Merge pull request #5223 from MicrosoftDocs/master

Publish 05/25/2021, 10:30 AM

windows/client-management/mdm/diagnosticlog-csp.md

@@ -136,45 +136,45 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain
   - Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`.
   - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter.
   - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed:
-          - %windir%\\system32\\certutil.exe
-          - %windir%\\system32\\dxdiag.exe
-          - %windir%\\system32\\gpresult.exe
-          - %windir%\\system32\\msinfo32.exe
-          - %windir%\\system32\\netsh.exe
-          - %windir%\\system32\\nltest.exe
-          - %windir%\\system32\\ping.exe
-          - %windir%\\system32\\powercfg.exe
-          - %windir%\\system32\\w32tm.exe
-          - %windir%\\system32\\wpr.exe
-          - %windir%\\system32\\dsregcmd.exe
-          - %windir%\\system32\\dispdiag.exe
-          - %windir%\\system32\\ipconfig.exe
-          - %windir%\\system32\\logman.exe
-          - %windir%\\system32\\tracelog.exe
-          - %programfiles%\\windows defender\\mpcmdrun.exe
-          - %windir%\\system32\\MdmDiagnosticsTool.exe
-          - %windir%\\system32\\pnputil.exe
+    - %windir%\\system32\\certutil.exe
+    - %windir%\\system32\\dxdiag.exe
+    - %windir%\\system32\\gpresult.exe
+    - %windir%\\system32\\msinfo32.exe
+    - %windir%\\system32\\netsh.exe
+    - %windir%\\system32\\nltest.exe
+    - %windir%\\system32\\ping.exe
+    - %windir%\\system32\\powercfg.exe
+    - %windir%\\system32\\w32tm.exe
+    - %windir%\\system32\\wpr.exe
+    - %windir%\\system32\\dsregcmd.exe
+    - %windir%\\system32\\dispdiag.exe
+    - %windir%\\system32\\ipconfig.exe
+    - %windir%\\system32\\logman.exe
+    - %windir%\\system32\\tracelog.exe
+    - %programfiles%\\windows defender\\mpcmdrun.exe
+    - %windir%\\system32\\MdmDiagnosticsTool.exe
+    - %windir%\\system32\\pnputil.exe
 
 - **FoldersFiles**
   - Captures log files from a given path (without recursion).
   - Expected input value: File path with or without wildcards, such as "%windir%\\System32", or "%programfiles%\\*.log".
   - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only paths under the following roots are allowed:
-          - %PROGRAMFILES%
-          - %PROGRAMDATA%
-          - %PUBLIC%
-          - %WINDIR%
-          - %TEMP%
-          - %TMP%
+    - %PROGRAMFILES%
+    - %PROGRAMDATA%
+    - %PUBLIC%
+    - %WINDIR%
+    - %TEMP%
+    - %TMP%
   - Additionally, only files with the following extensions are captured:
-          - .log
-          - .txt
-          - .dmp
-          - .cab
-          - .zip
-          - .xml
-          - .html
-          - .evtx
-          - .etl
+    - .log
+    - .txt
+    - .dmp
+    - .cab
+    - .zip
+    - .xml
+    - .html
+    - .evtx
+    - .etl
 
 <a href="" id="diagnosticarchive-archiveresults"></a>**DiagnosticArchive/ArchiveResults**
 Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run.

windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -9,12 +9,12 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
-author: linque1
-ms.author: robsize
-manager: robsize
+author: tomlayson
+ms.author: tomlayson
+manager: riche
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 12/1/2020
+ms.date: 5/21/2021
 ---
 
 # Manage connections from Windows 10 operating system components to Microsoft services
@@ -592,6 +592,48 @@ Alternatively, you can configure the following Registry keys as described:
 
 For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](/microsoft-edge/deploy/available-policies).
 
+### <a href="" id="bkmk-edgegp"></a>13.2 Microsoft Edge Enterprise
+
+For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies). 
+
+> [!Important]
+> - The following settings are applicable to Microsoft Edge version 77 or later.
+> - For details on supported Operating Systems, see [Microsoft Edge supported Operating Systems](/deployedge/microsoft-edge-supported-operating-systems).
+> - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge, see [Configure Microsoft Edge policy settings on Windows](/deployedge/configure-microsoft-edge).
+> - Devices must be domain joined for some of the policies to take effect.
+
+| Policy                           | Group Policy Path  | Registry Path                               |
+|----------------------------------|--------------------|---------------------------------------------|
+| **SearchSuggestEnabled**         |  Computer Configuration/Administrative Templates/Windows Component/Microsoft Edge - Enable search suggestions  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: SearchSuggestEnabled Set to 0** | 
+| **AutofillAddressEnabled**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Enable AutoFill for addresses  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: AutofillAddressEnabled Set to 0** | 
+| **AutofillCreditCardEnabled**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Enable AutoFill for credit cards  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: AutofillCreditCardEnabled Set to 0** | 
+| **ConfigureDoNotTrack**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Configure Do Not Track   | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Enabled**| **REG_DWORD name: ConfigureDoNotTrack Set to 1** | 
+| **PasswordManagerEnabled**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Password manager and protection-Enable saving passwords to the password manager  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: PasswordManagerEnabled Set to 0** | 
+| **DefaultSearchProviderEnabled**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Default search provider-Enable the default search provider  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: DefaultSearchProviderEnabled Set to 0** | 
+| **HideFirstRunExperience**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Hide the First-run experience and splash screen   | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Enabled**| **REG_DWORD name: HideFirstRunExperience Set to 1** | 
+| **SmartScreenEnabled**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/SmartScreen settings-Configure Microsoft Defender SmartScreen  | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: SmartScreenEnabled Set to 0** | 
+| **NewTabPageLocation**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page- Configure the new tab page URL | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Enabled-Value “about:blank”**| **REG_SZ name: NewTabPageLocation Set to about:blank** | 
+| **RestoreOnStartup**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page- Action to take on startup   | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
+|                                  | **Set to Disabled**| **REG_DWORD name: RestoreOnStartup Set to 5** | 
+| **RestoreOnStartupURLs**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page- Sites to open when the browser starts | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLs |
+|                                  | **Set to Disabled**| **REG_SZ name: 1 Set to about:blank** |
+| **UpdateDefault**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Applications-Update policy override default   | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate |
+|                                  | **Set to Enabled - 'Updates disabled'**| **REG_DWORD name: UpdateDefault Set to 0** | 
+| **AutoUpdateCheckPeriodMinutes**       |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Preferences- Auto-update check period override | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate |
+|                                  | **Set to Enabled - Set Value for Minutes between update checks to 0**| **REG_DWORD name: AutoUpdateCheckPeriodMinutes Set to 0** | 
+| **Experimentation and Configuration Service** |  Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Preferences- Auto-update check period override | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate |
+|                                  | **Set to RestrictedMode**| **REG_DWORD name: ExperimentationAndConfigurationServiceControl  Set to 0** | 
+|||
+
 ### <a href="" id="bkmk-ncsi"></a>14. Network Connection Status Indicator
 
 Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. See the [Microsoft Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/bg-p/NetworkingBlog) to learn more.

windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md

@@ -94,6 +94,9 @@ To find the PCR information, go to the end of the file.
 
 ## Use PCPTool to decode Measured Boot logs
 
+> [!NOTE]
+> PCPTool is a Visual Studio solution, but you need to build the executable before you can start using this tool.
+
 PCPTool is part of the [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487). The tool decodes a Measured Boot log file and converts it into an XML file.
 
 To download and install PCPTool, go to the Toolkit page, select **Download**, and follow the instructions.
@@ -111,4 +114,4 @@ where the variables represent the following values:
 
 The content of the XML file resembles the following.
 
-![Command Prompt window that shows an example of how to use PCPTool](./images/pcptool-output.jpg)
+![Command Prompt window that shows an example of how to use PCPTool](./images/pcptool-output.jpg)