deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

merge from master

Browse Source
This commit is contained in:
Joey Caparas 2018-08-20 11:15:30 -07:00
commit daaa43fc49
34 changed files with 329 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
browsers/edge/TOC.md
View File

@ -1,5 +1,9 @@
# [Microsoft Edge deployment for IT Pros](index.yml)
## [System requirements and supported languages](about-microsoft-edge.md)
## [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
## [(Preview) New Microsoft Edge Group Policies and MDM settings](new-policies.md)
## [(Preview) Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
@ -27,13 +31,6 @@
## [Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
## [System requirements](about-microsoft-edge.md#minimum-system-requirements)
## [Supported languages](about-microsoft-edge.md#supported-languages)
## [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
## [Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)

3
browsers/edge/about-microsoft-edge.md
View File

@ -1,4 +1,5 @@
---
title: Microsoft Edge system and language requirements
description: Overview information about Microsoft Edge, the default browser for Windows 10. This topic includes links to other Microsoft Edge topics.
ms.assetid: 70377735-b2f9-4b0b-9658-4cf7c1d745bb
author: shortpatti
@ -10,7 +11,7 @@ ms.localizationpriority: medium
ms.date: 07/29/2018
---
# Microsoft Edge deployment for IT Pros
# Microsoft Edge system and language requirements
>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.

9
browsers/edge/emie-to-improve-compatibility.md
View File

@ -64,12 +64,14 @@ You must turn on the **Configure the Enterprise Mode Site List** Group Policy se
- **HTTP location**: *“SiteList”=”http://localhost:8080/sites.xml”*
- **Local network**: *"SiteList"="\\\\network\\shares\\sites.xml"*
- **Local network**: *"SiteList"="\\\network\\shares\\sites.xml"*
- **Local file**: *"SiteList"="file:///c:\\\\Users\\\\<user>\\\\Documents\\\\testList.xml"*
- **Local file**: *"SiteList"="file:///c:/Users/<username>/Documents/testList.xml"*
All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list.
3. Refresh your policy in your organization and then view the affected sites in Microsoft Edge.<p>The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is.
## Fix your intranet sites
@ -96,6 +98,3 @@ You can add the **Send all intranet traffic over to Internet Explorer** Group Po
* [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377)
* [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714)
 

14
browsers/edge/group-policies/home-button-gp.md
View File

@ -12,13 +12,13 @@ ms.sitesec: library
# Home button configuration options
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
Microsoft Edge shows the home button and by clicking it the Start page loads by default. You can configure the Home button to load the New tab page or a URL defined in the Set Home button URL policy. You can also configure Microsoft Edge to hide the home button.
Microsoft Edge shows the home button and by clicking it the Start page loads by default. You can configure the Home button to load the New tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
## Relevant group policies
- [Configure Home button](#configure-home-button)
- [Set Home button URL](#set-home-button-url)
- [Unlock Home button](#unlock-home-button)
- [Configure Home Button](#configure-home-button)
- [Set Home Button URL](#set-home-button-url)
- [Unlock Home Button](#unlock-home-button)
## Configuration options
@ -30,12 +30,12 @@ Microsoft Edge shows the home button and by clicking it the Start page loads by
![Hide home button](../images/home-button-hide-v4-sm.png)
## Configure Home button
## Configure Home Button
[!INCLUDE [configure-home-button-include.md](../includes/configure-home-button-include.md)]
## Set Home button URL
## Set Home Button URL
[!INCLUDE [set-home-button-url-include](../includes/set-home-button-url-include.md)]
## Unlock Home button
## Unlock Home Button
[!INCLUDE [unlock-home-button-include.md](../includes/unlock-home-button-include.md)]

BIN
browsers/edge/images/home-button-hide-sm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 77 KiB

BIN
browsers/edge/images/home-button-hide-v4-sm.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 77 KiB

After

Width:  |  Height:  |  Size: 77 KiB

BIN
browsers/edge/images/home-button-hide-v4.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 73 KiB

After

Width:  |  Height:  |  Size: 74 KiB

BIN
browsers/edge/images/home-button-hide.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB

BIN
browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 273 KiB

After

Width:  |  Height:  |  Size: 272 KiB

2
browsers/edge/includes/allow-clearing-browsing-data-include.md
View File

@ -28,7 +28,7 @@
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit
- **Data type:** Integer
#### *Registry
#### Registry
- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Privacy
- **Value name:** ClearBrowsingHistoryOnExit
- **Value type:** REG_DWORD

14
browsers/edge/includes/configure-home-button-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Configure Home button-->
>*Supported versions: Microsoft Edge on Windows 10*<br>
<!-- ## Configure Home Button-->
>*Supported versions: Microsoft Edge on Windows 10*
>*Default setting: Disabled or not configured (Show home button and load the Start page)*
@ -12,7 +12,7 @@
|---|:---:|:---:|---|
|Disabled or not configured<br>**(default)** |0 |0 |Show home button and load the Start page. |
|Enabled |1 |1 |Show home button and load the New tab page. |
|Enabled |2 |2 |Show home button and load the custom URL defined in the Set Home button URL policy. |
|Enabled |2 |2 |Show home button and load the custom URL defined in the Set Home Button URL policy. |
|Enabled |3 |3 |Hide home button. |
---
@ -21,12 +21,12 @@
For more details about configuring the different Home button options, see [Home button configuration options](../group-policies/home-button-gp.md).
>[!TIP]
>If you want to make changes to this policy:<ol><li>Enable the **Unlock Home Button** policy.</li><li>Make changes to the **Configure Home button** policy or **Set Home button URL** policy.</li><li>Disable the **Unlock Home Button** policy.</li></ol>
>If you want to make changes to this policy:<ol><li>Enable the **Unlock Home Button** policy.</li><li>Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.</li><li>Disable the **Unlock Home Button** policy.</li></ol>
### ADMX info and settings
#### ADMX info
- **GP English name:** Configure Home button
- **GP English name:** Configure Home Button
- **GP name:** ConfigureHomeButton
- **GP element:** ConfigureHomeButtonDropdown
- **GP path:** Windows Components/Microsoft Edge
@ -45,9 +45,9 @@ For more details about configuring the different Home button options, see [Home
### Related policies
- [Set Home button URL](../new-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
- [Set Home Button URL](../new-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
- [Unlock Home button](../new-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
- [Unlock Home Button](../new-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
<hr>

2
browsers/edge/includes/do-not-sync-browser-settings-include.md
View File

@ -20,7 +20,7 @@ For more details about configuring the browser syncing options, see [Sync browse
### ADMX info and settings
#### ADMX info
- **GP English name:** Do not sync browser settings
- **GP name:** DoNotSyncBrowserSettings
- **GP name:** DisableWebBrowserSettingSync
- **GP path:** Windows Components/Sync your settings
- **GP ADMX file name:** SettingSync.admx

2
browsers/edge/includes/do-not-sync-include.md
View File

@ -9,7 +9,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |Allowed/turned on. Users can choose what to sync to their device. | |
|Enabled |2 |2 |Prevented/turned off. Disables the Sync your Settings toggle and prevents syncing. |![Most restricted value](../images/check-gn.png) |
|Enabled |2 |2 |Prevented/turned off. Disables the _Sync your Settings_ toggle and prevents syncing. |![Most restricted value](../images/check-gn.png) |
---
### ADMX info and settings

2
browsers/edge/includes/prevent-certificate-error-overrides-include.md
View File

@ -7,7 +7,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |Allowed/turned on. Override the security warning to sites that have SSL errors. | |
|Disabled or not configured<br>**(default)** |0 |0 |Allowed/turned on. Overrides the security warning to sites that have SSL errors. | |
|Enabled |1 |1 |Prevented/turned on. |![Most restricted value](../images/check-gn.png) |
---

2
browsers/edge/includes/prevent-first-run-webpage-open-include.md
View File

@ -8,7 +8,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |Allowed. Microsoft Edge loads the welcome page. | |
|Disabled or not configured<br>**(default)** |0 |0 |Allowed. Load the First Run webpage. | |
|Enabled |1 |1 |Prevented. |![Most restricted value](../images/check-gn.png) |
---

4
browsers/edge/includes/prevent-turning-off-required-extensions-include.md
View File

@ -10,7 +10,7 @@
|Group Policy |Description |
|---|---|
|Disabled or not configured<br>**(default)** |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. |
|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:<p><p>_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_ <p>After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:<p><p>_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_ <p>After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.<p>Removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../available-policies.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
---
### ADMX info and settings
@ -21,7 +21,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[PreventTurningOffRequiredExtensions](../new-policies.md#prevent-turning-off-required-extensions)
- **MDM name:** Browser/[PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventTurningOffRequiredExtensions
- **Data type:** String

2
browsers/edge/includes/provision-favorites-include.md
View File

@ -11,7 +11,7 @@
|Group Policy |Description |Most restricted |
|---|---|:---:|
|Disabled or not configured<br>**(default)** |Default list of favorites not defined in Microsoft Edge. In this case, the Favorites list is customizable, such as adding folders, or adding and removing favorites. | |
|Disabled or not configured<br>**(default)** |Users can customize the favorites list, such as adding folders, or adding and removing favorites. | |
|Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file**, and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as: <ul><li>HTTP location: "SiteList"=http://localhost:8080/URLs.html</li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:\Users\\Documents\URLs.html</li></ul></li></ol> |![Most restricted value](../images/check-gn.png) |
---

4
browsers/edge/includes/send-all-intranet-sites-ie-include.md
View File

@ -5,7 +5,7 @@
[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)]
>[!TIP]
>Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager. Allowed values.
>Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager.
### Supported values
@ -13,7 +13,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |All sites, including intranet sites, open in Microsoft Edge automatically. |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.<p><p>Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.<ol><li>In Group Policy Editor, navigate to:<br><br>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**<p></li><li>Click **Enabled**, refresh the policy, and then view the affected sites in Microsoft Edge.<p><p>A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.</li></ol>| |
|Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.<p><p>Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.<ol><li>In Group Policy Editor, navigate to:<br><br>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** and click **Enable**.<p></li><li>Refresh the policy and then view the affected sites in Microsoft Edge.<p><p>A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.</li></ol>| |
---

10
browsers/edge/includes/set-home-button-url-include.md
View File

@ -1,4 +1,4 @@
<!-- ## Set Home button URL-->
<!-- ## Set Home Button URL-->
>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>
>*Default setting: Disabled or not configured (Blank)*
@ -9,7 +9,7 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Disabled or not configured<br>**(default)** |Blank |Blank |Show the home button and loads the Start page and locks down the home button to prevent users from changing what page loads. |
|Enabled - String |String |String |Load a custom URL for the home button. You must also enable the [Configure Home button](../new-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option.<p>Enter a URL in string format, for example, https://www.msn.com. |
|Enabled - String |String |String |Load a custom URL for the home button. You must also enable the [Configure Home Button](../new-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option.<p>Enter a URL in string format, for example, https://www.msn.com. |
---
@ -20,7 +20,7 @@ For more details about configuring the different Home button options, see [Home
### ADMX info and settings
#### ADMX info
- **GP English name:** Set Home button URL
- **GP English name:** Set Home Button URL
- **GP name:** SetHomeButtonURL
- **GP element:** SetHomeButtonURLPrompt
- **GP path:** Windows Components/Microsoft Edge
@ -39,8 +39,8 @@ For more details about configuring the different Home button options, see [Home
### Related policies
- [Configure Home button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
- [Configure Home Button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
- [Unlock Home button](../new-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
- [Unlock Home Button](../new-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
<hr>

2
browsers/edge/includes/show-message-opening-sites-ie-include.md
View File

@ -12,7 +12,7 @@
|---|:---:|:---:|---|:---:|
|Disabled or not configured<br>**(default)** |0 |0 |No additional message displays. |![Most restricted value](../images/check-gn.png) |
|Enabled |1 |1 |Show an additional message stating that a site has opened in IE11. | |
|Enabled |2 |2 |Show an additional message with a "Keep going in Microsoft Edge" link to allow users to open the site in Microsoft Edge. | |
|Enabled |2 |2 |Show an additional message with a _Keep going in Microsoft Edge_ link to allow users to open the site in Microsoft Edge. | |
---
### Configuration options

4
browsers/edge/includes/unlock-home-button-include.md
View File

@ -37,9 +37,9 @@ For more details about configuring the different Home button options, see [Home
### Related policies
- [Configure Home button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
- [Configure Home Button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
- [Set Home button URL](../new-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
- [Set Home Button URL](../new-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
<hr>

4
browsers/edge/index.yml
View File

@ -52,13 +52,13 @@ sections:
- href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/about-microsoft-edge
html: <p>Learn about Microsoft Edge, including system requirements and language support</p>
html: <p>Learn about the system requirements and language support for Microsoft Edge.</p>
image:
src: https://docs.microsoft.com/media/common/i_overview.svg
title: Microsoft Edge overview
title: System requirements and supported languages
- href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/new-policies

2
browsers/edge/microsoft-edge-kiosk-mode-deploy.md
View File

@ -309,7 +309,7 @@ In the following table, we show you the features available in both Microsoft Edg
| Multi-tab support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) |
| Allow URL support | ![Supported](images/148767.png) <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* | ![Supported](images/148767.png) |
| Block URL support | ![Supported](images/148767.png)<p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* | ![Supported](images/148767.png) |
| Configure Home button | ![Supported](images/148767.png) | ![Supported](images/148767.png) |
| Configure Home Button | ![Supported](images/148767.png) | ![Supported](images/148767.png) |
| Set Start page(s) URL | ![Supported](images/148767.png) | ![Supported](images/148767.png) <p>*Same as Home button URL* |
| Set New Tab page URL | ![Supported](images/148767.png) | ![Not supported](images/148766.png) |
| Favorites management | ![Supported](images/148767.png) | ![Not supported](images/148766.png) |

12
browsers/edge/new-policies.md
View File

@ -40,7 +40,7 @@ We are discontinuing the **Configure Favorites** group policy. Use the **[Provis
| [Allow web content on new tab page](available-policies.md#allow-web-content-on-new-tab-page) | -- | [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | New |
| [Configure collection of browsing data for Microsoft 365 Analytics](#configure-collection-of-browsing-data-for-microsoft-365-analytics) | New | [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | New |
| [Configure Favorites Bar](#configure-favorites-bar) | New | [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | New |
| [Configure Home button](#configure-home-button) | New | [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | New |
| [Configure Home Button](#configure-home-button) | New | [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | New |
| [Configure kiosk mode](#configure-kiosk-mode) | New | [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | New |
| [Configure kiosk reset after idle timeout](#configure-kiosk-reset-after-idle-timeout) | New | [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | New |
| [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with) | New | [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | New |
@ -48,10 +48,10 @@ We are discontinuing the **Configure Favorites** group policy. Use the **[Provis
| [Prevent certificate error overrides](#prevent-certificate-error-overrides) | New | [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | New |
| [Prevent users from turning on browser syncing](#preventusersfromturningonbrowsersyncing) | New | [Experience/PreventUsersFromTurningOnBrowserSyncing](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-preventusersfromturningonbrowsersyncing) | New |
| [Prevent turning off required extensions](#prevent-turning-off-required-extensions) | New | [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-preventusersfromturningonbrowsersyncing) | New |
| [Set Home button URL](#set-home-button-url) | New | [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | New |
| [Set Home Button URL](#set-home-button-url) | New | [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | New |
| [Set New Tab page URL](#set-new-tab-page-url) | New | [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | New |
| [Show message when opening sites in Internet Explorer](#showmessagewhenopeninginteretexplorersites) | Updated | [ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) | Updated |
| [Unlock Home button](#unlock-home-button) | New | [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | New |
| [Unlock Home Button](#unlock-home-button) | New | [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | New |
---
@ -81,7 +81,7 @@ We are discontinuing the **Configure Favorites** group policy. Use the **[Provis
## Configure Favorites Bar
[!INCLUDE [configure-favorites-bar-include.md](includes/configure-favorites-bar-include.md)]
## Configure Home button
## Configure Home Button
[!INCLUDE [configure-home-button-include.md](includes/configure-home-button-include.md)]
## Configure kiosk mode
@ -102,7 +102,7 @@ We are discontinuing the **Configure Favorites** group policy. Use the **[Provis
## Prevent users from turning on browser syncing
[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](includes/prevent-users-to-turn-on-browser-syncing-include.md)]
## Set Home button URL
## Set Home Button URL
[!INCLUDE [set-home-button-url-include](includes/set-home-button-url-include.md)]
## Set New Tab page URL
@ -111,6 +111,6 @@ We are discontinuing the **Configure Favorites** group policy. Use the **[Provis
## Show message when opening sites in Internet Explorer
[!INCLUDE [show-message-opening-sites-ie-include](includes/show-message-opening-sites-ie-include.md)]
## Unlock Home button
## Unlock Home Button
[!INCLUDE [unlock-home-button-include.md](includes/unlock-home-button-include.md)]

2
browsers/edge/shortdesc/configure-home-button-shortdesc.md
View File

@ -1 +1 @@
Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the Home button to load the New tab page or a URL defined in the Set Home button URL policy. You can also configure Microsoft Edge to hide the home button.
Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.

2
browsers/edge/shortdesc/do-not-sync-shortdesc.md
View File

@ -1 +1 @@
By default, Microsoft Edge turns on the Sync your Settings toggle in Settings and let users choose what to sync on their device. Enabling this policy turns off and disables the Sync your Settings toggle in Settings, preventing syncing of users settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option.
By default, Microsoft Edge turns on the Sync your Settings toggle in Settings and let users choose what to sync on their device. Enabling this policy turns off and disables the Sync your Settings toggle in Settings, preventing syncing of users settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option in this policy.

2
browsers/edge/shortdesc/set-home-button-url-shortdesc.md
View File

@ -1 +1 @@
By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.

2
browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
View File

@ -1 +1 @@
Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the “Keep going in Microsoft Edge” link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.
Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.

2
browsers/edge/shortdesc/unlock-home-button-shortdesc.md
View File

@ -1 +1 @@
By default, when you enable the Configure Home button policy or provide a URL in the Set Home button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home button or Set Home button URL policies.
By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies.

1
education/windows/TOC.md
View File

@ -21,6 +21,7 @@
### [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md)
### [Get Minecraft: Education Edition with Windows 10 device promotion](get-minecraft-device-promotion.md)
## [Test Windows 10 in S mode on existing Windows 10 education devices](test-windows10s-for-edu.md)
## [Enable Windows 10 in S mode on Surface Go devices](enable-s-mode-on-surface-go-devices.md)
## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
## [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)
## [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](s-mode-switch-to-edu.md)

145
education/windows/enable-s-mode-on-surface-go-devices.md Normal file
View File

@ -0,0 +1,145 @@
---
title: Enable S mode on Surface Go devices for Education
description: Steps that an education customer can perform to enable S mode on Surface Go devices
keywords: Surface Go for Education, S mode
ms.prod: w10
ms.technology: Windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
author: kaushika-msft
ms.author:
ms.date: 07/30/2018
---
# Surface Go for Education - Enabling S mode
Surface Go devices are available with both Windows 10 Home in S mode and Windows 10 Pro configurations. Education customers who purchase Surface Go devices with Windows 10 Pro may wish to take advantage of S mode on their Pro devices. These customers can create their own S mode image for Surface Go or enable S mode on a per-device basis.
## Prerequisites
Here are some things youll need before attempting any of these procedures:
- A Surface Go device or Surface Go device image based on Windows 10 Pro
(1803)
- General understanding of [Windows deployment scenarios and related
tools](https://docs.microsoft.com/windows/deployment/windows-deployment-scenarios-and-tools)
- [Windows ADK for Windows 10
1803](https://docs.microsoft.com/windows/deployment/windows-adk-scenarios-for-it-pros)
- [Bootable Windows Preinstall Environment
(WinPE)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive)
## Enabling S Mode Windows Image (WIM)
Like enterprise administrators performing large-scale deployment of customized Windows images, education customers can create their own customized Windows images for deployment to multiple classroom devices. An education customer who plans to follow [a traditional image-based deployment
process](https://docs.microsoft.com/windows/deployment/windows-10-deployment-scenarios#traditional-deployment) using a Windows 10 Pro (1803) image for Surface Go devices can enable S mode as follows:
1. Use DISM to mount your offline Windows 10 Pro (1803) image.
```
dism /Mount-image /imagefile:\<path_to_Image_file\> {/Index:\<image_index\> | /Name:\<image_name\>} /MountDir:\<local_target_directory\>
```
2. Create an unattend.xml answer file, adding the
amd64_Microsoft_Windows_CodeIntegrity component to Pass 2 offline Servicing
and setting amd64_Microsoft_Windows_CodeIntegrity\\SkuPolicyRequired to “1”.
The resulting xml should look like this…
Copy
```
<settings pass=”offlineServicing”>
<component name=”Microsoft-Windows-CodeIntegrity”
processorArchitecture=”amd64”
publicKeyToken=”31bf3856ad364e35”
language=”neutral”
versionScope=”nonSxS”
xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”>
<SkuPolicyRequired>1</SkuPolicyRequired>
</component>
</settings>
```
3. Save the answer file in the **Windows\Panther** folder of your mounted image as unattend.xml.
4. Use DISM to apply the unattend.xml file and enable S Mode:
Copy
```
dism /image:C:\mount\windows /apply-unattend:C:\mount\windows\windows\panther\unattend.xml
```
> Note: in the above example, C:\\mount\\ is the local directory used to mount
> the offline image.
5. Commit the image changes and unmount the image
Copy
```
dism /Unmount-image /MountDir:C:\\mount /Commit
```
>Note: dont forget the /Commit parameter to ensure you dont lose your
changes.
Your Windows 10 Pro (1803) image now has S mode enabled and is ready to deploy to Surface Go devices.
## Enabling S Mode Per Device
Education customers who wish to avoid the additional overhead associated with Windows image creation, customization, and deployment can enable S mode on a per-device basis. Performing the following steps on a Surface Go device will enable S mode on an existing installation of Windows 10 Pro (1803).
1. Create a bootable WinPE media. See [Create a bootable Windows PE USB
drive](http://msdn.microsoft.com/library/windows/hardware/dn938386.aspx) for details.
2. Create an unattend.xml answer file, adding the
amd64_Microsoft_Windows_CodeIntegrity component to Pass 2 offline Servicing
and setting amd64_Microsoft_Windows_CodeIntegrity\\SkuPolicyRequired to “1”. The resulting xml should look like this…
Copy
```
<settings pass=”offlineServicing”>
<component name=”Microsoft-Windows-CodeIntegrity”
processorArchitecture=”amd64”
publicKeyToken=”31bf3856ad364e35”
language=”neutral”
versionScope=”nonSxS”
xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”>
<SkuPolicyRequired>1</SkuPolicyRequired>
</component>
</settings>
```
3. Attach your bootable WinPE USB drive to a Surface Go device and perform a USB boot (hold the **volume down** button while powering on the device… continue to hold until the Surface logo appears)
4. Wait for WinPE to launch a command window (*X:\\windows\\system32\\cmd.exe*).
5. Apply the unattend.xml created in step 2 using DISM.
Copy
```
dism /image:C:\ /apply-unattend:D:\unattend.xml
```
> Note: in the above example, C:\\ is the local OS drive (offline). D:\ is where the S mode unattend.xml file (from Step 2) resides.
6. Once DISM has successfully applied the unattend.xml, reboot the Surface Go device.
Upon reboot, you should find your Surface Go device now is now in S mode.
## Troubleshooting
|ISSUE | RESOLUTION |
|------------------------ |-----------------------|
|DISM fails to apply the unattend.xml because the OS drive is encrypted. | This is one reason why its best to enable S mode before setting up and configuring a device. If the OS drive has already been encrypted, youll need to fully decrypt the drive before you can enable S mode. |
|Unattend.xml has been applied and dism reports success. However, when I boot the device, its not in S mode. This can happen when a device was booted to Windows 10 Pro before S mode was enabled. To resolve this issue, do the following: | 1. **Run** “shutdown.exe -p -f” to force a complete shutdown. <br> 2. Hold the **vol-up** button while pressing the **power** button to power on the device. Continue to hold **vol-up** until you see the Surface UEFI settings. <br> 3. Under **Security** find the **Secure Boot** option and disable it. <br> 4. With SecureBoot disabled choose **exit** -\> **restart now** to exit UEFI settings and reboot the device back to Windows. <br> 5. Confirm that S mode is now properly enabled. <br> 6. Once youve confirmed S mode, you should re-enable Secure Boot… repeat the above steps, choosing to **Enable** Secure Boot from the UEFI securitysettings.
## Additional Info
[Windows 10 deployment scenarios](https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios)
[Windows 10 deployment scenarios and tools](https://docs.microsoft.com/en-us/windows/deployment/windows-deployment-scenarios-and-tools)
[Download and install the Windows ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install)
[Windows ADK for Windows 10 scenarios for IT Pros](https://docs.microsoft.com/en-us/windows/deployment/windows-adk-scenarios-for-it-pros)
[Modify a Windows Image Using DISM](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism)
[Service a Windows Image Using DISM](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/service-a-windows-image-using-dism)
[DISM Image Management Command-Line Options](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14)

67
windows/client-management/mdm/policy-csp-browser.md
View File

@ -3228,6 +3228,73 @@ Most restricted value: 1
<hr/>
<!--Policy-->
<a href="" id="browser-preventturningoffrequiredextensions"></a>**Browser/PreventTurningOffRequiredExtensions**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
[!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../../../browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md)]
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Prevent turning off required extensions*
- GP name: *PreventTurningOffRequiredExtensions*
- GP element: *PreventTurningOffRequiredExtensions_Prompt*
- GP path: *Windows Components/Microsoft Edge*
- GP ADMX file name: *MicrosoftEdge.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
Supported values:
- Blank (default) - Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored.
- String - Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_<p>After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. <p>Removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="browser-preventusinglocalhostipaddressforwebrtc"></a>**Browser/PreventUsingLocalHostIPAddressForWebRTC**

14
windows/client-management/mdm/policy-csp-experience.md
View File

@ -1437,7 +1437,7 @@ The following list shows the supported values:
[!INCLUDE [do-not-sync-browser-settings-shortdesc](../../../browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md)]
Related policy:
PreventUsersFromTurningOnBrowserSyncing
[PreventUsersFromTurningOnBrowserSyncing](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-preventusersfromturningonbrowsersyncing)
<!--/Description-->
<!--ADMXMapped-->
@ -1454,7 +1454,7 @@ Supported values:
- 0 (default) - Allowed/turned on. The "browser" group syncs automatically between users devices and lets users to make changes.
- 2 - Prevented/turned off. The "browser" group does not use the _Sync your Settings_ option.
Value type is integer.
Value type: integer
<!--/SupportedValues-->
<!--Example-->
@ -1505,16 +1505,16 @@ Value type is integer.
[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../../../browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
Related policy:
DoNotSyncBrowserSettings
[DoNotSyncBrowserSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)
If you want to prevent syncing of browser settings and prevent users from turning it on:
1. Set Experience/DoNotSyncBrowserSettings to 2 (enabled).
1. Set this policy (Experience/PreventUsersFromTurningOnBrowserSyncing) to 1 (enabled or not configured).
1. Set DoNotSyncBrowserSettings to 2 (enabled).
1. Set this policy (PreventUsersFromTurningOnBrowserSyncing) to 1 (enabled or not configured).
If you want to prevent syncing of browser settings but give users a choice to turn on syncing:
1. Set Experience/DoNotSyncBrowserSettings to 2 (enabled).
1. Set this policy (Experience/PreventUsersFromTurningOnBrowserSyncing) to 0 (disabled).
1. Set DoNotSyncBrowserSettings to 2 (enabled).
2. Set this policy (PreventUsersFromTurningOnBrowserSyncing) to 0 (disabled).
<!--/Description-->

50
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
author: jsuther1974
ms.date: 07/16/2018
ms.date: 08/16/2018
---
# Microsoft recommended block rules
@ -135,6 +135,8 @@ Microsoft recommends that you block the following Microsoft-signed applications
<Deny ID="ID_DENY_PWRSHLCUSTOMHOST" FriendlyName="powershellcustomhost.exe" FileName="powershellcustomhost.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_TEXTTRANSFORM" FriendlyName="texttransform.exe" FileName="texttransform.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_MWFC" FriendlyName="Microsoft.Workflow.Compiler.exe" FileName="Microsoft.Workflow.Compiler.exe" MinimumFileVersion="65535.65535.65535.65535" />
<Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="65535.65535.65535.65535" />
<Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6"/>
<Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF"/>
<Deny ID="ID_DENY_D_3" FriendlyName="Powershell 3" Hash="148972F670E18790D62D753E01ED8D22B351A57E45544D88ACE380FEDAF24A40"/>
@ -681,6 +683,28 @@ Microsoft recommends that you block the following Microsoft-signed applications
<Deny ID="ID_DENY_D_580" FriendlyName="PowerShellShell 580" Hash="8838FE3D8E2505F3D3D8B98C64739115838A0B443BBBBFB487342F1EE7801360"/>
<Deny ID="ID_DENY_D_581" FriendlyName="PowerShellShell 581" Hash="28C5E53DE197E872F7E4772BF40F728F56FE3ACC"/>
<Deny ID="ID_DENY_D_582" FriendlyName="PowerShellShell 582" Hash="3493DAEC6EC03E56ECC4A15432C750735F75F9CB38D8779C7783B4DA956BF037"/>
<Deny ID="ID_DENY_D_585" FriendlyName="PowerShellShell 585" Hash="DBB5A6F5388C574A3B5B63E65F7810AB271E9A77"/>
<Deny ID="ID_DENY_D_586" FriendlyName="PowerShellShell 586" Hash="6DB24D174CCF06C9138B5A9320AE4261CA0CF305357DEF1B7054DD84758E92AB"/>
<Deny ID="ID_DENY_D_587" FriendlyName="PowerShellShell 587" Hash="757626CF5D444F5A4AF79EDE38E9EF65FA2C9802"/>
<Deny ID="ID_DENY_D_588" FriendlyName="PowerShellShell 588" Hash="1E17D036EBB5E82BF2FD5BDC3ABAB08B5EA9E4504D989D2BAAAA0B6047988996"/>
<Deny ID="ID_DENY_D_589" FriendlyName="PowerShellShell 589" Hash="2965DC840B8F5F7ED2AEC979F21EADA664E3CB70"/>
<Deny ID="ID_DENY_D_590" FriendlyName="PowerShellShell 590" Hash="5449560095D020687C268BD34D9425E7A2739E1B9BFBC0886142519293E02B9D"/>
<Deny ID="ID_DENY_D_591" FriendlyName="PowerShellShell 591" Hash="BB47C1251866F87723A7EDEC9A01D3B955BAB846"/>
<Deny ID="ID_DENY_D_592" FriendlyName="PowerShellShell 592" Hash="B05F3BE23DE6AE2557D6661C6FE35E114E8A69B326A3C855023B7AC5CE9FC31B"/>
<Deny ID="ID_DENY_D_593" FriendlyName="PowerShellShell 593" Hash="2F3D30827E02D5FEF051E54C74ECA6AD4CC4BAD2"/>
<Deny ID="ID_DENY_D_594" FriendlyName="PowerShellShell 594" Hash="F074589A1FAA76A751B05AD61B968683134F3FFC10DE3077FBCEE4E263EAEB0D"/>
<Deny ID="ID_DENY_D_595" FriendlyName="PowerShellShell 595" Hash="10096BD0A359142A13F2B8023A341C79A4A97975"/>
<Deny ID="ID_DENY_D_596" FriendlyName="PowerShellShell 596" Hash="A271D72CDE48F69EB694B753BF9417CD6A72F7DA06C52E47BAB40EC2BD9DD819"/>
<Deny ID="ID_DENY_D_597" FriendlyName="PowerShellShell 597" Hash="F8E803E1623BA66EA2EE0751A648834130B8BE5D"/>
<Deny ID="ID_DENY_D_598" FriendlyName="PowerShellShell 598" Hash="E70DB033B773FE01B1D4464CAC112AF41C09E75D25FEA25AE8DAE67ED941E797"/>
<Deny ID="ID_DENY_D_599" FriendlyName="PowerShellShell 599" Hash="665BE52329F9CECEC1CD548A1B4924C9B1F79BD8"/>
<Deny ID="ID_DENY_D_600" FriendlyName="PowerShellShell 600" Hash="24CC5B946D9469A39CF892DD4E92117E0E144DC7C6FAA65E71643DEAB87B2A91"/>
<Deny ID="ID_DENY_D_601" FriendlyName="PowerShellShell 601" Hash="C4627F2CF69A8575D7BF7065ADF5354D96707DFD"/>
<Deny ID="ID_DENY_D_602" FriendlyName="PowerShellShell 602" Hash="7F1DF759C050E0EF4F9F96FF43904B418C674D4830FE61818B60CC68629F5ABA"/>
<Deny ID="ID_DENY_D_603" FriendlyName="PowerShellShell 603" Hash="4126DD5947E63DB50AD5C135AC39856B6ED4BF33"/>
<Deny ID="ID_DENY_D_604" FriendlyName="PowerShellShell 604" Hash="B38E1198F82E7C2B3123984C017417F2A48BDFF5B6DBAD20B2438D7B65F6E39F"/>
<Deny ID="ID_DENY_D_605" FriendlyName="PowerShellShell 605" Hash="DE16A6B93178B6C6FC33FBF3E9A86CFF070DA6D3"/>
<Deny ID="ID_DENY_D_606" FriendlyName="PowerShellShell 606" Hash="A3EF9A95D1E859958DEBE44C033B4562EBB9B4C6E32005CA5C07B2E07A42E2BE"/>
<!-- pubprn.vbs
-->
@ -815,6 +839,8 @@ Microsoft recommends that you block the following Microsoft-signed applications
<FileRuleRef RuleID="ID_DENY_PWRSHLCUSTOMHOST"/>
<FileRuleRef RuleID="ID_DENY_TEXTTRANSFORM"/>
<FileRuleRef RuleID="ID_DENY_WMIC"/>
<FileRuleRef RuleID="ID_DENY_MWFC" />
<FileRuleRef RuleID="ID_DENY_WFC" />
<FileRuleRef RuleID="ID_DENY_D_1"/>
<FileRuleRef RuleID="ID_DENY_D_2"/>
<FileRuleRef RuleID="ID_DENY_D_3"/>
@ -1399,6 +1425,28 @@ Microsoft recommends that you block the following Microsoft-signed applications
<FileRuleRef RuleID="ID_DENY_D_582"/>
<FileRuleRef RuleID="ID_DENY_D_583"/>
<FileRuleRef RuleID="ID_DENY_D_584"/>
<FileRuleRef RuleID="ID_DENY_D_585"/>
<FileRuleRef RuleID="ID_DENY_D_586"/>
<FileRuleRef RuleID="ID_DENY_D_587"/>
<FileRuleRef RuleID="ID_DENY_D_588"/>
<FileRuleRef RuleID="ID_DENY_D_589"/>
<FileRuleRef RuleID="ID_DENY_D_590"/>
<FileRuleRef RuleID="ID_DENY_D_591"/>
<FileRuleRef RuleID="ID_DENY_D_592"/>
<FileRuleRef RuleID="ID_DENY_D_593"/>
<FileRuleRef RuleID="ID_DENY_D_594"/>
<FileRuleRef RuleID="ID_DENY_D_595"/>
<FileRuleRef RuleID="ID_DENY_D_596"/>
<FileRuleRef RuleID="ID_DENY_D_597"/>
<FileRuleRef RuleID="ID_DENY_D_598"/>
<FileRuleRef RuleID="ID_DENY_D_599"/>
<FileRuleRef RuleID="ID_DENY_D_600"/>
<FileRuleRef RuleID="ID_DENY_D_601"/>
<FileRuleRef RuleID="ID_DENY_D_602"/>
<FileRuleRef RuleID="ID_DENY_D_603"/>
<FileRuleRef RuleID="ID_DENY_D_604"/>
<FileRuleRef RuleID="ID_DENY_D_605"/>
<FileRuleRef RuleID="ID_DENY_D_606"/>
</FileRulesRef>
</ProductSigners>
</SigningScenario>