deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

tweaking a few of the policies

Browse Source
This commit is contained in:
Patti Short 2018-07-29 14:49:39 -07:00
parent 7a68bedb34
commit c1a16b8798
8 changed files with 54 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
browsers/edge/group-policies/address-bar-settings-gp.md
View File

@ -5,7 +5,7 @@ services:
keywords: Dont add or edit keywords without consulting your SEO champ. keywords: Dont add or edit keywords without consulting your SEO champ.
author: shortpatti author: shortpatti
ms.author: pashort ms.author: pashort
ms.date: 07/25/2018 ms.date: 07/29/2018
ms.topic: article ms.topic: article
ms.prod: edge ms.prod: edge
ms.mktglfcycl: explore ms.mktglfcycl: explore
@ -18,6 +18,8 @@ ms.sitesec: library
I need a description here I need a description here
[!INCLUDE [allow-address-bar-suggestions-include](../includes/allow-address-bar-suggestions-include.md)] ## Allow Address bar drop-down list suggestions
[!INCLUDE [allow-address-bar-suggestions-include.md](includes/allow-address-bar-suggestions-include.md)]
[!INCLUDE [configure-search-suggestions-address-bar-include](../includes/configure-search-suggestions-address-bar-include.md)] ## Configure search suggestions in Address bar
[!INCLUDE [configure-search-suggestions-address-bar-include.md](includes/configure-search-suggestions-address-bar-include.md)]

6
browsers/edge/group-policies/adobe-settings-gp.md
View File

@ -17,8 +17,10 @@ ms.sitesec: library
I need a description here, maybe with scenarios I need a description here, maybe with scenarios
[!INCLUDE [allow-adobe-flash-include](../includes/allow-adobe-flash-include.md)] ## Allow Adobe Flash
[!INCLUDE [allow-adobe-flash-include.md](includes/allow-adobe-flash-include.md)]
[!INCLUDE [configure-adobe-flash-click-to-run-include](../includes/configure-adobe-flash-click-to-run-include.md)] ## Configure the Adobe Flash Click-to-Run setting
[!INCLUDE [configure-adobe-flash-click-to-run-include.md](includes/configure-adobe-flash-click-to-run-include.md)]

12
browsers/edge/group-policies/books-library-management-gp.md
View File

@ -18,10 +18,14 @@ ms.sitesec: library
I need a description here, maybe with scenarios I need a description here, maybe with scenarios
[!INCLUDE [allow-shared-folder-books-include](../includes/allow-shared-folder-books-include.md)] ## Allow a shared books folder
[!INCLUDE [allow-shared-folder-books-include.md](includes/allow-shared-folder-books-include.md)]
[!INCLUDE [allow-config-updates-books-include](../includes/allow-config-updates-books-include.md)] ## Allow configuration updates for the Books Library
[!INCLUDE [allow-config-updates-books-include.md](includes/allow-config-updates-books-include.md)]
[!INCLUDE [allow-ext-telemetry-books-tab-include](../includes/allow-ext-telemetry-books-tab-include.md)] ## Allow extended telemetry for the Books tab
[!INCLUDE [allow-ext-telemetry-books-tab-include.md](includes/allow-ext-telemetry-books-tab-include.md)]
[!INCLUDE [always-enable-book-library-include](../includes/always-enable-book-library-include.md)] ## Always show the Books Library in Microsoft Edge
[!INCLUDE [always-enable-book-library-include.md](includes/always-enable-book-library-include.md)]

16
browsers/edge/group-policies/home-button-gp.md
View File

@ -15,11 +15,11 @@ ms.sitesec: library
Microsoft Edge shows the home button and by clicking it the Start page loads by default. You can configure the Home button to load the New tab page or a URL defined in the Set Home button URL policy. You can also configure Microsoft Edge to hide the home button. Microsoft Edge shows the home button and by clicking it the Start page loads by default. You can configure the Home button to load the New tab page or a URL defined in the Set Home button URL policy. You can also configure Microsoft Edge to hide the home button.
## Policies ## Policies
- [Configure Home button](../new-policies.md#configure-home-button)
- [Set Home button URL](../new-policies.md#set-home-button-url) - [Configure Home button](#configure-home-button)
- [Set Home button URL](#set-home-button-url)
- [Unlock Home button](#unlock-home-button)
- [Unlock Home Button](../new-policies.md#unlock-home-button)
## Configuration options ## Configuration options
@ -29,3 +29,13 @@ Microsoft Edge shows the home button and by clicking it the Start page loads by
![Hide home button](../images/home-button-hide-v4-sm.png) ![Hide home button](../images/home-button-hide-v4-sm.png)
## Configure Home button
[!INCLUDE [configure-home-button-include.md](includes/configure-home-button-include.md)]
## Set Home button URL
[!INCLUDE [set-home-button-url-include](includes/set-home-button-url-include.md)]
## Unlock Home button
[!INCLUDE [unlock-home-button-include.md](includes/unlock-home-button-include.md)]

10
browsers/edge/group-policies/index.yml
View File

@ -160,16 +160,6 @@ sections:
title: Home button settings title: Home button settings
- href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp
html: <p>Learn how to use Enterprise Mode with Microsoft Edge so that you can continue using IE11 for sites that are on your corporate intranet or included in your Enterprise Mode Site List.</p>
image:
src: https://docs.microsoft.com/media/common/i_config-tools.svg
title: Interoperability and enterprise guidance
- href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/new-tab-page-settings-gp - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/new-tab-page-settings-gp
html: <p>Learn how configure the New tab page in Microsoft Edge.</p> html: <p>Learn how configure the New tab page in Microsoft Edge.</p>

2
browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
View File

@ -31,8 +31,6 @@ Microsoft Edge lets you continue to use IE11 for sites that are on your corporat
>You can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](../emie-to-improve-compatibility.md). >You can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](../emie-to-improve-compatibility.md).
If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically. If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically.
Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.

13
browsers/edge/group-policies/prelaunch-preload-gp.md
View File

@ -17,9 +17,8 @@ Additionally, Microsoft Edge preloads the Start and New tab pages during Windows
## Policies ## Policies
- [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](../new-policies.md#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed) - [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed)
- [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
- [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](../new-policies.md#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
## Configuration options ## Configuration options
@ -29,3 +28,11 @@ Additionally, Microsoft Edge preloads the Start and New tab pages during Windows
![Prelauch Microsoft Edge and preload Start and New tab pages](../images/prelaunch-edge-and-preload-tabs-sm.png) ![Prelauch Microsoft Edge and preload Start and New tab pages](../images/prelaunch-edge-and-preload-tabs-sm.png)
![Only prelaunch Microsoft Edge during Windows startup](../images/prelaunch-edge-only-sm.png) ![Only prelaunch Microsoft Edge during Windows startup](../images/prelaunch-edge-only-sm.png)
## Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
[!INCLUDE [allow-prelaunch-include](includes/allow-prelaunch-include.md)]
## Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
[!INCLUDE [allow-tab-preloading-include](includes/allow-tab-preloading-include.md)]

24
browsers/edge/group-policies/security-privacy-management-gp.md
View File

@ -16,19 +16,6 @@ Microsoft Edge runs in 64-bit not just by default, but anytime its running on
The value of running 64-bit all the time is that it strengthens Windows Address Space Layout Randomization (ASLR), randomizing the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find sensitive memory components. The value of running 64-bit all the time is that it strengthens Windows Address Space Layout Randomization (ASLR), randomizing the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find sensitive memory components.
| | |
|---|---|
| **[Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Authenticates the user and the website with asymmetric cryptography technology. Microsoft Edge natively supports Windows Hello as a more personal, seamless, and secure way to authenticate on the web, powered by an early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/). |
| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any site that is thought to be a phishing site. SmartScreen also helps to defend against installing malicious software or file downloads, even from trusted sites. |
| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically. |
| **Microsoft EdgeHTML** | Defends against hacking through the following security standards features:<ul><li>Support for the W3C standard for Content Security Policy (CSP), which helps web developers defend their sites against cross-site scripting attacks.</li><li>Support for the HTTP Strict Transport Security (HSTS) feature, which is IETF-standard compliant, and helps to ensure that connections to sites are always secure.</li></ul> |
| **Code integrity and image loading restrictions** | Prevents malicious DLLs from loading or injecting into the content processes. Only signed images are allowed to load in Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can&#39;t load. |
| **Memory corruption mitigations** | Defends against memory corruption weaknesses and vulnerabilities with the use of [CWE-416: Use After Free](http://cwe.mitre.org/data/definitions/416.html) (UAF). |
| **Memory Garbage Collector (MemGC) mitigation** | Replaces Memory Protector and helps to defend the browser from UAF vulnerabilities by freeing memory from the programmer and automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory. |
| **Control Flow Guard** | Compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only going to function entry points with known addresses. Control Flow Guard is a Microsoft Visual Studio technology. |
## Configure cookies ## Configure cookies
[!INCLUDE [configure-cookies-include](../includes/configure-cookies-include.md)] [!INCLUDE [configure-cookies-include](../includes/configure-cookies-include.md)]
@ -52,3 +39,14 @@ The value of running 64-bit all the time is that it strengthens Windows Address
[!INCLUDE [prevent-localhost-address-for-webrtc-include](../includes/prevent-localhost-address-for-webrtc-include.md)] [!INCLUDE [prevent-localhost-address-for-webrtc-include](../includes/prevent-localhost-address-for-webrtc-include.md)]
| | |
|---|---|
| **[Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Authenticates the user and the website with asymmetric cryptography technology. Microsoft Edge natively supports Windows Hello as a more personal, seamless, and secure way to authenticate on the web, powered by an early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/). |
| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any site that is thought to be a phishing site. SmartScreen also helps to defend against installing malicious software or file downloads, even from trusted sites. |
| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically. |
| **Microsoft EdgeHTML** | Defends against hacking through the following security standards features:<ul><li>Support for the W3C standard for Content Security Policy (CSP), which helps web developers defend their sites against cross-site scripting attacks.</li><li>Support for the HTTP Strict Transport Security (HSTS) feature, which is IETF-standard compliant, and helps to ensure that connections to sites are always secure.</li></ul> |
| **Code integrity and image loading restrictions** | Prevents malicious DLLs from loading or injecting into the content processes. Only signed images are allowed to load in Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can&#39;t load. |
| **Memory corruption mitigations** | Defends against memory corruption weaknesses and vulnerabilities with the use of [CWE-416: Use After Free](http://cwe.mitre.org/data/definitions/416.html) (UAF). |
| **Memory Garbage Collector (MemGC) mitigation** | Replaces Memory Protector and helps to defend the browser from UAF vulnerabilities by freeing memory from the programmer and automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory. |
| **Control Flow Guard** | Compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only going to function entry points with known addresses. Control Flow Guard is a Microsoft Visual Studio technology. |