favorites that they set in the Favorites hub.
Configure Password Manager | Windows 10 | This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.
+ + + + + +Configure Pop-up Blocker | Windows 10 | This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.
If you…Then…
Enable this setting (default)Employees can use Password Manager to save their passwords locally.
Disable this settingEmployees can’t use Password Manager to save their passwords locally.
Do not configure this settingEmployees can choose whether to use Password Manager to save their passwords locally.
+ + + + +
If you…Then…
Enable this setting (default)Pop-up Blocker is turned on, stopping pop-up windows from appearing.
Disable this settingPop-up Blocker is turned off, letting pop-up windows appear.
Do not configure this settingEmployees can choose whether to use Pop-up Blocker.
+Configure search suggestions in Address bar | Windows 10 | This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.
+ + + + +
If you…Then…
Enable this settingEmployees can see search suggestions in the Address bar of Microsoft Edge.
Disable this settingEmployees can't see search suggestions in the Address bar of Microsoft Edge.
Do not configure this setting (default)Employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.
Configure Start pages | Windows 10, version 1511 or later | This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees won't be able to change this after you set it.
+ + + +
If you…Then…
Enable this settingYou must include URLs to the pages, separating multiple pages by using angle brackets in this format: ``
Disable or do not configure this setting (default)The default Start page is the webpage specified in App settings.
Configure the Adobe Flash Click-to-Run setting | Windows 10, version 1703 | This policy setting lets you decide whether employees must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. [what is the default, enabled or disabled?]
+ + + +
If you…Then…
Enable or don’t configure this settingEmployees must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.
Disable this settingAdobe Flash loads automatically and runs in Microsoft Edge.
Configure the Enterprise Mode Site List | Windows 10 | This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.

If there is a .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server has a different version number than the version in the cache container, the server file is used and stored in the cache container.

If you already use a site list, enterprise mode continues to work during the 65-second wait; it just uses the existing site list instead of the new one. +

+ + +Configure Windows Defender SmartScreen | Windows 10 | This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.
If you…Then…
Enable this settingYou must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode.
Disable or do not configure this setting (default)Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps.
+ + + + +
If you…Then…
Enable this settingWindows Defender SmartScreen is turned on, and employees cannot turn it off.
Disable this settingWindows Defender SmartScreen is turned off, and employees cannot turn it on.
Do not configure this settingEmployees can choose whether to use Windows Defender SmartScreen.
+Disable lockdown of Start pages | Windows 10, version 1703 | This policy setting you disable the lockdown of Start pages if the Configure Start pages setting is in effect [“…is enabled”?]. This setting only applies to domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+ + + +
If you…Then…
Enable this settingYou cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages.
Disable or do not configure this setting (default)Employees cannot change Start pages configured using the “Configure Start pages” setting.
+Keep favorites in sync between Internet Explorer and Microsoft Edge | Windows 10, version 1703 | This policy setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge, including additions, deletions, changes, and position.
+ + + +
If you…Then…
Enable this settingEmployees can sync their favorites between Internet Explorer and Microsoft Edge. Note. Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. [what does this mean? I want to know more about what this note is saying. More details and maybe an example or scenario.]
Disable or do not configure this settingEmployees cannot sync their favorites between Internet Explorer and Microsoft Edge.
+Prevent access to the about:flags page | Windows 10, version 1607 or later | This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.
+ + + +
If you…Then…
Enable this settingEmployees cannot access the about:flags page.
Disable or do not configure this setting (default)Employees can access the about:flags page.
+Prevent bypassing Windows Defender SmartScreen prompts for files | Windows 10, version 1511 or later | This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.
+ + + + +Prevent bypassing Windows Defender SmartScreen prompts for sites | Windows 10, version 1511 or later | This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.
If you…Then…
Enable this settingEmployees cannot ignore Windows Defender SmartScreen warnings when downloading files.
Disable or do not configure this setting (default)Employees can ignore Windows Defender SmartScreen warnings and can continue the download process.
+ + + +
If you…Then…
Enable this settingEmployees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site.
Disable or do not configure this setting (default)Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site.
+Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start | Windows 10, version 1703 | This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
+ + + +
If you…Then…
Enable this settingMicrosoft Edge does not gather the Live Tile metadata, providing a minimal experience.
Disable or do not configure this setting (default)Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience.
+Prevent the First Run webpage from opening on Microsoft Edge | Windows 10, version 1703 | This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time.
+ + + +
If you…Then…
Enable this settinEmployees do not see the First Run page.
Disable or do not configure this setting (default)mployees see the First Run page.
+Prevent using Localhost IP address for WebRTC | Windows 10, version 1511 or later | This policy setting lets you decide whether localhost IP addresses are visible or hidden while making calls to the WebRTC protocol.
+ + + +
If you…Then…
Enable this settingLocalhost IP addresses are hidden.
Disable or do not configure this setting (default)Localhost IP addresses are visible.
+Send all intranet sites to Internet Explorer 11 | Windows 10 | This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.
+ + + +
If you…Then…
Enable this settingAll intranet sites are opened in Internet Explorer 11 automatically.
Disable or do not configure this setting (default)All websites, including intranet sites, open in Microsoft Edge.
+Set default search engine | Windows 10, version 1703 | This policy setting applies only to domain-joined or MDM-enrolled devices and lets you configure the default search engine for Microsoft Edge. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+ + + + +
If you…Then…
Enable this settingTo set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format: `https://fabrikam.com/opensearch.xml` If you'd like your employees to use the default Microsoft Edge settings for each market [what does “each market” refer to?], you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
Disable this settingThe policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market [what does “market” mean in this context?].
Do not configure this settingThe default search engine is set to the one specified in App settings.
+Show message when opening sites in Internet Explorer | Windows 10, version 1607 and later | This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
+ + + +
If you…Then…
Enable this settingEmployees see an additional page.
Disable or do not configure this setting (default)No additional pages display.
## Using Microsoft Intune to manage your Mobile Device Management (MDM) settings for Microsoft Edge If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page. @@ -417,7 +220,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **1 (default).** Allowed. Address bar drop-down is enabled. ### AllowAutofill -- **Supported versions:** Windows 10 or later +- **Supported versions:** Windows 10 - **Supported devices:** Desktop @@ -434,7 +237,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **1 (default).** Employees can use Autofill to complete form fields. ### AllowBrowser -- **Supported versions:** Windows 10 or later +- **Supported versions:** Windows 10 - **Supported devices:** Mobile @@ -451,7 +254,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **1 (default).** Employees can use Microsoft Edge. ### AllowCookies -- **Supported versions:** Windows 10 or later +- **Supported versions:** Windows 10 - **Supported devices:** Both @@ -487,7 +290,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **1 (default).** Employees can use the F12 Developer Tools. ### AllowDoNotTrack -- **Supported versions:** Windows 10 or later +- **Supported versions:** Windows 10 - **Supported devices:** Both @@ -521,7 +324,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **1 (default).** Employees can use Edge Extensions. ### AllowFlash -- **Supported versions:** Windows 10 or later +- **Supported versions:** Windows 10 - **Supported devices:** Desktop @@ -589,7 +392,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar. ### AllowPasswordManager -- **Supported versions:** Windows 10 or later +- **Supported versions:** Windows 10 - **Supported devices:** Both @@ -606,7 +409,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **1.** Employees can use Password Manager to save passwords locally. ### AllowPopups -- **Supported versions:** Windows 10 or later +- **Supported versions:** Windows 10 - **Supported devices:** Desktop @@ -641,7 +444,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U ### AllowSearchSuggestionsinAddressBar -- **Supported versions:** Windows 10 or later +- **Supported versions:** Windows 10 - **Supported devices:** Both @@ -658,7 +461,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **1.** Employees can see search suggestions in the Address bar of Microsoft Edge. ### AllowSmartScreen -- **Supported versions:** Windows 10 or later +- **Supported versions:** Windows 10 - **Supported devices:** Both @@ -726,7 +529,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **1.** Disable lockdown of the Start pages and allow users to modify them. ### EnterpriseModeSiteList -- **Supported versions:** Windows 10 or later +- **Supported versions:** Windows 10 - **Supported devices:** Desktop @@ -910,7 +713,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **1.** Doesn't show an employee's LocalHost IP address while using the WebRTC protocol. ### SendIntranetTraffictoInternetExplorer -- **Supported versions:** Windows 10 or later +- **Supported versions:** Windows 10 - **Supported devices:** Desktop From f6ed82031fb5114ff14c6afd2700c86537e5d354 Mon Sep 17 00:00:00 2001 From: shortpatti Date: Tue, 13 Feb 2018 11:39:03 -0800 Subject: [PATCH 10/20] fixed the way the list of Group Policies are presented --- browsers/edge/available-policies.md | 452 +++++++++++++++++++--------- 1 file changed, 312 insertions(+), 140 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index d5d1fc008c..f23e141f4e 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -10,7 +10,7 @@ ms.localizationpriority: high ms.date: 09/13/2017 --- - + # Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge @@ -26,170 +26,342 @@ By using Group Policy and Intune, you can set up a policy setting once, and then ## Group Policy settings Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations: -Group Policy settings ---------------------- - -Microsoft Edge works with these Group Policy settings (`Computer -Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to -help you manage your company's web browser configurations: - ### Allow Address bar drop-down list suggestions > Supported versions: Windows 10, version 1703 -This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
If you...Then...
Enable this setting (default)Employees can see the Address bar drop-down functionality in Microsoft Edge.
Disable this settingEmployees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."

Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting.

+This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. +| If you... | Then... | +| --- | --- | +| Enable this setting (default) | Employees can see the Address bar drop-down functionality in Microsoft Edge. | +| Disable this setting | Employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."

Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. | +| ### Allow Adobe Flash > Supported version: Windows 10 -This policy setting lets you decide whether employees can run Adobe Flash on Microsoft Edge.
If you…Then…
Enable or don’t configure this setting (default)Employees can use Adobe Flash.
Disable this settingmployees cannot use Adobe Flash.
+This policy setting lets you decide whether employees can run Adobe Flash on Microsoft Edge. +| If you… | Then… | +| --- | --- | +| Enable or don’t configure this setting (default) | Employees can use Adobe Flash. | +| Disable this setting | Employees cannot use Adobe Flash. | +| ### Allow clearing browsing data on exit > Supported versions: Windows 10, version 1703 -This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.
If you…Then…
Enable this settingClear browsing history on exit is turned on. [can employees do anything to this setting at this point? Or is this controlled by the system administrator?]
Disable or don’t configure this setting (default)Employees can turn on and configure the Clear browsing data option under Settings.
+This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes. +| If you… | Then… | +| --- | --- | +| Enable this setting | Clear browsing history on exit is turned on. [@Reviewer: can employees do anything to this setting at this point? Or is this controlled by the system administrator?] | +| Disable or don’t configure this setting (default) | Employees can turn on and configure the Clear browsing data option under Settings. | +| ### Allow Developer Tools > Supported versions: Windows 10, version 1511 or later -This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.
If you…Then…
Enable this setting (default)The F12 Developer Tools are available on Microsoft Edge.
Disable this settinghe F12 Developer Tools are not available on Microsoft Edge.
+This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge. +| If you… | Then… | +| --- | --- | +| Enable this setting (default) | F12 Developer Tools are available. | +| Disable this setting | F12 Developer Tools are not available. | +| ### Allow Extensions > Supported versions: Windows 10, version 1607 or later -This policy setting lets you decide whether employees can use Edge Extensions.
-
If you…Then…
Enable this settingEmployees can use Edge Extensions.
Disable this setting [why would a company disable this setting?]mployees cannot use Edge Extensions.
+This policy setting lets you decide whether employees can use Edge Extensions. +| If you… | Then… | +| --- | --- | +| Enable this setting | Employees can use Edge Extensions. | +| Disable this setting | [@Reviewer: why would a company disable this setting?] Employees cannot use Edge Extensions. | +| ### Allow InPrivate browsing > Supported versions: Windows 10, version 1511 or later -This policy setting lets you decide whether employees can browse using InPrivate website browsing.
If you…Then…
Enable this setting (default)Employees can use InPrivate website browsing.
Disable this setting [why would a company disable this setting?]Employees cannot use InPrivate website browsing.
+This policy setting lets you decide whether employees can browse using InPrivate website browsing. +| If you… | Then… | +| --- | --- | +| Enable this setting (default) | Employees can use InPrivate website browsing. | +| Disable this setting | [@Reviewer: why would a company disable this setting?] Employees cannot use InPrivate website browsing. | +| -Allow Microsoft Compatibility List | Windows 10, version 1607 or later| This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. @Reviewer: Is this supposed to be a link to another topic? Is the topic Use Enterprise Mode to improve compatibility emie-to-improve-compatibility.md?
If you…Then…
Enable this setting (default)Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation [are the updates really applied “during browser navigation?”]. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly.
Disable this settingBrowser navigation does not use the Microsoft Compatibility List.
+### Allow Microsoft Compatibility List +> Supported versions: Windows 10, version 1607 or later -Allow search engine customization | Windows 10, version 1703 | This policy setting lets you decide whether users can change their search engine. Important. You can only use this setting with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
If you…Then…
Enable or don’t configure this setting (default)Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings.
Disable this settingEmployees cannot add search engines or change the default used in the Address bar.
-Allow web content on New Tab page | Windows 10 | This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it.
- - - - -
If you…Then…
Enable this settingMicrosoft Edge opens a new tab with the New Tab page.
Disable this settingMicrosoft Edge opens a new tab with a blank page.
Do not configure this setting (default)Employees can choose how new tabs appear.
-Configure additional search engines | Windows 10, version 1703 | This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees but can make a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting.
- - - - -
If you…Then…
Enable this settingYou can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format: `https://www.contoso.com/opensearch.xml>` For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic.
Disable this setting (default)Any added search engines are removed from the employee’s device. [is this implying that Bing is the only search engine on the employee’s device?]
Do not configure this settingThe search engine list is set to what is specified in App settings. [what’s the difference between “don’t configure this setting”, “Enable this setting”, and “Disable this setting”?]
-Configure Autofill | Windows 10 | This policy setting lets you decide whether employees can use Autofill the form fields automatically while using Microsoft Edge. By default, employees can choose whether to use Autofill.
- - - - -
If you…Then…
Enable this settingEmployees can use Autofill to populate form fields automatically while using Microsoft Edge
Disable this settingEmployees can’t use Autofill to populate form fields automatically while using Microsoft Edge.
Do not configure this setting (default)Employees can choose whether to use Autofill to populate the form fields automatically while using Microsoft Edge.
-Configure cookies | Windows 10 | This setting lets you configure how to work with cookies.
- - - -
If you…Then…
Enable this setting (default)You must also decide whether to:
  • **Allow all cookies (default)** from all websites.
  • **Block all cookies** from all websites.
  • **Block only 3rd-party cookies** from 3rd-party websites.
Disable or do not configure this settingAll cookies are allowed from all sites.
-Configure Do Not Track | Windows 10 | This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests are never sent, but employees can choose to turn on and send requests.
- - - - -
If you…Then…
Enable this settingDo Not Track requests are always sent to websites asking for tracking information.
Disable this settingDo Not Track requests are never sent to websites asking for tracking information.
Do not configure this setting (default)Employees can choose whether to send Do Not Track requests to websites asking for tracking information.
Configure Favorites | Windows 10, version 1511 or later | This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. [what is the default setting, enabled or disabled? I’m guessing it’s Disabled is the default.]
- - - -
If you…Then…
Enable this settingYou must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy.
Disable or do not configure this settingEmployees will see the Favorites that they set in the Favorites hub.
Configure Password Manager | Windows 10 | This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.
- - - - - -Configure Pop-up Blocker | Windows 10 | This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.
If you…Then…
Enable this setting (default)Employees can use Password Manager to save their passwords locally.
Disable this settingEmployees can’t use Password Manager to save their passwords locally.
Do not configure this settingEmployees can choose whether to use Password Manager to save their passwords locally.
- - - - -
If you…Then…
Enable this setting (default)Pop-up Blocker is turned on, stopping pop-up windows from appearing.
Disable this settingPop-up Blocker is turned off, letting pop-up windows appear.
Do not configure this settingEmployees can choose whether to use Pop-up Blocker.
-Configure search suggestions in Address bar | Windows 10 | This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.
- - - - -
If you…Then…
Enable this settingEmployees can see search suggestions in the Address bar of Microsoft Edge.
Disable this settingEmployees can't see search suggestions in the Address bar of Microsoft Edge.
Do not configure this setting (default)Employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.
Configure Start pages | Windows 10, version 1511 or later | This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees won't be able to change this after you set it.
- - - -
If you…Then…
Enable this settingYou must include URLs to the pages, separating multiple pages by using angle brackets in this format: ``
Disable or do not configure this setting (default)The default Start page is the webpage specified in App settings.
Configure the Adobe Flash Click-to-Run setting | Windows 10, version 1703 | This policy setting lets you decide whether employees must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. [what is the default, enabled or disabled?]
- - - -
If you…Then…
Enable or don’t configure this settingEmployees must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.
Disable this settingAdobe Flash loads automatically and runs in Microsoft Edge.
Configure the Enterprise Mode Site List | Windows 10 | This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.

If there is a .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server has a different version number than the version in the cache container, the server file is used and stored in the cache container.

If you already use a site list, enterprise mode continues to work during the 65-second wait; it just uses the existing site list instead of the new one. -

- - -Configure Windows Defender SmartScreen | Windows 10 | This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.
If you…Then…
Enable this settingYou must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode.
Disable or do not configure this setting (default)Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps.
- - - - -
If you…Then…
Enable this settingWindows Defender SmartScreen is turned on, and employees cannot turn it off.
Disable this settingWindows Defender SmartScreen is turned off, and employees cannot turn it on.
Do not configure this settingEmployees can choose whether to use Windows Defender SmartScreen.
-Disable lockdown of Start pages | Windows 10, version 1703 | This policy setting you disable the lockdown of Start pages if the Configure Start pages setting is in effect [“…is enabled”?]. This setting only applies to domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
- - - -
If you…Then…
Enable this settingYou cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages.
Disable or do not configure this setting (default)Employees cannot change Start pages configured using the “Configure Start pages” setting.
-Keep favorites in sync between Internet Explorer and Microsoft Edge | Windows 10, version 1703 | This policy setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge, including additions, deletions, changes, and position.
- - - -
If you…Then…
Enable this settingEmployees can sync their favorites between Internet Explorer and Microsoft Edge. Note. Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. [what does this mean? I want to know more about what this note is saying. More details and maybe an example or scenario.]
Disable or do not configure this settingEmployees cannot sync their favorites between Internet Explorer and Microsoft Edge.
-Prevent access to the about:flags page | Windows 10, version 1607 or later | This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.
- - - -
If you…Then…
Enable this settingEmployees cannot access the about:flags page.
Disable or do not configure this setting (default)Employees can access the about:flags page.
-Prevent bypassing Windows Defender SmartScreen prompts for files | Windows 10, version 1511 or later | This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.
- - - - -Prevent bypassing Windows Defender SmartScreen prompts for sites | Windows 10, version 1511 or later | This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.
If you…Then…
Enable this settingEmployees cannot ignore Windows Defender SmartScreen warnings when downloading files.
Disable or do not configure this setting (default)Employees can ignore Windows Defender SmartScreen warnings and can continue the download process.
- - - -
If you…Then…
Enable this settingEmployees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site.
Disable or do not configure this setting (default)Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site.
-Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start | Windows 10, version 1703 | This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
- - - -
If you…Then…
Enable this settingMicrosoft Edge does not gather the Live Tile metadata, providing a minimal experience.
Disable or do not configure this setting (default)Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience.
-Prevent the First Run webpage from opening on Microsoft Edge | Windows 10, version 1703 | This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time.
- - - -
If you…Then…
Enable this settinEmployees do not see the First Run page.
Disable or do not configure this setting (default)mployees see the First Run page.
-Prevent using Localhost IP address for WebRTC | Windows 10, version 1511 or later | This policy setting lets you decide whether localhost IP addresses are visible or hidden while making calls to the WebRTC protocol.
- - - -
If you…Then…
Enable this settingLocalhost IP addresses are hidden.
Disable or do not configure this setting (default)Localhost IP addresses are visible.
-Send all intranet sites to Internet Explorer 11 | Windows 10 | This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.
- - - -
If you…Then…
Enable this settingAll intranet sites are opened in Internet Explorer 11 automatically.
Disable or do not configure this setting (default)All websites, including intranet sites, open in Microsoft Edge.
-Set default search engine | Windows 10, version 1703 | This policy setting applies only to domain-joined or MDM-enrolled devices and lets you configure the default search engine for Microsoft Edge. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
- - - - -
If you…Then…
Enable this settingTo set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format: `https://fabrikam.com/opensearch.xml` If you'd like your employees to use the default Microsoft Edge settings for each market [what does “each market” refer to?], you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
Disable this settingThe policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market [what does “market” mean in this context?].
Do not configure this settingThe default search engine is set to the one specified in App settings.
-Show message when opening sites in Internet Explorer | Windows 10, version 1607 and later | This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
- - - -
If you…Then…
Enable this settingEmployees see an additional page.
Disable or do not configure this setting (default)No additional pages display.
+This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. [@Reviewer: Is this supposed to be a link to another topic? Is the topic Use Enterprise Mode to improve compatibility emie-to-improve-compatibility.md?] +| If you… | Then… | +| --- | --- | +| Enable this setting (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation [@Reviewer: are the updates really applied “during browser navigation?" shouldn't just be as simple as "...applying the updates automatically”?]. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly. | +| Disable this setting | Browser navigation does not use the Microsoft Compatibility List. | +| + +### Allow search engine customization + +>Supported versions: Windows 10, version 1703 + +This policy setting lets you decide whether users can change their search engine. Important. You can only use this setting with domain-joined or MDM-enrolled devices. + +For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). +| If you… | Then… | +| --- | --- | +| Enable or don’t configure this setting (default) | Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings. | +| Disable this setting | Employees cannot add search engines or change the default used in the Address bar. | +| + +### Allow web content on New Tab page +>Supported versions: Windows 10 + +This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it. +| If you… | Then… | +| --- | --- | +| Enable this setting | Microsoft Edge opens a new tab with the New Tab page. | +| Disable this setting | Microsoft Edge opens a new tab with a blank page. | +| Do not configure this setting (default) | Employees can choose how new tabs appear. | +| + +### Configure additional search engines +>Supported versions: Windows 10, version 1703 + +This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees but can make a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting. +| If you… | Then… | +| --- | --- | +| Enable this setting | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:

``

For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable this setting (default) | Any added search engines are removed from the employee’s device. [@Reviewer: is this implying that Bing is the only search engine on the employee’s device?] | +| Do not configure this setting | The search engine list is set to what is specified in App settings. [@Reviewer: what’s the difference between “don’t configure this setting”, “Enable this setting”, and “Disable this setting”?] | +| + +### Configure Autofill +>Supported versions: Windows 10 + +This policy setting lets you decide whether employees can use Autofill the form fields automatically while using Microsoft Edge. By default, employees can choose whether to use Autofill. +| If you… | Then… | +| --- | --- | +| Enable this setting | Employees can use Autofill to populate form fields automatically. | +| Disable this setting | Employees cannot use Autofill to populate form fields automatically. | +| Do not configure this setting (default) | Employees can choose whether to use Autofill to populate the form fields automatically. | +| + +### Configure cookies +>Supported versions: Windows 10 + +This setting lets you configure how to work with cookies. +| If you… | Then… | +| --- | --- | +| Enable this setting (default) | You must also decide whether to:

  • **Allow all cookies (default)** from all websites.
  • **Block all cookies** from all websites.
  • **Block only 3rd-party cookies** from 3rd-party websites.
| +| Disable or do not configure this setting | All cookies are allowed from all sites. | +| + +### Configure Do Not Track +>Supported versions: Windows 10 + +This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests are never sent, but employees can choose to turn on and send requests. +| If you… | Then… | +| --- | --- | +| Enable this setting | Do Not Track requests are always sent to websites asking for tracking information. | +| Disable this setting | Do Not Track requests are never sent to websites asking for tracking information. | +| Do not configure this setting (default) | Employees can choose whether to send Do Not Track requests to websites asking for tracking information. | +| + +### Configure Favorites +>Supported versions: Windows 10, version 1511 or later + +This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. [@Reviewer: what is the default setting, enabled or disabled? I’m guessing it’s Disabled is the default.] +| If you… | Then… | +| --- | --- | +| Enable this setting | You must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy. | +| Disable or do not configure this setting | Employees will see the Favorites that they set in the Favorites hub. | +| + +### Configure Password Manager +>Supported versions: Windows 10 + +This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on. +| If you… | Then… | +| --- | --- | +| Enable this setting (default) | Employees can use Password Manager to save their passwords locally. | +| Disable this setting | Employees can’t use Password Manager to save their passwords locally. | +| Do not configure this setting | Employees can choose whether to use Password Manager to save their passwords locally. | +| + +### Configure Pop-up Blocker +>Supported versions: Windows 10 + +This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on. +| If you… | Then… | +| --- | --- | +| Enable this setting (default) | Pop-up Blocker is turned on, stopping pop-up windows from appearing. | +| Disable this setting | Pop-up Blocker is turned off, letting pop-up windows appear. | +| Do not configure this setting | Employees can choose whether to use Pop-up Blocker. | +| + +### Configure search suggestions in Address bar +>Supported versions: Windows 10 + +This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge. +| If you… | Then… | +| --- | --- | +| Enable this setting | Employees can see search suggestions in the Address bar. | +| Disable this setting | Employees can't see search suggestions in the Address bar. | +| Do not configure this setting (default) | Employees can choose whether search suggestions appear in the Address bar. | +| + +### Configure Start pages +>Supported versions: Windows 10, version 1511 or later + +This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees won't be able to change this after you set it. +| If you… | Then… | +| --- | --- | +| Enable this setting | You must include URLs to the pages, separating multiple pages by using angle brackets in this format:

`` | +| Disable or do not configure this setting (default) | The default Start page is the webpage specified in App settings. | +| + +### Configure the Adobe Flash Click-to-Run setting +>Supported versions: Windows 10, version 1703 + +This policy setting lets you decide whether employees must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. [@Reviewer: what is the default, enabled or disabled?] +| If you… | Then… | +| --- | --- | +| Enable or don’t configure this setting< | Employees must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. | +| Disable this setting | Adobe Flash loads automatically and runs in Microsoft Edge. | +| + +### Configure the Enterprise Mode Site List +>Supported versions: Windows 10 + +This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps. +| If you… | Then… | +| --- | --- | +| Enable this setting | You must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. | +Disable or do not configure this setting (default) | Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. | +| + +>[!Note] +>If there is a .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server has a different version number than the version in the cache container, the server file is used and stored in the cache container.

+>If you already use a site list, enterprise mode continues to work during the 65-second wait; it just uses the existing site list instead of the new one. + +### Configure Windows Defender SmartScreen +>Supported versions: Windows 10 + +This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on. +| If you… | Then… | +| --- | --- | +| Enable this setting | Windows Defender SmartScreen is turned on, and employees cannot turn it off. | +| Disable this setting | Windows Defender SmartScreen is turned off, and employees cannot turn it on. | +| Do not configure this setting | Employees can choose whether to use Windows Defender SmartScreen. | +| + +### Disable lockdown of Start pages +>Supported versions: Windows 10, version 1703 + +This policy setting lets you disable the lockdown of Start pages if the Configure Start pages setting is in effect [@Reviewer: shouldn't this be “…is enabled” instead of "...is in effect"?]. This setting only applies to domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). +| If you… | Then… | +| --- | --- | +| Enable this setting | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. | +| Disable or do not configure this setting (default) | Employees cannot change Start pages configured using the “Configure Start pages” setting. | +| + +### Keep favorites in sync between Internet Explorer and Microsoft Edge +>Supported versions: Windows 10, version 1703 + +This policy setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge, including additions, deletions, changes, and position. +| If you… | Then… | +| --- | --- | +| Enable this setting | Employees can sync their favorites between Internet Explorer and Microsoft Edge. Note. Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. [what does this mean? I want to know more about what this note is saying. More details and maybe an example or scenario.] | +| Disable or do not configure this setting | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. | +| + +### Prevent access to the about:flags page +>Supported versions: Windows 10, version 1607 or later + +This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features. +| If you… | Then… | +| --- | --- | +| Enable this setting | Employees cannot access the about:flags page. | +| Disable or do not configure this setting (default) | Employees can access the about:flags page. | +| + +### Prevent bypassing Windows Defender SmartScreen prompts for files +>Supported versions: Windows 10, version 1511 or later + +This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files. +| If you… | Then… | +| --- | --- | +| Enable this setting | Employees cannot ignore Windows Defender SmartScreen warnings when downloading files. | +| Disable or do not configure this setting (default) | Employees can ignore Windows Defender SmartScreen warnings and can continue the download process. | +| +### Prevent bypassing Windows Defender SmartScreen prompts for sites +>Supported versions: Windows 10, version 1511 or later + +This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites. +| If you… | Then… | +| --- | --- | +| Enable this setting | Employees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site. | +| Disable or do not configure this setting (default) | Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site. | +| + +### Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start +>Supported versions: Windows 10, version 1703 + +This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu. +| If you… | Then… | +| --- | --- | +| Enable this setting | Microsoft Edge does not gather the Live Tile metadata, providing a minimal experience. | +| Disable or do not configure this setting (default) | Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience. | +| + + +Prevent the First Run webpage from opening on Microsoft Edge | Windows 10, version 1703 | This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time. +| If you… | Then… | +| --- | --- | +| Enable this settin | Employees do not see the First Run page. | +| Disable or do not configure this setting (default) | Employees see the First Run page. | +| + +### Prevent using Localhost IP address for WebRTC +>Supported versions: Windows 10, version 1511 or later + +This policy setting lets you decide whether localhost IP addresses are visible or hidden while making calls to the WebRTC protocol. +| If you… | Then… | +| --- | --- | +| Enable this setting | Localhost IP addresses are hidden. | +| Disable or do not configure this setting (default) | Localhost IP addresses are visible. | +| + +### Send all intranet sites to Internet Explorer 11 +>Supported versions: Windows 10 + +This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge. +| If you… | Then… | +| --- | --- | +| Enable this setting | All intranet sites are opened in Internet Explorer 11 automatically. | +| Disable or do not configure this setting (default) | All websites, including intranet sites, open in Microsoft Edge. | +| + +### Set default search engine +>Supported versions: Windows 10, version 1703 + +This policy setting applies only to domain-joined or MDM-enrolled devices and lets you configure the default search engine for Microsoft Edge. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. + +For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). +| If you… | Then… | +| --- | --- | +| Enable this setting | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:

`https://fabrikam.com/opensearch.xml` | +| Disable this setting | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market [what does “market” mean in this context?]. | +| Do not configure this setting | The default search engine is set to the one specified in App settings. | +| + +>[!Important] +>If you'd like your employees to use the default Microsoft Edge settings for each market [what does “each market” refer to?], you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. + +### Show message when opening sites in Internet Explorer +>Supported versions: Windows 10, version 1607 and later + +This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. +| If you… | Then… | +| --- | --- | +| Enable this setting | Employees see an additional page. | +| Disable or do not configure this setting (default) | No additional pages display. | +| ## Using Microsoft Intune to manage your Mobile Device Management (MDM) settings for Microsoft Edge If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page. From 508aea116f4eaffc620a83987375dbd4f6d37a2f Mon Sep 17 00:00:00 2001 From: shortpatti Date: Tue, 13 Feb 2018 12:47:09 -0800 Subject: [PATCH 11/20] cleaned up the IF/THEN tables --- browsers/edge/available-policies.md | 77 +++++++++++++++-------------- 1 file changed, 39 insertions(+), 38 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index f23e141f4e..64552b94e0 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -27,7 +27,7 @@ By using Group Policy and Intune, you can set up a policy setting once, and then Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations: ### Allow Address bar drop-down list suggestions -> Supported versions: Windows 10, version 1703 +>*Supporteded versions: Windows 10, version 1703* This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. | If you... | Then... | @@ -37,7 +37,7 @@ This policy setting lets you decide whether the Address bar drop-down functional | ### Allow Adobe Flash -> Supported version: Windows 10 +>*Supporteded version: Windows 10* This policy setting lets you decide whether employees can run Adobe Flash on Microsoft Edge. | If you… | Then… | @@ -47,7 +47,7 @@ This policy setting lets you decide whether employees can run Adobe Flash on Mic | ### Allow clearing browsing data on exit -> Supported versions: Windows 10, version 1703 +>*Supporteded versions: Windows 10, version 1703* This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes. | If you… | Then… | @@ -57,7 +57,7 @@ This policy setting allows the automatic clearing of browsing data when Microsof | ### Allow Developer Tools -> Supported versions: Windows 10, version 1511 or later +>*Supporteded versions: Windows 10, version 1511 or later* This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge. | If you… | Then… | @@ -67,7 +67,7 @@ This policy setting lets you decide whether F12 Developer Tools are available on | ### Allow Extensions -> Supported versions: Windows 10, version 1607 or later +>*Supporteded versions: Windows 10, version 1607 or later* This policy setting lets you decide whether employees can use Edge Extensions. | If you… | Then… | @@ -77,7 +77,7 @@ This policy setting lets you decide whether employees can use Edge Extensions. | ### Allow InPrivate browsing -> Supported versions: Windows 10, version 1511 or later +>*Supporteded versions: Windows 10, version 1511 or later* This policy setting lets you decide whether employees can browse using InPrivate website browsing. | If you… | Then… | @@ -87,7 +87,7 @@ This policy setting lets you decide whether employees can browse using InPrivate | ### Allow Microsoft Compatibility List -> Supported versions: Windows 10, version 1607 or later +>*Supporteded versions: Windows 10, version 1607 or later* This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. [@Reviewer: Is this supposed to be a link to another topic? Is the topic Use Enterprise Mode to improve compatibility emie-to-improve-compatibility.md?] | If you… | Then… | @@ -97,8 +97,7 @@ This policy setting lets you decide whether to use the Microsoft Compatibility L | ### Allow search engine customization - ->Supported versions: Windows 10, version 1703 +>*Supported versions: Windows 10, version 1703* This policy setting lets you decide whether users can change their search engine. Important. You can only use this setting with domain-joined or MDM-enrolled devices. @@ -110,7 +109,7 @@ For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy) | ### Allow web content on New Tab page ->Supported versions: Windows 10 +>*Supported versions: Windows 10* This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it. | If you… | Then… | @@ -121,7 +120,7 @@ This policy setting lets you configure what appears when Microsoft Edge opens a | ### Configure additional search engines ->Supported versions: Windows 10, version 1703 +>*Supported versions: Windows 10, version 1703* This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees but can make a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting. | If you… | Then… | @@ -131,7 +130,7 @@ This policy setting lets you add up to 5 additional search engines, which can't | ### Configure Autofill ->Supported versions: Windows 10 +>*Supported versions: Windows 10* This policy setting lets you decide whether employees can use Autofill the form fields automatically while using Microsoft Edge. By default, employees can choose whether to use Autofill. | If you… | Then… | @@ -142,7 +141,7 @@ This policy setting lets you decide whether employees can use Autofill the form | ### Configure cookies ->Supported versions: Windows 10 +>*Supported versions: Windows 10* This setting lets you configure how to work with cookies. | If you… | Then… | @@ -152,7 +151,7 @@ This setting lets you configure how to work with cookies. | ### Configure Do Not Track ->Supported versions: Windows 10 +>*Supported versions: Windows 10* This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests are never sent, but employees can choose to turn on and send requests. | If you… | Then… | @@ -163,7 +162,7 @@ This policy setting lets you decide whether employees can send Do Not Track requ | ### Configure Favorites ->Supported versions: Windows 10, version 1511 or later +>*Supported versions: Windows 10, version 1511 or later* This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. [@Reviewer: what is the default setting, enabled or disabled? I’m guessing it’s Disabled is the default.] | If you… | Then… | @@ -173,7 +172,7 @@ This policy setting lets you configure the default list of Favorites that appear | ### Configure Password Manager ->Supported versions: Windows 10 +>*Supported versions: Windows 10* This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on. | If you… | Then… | @@ -184,7 +183,7 @@ This policy setting lets you decide whether employees can save their passwords l | ### Configure Pop-up Blocker ->Supported versions: Windows 10 +>*Supported versions: Windows 10* This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on. | If you… | Then… | @@ -195,7 +194,7 @@ This policy setting lets you decide whether to turn on Pop-up Blocker. By defaul | ### Configure search suggestions in Address bar ->Supported versions: Windows 10 +>*Supported versions: Windows 10* This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge. | If you… | Then… | @@ -206,7 +205,7 @@ This policy setting lets you decide whether search suggestions appear in the Add | ### Configure Start pages ->Supported versions: Windows 10, version 1511 or later +>*Supported versions: Windows 10, version 1511 or later* This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees won't be able to change this after you set it. | If you… | Then… | @@ -216,7 +215,7 @@ This policy setting lets you configure one or more Start pages, for domain-joine | ### Configure the Adobe Flash Click-to-Run setting ->Supported versions: Windows 10, version 1703 +>*Supported versions: Windows 10, version 1703* This policy setting lets you decide whether employees must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. [@Reviewer: what is the default, enabled or disabled?] | If you… | Then… | @@ -226,7 +225,7 @@ This policy setting lets you decide whether employees must take action, such as | ### Configure the Enterprise Mode Site List ->Supported versions: Windows 10 +>*Supported versions: Windows 10* This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps. | If you… | Then… | @@ -240,7 +239,7 @@ Disable or do not configure this setting (default) | Microsoft Edge won’t use >If you already use a site list, enterprise mode continues to work during the 65-second wait; it just uses the existing site list instead of the new one. ### Configure Windows Defender SmartScreen ->Supported versions: Windows 10 +>*Supported versions: Windows 10* This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on. | If you… | Then… | @@ -251,9 +250,9 @@ This policy setting lets you configure whether to turn on Windows Defender Smart | ### Disable lockdown of Start pages ->Supported versions: Windows 10, version 1703 +>*Supported versions: Windows 10, version 1703* -This policy setting lets you disable the lockdown of Start pages if the Configure Start pages setting is in effect [@Reviewer: shouldn't this be “…is enabled” instead of "...is in effect"?]. This setting only applies to domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). +This policy setting lets you disable the lockdown of Start pages if the Configure Start pages setting is in effect [@Reviewer: shouldn't this be “…is enabled” instead of "...is in effect"?]. This setting only applies to domain-joined or MDM-enrolled devices. For more info, see the [Microsoft browser extension policy](aka.ms/browserpolicy). | If you… | Then… | | --- | --- | | Enable this setting | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. | @@ -261,7 +260,7 @@ This policy setting lets you disable the lockdown of Start pages if the Configur | ### Keep favorites in sync between Internet Explorer and Microsoft Edge ->Supported versions: Windows 10, version 1703 +>*Supported versions: Windows 10, version 1703* This policy setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge, including additions, deletions, changes, and position. | If you… | Then… | @@ -271,7 +270,7 @@ This policy setting lets you decide whether people can sync their favorites betw | ### Prevent access to the about:flags page ->Supported versions: Windows 10, version 1607 or later +>*Supported versions: Windows 10, version 1607 or later* This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features. | If you… | Then… | @@ -281,7 +280,7 @@ This policy setting lets you decide whether employees can access the about:flags | ### Prevent bypassing Windows Defender SmartScreen prompts for files ->Supported versions: Windows 10, version 1511 or later +>*Supported versions: Windows 10, version 1511 or later* This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files. | If you… | Then… | @@ -290,7 +289,7 @@ This policy setting lets you decide whether employees can override the Windows D | Disable or do not configure this setting (default) | Employees can ignore Windows Defender SmartScreen warnings and can continue the download process. | | ### Prevent bypassing Windows Defender SmartScreen prompts for sites ->Supported versions: Windows 10, version 1511 or later +>*Supported versions: Windows 10, version 1511 or later* This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites. | If you… | Then… | @@ -300,7 +299,7 @@ This policy setting lets you decide whether employees can override the Windows D | ### Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start ->Supported versions: Windows 10, version 1703 +>*Supported versions: Windows 10, version 1703* This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu. | If you… | Then… | @@ -310,7 +309,10 @@ This policy lets you decide whether Microsoft Edge can gather Live Tile metadata | -Prevent the First Run webpage from opening on Microsoft Edge | Windows 10, version 1703 | This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time. +### Prevent the First Run webpage from opening on Microsoft Edge +>*Supported versions: Windows 10, version 1703* + +This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time. | If you… | Then… | | --- | --- | | Enable this settin | Employees do not see the First Run page. | @@ -318,7 +320,7 @@ Prevent the First Run webpage from opening on Microsoft Edge | Windows 10, versi | ### Prevent using Localhost IP address for WebRTC ->Supported versions: Windows 10, version 1511 or later +>*Supported versions: Windows 10, version 1511 or later* This policy setting lets you decide whether localhost IP addresses are visible or hidden while making calls to the WebRTC protocol. | If you… | Then… | @@ -328,7 +330,7 @@ This policy setting lets you decide whether localhost IP addresses are visible o | ### Send all intranet sites to Internet Explorer 11 ->Supported versions: Windows 10 +>*Supported versions: Windows 10* This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge. | If you… | Then… | @@ -338,23 +340,22 @@ This policy setting lets you decide whether your intranet sites should all open | ### Set default search engine ->Supported versions: Windows 10, version 1703 +>*Supported versions: Windows 10, version 1703* This policy setting applies only to domain-joined or MDM-enrolled devices and lets you configure the default search engine for Microsoft Edge. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. -For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). +For more info, see the [Microsoft browser extension policy](aka.ms/browserpolicy). | If you… | Then… | | --- | --- | | Enable this setting | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:

`https://fabrikam.com/opensearch.xml` | -| Disable this setting | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market [what does “market” mean in this context?]. | +| Disable this setting | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market [@Reviewer: what does “market” mean in this context?]. | | Do not configure this setting | The default search engine is set to the one specified in App settings. | | - >[!Important] ->If you'd like your employees to use the default Microsoft Edge settings for each market [what does “each market” refer to?], you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. +>If you'd like your employees to use the default Microsoft Edge settings for each market [@Reviewer: what does “each market” refer to in this context?], you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. ### Show message when opening sites in Internet Explorer ->Supported versions: Windows 10, version 1607 and later +>*Supported versions: Windows 10, version 1607 and later* This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. | If you… | Then… | From 0f3f695fa22f319eda6feee85db52304b4b60f7c Mon Sep 17 00:00:00 2001 From: shortpatti Date: Tue, 13 Feb 2018 13:00:33 -0800 Subject: [PATCH 12/20] fixed broken links --- browsers/edge/available-policies.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 64552b94e0..5c926558de 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -102,6 +102,7 @@ This policy setting lets you decide whether to use the Microsoft Compatibility L This policy setting lets you decide whether users can change their search engine. Important. You can only use this setting with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). + | If you… | Then… | | --- | --- | | Enable or don’t configure this setting (default) | Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings. | @@ -252,7 +253,10 @@ This policy setting lets you configure whether to turn on Windows Defender Smart ### Disable lockdown of Start pages >*Supported versions: Windows 10, version 1703* -This policy setting lets you disable the lockdown of Start pages if the Configure Start pages setting is in effect [@Reviewer: shouldn't this be “…is enabled” instead of "...is in effect"?]. This setting only applies to domain-joined or MDM-enrolled devices. For more info, see the [Microsoft browser extension policy](aka.ms/browserpolicy). +This policy setting lets you disable the lockdown of Start pages if the Configure Start pages setting is in effect [@Reviewer: shouldn't this be “…is enabled” instead of "...is in effect"?]. This setting only applies to domain-joined or MDM-enrolled devices. + +For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). + | If you… | Then… | | --- | --- | | Enable this setting | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. | @@ -344,7 +348,8 @@ This policy setting lets you decide whether your intranet sites should all open This policy setting applies only to domain-joined or MDM-enrolled devices and lets you configure the default search engine for Microsoft Edge. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. -For more info, see the [Microsoft browser extension policy](aka.ms/browserpolicy). +For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). + | If you… | Then… | | --- | --- | | Enable this setting | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:

`https://fabrikam.com/opensearch.xml` | From fa4f1b5f9417f44bf48172e6a1cb2f9446f086c8 Mon Sep 17 00:00:00 2001 From: shortpatti Date: Tue, 13 Feb 2018 15:13:03 -0800 Subject: [PATCH 13/20] fixed the 'Applies to' format --- browsers/edge/available-policies.md | 52 +++++++++++-------- .../edge/emie-to-improve-compatibility.md | 3 +- ...-guidance-using-microsoft-edge-and-ie11.md | 2 +- .../hardware-and-software-requirements.md | 8 ++- browsers/edge/microsoft-edge-faq.md | 5 +- .../security-enhancements-microsoft-edge.md | 13 ++--- 6 files changed, 42 insertions(+), 41 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 5c926558de..9bbec23d0f 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library title: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros) ms.localizationpriority: high -ms.date: 09/13/2017 +ms.date: 09/13/2017 #Previsou release date --- @@ -24,7 +24,13 @@ By using Group Policy and Intune, you can set up a policy setting once, and then > For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924). ## Group Policy settings +Microsoft Edge works with the following Group Policy settings to help you manager your company's web browser configurations. The Group Policy settings are found in the Group Policy Editor in the following location: + +`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\` + + ### Allow Address bar drop-down list suggestions >*Supporteded versions: Windows 10, version 1703* @@ -33,7 +39,7 @@ This policy setting lets you decide whether the Address bar drop-down functional | If you... | Then... | | --- | --- | | Enable this setting (default) | Employees can see the Address bar drop-down functionality in Microsoft Edge. | -| Disable this setting | Employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."

Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. | +| Disable this setting | Employees do not see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."

Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. | | ### Allow Adobe Flash @@ -73,7 +79,7 @@ This policy setting lets you decide whether employees can use Edge Extensions. | If you… | Then… | | --- | --- | | Enable this setting | Employees can use Edge Extensions. | -| Disable this setting | [@Reviewer: why would a company disable this setting?] Employees cannot use Edge Extensions. | +| Disable this setting | [@Reviewer: why would a company disable this setting? Is this because of potential memory leaks?] Employees cannot use Edge Extensions. | | ### Allow InPrivate browsing @@ -83,7 +89,7 @@ This policy setting lets you decide whether employees can browse using InPrivate | If you… | Then… | | --- | --- | | Enable this setting (default) | Employees can use InPrivate website browsing. | -| Disable this setting | [@Reviewer: why would a company disable this setting?] Employees cannot use InPrivate website browsing. | +| Disable this setting | [@Reviewer: why would a company disable this setting? Is this to discourage users from browser inappropriate websites? What are the use cases for having this turned off?] Employees cannot use InPrivate website browsing. | | ### Allow Microsoft Compatibility List @@ -101,7 +107,7 @@ This policy setting lets you decide whether to use the Microsoft Compatibility L This policy setting lets you decide whether users can change their search engine. Important. You can only use this setting with domain-joined or MDM-enrolled devices. -For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). +For more info, see the [Microsoft browser extension policy](http://aka.ms/browserpolicy). | If you… | Then… | | --- | --- | @@ -123,7 +129,7 @@ This policy setting lets you configure what appears when Microsoft Edge opens a ### Configure additional search engines >*Supported versions: Windows 10, version 1703* -This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees but can make a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting. +This policy setting lets you add up to 5 additional search engines, which cannot be removed by your employees but can make a personal default engine. This setting does not set the default search engine. For that, you must use the "Set default search engine" setting. | If you… | Then… | | --- | --- | | Enable this setting | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:

``

For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable this setting (default) | Any added search engines are removed from the employee’s device. [@Reviewer: is this implying that Bing is the only search engine on the employee’s device?] | @@ -201,14 +207,14 @@ This policy setting lets you decide whether search suggestions appear in the Add | If you… | Then… | | --- | --- | | Enable this setting | Employees can see search suggestions in the Address bar. | -| Disable this setting | Employees can't see search suggestions in the Address bar. | +| Disable this setting | Employees cannot see search suggestions in the Address bar. | | Do not configure this setting (default) | Employees can choose whether search suggestions appear in the Address bar. | | ### Configure Start pages >*Supported versions: Windows 10, version 1511 or later* -This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees won't be able to change this after you set it. +This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees will not be able to change this after you set it. | If you… | Then… | | --- | --- | | Enable this setting | You must include URLs to the pages, separating multiple pages by using angle brackets in this format:

`` | @@ -255,7 +261,7 @@ This policy setting lets you configure whether to turn on Windows Defender Smart This policy setting lets you disable the lockdown of Start pages if the Configure Start pages setting is in effect [@Reviewer: shouldn't this be “…is enabled” instead of "...is in effect"?]. This setting only applies to domain-joined or MDM-enrolled devices. -For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). +For more info, see the [Microsoft browser extension policy](http://aka.ms/browserpolicy). | If you… | Then… | | --- | --- | @@ -267,9 +273,11 @@ For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy) >*Supported versions: Windows 10, version 1703* This policy setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge, including additions, deletions, changes, and position. + +[@Reviewer: what is the default: enable or disable?] | If you… | Then… | | --- | --- | -| Enable this setting | Employees can sync their favorites between Internet Explorer and Microsoft Edge. Note. Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. [what does this mean? I want to know more about what this note is saying. More details and maybe an example or scenario.] | +| Enable this setting | Employees can sync their favorites between Internet Explorer and Microsoft Edge.

Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. [@Reviewer: what does this mean? I want to know more about what this is saying. More details and maybe an example or scenario.] | | Disable or do not configure this setting | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. | | @@ -348,7 +356,7 @@ This policy setting lets you decide whether your intranet sites should all open This policy setting applies only to domain-joined or MDM-enrolled devices and lets you configure the default search engine for Microsoft Edge. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. -For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). +For more info, see the [Microsoft browser extension policy](http://aka.ms/browserpolicy). | If you… | Then… | | --- | --- | @@ -463,7 +471,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **Allowed values:** - - **0.** Employees can't use the F12 Developer Tools. + - **0.** Employees cannot use the F12 Developer Tools. - **1 (default).** Employees can use the F12 Developer Tools. @@ -565,7 +573,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **Allowed values:** - - **0.** Additional search engines aren't allowed and the default can’t be changed in the Address bar. + - **0.** Additional search engines are not allowed and the default can’t be changed in the Address bar. - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar. @@ -582,7 +590,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **Allowed values:** - - **0 (default).** Employees can't use Password Manager to save passwords locally. + - **0 (default).** Employees cannot use Password Manager to save passwords locally. - **1.** Employees can use Password Manager to save passwords locally. @@ -748,7 +756,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - URLs must be on separate lines and aren't shared between Microsoft Edge and Internet Explorer 11. + URLs must be on separate lines and are not shared between Microsoft Edge and Internet Explorer 11. ### FirstRunURL - **Supported versions:** Windows 10, version 1511 or later @@ -803,7 +811,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **0 (default).** Employees can access the about:flags page in Microsoft Edge. - - **1.** Employees can't access the about:flags page in Microsoft Edge. + - **1.** Employees cannot access the about:flags page in Microsoft Edge. ### PreventFirstRunPage - **Supported versions:** Windows 10, version 1703 @@ -820,7 +828,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **0 (default).** Employees see the First Run webpage. - - **1.** Employees don't see the First Run webpage. + - **1.** Employees do not see the First Run webpage. ### PreventLiveTileDataCollection - **Supported versions:** Windows 10, version 1703 @@ -888,7 +896,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U - **0 (default).** Shows an employee's LocalHost IP address while using the WebRTC protocol. - - **1.** Doesn't show an employee's LocalHost IP address while using the WebRTC protocol. + - **1.** Does not show an employee's LocalHost IP address while using the WebRTC protocol. ### SendIntranetTraffictoInternetExplorer - **Supported versions:** Windows 10 @@ -969,9 +977,9 @@ These are additional Windows 10-specific Group Policy settings that work with M - **Description:** This policy settings lets you decide whether employees can use Cortana. - - If you enable or don't configure this setting, employees can use Cortana on their devices. + - If you enable or do not configure this setting, employees can use Cortana on their devices. - - If you disable this setting, employees won't be able to use Cortana on their devices. + - If you disable this setting, employees will not be able to use Cortana on their devices. >[!Note] >Employees can still perform searches even with Cortana turned off. @@ -983,7 +991,7 @@ These are additional Windows 10-specific Group Policy settings that work with M - If you enable this setting, the Sync your Settings options are turned off and none of the Sync your Setting groups are synced on the device. You can use the Allow users to turn syncing on option to turn the feature off by default, but to let the employee change this setting. - - If you disable or don't configure this setting (default), the Sync your Settings options are turned on, letting employees pick what can sync on their device. + - If you disable or do not configure this setting (default), the Sync your Settings options are turned on, letting employees pick what can sync on their device. ### Do not sync browser settings - **Location:** Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync browser settings @@ -992,7 +1000,7 @@ These are additional Windows 10-specific Group Policy settings that work with M - If you enable this setting, the Sync your Settings options are turned off so that browser groups are unable to sync their settings and info. You can use the Allow users to turn browser syncing on option to turn the feature off by default, but to let the employee change this setting. - - If you disable or don't configure this setting (default), the Sync your Settings options are turned on, letting browser groups pick what can sync on their device. + - If you disable or do not configure this setting (default), the Sync your Settings options are turned on, letting browser groups pick what can sync on their device. ## Microsoft Edge and Windows 10-specific MDM policy settings diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md index c9cd299705..cffe549908 100644 --- a/browsers/edge/emie-to-improve-compatibility.md +++ b/browsers/edge/emie-to-improve-compatibility.md @@ -20,7 +20,8 @@ If you have specific web sites and apps that you know have compatibility problem Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. -> **Note**
+[@Reviewer: will RS5 have the need for the following note?] +>[!NOTE] >If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714). ## Fix specific websites diff --git a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md index e699a000e8..075821264e 100644 --- a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md +++ b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md @@ -21,7 +21,7 @@ ms.date: 10/16/2017 - Windows 10 ## Enterprise guidance -Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). +Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page]![](path/to/image.png)(https://go.microsoft.com/fwlink/p/?linkid=290956). We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10. diff --git a/browsers/edge/hardware-and-software-requirements.md b/browsers/edge/hardware-and-software-requirements.md index 6c45062cc6..81c4a2c980 100644 --- a/browsers/edge/hardware-and-software-requirements.md +++ b/browsers/edge/hardware-and-software-requirements.md @@ -13,15 +13,13 @@ ms.date: 07/27/2017 # Microsoft Edge requirements and language support -**Applies to:** - -- Windows 10 -- Windows 10 Mobile +>Applies to: Windows 10, Windows 10 Mobile Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list. ->**Note**
The Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, don't include Microsoft Edge or many other Universal Windows Platform (UWP) apps. These apps and their services are frequently updated with new functionality, and can't be supported on systems running the LTSB operating systems. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11. +>[!NOTE] +>The Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, don't include Microsoft Edge or many other Universal Windows Platform (UWP) apps. These apps and their services are frequently updated with new functionality, and can't be supported on systems running the LTSB operating systems. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11. ## Minimum system requirements Some of the components in this table might also need additional system resources. Check the component's documentation for more information. diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md index ca6eea8b48..05335d7416 100644 --- a/browsers/edge/microsoft-edge-faq.md +++ b/browsers/edge/microsoft-edge-faq.md @@ -12,10 +12,7 @@ ms.date: 09/19/2017 # Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros -**Applies to:** - -- Windows 10 -- Windows 10 Mobile +>Applies to: Windows 10, Windows 10 Mobile **Q: What is the difference between Microsoft Edge and Internet Explorer 11? How do I know which one to use?** diff --git a/browsers/edge/security-enhancements-microsoft-edge.md b/browsers/edge/security-enhancements-microsoft-edge.md index 2e06bbe027..40952d55dc 100644 --- a/browsers/edge/security-enhancements-microsoft-edge.md +++ b/browsers/edge/security-enhancements-microsoft-edge.md @@ -11,19 +11,16 @@ ms.date: 10/16/2017 # Security enhancements for Microsoft Edge -**Applies to:** - -- Windows 10 -- Windows 10 Mobile +>Applies to: Windows 10, Windows 10 Mobile Microsoft Edge is designed with significant security improvements, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. ## Help to protect against web-based security threats While most websites are safe, some sites have been designed to steal personal information or gain access to your system’s resources. Thieves by nature don’t care about rules, and will use any means to take advantage of victims, most often using trickery or hacking: -- **Trickery.** Means using things like “phishing” attacks to convince a person to enter a banking password into a website that looks like the bank, but isn’t. +- **Trickery** uses things like “phishing” attacks to convince a person to enter a banking password into a website that looks like the bank, but isn’t. -- **Hacking.** Means attacking a system through malformed content that exploits subtle flaws in a browser, or in various browser extensions, such as video decoders. This exploit lets an attacker run code on a device, taking over first a browsing session, and perhaps ultimately the entire device. +- **Hacking** attacks a system through malformed content that exploits subtle flaws in a browser, or in various browser extensions, such as video decoders. This exploit lets an attacker run code on a device, taking over first a browsing session, and perhaps ultimately the entire device. While trickery and hacking are threats faced by every browser, it’s important that we explore how Microsoft Edge addresses these threats and is helping make the web a safer experience. @@ -55,8 +52,8 @@ The Microsoft EdgeHTML engine also helps to defend against hacking through these - Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). This helps ensure that connections to important sites, such as to your bank, are always secured. - **Note**
- Both Microsoft Edge and Internet Explorer 11 support HSTS. +>[!NOTE] +>Both Microsoft Edge and Internet Explorer 11 support HSTS. #### All web content runs in an app container sandbox Internet Explorer 7 on Windows Vista was the first web browser to provide a browsing sandbox, called [Protected Mode](http://windows.microsoft.com/windows-vista/What-does-Internet-Explorer-protected-mode-do). Protected Mode forced the part of the browser that rendered web content to run with less privilege than the browser controls or the user, providing a level of isolation and protection should a malicious website attempt to exploit a bug in the browser or one of its plug-ins. From a93f9183580dd379ade7ea9cc8ac167bcd074d00 Mon Sep 17 00:00:00 2001 From: chintanpatel Date: Tue, 13 Feb 2018 16:20:44 -0800 Subject: [PATCH 14/20] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 6b6afaec07..710bbc8021 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -34,14 +34,18 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se **Settings/ClipboardFileType**

Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete.

-- 0 - Allow text copying. -- 1 - Allow text and image copying. +- 0 - Disables content copying. +- 1 - Allow text copying. +- 2 - Allow image copying. +- 3 - Allow text and image copying. **Settings/ClipboardSettings**

This policy setting allows you to decide how the clipboard behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete

- 0 (default) - Completely turns Off the clipboard functionality for the Application Guard. -- 1 - Turns On the clipboard functionality and lets you choose whether to additionally enable copying of certain content from Application Guard into Microsoft Edge and enable copying of certain content from Microsoft Edge into Application Guard. +- 1 - Turns On clipboard operation from an isolated session to the host +- 2 - Turns On clipboard operation from the host to an isolated session +- 3 - Turns On clipboard operation in both the directions > [!Important] > Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended. From 73d8887e9f827ad588e37a847cdd5de3d7fc645a Mon Sep 17 00:00:00 2001 From: shortpatti Date: Tue, 13 Feb 2018 16:21:55 -0800 Subject: [PATCH 15/20] fixed broken link to the IE11 download page --- .../edge/enterprise-guidance-using-microsoft-edge-and-ie11.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md index 075821264e..e699a000e8 100644 --- a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md +++ b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md @@ -21,7 +21,7 @@ ms.date: 10/16/2017 - Windows 10 ## Enterprise guidance -Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page]![](path/to/image.png)(https://go.microsoft.com/fwlink/p/?linkid=290956). +Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10. From de8bd4173c85e899f194d5d12c5717dbe24d0166 Mon Sep 17 00:00:00 2001 From: shortpatti Date: Wed, 14 Feb 2018 11:49:55 -0800 Subject: [PATCH 16/20] formatted the Group Policy list by adding IF/THEN tables for Enable setting vs Disable setting --- browsers/edge/available-policies.md | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 9bbec23d0f..70a990a885 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -58,7 +58,7 @@ This policy setting lets you decide whether employees can run Adobe Flash on Mic This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes. | If you… | Then… | | --- | --- | -| Enable this setting | Clear browsing history on exit is turned on. [@Reviewer: can employees do anything to this setting at this point? Or is this controlled by the system administrator?] | +| Enable this setting | Clear browsing history on exit is turned on. | | Disable or don’t configure this setting (default) | Employees can turn on and configure the Clear browsing data option under Settings. | | @@ -79,7 +79,7 @@ This policy setting lets you decide whether employees can use Edge Extensions. | If you… | Then… | | --- | --- | | Enable this setting | Employees can use Edge Extensions. | -| Disable this setting | [@Reviewer: why would a company disable this setting? Is this because of potential memory leaks?] Employees cannot use Edge Extensions. | +| Disable this setting | Employees cannot use Edge Extensions. | | ### Allow InPrivate browsing @@ -89,16 +89,16 @@ This policy setting lets you decide whether employees can browse using InPrivate | If you… | Then… | | --- | --- | | Enable this setting (default) | Employees can use InPrivate website browsing. | -| Disable this setting | [@Reviewer: why would a company disable this setting? Is this to discourage users from browser inappropriate websites? What are the use cases for having this turned off?] Employees cannot use InPrivate website browsing. | +| Disable this setting | Employees cannot use InPrivate website browsing. | | ### Allow Microsoft Compatibility List >*Supporteded versions: Windows 10, version 1607 or later* -This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. [@Reviewer: Is this supposed to be a link to another topic? Is the topic Use Enterprise Mode to improve compatibility emie-to-improve-compatibility.md?] +This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. | If you… | Then… | | --- | --- | -| Enable this setting (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation [@Reviewer: are the updates really applied “during browser navigation?" shouldn't just be as simple as "...applying the updates automatically”?]. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly. | +| Enable this setting (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation . Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly. | | Disable this setting | Browser navigation does not use the Microsoft Compatibility List. | | @@ -132,8 +132,8 @@ This policy setting lets you configure what appears when Microsoft Edge opens a This policy setting lets you add up to 5 additional search engines, which cannot be removed by your employees but can make a personal default engine. This setting does not set the default search engine. For that, you must use the "Set default search engine" setting. | If you… | Then… | | --- | --- | -| Enable this setting | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:

``

For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable this setting (default) | Any added search engines are removed from the employee’s device. [@Reviewer: is this implying that Bing is the only search engine on the employee’s device?] | -| Do not configure this setting | The search engine list is set to what is specified in App settings. [@Reviewer: what’s the difference between “don’t configure this setting”, “Enable this setting”, and “Disable this setting”?] | +| Enable this setting | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:

``

For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable this setting (default) | Any added search engines are removed from the employee’s device. | +| Do not configure this setting | The search engine list is set to what is specified in App settings. | | ### Configure Autofill @@ -171,7 +171,7 @@ This policy setting lets you decide whether employees can send Do Not Track requ ### Configure Favorites >*Supported versions: Windows 10, version 1511 or later* -This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. [@Reviewer: what is the default setting, enabled or disabled? I’m guessing it’s Disabled is the default.] +This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. | If you… | Then… | | --- | --- | | Enable this setting | You must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy. | @@ -224,7 +224,7 @@ This policy setting lets you configure one or more Start pages, for domain-joine ### Configure the Adobe Flash Click-to-Run setting >*Supported versions: Windows 10, version 1703* -This policy setting lets you decide whether employees must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. [@Reviewer: what is the default, enabled or disabled?] +This policy setting lets you decide whether employees must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | If you… | Then… | | --- | --- | | Enable or don’t configure this setting< | Employees must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. | @@ -259,7 +259,7 @@ This policy setting lets you configure whether to turn on Windows Defender Smart ### Disable lockdown of Start pages >*Supported versions: Windows 10, version 1703* -This policy setting lets you disable the lockdown of Start pages if the Configure Start pages setting is in effect [@Reviewer: shouldn't this be “…is enabled” instead of "...is in effect"?]. This setting only applies to domain-joined or MDM-enrolled devices. +This policy setting lets you disable the lockdown of Start pages if the Configure Start pages setting is in effect . This setting only applies to domain-joined or MDM-enrolled devices. For more info, see the [Microsoft browser extension policy](http://aka.ms/browserpolicy). @@ -274,10 +274,11 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse This policy setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge, including additions, deletions, changes, and position. -[@Reviewer: what is the default: enable or disable?] + | If you… | Then… | | --- | --- | -| Enable this setting | Employees can sync their favorites between Internet Explorer and Microsoft Edge.

Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. [@Reviewer: what does this mean? I want to know more about what this is saying. More details and maybe an example or scenario.] | +| Enable this setting | Employees can sync their favorites between Internet Explorer and Microsoft Edge.

Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. | | Disable or do not configure this setting | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. | | @@ -361,11 +362,11 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse | If you… | Then… | | --- | --- | | Enable this setting | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:

`https://fabrikam.com/opensearch.xml` | -| Disable this setting | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market [@Reviewer: what does “market” mean in this context?]. | +| Disable this setting | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market . | | Do not configure this setting | The default search engine is set to the one specified in App settings. | | >[!Important] ->If you'd like your employees to use the default Microsoft Edge settings for each market [@Reviewer: what does “each market” refer to in this context?], you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. +>If you'd like your employees to use the default Microsoft Edge settings for each market , you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. ### Show message when opening sites in Internet Explorer >*Supported versions: Windows 10, version 1607 and later* From 22bbd64eeabcb23e664bb11372a9ed0ab2aad20b Mon Sep 17 00:00:00 2001 From: Antoine Griffard Date: Wed, 14 Feb 2018 21:56:42 +0100 Subject: [PATCH 17/20] Typo in security-analytics-dashboard-windows-defender-advanced-threat-protection.md Remove duplicated 'the'. --- ...ics-dashboard-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md index c3705bb1d8..a7f177c650 100644 --- a/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md @@ -72,7 +72,7 @@ The numbers beside the green triangle icon on each recommended action represents >[!IMPORTANT] >Recommendations that do not display a green triangle icon are informational only and no action is required. -Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. +Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. The following image shows an example list of machines where the EDR sensor is not turned on. From 2e2dd677ca2a16223883cc452ee32e870f271ec8 Mon Sep 17 00:00:00 2001 From: Antoine Griffard Date: Wed, 14 Feb 2018 22:24:27 +0100 Subject: [PATCH 18/20] Typo in surface-hub-start-menu.md 'go the the' => 'go to the' --- devices/surface-hub/surface-hub-start-menu.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md index dccacb8551..07671c8e12 100644 --- a/devices/surface-hub/surface-hub-start-menu.md +++ b/devices/surface-hub/surface-hub-start-menu.md @@ -28,7 +28,7 @@ The customized Start menu is defined in a Start layout XML file. You have two op - Configure the desired Start menu on a desktop (pinning only apps that are available on Surface Hub), and then [export the layout](https://docs.microsoft.com/windows/configuration/customize-and-export-start-layout#export-the-start-layout). >[!TIP] ->To add a tile with a web link to your desktop start menu, go the the link in Microsoft Edge, select `...` in the top right corner, and select **Pin this page to Start**. See [a Start layout that includes a Microsoft Edge link](#edge) for an example of how links will appear in the XML. +>To add a tile with a web link to your desktop start menu, go to the link in Microsoft Edge, select `...` in the top right corner, and select **Pin this page to Start**. See [a Start layout that includes a Microsoft Edge link](#edge) for an example of how links will appear in the XML. To edit the default XML or the exported layout, familiarize yourself with the [Start layout XML](https://docs.microsoft.com/en-us/windows/configuration/start-layout-xml-desktop). There are a few [differences between Start layout on a deskop and a Surface Hub.](#differences) @@ -180,4 +180,4 @@ This example shows a link to a website and a link to a .pdf file. ## More information -- [Blog post: Changing Surface Hub’s Start Menu](https://blogs.technet.microsoft.com/y0av/2018/02/13/47/) \ No newline at end of file +- [Blog post: Changing Surface Hub’s Start Menu](https://blogs.technet.microsoft.com/y0av/2018/02/13/47/) From 7fda9159b0db62933c7928084d78dbadfe033fde Mon Sep 17 00:00:00 2001 From: Adrian Reyes Date: Wed, 14 Feb 2018 15:18:28 -0800 Subject: [PATCH 19/20] Update "Full name" for some apps Update "Mail and Calendar", "Solitaire", and "Voice Recorder" "Full name" fields --- windows/application-management/apps-in-windows-10.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 521038e82e..08850b0417 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -117,7 +117,7 @@ Here are the typical provisioned Windows apps in Windows 10 versions 1607, 1703, | Get Skype/Skype (preview)/Skype | Microsoft.SkypeApp | x | x | x | Yes | | Get Started/Tips | Microsoft.Getstarted | x | x | x | Yes | | Groove | Microsoft.ZuneMusic | x | x | x | No | -| Mail and Calendar | Microsoft.windows communicationsapps | x | x | x | No | +| Mail and Calendar | microsoft.windowscommunicationsapps | x | x | x | No | | Maps | Microsoft.WindowsMaps | x | x | x | No | | Messaging | Microsoft.Messaging | x | x | x | No | | Microsoft 3D Viewer | Microsoft.Microsoft3DViewer | | x | x | No | @@ -128,11 +128,11 @@ Here are the typical provisioned Windows apps in Windows 10 versions 1607, 1703, | People | Microsoft.People | x | x | x | No | | Photos | Microsoft.Windows.Photos | x | x | x | No | | Print 3D | Microsoft.Print3D | | | x | No | -| Solitaire | Microsoft.Microsoft SolitaireCollection | x | x | x | Yes | +| Solitaire | Microsoft.MicrosoftSolitaireCollection | x | x | x | Yes | | Sticky Notes | Microsoft.MicrosoftStickyNotes | x | x | x | No | | Store | Microsoft.WindowsStore | x | x | x | No | | Sway | Microsoft.Office.Sway | * | * | x | Yes | -| Voice Recorder | Microsoft.SoundRecorder | x | x | x | No | +| Voice Recorder                 | Microsoft.WindowsSoundRecorder        | x   | x   | x   | No                       | | Wallet | Microsoft.Wallet | | x | x | No | | Weather | Microsoft.BingWeather | x | x | x | Yes | | Xbox | Microsoft.XboxApp | x | x | x | No | @@ -143,4 +143,4 @@ Here are the typical provisioned Windows apps in Windows 10 versions 1607, 1703, | | Microsoft.XboxIdentityProvider | x | x | * | No | | | Microsoft.XboxSpeech ToTextOverlay | | x | x | No | -\* moved from "provisioned" to "installed" in this version. \ No newline at end of file +\* moved from "provisioned" to "installed" in this version. From cee4842cb9a357f180faafe7bd68196a0407298d Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 15 Feb 2018 00:13:56 +0000 Subject: [PATCH 20/20] Merged PR 5885: Small clarification small change --- .../deployment/windows-10-enterprise-subscription-activation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md index f7f5d176dd..de3ae148a3 100644 --- a/windows/deployment/windows-10-enterprise-subscription-activation.md +++ b/windows/deployment/windows-10-enterprise-subscription-activation.md @@ -68,7 +68,7 @@ With Windows 10 Enterprise, businesses can benefit from enterprise-level securit You can benefit by moving to Windows as an online service in the following ways: 1. Licenses for Windows 10 Enterprise are checked based on Azure Active Directory (Azure AD) credentials, so now businesses have a systematic way to assign licenses to end users and groups in their organization. -2. Azure AD logon triggers a silent edition upgrade, with no reboot required +2. User logon triggers a silent edition upgrade, with no reboot required 3. Support for mobile worker/BYOD activation; transition away from on-prem KMS and MAK keys. 4. Compliance support via seat assignment.