deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into apps-in-windows-10-update

Browse Source
This commit is contained in:
Heidi Lohr 2018-02-27 15:43:34 -08:00
commit d2d50744e6
13 changed files with 269 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

203
browsers/edge/available-policies.md
View File

@ -10,7 +10,7 @@ ms.localizationpriority: high
ms.date: 09/13/2017 #Previsou release date
---
<!-- pashort 2/9/2018: as per Brian Atman, the documentation descrepancies must be addressed for RS5. Find out what those discrepancies are. Scenario 15403628 -->
<!-- pashort 2/9/2018: as per Brian Altman, the documentation descrepancies must be addressed for RS5. Find out what those discrepancies are. Scenario 15403628 -->
# Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge
@ -38,9 +38,8 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A
This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
| If you... | Then... |
| --- | --- |
| Enable this setting (default) | Employees can see the Address bar drop-down functionality in Microsoft Edge. |
| Disable this setting | Employees do not see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."<p>Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. |
|
| Enable (default) | Employees can see the Address bar drop-down functionality in Microsoft Edge. |
| Disable | Employees do not see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."<p>Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. |
### Allow Adobe Flash
>*Supporteded version: Windows 10*
@ -48,9 +47,8 @@ This policy setting lets you decide whether the Address bar drop-down functional
This policy setting lets you decide whether employees can run Adobe Flash on Microsoft Edge.
| If you… | Then… |
| --- | --- |
| Enable or dont configure this setting (default) | Employees can use Adobe Flash. |
| Disable this setting | Employees cannot use Adobe Flash. |
|
| Enable or dont configure (default) | Employees can use Adobe Flash. |
| Disable | Employees cannot use Adobe Flash. |
### Allow clearing browsing data on exit
>*Supporteded versions: Windows 10, version 1703*
@ -58,9 +56,8 @@ This policy setting lets you decide whether employees can run Adobe Flash on Mic
This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.
| If you… | Then… |
| --- | --- |
| Enable this setting | Clear browsing history on exit is turned on. <!-- <span style="background: #ffff99;">[@Reviewer: can employees do anything to this setting at this point? Or is this controlled by the system administrator?]</span> --> |
| Disable or dont configure this setting (default) | Employees can turn on and configure the Clear browsing data option under Settings. |
|
| Enable | Clear browsing history on exit is turned on. <!-- <span style="background: #ffff99;">[@Reviewer: can employees do anything to this setting at this point? Or is this controlled by the system administrator?]</span> --> |
| Disable or dont configure (default) | Employees can turn on and configure the Clear browsing data option under Settings. |
### Allow Developer Tools
>*Supporteded versions: Windows 10, version 1511 or later*
@ -68,19 +65,17 @@ This policy setting allows the automatic clearing of browsing data when Microsof
This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.
| If you… | Then… |
| --- | --- |
| Enable this setting (default) | F12 Developer Tools are available. |
| Disable this setting | F12 Developer Tools are not available. |
|
| Enable (default) | F12 Developer Tools are available. |
| Disable | F12 Developer Tools are not available. |
### Allow Extensions
>*Supporteded versions: Windows 10, version 1607 or later*
This policy setting lets you decide whether employees can use Edge Extensions.
This policy setting lets you decide whether employees can use Microsft Edge Extensions.
| If you… | Then… |
| --- | --- |
| Enable this setting | Employees can use Edge Extensions. |
| Disable this setting | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this because of potential memory leaks?]</span> --> Employees cannot use Edge Extensions. |
|
| Enable | Employees can use Microsoft Edge Extensions. |
| Disable | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company Disable setting? Is this because of potential memory leaks?]</span> --> Employees cannot use Microsoft Edge Extensions. |
### Allow InPrivate browsing
>*Supporteded versions: Windows 10, version 1511 or later*
@ -88,9 +83,8 @@ This policy setting lets you decide whether employees can use Edge Extensions.
This policy setting lets you decide whether employees can browse using InPrivate website browsing.
| If you… | Then… |
| --- | --- |
| Enable this setting (default) | Employees can use InPrivate website browsing. |
| Disable this setting | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this to discourage users from browser inappropriate websites? What are the use cases for having this turned off?]</span> --> Employees cannot use InPrivate website browsing. |
|
| Enable (default) | Employees can use InPrivate website browsing. |
| Disable | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this to discourage users from browser inappropriate websites? What are the use cases for having this turned off?]</span> --> Employees cannot use InPrivate website browsing. |
### Allow Microsoft Compatibility List
>*Supporteded versions: Windows 10, version 1607 or later*
@ -98,9 +92,8 @@ This policy setting lets you decide whether employees can browse using InPrivate
This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. <!-- <span style="background: #ffff99;">[@Reviewer: Is this supposed to be a link to another topic? Is the topic Use Enterprise Mode to improve compatibility emie-to-improve-compatibility.md?]</span> -->
| If you… | Then… |
| --- | --- |
| Enable this setting (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation <!-- <span style="background: #ffff99;">[@Reviewer: are the updates really applied “during browser navigation?" shouldn't just be as simple as "...applying the updates automatically”?]</span> -->. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though its in whatever version of IE is necessary for it to appear properly. |
| Disable this setting | Browser navigation does not use the Microsoft Compatibility List. |
|
| Enable (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation <!-- <span style="background: #ffff99;">[@Reviewer: are the updates really applied “during browser navigation?" shouldn't just be as simple as "...applying the updates automatically”?]</span> -->. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though its in whatever version of IE is necessary for it to appear properly. |
| Disable | Browser navigation does not use the Microsoft Compatibility List. |
### Allow search engine customization
>*Supported versions: Windows 10, version 1703*
@ -111,20 +104,18 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
| If you… | Then… |
| --- | --- |
| Enable or dont configure this setting (default) | Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings. |
| Disable this setting | Employees cannot add search engines or change the default used in the Address bar. |
|
| Enable or dont configure (default) | Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings. |
| Disable | Employees cannot add search engines or change the default used in the Address bar. |
### Allow web content on New Tab page
>*Supported versions: Windows 10*
This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees cant change it.
This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees cannot change it.
| If you… | Then… |
| --- | --- |
| Enable this setting | Microsoft Edge opens a new tab with the New Tab page. |
| Disable this setting | Microsoft Edge opens a new tab with a blank page. |
| Do not configure this setting (default) | Employees can choose how new tabs appear. |
|
| Enable | Microsoft Edge opens a new tab with the New Tab page. |
| Disable | Microsoft Edge opens a new tab with a blank page. |
| Do not configure (default) | Employees can choose how new tabs appear. |
### Configure additional search engines
>*Supported versions: Windows 10, version 1703*
@ -132,9 +123,8 @@ This policy setting lets you configure what appears when Microsoft Edge opens a
This policy setting lets you add up to 5 additional search engines, which cannot be removed by your employees but can make a personal default engine. This setting does not set the default search engine. For that, you must use the "Set default search engine" setting.
| If you… | Then… |
| --- | --- |
| Enable this setting | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br> `<https://www.contoso.com/opensearch.xml>` <p>For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable this setting (default) | Any added search engines are removed from the employees device. <!-- <span style="background: #ffff99;">[@Reviewer: is this implying that Bing is the only search engine on the employees device?]</span> --> |
| Do not configure this setting | The search engine list is set to what is specified in App settings. <!-- <span style="background: #ffff99;">[@Reviewer: whats the difference between “dont configure this setting”, “Enable this setting”, and “Disable this setting”?]</span> --> |
|
| Enable | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br> `<https://www.contoso.com/opensearch.xml>` <p>For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable setting (default) | Any added search engines are removed from the employees device. <!-- <span style="background: #ffff99;">[@Reviewer: is this implying that Bing is the only search engine on the employees device?]</span> --> |
| Do not configure | The search engine list is set to what is specified in App settings. <!-- <span style="background: #ffff99;">[@Reviewer: whats the difference between “dont configure this setting”, “Enable setting”, and “Disable this setting”?]</span> --> |
### Configure Autofill
>*Supported versions: Windows 10*
@ -142,10 +132,9 @@ This policy setting lets you add up to 5 additional search engines, which cannot
This policy setting lets you decide whether employees can use Autofill the form fields automatically while using Microsoft Edge. By default, employees can choose whether to use Autofill.
| If you… | Then… |
| --- | --- |
| Enable this setting | Employees can use Autofill to populate form fields automatically. |
| Disable this setting | Employees cannot use Autofill to populate form fields automatically. |
| Do not configure this setting (default) | Employees can choose whether to use Autofill to populate the form fields automatically. |
|
| Enable | Employees can use Autofill to populate form fields automatically. |
| Disable | Employees cannot use Autofill to populate form fields automatically. |
| Do not configure (default) | Employees can choose whether to use Autofill to populate the form fields automatically. |
### Configure cookies
>*Supported versions: Windows 10*
@ -153,9 +142,8 @@ This policy setting lets you decide whether employees can use Autofill the form
This setting lets you configure how to work with cookies.
| If you… | Then… |
| --- | --- |
| Enable this setting (default) | You must also decide whether to:<ul><li>**Allow all cookies (default)** from all websites.</li><li>**Block all cookies** from all websites.</li><li>**Block only 3rd-party cookies** from 3rd-party websites.</li></ul> |
| Disable or do not configure this setting | All cookies are allowed from all sites. |
|
| Enable (default) | You must also decide whether to:<ul><li>**Allow all cookies (default)** from all websites.</li><li>**Block all cookies** from all websites.</li><li>**Block only 3rd-party cookies** from 3rd-party websites.</li></ul> |
| Disable or do not configure | All cookies are allowed from all sites. |
### Configure Do Not Track
>*Supported versions: Windows 10*
@ -163,10 +151,9 @@ This setting lets you configure how to work with cookies.
This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests are never sent, but employees can choose to turn on and send requests.
| If you… | Then… |
| --- | --- |
| Enable this setting | Do Not Track requests are always sent to websites asking for tracking information. |
| Disable this setting | Do Not Track requests are never sent to websites asking for tracking information. |
| Do not configure this setting (default) | Employees can choose whether to send Do Not Track requests to websites asking for tracking information. |
|
| Enable | Do Not Track requests are always sent to websites asking for tracking information. |
| Disable | Do Not Track requests are never sent to websites asking for tracking information. |
| Do not configure (default) | Employees can choose whether to send Do Not Track requests to websites asking for tracking information. |
### Configure Favorites
>*Supported versions: Windows 10, version 1511 or later*
@ -174,9 +161,8 @@ This policy setting lets you decide whether employees can send Do Not Track requ
This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. <!-- <span style="background: #ffff99;">[@Reviewer: what is the default setting, enabled or disabled? Im guessing its Disabled is the default.]</span> -->
| If you… | Then… |
| --- | --- |
| Enable this setting | You must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy. |
| Disable or do not configure this setting | Employees will see the Favorites that they set in the Favorites hub. |
|
| Enable | You must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy. |
| Disable or do not configure | Employees will see the Favorites that they set in the Favorites hub. |
### Configure Password Manager
>*Supported versions: Windows 10*
@ -184,10 +170,9 @@ This policy setting lets you configure the default list of Favorites that appear
This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.
| If you… | Then… |
| --- | --- |
| Enable this setting (default) | Employees can use Password Manager to save their passwords locally. |
| Disable this setting | Employees cant use Password Manager to save their passwords locally. |
| Do not configure this setting | Employees can choose whether to use Password Manager to save their passwords locally. |
|
| Enable (default) | Employees can use Password Manager to save their passwords locally. |
| Disable | Employees cannot use Password Manager to save their passwords locally. |
| Do not configure | Employees can choose whether to use Password Manager to save their passwords locally. |
### Configure Pop-up Blocker
>*Supported versions: Windows 10*
@ -195,10 +180,9 @@ This policy setting lets you decide whether employees can save their passwords l
This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.
| If you… | Then… |
| --- | --- |
| Enable this setting (default) | Pop-up Blocker is turned on, stopping pop-up windows from appearing. |
| Disable this setting | Pop-up Blocker is turned off, letting pop-up windows appear. |
| Do not configure this setting | Employees can choose whether to use Pop-up Blocker. |
|
| Enable (default) | Pop-up Blocker is turned on, stopping pop-up windows from appearing. |
| Disable | Pop-up Blocker is turned off, letting pop-up windows appear. |
| Do not configure | Employees can choose whether to use Pop-up Blocker. |
### Configure search suggestions in Address bar
>*Supported versions: Windows 10*
@ -206,10 +190,9 @@ This policy setting lets you decide whether to turn on Pop-up Blocker. By defaul
This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.
| If you… | Then… |
| --- | --- |
| Enable this setting | Employees can see search suggestions in the Address bar. |
| Disable this setting | Employees cannot see search suggestions in the Address bar. |
| Do not configure this setting (default) | Employees can choose whether search suggestions appear in the Address bar. |
|
| Enable | Employees can see search suggestions in the Address bar. |
| Disable | Employees cannot see search suggestions in the Address bar. |
| Do not configure (default) | Employees can choose whether search suggestions appear in the Address bar. |
### Configure Start pages
>*Supported versions: Windows 10, version 1511 or later*
@ -217,9 +200,8 @@ This policy setting lets you decide whether search suggestions appear in the Add
This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees will not be able to change this after you set it.
| If you… | Then… |
| --- | --- |
| Enable this setting | You must include URLs to the pages, separating multiple pages by using angle brackets in this format: <br><br>`<support.contoso.com><support.microsoft.com>` |
| Disable or do not configure this setting (default) | The default Start page is the webpage specified in App settings. |
|
| Enable | You must include URLs to the pages, separating multiple pages by using angle brackets in this format: <br><br>`<support.contoso.com><support.microsoft.com>` |
| Disable or do not configure (default) | The default Start page is the webpage specified in App settings. |
### Configure the Adobe Flash Click-to-Run setting
>*Supported versions: Windows 10, version 1703*
@ -227,9 +209,8 @@ This policy setting lets you configure one or more Start pages, for domain-joine
This policy setting lets you decide whether employees must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. <!-- <span style="background: #ffff99;">[@Reviewer: what is the default, enabled or disabled?]</span> -->
| If you… | Then… |
| --- | --- |
| Enable or dont configure this setting< | Employees must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. |
| Disable this setting | Adobe Flash loads automatically and runs in Microsoft Edge. |
|
| Enable or dont configure | Employees must click the content, click the Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. |
| Disable | Adobe Flash loads automatically and runs in Microsoft Edge. |
### Configure the Enterprise Mode Site List
>*Supported versions: Windows 10*
@ -237,9 +218,8 @@ This policy setting lets you decide whether employees must take action, such as
This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.
| If you… | Then… |
| --- | --- |
| Enable this setting | You must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. |
Disable or do not configure this setting (default) | Microsoft Edge wont use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. |
|
| Enable | You must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. |
Disable or do not configure (default) | Microsoft Edge wont use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. |
>[!Note]
>If there is a .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server has a different version number than the version in the cache container, the server file is used and stored in the cache container.<br><br>
@ -251,10 +231,9 @@ Disable or do not configure this setting (default) | Microsoft Edge wont use
This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.
| If you… | Then… |
| --- | --- |
| Enable this setting | Windows Defender SmartScreen is turned on, and employees cannot turn it off. |
| Disable this setting | Windows Defender SmartScreen is turned off, and employees cannot turn it on. |
| Do not configure this setting | Employees can choose whether to use Windows Defender SmartScreen. |
|
| Enable | Windows Defender SmartScreen is turned on, and employees cannot turn it off. |
| Disable | Windows Defender SmartScreen is turned off, and employees cannot turn it on. |
| Do not configure | Employees can choose whether to use Windows Defender SmartScreen. |
### Disable lockdown of Start pages
>*Supported versions: Windows 10, version 1703*
@ -265,9 +244,8 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
| If you… | Then… |
| --- | --- |
| Enable this setting | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. |
| Disable or do not configure this setting (default) | Employees cannot change Start pages configured using the “Configure Start pages” setting. |
|
| Enable | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. |
| Disable or do not configure (default) | Employees cannot change Start pages configured using the “Configure Start pages” setting. |
### Keep favorites in sync between Internet Explorer and Microsoft Edge
>*Supported versions: Windows 10, version 1703*
@ -278,9 +256,8 @@ This policy setting lets you decide whether people can sync their favorites betw
<span style="background: #ffff99;">[@Reviewer: what is the default: enable or disable?]</span> -->
| If you… | Then… |
| --- | --- |
| Enable this setting | Employees can sync their favorites between Internet Explorer and Microsoft Edge.<br><br>Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. <!-- <span style="background: #ffff99;">[@Reviewer: what does this mean? I want to know more about what this is saying. More details and maybe an example or scenario.]</span> --> |
| Disable or do not configure this setting | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. |
|
| Enable | Employees can sync their favorites between Internet Explorer and Microsoft Edge.<br><br>Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices. <!-- <span style="background: #ffff99;">[@Reviewer: what does this mean? I want to know more about what this is saying. More details and maybe an example or scenario.]</span> --> |
| Disable or do not configure | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. |
### Prevent access to the about:flags page
>*Supported versions: Windows 10, version 1607 or later*
@ -288,9 +265,8 @@ This policy setting lets you decide whether people can sync their favorites betw
This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.
| If you… | Then… |
| --- | --- |
| Enable this setting | Employees cannot access the about:flags page. |
| Disable or do not configure this setting (default) | Employees can access the about:flags page. |
|
| Enable | Employees cannot access the about:flags page. |
| Disable or do not configure (default) | Employees can access the about:flags page. |
### Prevent bypassing Windows Defender SmartScreen prompts for files
>*Supported versions: Windows 10, version 1511 or later*
@ -298,18 +274,16 @@ This policy setting lets you decide whether employees can access the about:flags
This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.
| If you… | Then… |
| --- | --- |
| Enable this setting | Employees cannot ignore Windows Defender SmartScreen warnings when downloading files. |
| Disable or do not configure this setting (default) | Employees can ignore Windows Defender SmartScreen warnings and can continue the download process. |
|
| Enable | Employees cannot ignore Windows Defender SmartScreen warnings when downloading files. |
| Disable or do not configure (default) | Employees can ignore Windows Defender SmartScreen warnings and can continue the download process. |
### Prevent bypassing Windows Defender SmartScreen prompts for sites
>*Supported versions: Windows 10, version 1511 or later*
This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.
| If you… | Then… |
| --- | --- |
| Enable this setting | Employees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site. |
| Disable or do not configure this setting (default) | Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site. |
|
| Enable | Employees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site. |
| Disable or do not configure (default) | Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site. |
### Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
>*Supported versions: Windows 10, version 1703*
@ -317,9 +291,8 @@ This policy setting lets you decide whether employees can override the Windows D
This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
| If you… | Then… |
| --- | --- |
| Enable this setting | Microsoft Edge does not gather the Live Tile metadata, providing a minimal experience. |
| Disable or do not configure this setting (default) | Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience. |
|
| Enable | Microsoft Edge does not gather the Live Tile metadata, providing a minimal experience. |
| Disable or do not configure (default) | Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience. |
### Prevent the First Run webpage from opening on Microsoft Edge
@ -328,9 +301,8 @@ This policy lets you decide whether Microsoft Edge can gather Live Tile metadata
This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time.
| If you… | Then… |
| --- | --- |
| Enable this settin | Employees do not see the First Run page. |
| Disable or do not configure this setting (default) | Employees see the First Run page. |
|
| Enable | Employees do not see the First Run page. |
| Disable or do not configure (default) | Employees see the First Run page. |
### Prevent using Localhost IP address for WebRTC
>*Supported versions: Windows 10, version 1511 or later*
@ -338,9 +310,8 @@ This policy setting lets you decide whether employees see Microsoft's First Run
This policy setting lets you decide whether localhost IP addresses are visible or hidden while making calls to the WebRTC protocol.
| If you… | Then… |
| --- | --- |
| Enable this setting | Localhost IP addresses are hidden. |
| Disable or do not configure this setting (default) | Localhost IP addresses are visible. |
|
| Enable | Localhost IP addresses are hidden. |
| Disable or do not configure (default) | Localhost IP addresses are visible. |
### Send all intranet sites to Internet Explorer 11
>*Supported versions: Windows 10*
@ -348,9 +319,8 @@ This policy setting lets you decide whether localhost IP addresses are visible o
This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.
| If you… | Then… |
| --- | --- |
| Enable this setting | All intranet sites are opened in Internet Explorer 11 automatically. |
| Disable or do not configure this setting (default) | All websites, including intranet sites, open in Microsoft Edge. |
|
| Enable | All intranet sites are opened in Internet Explorer 11 automatically. |
| Disable or do not configure (default) | All websites, including intranet sites, open in Microsoft Edge. |
### Set default search engine
>*Supported versions: Windows 10, version 1703*
@ -361,10 +331,10 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
| If you… | Then… |
| --- | --- |
| Enable this setting | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br>`https://fabrikam.com/opensearch.xml` |
| Disable this setting | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market <!-- <span style="background: #ffff99;">[@Reviewer: what does “market” mean in this context?]</span> -->. |
| Do not configure this setting | The default search engine is set to the one specified in App settings. |
|
| Enable | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br>`https://fabrikam.com/opensearch.xml` |
| Disable | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market <!-- <span style="background: #ffff99;">[@Reviewer: what does “market” mean in this context?]</span> -->. |
| Do not configure | The default search engine is set to the one specified in App settings. |
>[!Important]
>If you'd like your employees to use the default Microsoft Edge settings for each market <!-- <span style="background: #ffff99;">[@Reviewer: what does “each market” refer to in this context?]</span> -->, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
@ -374,9 +344,8 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
| If you… | Then… |
| --- | --- |
| Enable this setting | Employees see an additional page. |
| Disable or do not configure this setting (default) | No additional pages display. |
|
| Enable | Employees see an additional page. |
| Disable or do not configure (default) | No additional pages display. |
## Using Microsoft Intune to manage your Mobile Device Management (MDM) settings for Microsoft Edge
If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page.
@ -419,7 +388,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
- **Allowed values:**
- **0.** Employees cant use Autofill to complete form fields.
- **0.** Employees cannot use Autofill to complete form fields.
- **1 (default).** Employees can use Autofill to complete form fields.
@ -436,7 +405,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
- **Allowed values:**
- **0.** Employees cant use Microsoft Edge.
- **0.** Employees cannot use Microsoft Edge.
- **1 (default).** Employees can use Microsoft Edge.
@ -506,7 +475,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
- **Allowed values:**
- **0.** Employees cant use Edge Extensions.
- **0.** Employees cannot use Edge Extensions.
- **1 (default).** Employees can use Edge Extensions.
@ -523,7 +492,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
- **Allowed values:**
- **0.** Not allowed. Employees cant use Adobe Flash.
- **0.** Not allowed. Employees cannot use Adobe Flash.
- **1 (default).** Allowed. Employees can use Adobe Flash.
@ -557,7 +526,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
- **Allowed values:**
- **0.** Employees cant use InPrivate browsing.
- **0.** Employees cannot use InPrivate browsing.
- **1 (default).** Employees can use InPrivate browsing.
@ -574,7 +543,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
- **Allowed values:**
- **0.** Additional search engines are not allowed and the default cant be changed in the Address bar.
- **0.** Additional search engines are not allowed and the default cannot be changed in the Address bar.
- **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
@ -625,7 +594,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
- **Allowed values:**
- **0.** Additional search engines are not allowed and the default cant be changed in the Address bar.
- **0.** Additional search engines are not allowed and the default cannot be changed in the Address bar.
- **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
@ -643,7 +612,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
- **Allowed values:**
- **0 (default).** Employees cant see search suggestions in the Address bar of Microsoft Edge.
- **0 (default).** Employees cannot see search suggestions in the Address bar of Microsoft Edge.
- **1.** Employees can see search suggestions in the Address bar of Microsoft Edge.
@ -1018,7 +987,7 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
- **Allowed values:**
- **0.** Employees cant use Cortana on their devices.
- **0.** Employees cannot use Cortana on their devices.
- **1 (default).** Employees can use Cortana on their devices.
@ -1033,7 +1002,7 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
- **Allowed values:**
- **0.** Employees cant sync settings between PCs.
- **0.** Employees cannot sync settings between PCs.
- **1 (default).** Employees can sync between PCs.

3
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 02/05/2018
ms.date: 02/26/2018
---
# What's new in MDM enrollment and management
@ -1411,6 +1411,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<li>Display/EnablePerProcessDpi</li>
<li>Display/EnablePerProcessDpiForApps</li>
<li>Experience/AllowWindowsSpotlightOnSettings</li>
<li>TextInput/AllowHardwareKeyboardTextSuggestions</li>
<ul>
</td></tr>
<tr class="odd">

6
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/12/2018
ms.date: 02/26/2018
---
# Policy CSP
@ -2811,6 +2811,7 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode" id="systemservices-configurexboxlivenetworkingservicestartupmode">SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode</a>
</dd>
</dl>
### TaskScheduler policies
@ -2823,6 +2824,9 @@ The following diagram shows the Policy configuration service provider in tree fo
### TextInput policies
<dl>
<dd>
<a href="./policy-csp-textinput.md#textinput-allowhardwarekeyboardtextsuggestions" id="textinput-allowhardwarekeyboardtextsuggestions">TextInput/AllowHardwareKeyboardTextSuggestions</a>
</dd>
<dd>
<a href="./policy-csp-textinput.md#textinput-allowimelogging" id="textinput-allowimelogging">TextInput/AllowIMELogging</a>
</dd>

56
windows/client-management/mdm/policy-csp-browser.md
View File

@ -2331,62 +2331,6 @@ The following list shows the supported values:
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<a href="" id="browser-usesharedfolderforbooks"></a>**Browser/UseSharedFolderForBooks**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.
<!--EndDescription-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 - No shared folder.
- 1 - Use a shared folder.
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
Footnote:

55
windows/client-management/mdm/policy-csp-textinput.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/30/2018
ms.date: 02/26/2018
---
# Policy CSP - TextInput
@ -21,6 +21,9 @@ ms.date: 01/30/2018
## TextInput policies
<dl>
<dd>
<a href="#textinput-allowhardwarekeyboardtextsuggestions">TextInput/AllowHardwareKeyboardTextSuggestions</a>
</dd>
<dd>
<a href="#textinput-allowimelogging">TextInput/AllowIMELogging</a>
</dd>
@ -66,6 +69,56 @@ ms.date: 01/30/2018
</dl>
<hr/>
<!--Policy-->
<a href="" id="textinput-allowhardwarekeyboardtextsuggestions"></a>**TextInput/AllowHardwareKeyboardTextSuggestions**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Added in Windows 10, version 1803. Specifies text prediction for hardware keyboard is always disabled. When this policy is set to 0, text prediction for hardware keyboard is always disabled.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 Text prediction for the hardware keyboard is disabled and the switch is unusable (user cannot activate the feature).
- 1 (default) Text prediction for the hardware keyboard is enabled. User can change the setting.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->

120
windows/deployment/update/waas-windows-insider-for-business.md
View File

@ -19,7 +19,7 @@ ms.date: 10/27/2017
> **Looking for information about Windows 10 for personal or home use?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
For many IT pros, gaining visibility into feature updates early, before theyre available to the Semi-Annual Channel, can be both intriguing and valuable for future end user communications as well as provide additional prestaging for Semi-Annual Channel devices. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test devices, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft. Also, as flighted builds get closer to their release to the Semi-Annual Channel, organizations can test their deployment on test devices for compatibility validation.
For many IT Pros, gaining visibility into feature updates early, before theyre available to the Semi-Annual Channel, can be both intriguing and valuable for future end user communications as well as provide additional prestaging for Semi-Annual Channel devices. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test devices, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft. Also, as flighted builds get closer to their release to the Semi-Annual Channel, organizations can test their deployment on test devices for compatibility validation.
The Windows Insider Program for Business gives you the opportunity to:
* Get early access to Windows Insider Preview Builds.
@ -50,32 +50,50 @@ Below are additional details to accomplish the steps described above.
## Register to the Windows Insider Program for Business
Registration in the Windows Insider Program for Business can be done individually per user or for an entire organization:
The first step to installing a Windows 10 Insider Preview build is to register as a Windows Insider. You and your users have two registration options.
### Individual registration
>[!IMPORTANT]
>This step is a prerequisite to register your organization's Azure AD domain.
Navigate to the [**Getting Started**](https://insider.windows.com/en-us/getting-started/) page on [Windows Insider](https://insider.windows.com), go to **Register your organization account** and follow the instructions.
### Register using your work account (recommended)
• Registering with your work account in Azure Active Directory (AAD) is required to submit feedback on behalf of your organization and manage Insider Preview builds on other PCs in your domain.
>[!NOTE]
>Make sure your device is [connected to your company's Azure AD subscription](waas-windows-insider-for-business-faq.md#connected-to-aad).
>Requires Windows 10 Version 1703 or later. Confirm by going to Settings>System>About. If you do not have an AAD account, [find out how to get an Azure Active Directory tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-howto-tenant).
### Organizational registration
### Register your personal account
Use the same account that you use for other Microsoft services. If you dont have a Microsoft account, it is easy to get one. [Get a Microsoft account](https://account.microsoft.com/account).
This method enables to your register your entire organization to the Windows Insider Program for Business, to avoid having to register each individual user.
## Install Windows Insider Preview Builds
You can install Windows 10 Insider Preview builds directly on individual PCs, manage installation across multiple PCs in an organization, or install on a virtual machine.
>[!IMPORTANT]
>The account performing these steps has to first be registered to the program individually. Additionally, Global Administrator privileges on the Azure AD domain are required.
### Install on an individual PC
1. On the [Windows Insider](https://insider.windows.com) website, go to **For Business > Getting Started** to [register your organizational Azure AD account](https://insider.windows.com/en-us/insidersigninaad/).
2. **Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/en-us/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
1. Open [Windows Insider Program settings](ms-settings:windowsinsider) (On your Windows 10 PC, go to Start > Settings > Update & security > Windows Insider Program). Note: To see this setting, you need to have administrator rights to your PC.
2. Link your Microsoft or work account that you used to register as a Windows Insider.
3. Follow the prompts.
>[!NOTE]
>At this point, the Windows Insider Program for Business only supports [Azure Active Directory (Azure AD)](/azure/active-directory/active-directory-whatis) (and not Active Directory on premises) as a corporate authentication method.
>
>If your company is currently not using Azure AD but has a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services you have a free subscription to Microsoft Azure Active Directory. This subscription can be used to create users for enrollment in the Windows Insider Program for Business.
(images/WIP4Biz_Prompts.png)
### Install across multiple PCs
Administrators can install and manage Insider Preview builds centrally across multiple PCs within their domain. Heres how:
1. **Register your domain with the Windows Insider Program**
To register a domain, you must be registered in the Windows Insider Program with your work account in Azure Active Directory and you must be assigned a **Global Administrator** role on that Azure AD domain. Also requires Windows 10 Version 1703 or later.
**Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/en-us/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
>[!Notes]
>• At this point, the Windows Insider Program for Business only supports [Azure Active Directory (Azure AD)](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis) (and not Active Directory on premises) as a corporate authentication method.
>• If your company has a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services you have a free subscription to Microsoft Azure Active Directory. This subscription can be used to create users for enrollment in the Windows Insider Program for Business.
>• If you do not have an AAD account, install Insider Preview builds on individual PCs with a registered Microsoft account.
2. **Apply Policies**
Once you have registered your enterprise domain, you can control how and when devices receive Windows Insider Preview builds on their devices. See: [How to manage Windows 10 Insider Preview builds across your organization](https://docs.microsoft.com/en-us/windows/deployment/update/waas-windows-insider-for-business).
### Install on a virtual machine.
This option enables you to run Insider Preview builds without changing the Windows 10 production build already running on a PC.
• For guidance on setting up virtual machines on your PC see: [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/about/).
• To download the latest Insider Preview build to run on your virtual machine see:
[Windows Insider Preview downloads](https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewadvanced)
## Manage Windows Insider Preview builds
@ -161,6 +179,58 @@ To switch flights prior to Windows 10, version 1709, follow these steps:
* [Windows Insider Slow](#slow)
* [Release Preview](#release-preview)
## Explore new Insider Preview features
Windows 10 Insider Preview builds offer organizations a valuable and exciting opportunity to evaluate new Windows features well before general release. Whats more, by providing feedback to Microsoft on these features, you and other Insiders in your organization can help shape Windows for your specific business needs. Heres how to get the most out of your feature exploration:
**Objective: Release Channel**
Feature Exploration: Fast Ring
Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.
**Objective: Users**
Feature Exploration: Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary machines.
**Objective: Tasks**
Feature Exploration:
• Install and manage Insider Preview builds on PCs (per machine or centrally across multiple machines)
• Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications
• Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary current features.
**Objective: Feedback**
Feature Exploration:
• Provide feedback via [Feedback Hub app](insiderhub://home/). This helps us make adjustments to features as quickly as possible.
• Encourage users to sign into the Feedback Hub using their AAD work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organizations domain.)
• [Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/en-us/how-to-feedback/)
## Validate Insider Preview builds
Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. This activity can play an important role in your [Windows 10 deployment strategy](https://docs.microsoft.com/en-us/windows/deployment/update/waas-windows-insider-for-business). Early validation has several benefits:
• Get a head start on your Windows validation process
• Identify issues sooner to accelerate your Windows deployment
• Engage Microsoft earlier for help with potential compatibility issues
• Deploy Windows 10 Semi-Annual releases faster and more confidently
• Maximize the 18-month support Window that comes with each Semi-Annual release.
(images/WIP4Biz_deployment.png)
Windows 10 Insider Preview builds enable organization to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments.
**Objective: Release Channel**
Application and infrastructure validation: SLOW RING
Insider Preview builds in the Slow Ring are released approximately once a month. They are more stable than Fast Ring releases, making them better suited for validation purposes. Slow Ring releases can be run on either secondary or primary production machines by skilled users.
**Objective: Recommended Users**
Application and infrastructure validation: In addition to Insiders who may have participated in feature exploration, we also recommend including a small group of application users from each business department to ensure a representative sample.
**Objective: Recommended Tasks**
Application and infrastructure validation: Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) and [Windows Insider Tech Community](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram) pages for updates on current issues and fixes.
**Objective: Feedback**
Application and infrastructure validation:Provide feedback in the Feedback Hub app and also inform app vendors of any significant issues.
**Objective: Guidance**
Application and infrastructure validation:
• [Use Upgrade Readiness to create an app inventory and identify mission-critical apps](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-identify-apps)
• [Use Device Health to identify problem devices and device drivers](https://docs.microsoft.com/en-us/windows/deployment/update/device-health-monitor)
• [Windows 10 application compatibility](https://technet.microsoft.com/windows/mt703793)
## How to switch between your MSA and your Corporate AAD account
If you were using your Microsoft Account (MSA) to enroll to the Windows Insider Program, switch to your organizational account by going to **Settings > Updates & Security > Windows Insider Program**, and under **Windows Insider account** select **Change**.
@ -189,7 +259,7 @@ When providing feedback, please consider the following:
### User consent requirement
With the current version of the Feedback Hub app, we need the user's consent to access their AAD account profile data (We read their name, organizational tenant ID and user ID). When they sign in for the first time with the AAD account, they will see a popup asking for their permission, like this:
Feedback Hub needs the users consent to access their AAD account profile data (we read their name, organizational tenant ID and user ID). When they sign in for the first time with the AAD account, they will see a popup asking for their permission, like this:
![Feedback Hub consent to AAD pop-up](images/waas-wipfb-aad-consent.png)
@ -271,6 +341,15 @@ Your individual registration with the Insider program will not be impacted. If y
>[!IMPORTANT]
>Once your domain is unregistered, setting the **Branch Readiness Level** to preview builds will have no effect. Return this setting to its unconfigured state in order to enable users to control it from their devices.
## Community
Windows Insiders are a part of a global community focused on innovation, creativity, and growth in their world.
The Windows Insider program enables you to deepen connections to learn from peers and to connect to subject matter experts (inside Microsoft, Insiders in your local community and in another country) who understand your unique challenges, and who can provide strategic advice on how to maximize your impact.
Collaborate and learn from experts in the [WINDOWS INSIDER TECH COMMUNITY](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram)
## Additional help resources
* [**Windows Blog**](https://blogs.windows.com/blog/tag/windows-insider-program/) - With each new build release we publish a Windows Blog post that outlines key feature changes as well as known issues that Insiders may encounter while using the build.
@ -281,7 +360,6 @@ Your individual registration with the Insider program will not be impacted. If y
- [Windows Insider Program for Business using Azure Active Directory](waas-windows-insider-for-business-aad.md)
- [Windows Insider Program for Business Frequently Asked Questions](waas-windows-insider-for-business-faq.md)
## Related Topics
- [Overview of Windows as a service](waas-overview.md)
- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)

4
windows/hub/TOC.md
View File

@ -5,8 +5,6 @@
## [Configuration](/windows/configuration)
## [Client management](/windows/client-management)
## [Application management](/windows/application-management)
## [Identity and access management](/windows/security/identity-protection)
## [Information protection](/windows/security/information-protection)
## [Threat protection](/windows/security/threat-protection)
## [Security](/windows/security)
## [Troubleshooting](/windows/client-management/windows-10-support-solutions)
## [Other Windows client versions](https://docs.microsoft.com/previous-versions/windows)

30
windows/hub/index.md
View File

@ -37,12 +37,6 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
<a href="/windows/deployment/index">
<img src="images/deployment.png" alt="Windows 10 deployment" title="Windows 10 deployment" />
<br/>Deployment </a><br>
</td>
<td align="center" style="width:25%; border:0;">
<a href="/windows/client-management/index">
<img src="images/clientmanagement.png" alt="Windows 10 client management" title="Client management" />
<br/>Client Management </a><br>
</td>
</tr>
<tr style="text-align:center;">
<td align="center" style="width:25%; border:0;"><br>
@ -50,21 +44,15 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
<img src="images/applicationmanagement.png" alt="Manage applications in your Windows 10 enterprise deployment" title="Application management" />
<br/>Application Management </a>
</td>
<td align="center" style="width:25%; border:0;"><br>
<a href="/windows/access-protection/index">
<img src="images/accessprotection.png" alt="Windows 10 access protection" title="Windows 10 access protection" />
<br/>Access Protection </a>
<td align="center" style="width:25%; border:0;"><br>
<a href="/windows/client-management/index">
<img src="images/clientmanagement.png" alt="Windows 10 client management" title="Client management" />
<br/>Client Management </a>
</td>
<td align="center" style="width:25%; border:0;"><br>
<a href="/windows/device-security/index">
<img src="images/devicesecurity.png" alt="Windows 10 device security" title="W10 device security" />
<br/>Device Security </a>
</td>
<td align="center" style="width:25%; border:0;"><br>
<a href="/windows/threat-protection/index">
<img src="images/threatprotection.png" alt="Windows 10 threat protection" title="Windows 10 threat protection" />
<br/>Threat Protection </a>
</td>
<a href="/windows/security/index">
<img src="images/threatprotection.png" alt="Windows 10 security" title="W10 security" />
<br/>Security </a>
</tr>
</table>
@ -74,9 +62,9 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers.
These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
- [Read more about Windows as a Service](/windows/deployment/update/waas-overview)
- [Read more about Windows as a Service](/windows/deployment/update/waas-overview)
## Related topics
[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)

2
windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
View File

@ -20,7 +20,7 @@ ms.date: 07/27/2017
Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment.
Below, you can find all the infromation you will need to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment:
Below, you can find all the information you will need to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment:
1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)

2
windows/security/index.yml
View File

@ -14,6 +14,8 @@ metadata:
keywords: protect, company, data, Windows, device, app, management, Microsoft365, e5, e3
ms.localizationpriority: high
author: brianlic-msft
ms.author: brianlic

12
windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
View File

@ -9,8 +9,8 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author: iaanw
ms.author: iawilt
author: andreabichsel
ms.author: v-anbic
ms.date: 12/12/2017
---
@ -33,10 +33,10 @@ Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrus
There are four features in Windows Defender EG:
- [Exploit protection](exploit-protection-exploit-guard.md) can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps
- [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-, script- and mail-based malware
- [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices
- [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware
- [Exploit protection](exploit-protection-exploit-guard.md) can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps. Works with third-party antivirus solutions and Windows Defender Antivirus (Windows Defender AV).
- [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-, script- and mail-based malware. Requires Windows Defender AV.
- [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV.
- [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware. Requires Windows Defender AV.
You can evaluate each feature of Windows Defender EG with the guides at the following link, which provide pre-built PowerShell scripts and testing tools so you can see the features in action:

2
windows/whats-new/whats-new-windows-10-version-1607.md
View File

@ -81,7 +81,7 @@ Additional changes for Windows Hello in Windows 10, version 1607:
### VPN
- The VPN client can integrate with the Conditional Access Framework, a cloud-pased policy engine built into Azure Active Directory, to provide a device compliance option for remote clients.
- The VPN client can integrate with the Conditional Access Framework, a cloud-based policy engine built into Azure Active Directory, to provide a device compliance option for remote clients.
- The VPN client can integrate with Windows Information Protection (WIP) policy to provide additional security. [Learn more about Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip), previously known as Enterprise Data Protection.
- New VPNv2 configuration service provider (CSP) adds configuration settings. For details, see [What's new in MDM enrollment and management](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056%28v=vs.85%29.aspx#whatsnew_1607)
- Microsoft Intune: *VPN Profile (Windows 10 Desktop and Mobile and later)* policy template includes support for native VPN plug-ins.

4
windows/whats-new/whats-new-windows-10-version-1703.md
View File

@ -122,7 +122,7 @@ New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10
You can read more about ransomware mitigations and detection capability in Windows Defender Advanced Threat Protection in the blog: [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/).
Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see (Windows Defender ATP for Windows 10 Creators Update)[https://technet.microsoft.com/en-au/windows/mt782787].
Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see [Windows Defender ATP for Windows 10 Creators Update](https://technet.microsoft.com/en-au/windows/mt782787).
### Windows Defender Antivirus
Windows Defender is now called Windows Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
@ -169,7 +169,7 @@ For Windows Phone devices, an administrator is able to initiate a remote PIN res
For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**.
For more details, check out [What if I forget my PIN?](/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password#what-if-i-forget-my-pin).
For more details, check out [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-features#pin-reset).
### Windows Information Protection (WIP) and Azure Active Directory (Azure AD)
Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune).