mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-23 10:47:22 +00:00
Merged PR 12326: 10/24 AM Publish
This commit is contained in:
Huaping Yu (Beyondsoft Consulting Inc)
commit
a5fb08ce73
@ -10,7 +10,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: appcompat
|
ms.pagetype: appcompat
|
||||||
title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros)
|
title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros)
|
||||||
ms.localizationpriority: high
|
ms.localizationpriority: high
|
||||||
ms.date: 10/09/2018
|
ms.date: 10/24/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Use Enterprise Mode to improve compatibility
|
# Use Enterprise Mode to improve compatibility
|
||||||
@ -46,9 +46,8 @@ If you're having trouble deciding whether Microsoft Edge is right for your organ
|
|||||||
|
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035)
|
- [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035)
|
||||||
* [Enterprise Mode Site List Manager for Windows 10 download](https://go.microsoft.com/fwlink/?LinkId=746562)
|
- [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377)
|
||||||
* [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377)
|
|
||||||
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
|
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
|
||||||
- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
|
- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
|
||||||
- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager)
|
- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager)
|
||||||
|
|||||||
@ -7,13 +7,19 @@ ms.prod: edge
|
|||||||
ms.mktglfcycl: general
|
ms.mktglfcycl: general
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 10/02/2018
|
ms.date: 10/23/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Frequently Asked Questions (FAQs) for IT Pros
|
# Frequently Asked Questions (FAQs) for IT Pros
|
||||||
|
|
||||||
>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
|
>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
|
||||||
|
|
||||||
|
**Q: Why is the Sync settings option under Settings \> Accounts \> Sync your settings permanently disabled?
|
||||||
|
|
||||||
|
**A:** In the Windows 10 Anniversary Update, domain-joined users who connected their Microsoft Account (MSA) could roam settings and data between Windows devices. A group policy to prevent users from connecting their MSAs exists, but this setting also prevents users from easily accessing their personal Microsoft services. Enterprises can still enable Enterprise State Roaming with Azure Active Directory.
|
||||||
|
|
||||||
|
>In a nutshell, any fresh install of Windows 10 Creators Update or higher does not support funtionality if it's under an Active Directory, but works for Azure Active Directory.
|
||||||
|
|
||||||
**Q: What is the size of the local storage for Microsoft Edge overall and per domain?**
|
**Q: What is the size of the local storage for Microsoft Edge overall and per domain?**
|
||||||
|
|
||||||
**A:** The limits are 5MB per subdomain, 10MB per domain, and 50MB total.
|
**A:** The limits are 5MB per subdomain, 10MB per domain, and 50MB total.
|
||||||
|
|||||||
@ -167,7 +167,7 @@ This table includes the attributes used by the Enterprise Mode schema.
|
|||||||
<path exclude="true">/products</path>
|
<path exclude="true">/products</path>
|
||||||
</domain>
|
</domain>
|
||||||
</emie></pre><p>
|
</emie></pre><p>
|
||||||
Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does.</td>
|
Where http://fabrikam.com uses IE8 Enterprise Mode, but http://fabrikam.com/products does not.</td>
|
||||||
<td>Internet Explorer 11 and Microsoft Edge</td>
|
<td>Internet Explorer 11 and Microsoft Edge</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
|
|||||||
@ -1,20 +1,19 @@
|
|||||||
---
|
---
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.mktglfcycl: plan
|
ms.mktglfcycl: plan
|
||||||
description: Learn about which version of the IEAK 11 you should run, based on your license agreement.
|
description: Learn about the version of the IEAK 11 you should run, based on your license agreement.
|
||||||
author: pashort
|
author: pashort
|
||||||
ms.author: shortpatti
|
ms.author: shortpatti
|
||||||
ms.manager: elizapo
|
|
||||||
ms.prod: ie11, ieak11
|
ms.prod: ie11, ieak11
|
||||||
ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
|
ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
|
||||||
title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
|
title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.date: 05/02/2018
|
ms.date: 10/23/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
# Determine the licensing version and features to use in IEAK 11
|
# Determine the licensing version and features to use in IEAK 11
|
||||||
In addition to the Software License Terms for the Internet Explorer Administration Kit 11 (IEAK 11) (IEAK 11, the "software"), these Guidelines further define how you may and may not use the software to create versions of Internet Explorer 11 with optional customizations (the "customized browser") for internal use and distribution in accordance with the IEAK 11 Software License Terms. IEAK 11 is for testing purposes only and is not intended to be used in a production environment.
|
In addition to the Software License Terms for the Internet Explorer Administration Kit 11 (IEAK 11, referred to as the "software"), these Guidelines further define how you may and may not use the software to create versions of Internet Explorer 11 with optional customizations (referred to as the "customized browser") for internal use and distribution in accordance with the IEAK 11 Software License Terms. IEAK 11 is for testing purposes only and is not intended to be used in a production environment.
|
||||||
|
|
||||||
During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment.
|
During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment.
|
||||||
|
|
||||||
@ -26,34 +25,35 @@ During installation, you must pick a version of IEAK 11, either **External** or
|
|||||||
|
|
||||||
## Available features by version
|
## Available features by version
|
||||||
|
|
||||||
|Internal |External |
|
| Feature | Internal | External |
|
||||||
|------------------------------------------|------------------------------------------|
|
| ---------------------------------------- | --------------------------------------------- | ---------------------------------------------- |
|
||||||
|Welcome screen |Welcome screen |
|
|Welcome screen |  |  |
|
||||||
|File locations |File locations |
|
|File locations |  |  |
|
||||||
|Platform selection |Platform selection |
|
|Platform selection |  |  |
|
||||||
|Language selection |Language selection |
|
|Language selection |  |  |
|
||||||
|Package type selection |Package type selection |
|
|Package type selection |  |  |
|
||||||
|Feature selection |Feature selection |
|
|Feature selection |  |  |
|
||||||
|Automatic Version Synchronization (AVS) |Automatic Version Synchronization (AVS) |
|
|Automatic Version Synchronization (AVS) |  |  |
|
||||||
|Custom components |Custom components |
|
|Custom components |  |  |
|
||||||
|Internal install |Not available |
|
|Internal install |  |  |
|
||||||
|User experience |Not available |
|
|User experience |  |  |
|
||||||
|Browser user interface |Browser user interface |
|
|Browser user interface |  |  |
|
||||||
|Search providers |Search providers |
|
|Search providers |  |  |
|
||||||
|Important URLs – Home page and support |Important URLs – Home page and support |
|
|Important URLs – Home page and support |  |  |
|
||||||
|Accelerators |Accelerators |
|
|Accelerators |  |  |
|
||||||
|Favorites, Favorites bar, and feeds |Favorites, Favorites bar, and feeds |
|
|Favorites, Favorites bar, and feeds |  |  |
|
||||||
|Browsing options |Not available |
|
|Browsing options |  |  |
|
||||||
|First Run wizard and Welcome page options |First Run wizard and Welcome page options |
|
|First Run wizard and Welcome page options |  |  |
|
||||||
|Connection manager |Connection manager |
|
|Connection manager |  |  |
|
||||||
|Connection settings |Connection settings |
|
|Connection settings |  |  |
|
||||||
|Automatic configuration |Not available |
|
|Automatic configuration |  |  |
|
||||||
|Proxy settings |Proxy settings |
|
|Proxy settings |  |  |
|
||||||
|Security and privacy settings |Not available |
|
|Security and privacy settings |  |  |
|
||||||
|Add a root certificate |Not available |
|
|Add a root certificate |  |  |
|
||||||
|Programs |Programs |
|
|Programs |  |  |
|
||||||
|Additional settings |Not available |
|
|Additional settings |  |  |
|
||||||
|Wizard complete |Wizard complete |
|
|Wizard complete |  |  |
|
||||||
|
---
|
||||||
|
|
||||||
## Customization guidelines
|
## Customization guidelines
|
||||||
|
|
||||||
@ -68,7 +68,7 @@ Two installation modes are available to you, depending on how you are planning t
|
|||||||
The table below identifies which customizations you may or may not perform based on the mode you selected.
|
The table below identifies which customizations you may or may not perform based on the mode you selected.
|
||||||
|
|
||||||
| **Feature Name** | **External Distribution** | **Internal Distribution** |
|
| **Feature Name** | **External Distribution** | **Internal Distribution** |
|
||||||
|---------------------------------|----------------------|-------------------|
|
|---------------------------------|:--------------------:|:-------------------:|
|
||||||
| **Custom Components** | Yes | Yes |
|
| **Custom Components** | Yes | Yes |
|
||||||
| **Title Bar** | Yes | Yes |
|
| **Title Bar** | Yes | Yes |
|
||||||
| **Favorites** | One folder, containing any number of links. | Any number of folders/links. |
|
| **Favorites** | One folder, containing any number of links. | Any number of folders/links. |
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
## [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md)
|
## [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md)
|
||||||
## [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
|
## [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
|
||||||
## [Set up Windows devices for education](set-up-windows-10.md)
|
## [Set up Windows devices for education](set-up-windows-10.md)
|
||||||
|
### [What's new in Set up School PCs](set-up-school-pcs-whats-new.md)
|
||||||
### [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md)
|
### [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md)
|
||||||
#### [Azure AD Join for school PCs](set-up-school-pcs-azure-ad-join.md)
|
#### [Azure AD Join for school PCs](set-up-school-pcs-azure-ad-join.md)
|
||||||
#### [Shared PC mode for school devices](set-up-school-pcs-shared-pc-mode.md)
|
#### [Shared PC mode for school devices](set-up-school-pcs-shared-pc-mode.md)
|
||||||
|
|||||||
57
education/windows/set-up-school-pcs-whats-new.md
Normal file
57
education/windows/set-up-school-pcs-whats-new.md
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
---
|
||||||
|
title: What's new in the Windows Set up School PCs app
|
||||||
|
description: Find out about app updates and new features in Set up School PCs.
|
||||||
|
keywords: shared cart, shared PC, school, set up school pcs
|
||||||
|
ms.prod: w10
|
||||||
|
ms.technology: Windows
|
||||||
|
ms.mktglfcycl: plan
|
||||||
|
ms.sitesec: library
|
||||||
|
ms.pagetype: edu
|
||||||
|
ms.localizationpriority: medium
|
||||||
|
author: lenewsad
|
||||||
|
ms.author: lanewsad
|
||||||
|
ms.date: 10/23/2018
|
||||||
|
---
|
||||||
|
|
||||||
|
# What's new in Set up School PCs
|
||||||
|
Learn what’s new with the Set up School PCs app each week. Find out about new app features and functionality, and see updated screenshots. You'll also find information about past releases.
|
||||||
|
|
||||||
|
## Week of October 15, 2018
|
||||||
|
|
||||||
|
The Set up School PCs app was updated with the following changes:
|
||||||
|
|
||||||
|
### Three new setup screens added to the app
|
||||||
|
The following screens and functionality were added to the setup workflow. Select any screenname to view the relevant steps and screenshots in the Set Up School PCs docs.
|
||||||
|
|
||||||
|
* [**Package name**](use-set-up-school-pcs-app.md#package-name): Customize a package name to make it easy to recognize it from your school's other packages. The name is generated by Azure Active Directory and appears as the filename and as the token name in Azure AD in the Azure portal.
|
||||||
|
|
||||||
|
* [**Product key**](use-set-up-school-pcs-app.md#product-key): Enter a product key to upgrade your current edition of Windows 10, or change the existing product key.
|
||||||
|
|
||||||
|
* [**Personalization**](use-set-up-school-pcs-app.md#personalization): Upload images from your computer to customize how the lock screen and background appears on student devices.
|
||||||
|
|
||||||
|
### Azure AD token expiration extended to 180 days
|
||||||
|
Packages now expire 180 days from the date you create them.
|
||||||
|
|
||||||
|
### Updated apps with more helpful, descriptive text
|
||||||
|
We've updated the app's **Skip** buttons to clarify the intent of each action. You'll also see an **Exit** button on the last page of the app.
|
||||||
|
|
||||||
|
### Option to keep existing device names
|
||||||
|
The [**Name these devices** screen](use-set-up-school-pcs-app.md#device-names) now gives you the option to keep the orginal or existing names of your student devices.
|
||||||
|
|
||||||
|
### Skype and Messaging apps to be removed from student PCs by default
|
||||||
|
We've added the Skype and Messaging app to a selection of apps that are, by default, removed from student devices.
|
||||||
|
|
||||||
|
|
||||||
|
## Next steps
|
||||||
|
Learn more about setting up devices with the Set up School PCs app.
|
||||||
|
* [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)
|
||||||
|
* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
|
||||||
|
* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
|
||||||
|
* [Set up Windows 10 devices for education](set-up-windows-10.md)
|
||||||
|
|
||||||
|
When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -173,6 +173,16 @@ Setting selections vary based on the OS version you select. The example screensh
|
|||||||
|
|
||||||
The following table describes each setting and lists the applicable Windows 10 versions. To find out if a setting is available in your version of Windows 10, look for an *X* in the setting row and in the version column.
|
The following table describes each setting and lists the applicable Windows 10 versions. To find out if a setting is available in your version of Windows 10, look for an *X* in the setting row and in the version column.
|
||||||
|
|
||||||
|
<<<<<<< HEAD
|
||||||
|
|Setting |1703|1709|1803|1809|What happens if I select it? |Note|
|
||||||
|
|---------|---------|---------|---------|---------|---------|---------|
|
||||||
|
|Remove apps pre-installed by the device manufacturer |X|X|X|X| Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.|
|
||||||
|
|Allow local storage (not recommended for shared devices) |X|X|X|X| Lets students save files to the Desktop and Documents folder on the Student PC. |Not recommended if the device will be part of a shared cart or lab.|
|
||||||
|
|Optimize device for a single student, instead of a shared cart or lab |X|X|X|X|Optimizes the device for use by a single student, rather than many students. |Recommended option only if the device is not shared with other students in the school. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
|
||||||
|
|Let guests sign in to these PCs |X|X|X|X|Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.|
|
||||||
|
|Enable Autopilot Reset |Not available|X|X|X|Lets you remotely reset a student’s PC from the lock screen, apply the device’s original settings, and enroll it in device management (Azure AD and MDM). |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.|
|
||||||
|
|Lock screen background|X|X|X|X|Change the default screen lock background to a custom image.|Click **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.|
|
||||||
|
=======
|
||||||
|Setting |1703|1709|1803|What happens if I select it? |Note|
|
|Setting |1703|1709|1803|What happens if I select it? |Note|
|
||||||
|---------|---------|---------|---------|---------|---------|
|
|---------|---------|---------|---------|---------|---------|
|
||||||
|Remove apps pre-installed by the device manufacturer |X|X|X| Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.|
|
|Remove apps pre-installed by the device manufacturer |X|X|X| Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.|
|
||||||
@ -180,6 +190,7 @@ The following table describes each setting and lists the applicable Windows 10 v
|
|||||||
|Optimize device for a single student, instead of a shared cart or lab |X|X|X|Optimizes the device for use by a single student, rather than many students. |Recommended option only if the device is not shared with other students in the school. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
|
|Optimize device for a single student, instead of a shared cart or lab |X|X|X|Optimizes the device for use by a single student, rather than many students. |Recommended option only if the device is not shared with other students in the school. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
|
||||||
|Let guests sign in to these PCs |X|X|X|Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.|
|
|Let guests sign in to these PCs |X|X|X|Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.|
|
||||||
|Enable Autopilot Reset |Not available|X|X| Lets you remotely reset a student’s PC from the lock screen, apply the device’s original settings, and enroll it in device management (Azure AD and MDM). |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.|
|
|Enable Autopilot Reset |Not available|X|X| Lets you remotely reset a student’s PC from the lock screen, apply the device’s original settings, and enroll it in device management (Azure AD and MDM). |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.|
|
||||||
|
>>>>>>> 5f81e85c4666f9d7f83ded9aed9b9968f3600127
|
||||||
|
|
||||||
After you've made your selections, click **Next**.
|
After you've made your selections, click **Next**.
|
||||||
|
|
||||||
|
|||||||
@ -19,7 +19,7 @@ The MSIX Packaging Tool 1.2018.1005.0 is now available to install from the Micro
|
|||||||
|
|
||||||
- Windows 10, version 1809 (or later)
|
- Windows 10, version 1809 (or later)
|
||||||
- Participation in the Windows Insider Program (if you're using an Insider build)
|
- Participation in the Windows Insider Program (if you're using an Insider build)
|
||||||
- A valid Micorsoft account (MSA) alias to access the app from the Microsoft Store
|
- A valid Microsoft account (MSA) alias to access the app from the Microsoft Store
|
||||||
- Admin privileges on your PC account
|
- Admin privileges on your PC account
|
||||||
|
|
||||||
## Installing the MSIX Packaging Tool
|
## Installing the MSIX Packaging Tool
|
||||||
|
|||||||
@ -103,7 +103,7 @@ Note that status codes available in the Status payload correspond to a specific
|
|||||||
|
|
||||||
Additionally, the status payload includes a profileId that can be used by the MDM server to correlate which kiosk app caused the error.
|
Additionally, the status payload includes a profileId that can be used by the MDM server to correlate which kiosk app caused the error.
|
||||||
|
|
||||||
In Windows 10, version 1810, Assigned Access runtime status supports monitoring single-app kiosk and multi-app modes. Here are the possible status codes.
|
In Windows 10, version 1809, Assigned Access runtime status supports monitoring single-app kiosk and multi-app modes. Here are the possible status codes.
|
||||||
|
|
||||||
|Status|Description|
|
|Status|Description|
|
||||||
|---|---|
|
|---|---|
|
||||||
|
|||||||
@ -98,7 +98,7 @@ It requires direct ethernet connectivity to an enterprise Windows Deployment Ser
|
|||||||
|
|
||||||
There are a few different options to protect DMA ports, such as Thunderbolt™3.
|
There are a few different options to protect DMA ports, such as Thunderbolt™3.
|
||||||
Beginning with Windows 10 version 1803, new Intel-based devices have kernel protection against DMA attacks via Thunderbolt™ 3 ports enabled by default.
|
Beginning with Windows 10 version 1803, new Intel-based devices have kernel protection against DMA attacks via Thunderbolt™ 3 ports enabled by default.
|
||||||
This kernel DMA protection is available only for new systems beginning with Windows 10 version 1803, as it requires changes in the system firmware and/or BIOS.
|
This Kernel DMA Protection is available only for new systems beginning with Windows 10 version 1803, as it requires changes in the system firmware and/or BIOS.
|
||||||
|
|
||||||
You can use the System Information desktop app (MSINFO32) to check if a device has kernel DMA protection enabled:
|
You can use the System Information desktop app (MSINFO32) to check if a device has kernel DMA protection enabled:
|
||||||
|
|
||||||
@ -107,7 +107,7 @@ You can use the System Information desktop app (MSINFO32) to check if a device h
|
|||||||
If kernel DMA protection *not* enabled, follow these steps to protect Thunderbolt™ 3 enabled ports:
|
If kernel DMA protection *not* enabled, follow these steps to protect Thunderbolt™ 3 enabled ports:
|
||||||
|
|
||||||
1. Require a password for BIOS changes
|
1. Require a password for BIOS changes
|
||||||
2. Intel Thunderbolt Security must be set to User Authorization in BIOS settings
|
2. Intel Thunderbolt Security must be set to User Authorization in BIOS settings. Please refer to [Intel Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating System documentation](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf)
|
||||||
3. Additional DMA security may be added by deploying policy (beginning with Windows 10 version 1607):
|
3. Additional DMA security may be added by deploying policy (beginning with Windows 10 version 1607):
|
||||||
|
|
||||||
- MDM: [DataProtection/AllowDirectMemoryAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) policy
|
- MDM: [DataProtection/AllowDirectMemoryAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) policy
|
||||||
|
|||||||
@ -34,6 +34,6 @@ Topic | Description
|
|||||||
[Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)|How to automatically apply exploit mitigation techniques on both operating system processes and on individual apps
|
[Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)|How to automatically apply exploit mitigation techniques on both operating system processes and on individual apps
|
||||||
[Network protection](../windows-defender-exploit-guard/enable-network-protection.md)|How to prevent users from using any apps to acces dangerous domains
|
[Network protection](../windows-defender-exploit-guard/enable-network-protection.md)|How to prevent users from using any apps to acces dangerous domains
|
||||||
[Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)|How to protect valuable data from malicious apps
|
[Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)|How to protect valuable data from malicious apps
|
||||||
[Attack surface reduction](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)|How to prevent actions and aopps that are typically used for by exploit-seeking malware
|
[Attack surface reduction](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)|How to prevent actions and apps that are typically used for by exploit-seeking malware
|
||||||
[Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)|How to protect devices and data across a network
|
[Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)|How to protect devices and data across a network
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user