Scribd
Upload
69 views44 pages

Windows 10 1803 To 1809 New Settings

The document outlines various policy settings for Windows and Microsoft Edge, detailing their scopes, paths, and supported versions. It includes settings for user interface customization, security features, data collection, and application behavior. Each policy setting specifies its function and the conditions under which it applies, particularly in relation to Windows Server and Windows 10 versions.

Uploaded by

Sunil G
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
69 views44 pages

Windows 10 1803 To 1809 New Settings

The document outlines various policy settings for Windows and Microsoft Edge, detailing their scopes, paths, and supported versions. It includes settings for user interface customization, security features, data collection, and application behavior. Each policy setting specifies its function and the conditions under which it applies, particularly in relation to Windows Server and Windows 10 versions.

Uploaded by

Sunil G
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 44

Scope Policy Path

Computer Network\Windows Connection Manager


Computer Start Menu and Taskbar
Computer Start Menu and Taskbar
Computer Start Menu and Taskbar
Computer Start Menu and Taskbar
Computer System\Kernel DMA Protection
Computer System\OS Policies
Computer System\OS Policies
Computer Windows Components\Data Collection and Preview Builds
Computer Windows Components\Data Collection and Preview Builds
Computer Windows Components\Data Collection and Preview Builds
Computer Windows Components\Data Collection and Preview Builds
Computer Windows Components\Delivery Optimization
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\Microsoft Edge
Computer Windows Components\OOBE
Computer Windows Components\Windows Defender Antivirus
Computer Windows Components\Windows Defender Antivirus\Scan
Computer Windows Components\Windows Defender Application Guard
Computer Windows Components\Windows Defender Application Guard
Computer Windows Components\Windows Defender Application Guard
Computer Windows Components\Windows Defender Application Guard
Computer Windows Components\Windows Hello for Business
Computer Windows Components\Windows Security\Device security
Computer Windows Components\Windows Security\Device security
Computer Windows Components\Windows Security\Systray
Computer Windows Components\Windows Update
Computer Windows Components\Windows Update
User Control Panel
User Start Menu and Taskbar
User Windows Components\Data Collection and Preview Builds
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\OOBE
Policy Setting Name
Enable Windows to soft-disconnect a computer from a network
Do not keep history of recently opened documents
Force Start to be either full screen size or menu size
Remove All Programs list from the Start menu
Remove frequent programs list from the Start Menu
Enumeration policy for external devices incompatible with Kernel DMA Protection
Allow Clipboard History
Allow Clipboard synchronization across devices
Configure collection of browsing data for Microsoft 365 Analytics
Configure Microsoft 365 Update Readiness upload endpoint
Disable deleting diagnostic data
Disable diagnostic data viewer.
[Reserved for future use] Cache Server Hostname
Allow FullScreen Mode
Allow Microsoft Edge to pre-launch at Windows startup when the system is idle and each time Microsoft Edge is closed
Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
Allow printing
Allow Saving History
Allow Sideloading of extension
Configure Favorites Bar
Configure Home Button
Configure kiosk mode
Configure kiosk reset after idle timeout
Configure Open Microsoft Edge With
Prevent certificate error overrides
Prevent turning off required extensions
Set Home Button URL
Set New Tab page URL
Unlock Home Button
Don't launch privacy settings experience on user logon
Configure detection for potentially unwanted applications
Configure low CPU priority for scheduled scans
Allow camera and microphone access in Windows Defender Application Guard
Allow users to trust files that open in Windows Defender Application Guard
Allow Windows Defender Application Guard to use Root Certificate Authorities from the user’s device
Configure additional sources for untrusted files in Windows Defender Application Guard.
Use Windows Hello for Business certificates as smart card certificates
Disable the Clear TPM button
Hide the TPM Firmware Update recommendation.
Hide Windows Security Systray
Display options for update notifications
Remove access to "Pause updates" feature
Settings Page Visibility
Remove "Recently added" list from Start Menu
Configure collection of browsing data for Microsoft 365 Analytics
Allow FullScreen Mode
Allow Microsoft Edge to pre-launch at Windows startup when the system is idle and each time Microsoft Edge is closed
Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
Allow printing
Allow Saving History
Allow Sideloading of extension
Configure Favorites Bar
Configure Home Button
Configure kiosk mode
Configure kiosk reset after idle timeout
Configure Open Microsoft Edge With
Prevent certificate error overrides
Prevent turning off required extensions
Set Home Button URL
Set New Tab page URL
Unlock Home Button
Don't launch privacy settings experience on user logon
HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fSoftDisconnectConnections
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsHistory
HKLM\Software\Policies\Microsoft\Windows\Explorer!ForceStartSize
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMorePrograms
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMFUprogramsList
HKLM\Software\Policies\Microsoft\Windows\Kernel DMA Protection!DeviceEnumerationPolicy
HKLM\Software\Policies\Microsoft\Windows\System!AllowClipboardHistory
HKLM\Software\Policies\Microsoft\Windows\System!AllowCrossDeviceClipboard
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection!MicrosoftEdgeDataOptIn
HKLM\Software\Policies\Microsoft\Windows\DataCollection!ConfigureMicrosoft365UploadEndpoint
HKLM\Software\Policies\Microsoft\Windows\DataCollection!DisableDeviceDelete
HKLM\Software\Policies\Microsoft\Windows\DataCollection!DisableDiagnosticDataViewer
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOCacheHost
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowFullScreenMode
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowPrelaunch
HKLM\Software\Policies\Microsoft\MicrosoftEdge\TabPreloader!AllowTabPreloading
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowPrinting
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowSavingHistory
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions!AllowSideloadingOfExtensions
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!ConfigureFavoritesBar
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!ConfigureHomeButton
HKLM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode!ConfigureKioskMode; HKLM\Software\Policies\Microsoft\Micr
HKLM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode!ConfigureKioskResetAfterIdleTimeout; HKLM\Software\Policies
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!ConfigureOpenMicrosoftEdgeWith
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!PreventCertErrorOverrides
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions!PreventTurningOffRequiredExtensions
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!HomeButtonURL
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!NewTabPageURL
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!UnlockHomeButton
HKLM\Software\Policies\Microsoft\Windows\OOBE!DisablePrivacyExperience
HKLM\Software\Policies\Microsoft\Windows Defender!PUAProtection; HKLM\Software\Policies\Microsoft\Windows Defende
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LowCpuPriority
HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!AllowCameraMicrophoneRedirection
HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!FileTrustCriteria
HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!CertificateThumbprints HKLM\SOFTWARE\Policies\Microsoft\AppHVSI
HKLM\SOFTWARE\Policies\Microsoft\AppHVSI\FileTrustOrigin HKLM\SOFTWARE\Policies\Microsoft\AppHVSI\FileTrustOrigin!
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork!UseHelloCertificatesAsSmartCardCertificates
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security!DisableClearTpmButton
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security!DisableTpmFirmwareUpdateWarnin
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray!HideSystray
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetUpdateNotificationLevel; HKLM\Software\Policies\Microso
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetDisablePauseUXAccess
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SettingsPageVisibility
HKCU\Software\Policies\Microsoft\Windows\Explorer!HideRecentlyAddedApps
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection!MicrosoftEdgeDataOptIn
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowFullScreenMode
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowPrelaunch
HKCU\Software\Policies\Microsoft\MicrosoftEdge\TabPreloader!AllowTabPreloading
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowPrinting
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowSavingHistory
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Extensions!AllowSideloadingOfExtensions
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!ConfigureFavoritesBar
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!ConfigureHomeButton
HKCU\Software\Policies\Microsoft\MicrosoftEdge\KioskMode!ConfigureKioskMode; HKCU\Software\Policies\Microsoft\Micro
HKCU\Software\Policies\Microsoft\MicrosoftEdge\KioskMode!ConfigureKioskResetAfterIdleTimeout; HKCU\Software\Policies
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!ConfigureOpenMicrosoftEdgeWith
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!PreventCertErrorOverrides
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Extensions!PreventTurningOffRequiredExtensions
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!HomeButtonURL
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!NewTabPageURL
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!UnlockHomeButton
HKCU\Software\Policies\Microsoft\Windows\OOBE!DisablePrivacyExperience
Supported On
At least Windows Server 2016 Windows 10 Version 1709
At least Windows 2000
At least Windows Server 2016 or Windows 10
At least Windows Server 2016 Windows 10
Windows Server 2008 Windows Server 2003 Windows 7 Windows Vista Windows XP and Windows 10
At least Windows Server 2016 Windows 10
At least Windows Server 2016 Windows 10
At least Windows Server 2016 Windows 10
Microsoft Edge on Windows 10 Version 1803 or later
At least Windows Server 2016 Windows 10 Version 1809
At least Windows Server 2016 Windows 10 Version 1809
At least Windows Server 2016 Windows 10 Version 1809
At least Windows Server 2016 Windows 10
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1803 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
At least Windows Server 2016 Windows 10 Version 1809
At least Windows Server 2016 Windows 10 Version 1607
At least Windows Server 2016 Windows 10 Version 1809
At least Windows 10 Enterprise
At least Windows 10 Enterprise
At least Windows 10 Enterprise
At least Windows 10 Enterprise
At least Windows 10
At least Windows Server 2016 Windows 10 Version 1809
At least Windows Server 2016 Windows 10 Version 1809
At least Windows Server 2016 Windows 10 Version 1809
At least Windows Server 2016 or Windows 10
At least Windows Server 2016 Windows 10 Version 1809
At least Windows Server 2016 Windows 10 Version 1703
At least Windows Server 2016 Windows 10 Version 1803
Microsoft Edge on Windows 10 Version 1803 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1803 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
Microsoft Edge on Windows 10 Version 1809 or later
At least Windows Server 2016 Windows 10 Version 1809
This policy setting determines whether Windows will soft-disconnect a computer from a network. If this policy setting is ena
Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.I
If you enable this policy and set it to Start menu or full screen Start Start will be that size and users will be unable to change th
If you enable this setting the Start Menu will either collapse or remove the all apps list from the Start menu.Selecting "Collapse
If you enable this setting the frequently used programs list is removed from the Start menu.If you disable this setting or do not
Enumeration policy for external DMA-capable devices incompatible with DMA remapping. This policy only takes effect when K
This policy setting determines whether history of Clipboard contents can be stored in memory. If you enable this
This policy setting determines whether Clipboard contents can be synchronized across devices. If you enable this
You can configure Microsoft Edge to send intranet history only internet history only or both to Microsoft 365 Analytics for ente
This policy sets the upload endpoint for this device’s diagnostic data as part of the Microsoft 365 Update Readiness p
This policy setting controls whether the Delete diagnostic data button is enabled in Diagnostic & Feedback Settings page.
This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feed
[Reserved for future use]
With this policy you can specify whether to allow full-screen mode which shows only the web content and hides the Microsoft
This policy setting lets you decide whether Microsoft Edge can pre-launch during Windows sign in when the system is idle and
This policy setting lets you decide whether Microsoft Edge can load the Start and New Tab page during Windows sign in and ea
With this policy you can restrict whether printing web content in Microsoft Edge is allowed.If enabled printing is allowed.If dis
Microsoft Edge saves your user's browsing history which is made up of info about the websites they visit on their devices.If en
Sideloading installs and runs unverified extensions in Microsoft Edge. With this policy you can specify whether unverified exte
The favorites bar shows your user's links to sites they have added to it. With this policy you can specify whether to set the favo
The Home button loads either the default Start page the New tab page or a URL defined in the Set Home Button URL policy.By
Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access either as a single app or as on
You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset ti
You can configure Microsoft Edge to lock down the Start page preventing users from changing or customizing it.If enabled you
Web security certificates are used to ensure a site your users go to is legitimate and in some circumstances encrypts the data.
You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any availa
The home button can be configured to load a custom URL when your user clicks the home button.If enabled or configured and
You can set the default New Tab page URL in Microsoft Edge. Enabling this policy prevents your users from changing the New
By default when enabling Configure Home Button or Set Home Button URL the home button is locked down to prevent your u
When logging into a new user account for the first time or after an upgrade in some scenarios that user may be presented wit
Enable or disable detection for potentially unwanted applications. You can choose to block audit or allow when potentiall
This policy setting allows you to enable or disable low CPU priority for scheduled scans. If you enable this setting low C
The policy allows you to determine whether applications inside Windows Defender Application Guard can access the deviceâ€
This policy setting allows you to configure required actions and validations that enable users to trust files that open in Applicati
This policy setting allows certain Root Certificates to be shared with the Windows Defender Application Guard container.If yo
This policy setting allows you to configure additional sources for untrusted files.If you enable this setting you must select one o
If you enable this policy setting applications use Windows Hello for Business certificates as smart card certificates. Biometric fa
Disable the Clear TPM button in Windows Security. Enabled: The Clear TPM button will be unavailable for use.
Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. Enabled: Users will n
This policy setting hides the Windows Security notification area control. The user needs to either sign out and sign in o
0 (default) – Use the default Windows Update notifications1 – Turn off all notifications excluding restart warnings2 – Tu
This setting allows to remove access to "Pause updates" feature.Once enabled user access to pause updates is removed.
Specifies the list of pages to show or hide from the System Settings app.This policy allows an administrator to block a given set
This policy allows you to prevent the Start Menu from displaying a list of recently installed applications.If you enable this polic
You can configure Microsoft Edge to send intranet history only internet history only or both to Microsoft 365 Analytics for ente
With this policy you can specify whether to allow full-screen mode which shows only the web content and hides the Microsoft
This policy setting lets you decide whether Microsoft Edge can pre-launch during Windows sign in when the system is idle and
This policy setting lets you decide whether Microsoft Edge can load the Start and New Tab page during Windows sign in and ea
With this policy you can restrict whether printing web content in Microsoft Edge is allowed.If enabled printing is allowed.If dis
Microsoft Edge saves your user's browsing history which is made up of info about the websites they visit on their devices.If en
Sideloading installs and runs unverified extensions in Microsoft Edge. With this policy you can specify whether unverified exte
The favorites bar shows your user's links to sites they have added to it. With this policy you can specify whether to set the favo
The Home button loads either the default Start page the New tab page or a URL defined in the Set Home Button URL policy.By
Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access either as a single app or as on
You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset ti
You can configure Microsoft Edge to lock down the Start page preventing users from changing or customizing it.If enabled you
Web security certificates are used to ensure a site your users go to is legitimate and in some circumstances encrypts the data.
You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any availa
The home button can be configured to load a custom URL when your user clicks the home button.If enabled or configured and
You can set the default New Tab page URL in Microsoft Edge. Enabling this policy prevents your users from changing the New
By default when enabling Configure Home Button or Set Home Button URL the home button is locked down to prevent your u
When logging into a new user account for the first time or after an upgrade in some scenarios that user may be presented wit
y setting is disabled Windows will disconnect a computer from a network immediately when it determines that the computer should no lo
ocument shortcuts. The system empties the Recent Items menu on the Start menu and Windows programs do not display shortcuts at the
hange the size of Start in Settings.
n Start" in Settings to Off.Selecting "Collapse and disable setting" will do the same as the collapse option and disable the "Show app list in

hange takes effect immediately.


tting Clipboard contents cannot be shared to other devices. Policy change takes effect immediately.
icrosoft Edge on Windows 10 version 1809Default setting: Disabled or not configured (no data collected or sent)
he value for this setting will be provided by Microsoft as part of the onboarding process for the program.
evice. If you disable or don't configure this policy setting the Delete diagnostic data button will be enabled in Settings page which allo
collected by Microsoft from the device. If you disable or don't configure this policy setting the Diagnostic Data Viewer will be enable

de is unavailable for use in Microsoft Edge.


s during Windows sign in when the system is idle and each time Microsoft Edge is closed; minimizing the amount of time required to start
and New Tab page during Windows sign in and each time Microsoft Edge is closed; minimizing the amount of time required to start up Mi

story exists before this policy was disabled the previous browsing history remains visible in the History pane. This policy when disabled do
ions in Microsoft Edge is not allowed. Extensions can be installed only through Microsoft store (including a store for business) enterprise s
your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages s
m making changes in Microsoft Edge's UI settings. To let your users change the Microsoft Edge UI settings enable the Unlock Home Button
Edge.You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise these settings are ignored. To learn m
-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to
Start Pages policy.- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages po
disabled or not configured overriding certificate errors are allowed.
extensions defined in this policy such as allow for InPrivate browsing. Any additional permissions requested by future updates of the exte
g: Blank or not configuredRelated policy: Configure Home Button
bled you can set the default New Tab page URL.If disabled or not configured the default Microsoft Edge new tab page is used.Default setti
L are enabled.If enabled the UI settings for the home button are enabled allowing your users to make changes including hiding and showin
d the privacy experience will not launch for newly-created user accounts or for accounts that would have been prompted to choose their p
software will be blocked. -Audit Mode: Potentially unwanted software will not be blocked however if this feature would have blocked

o access the camera and microphone on the user’s device.If you disable or don't configure this policy applications inside Windows Def
t files: Users will not be given the option to trust files.1. Allow users to manually trust files: Users can open UI in Windows that enables the
arate the thumbprints for each certificate you want to transfer.If you disable or don’t configure this setting certificates are not shared w
ned or copied from network shares will always open in Windows Defender Application Guard. If you want to explicitly trust a network loca
ively on smart card certificates.If you disable or do not configure this policy setting applications do not use Windows Hello for Business cer

system contains a TPM with vulnerable firmware. Not configured: Same as Disabled.
a control will be shown. Not configured: Same as Disabled.
s are downloaded and installed.Important! If you choose not to get update notifications and also define the policy “Configure Automati

o a blocked page via URI context menu in Explorer or other means will result in the front page of Settings being shown instead.This policy h

icrosoft Edge on Windows 10 version 1809Default setting: Disabled or not configured (no data collected or sent)
de is unavailable for use in Microsoft Edge.
s during Windows sign in when the system is idle and each time Microsoft Edge is closed; minimizing the amount of time required to start
and New Tab page during Windows sign in and each time Microsoft Edge is closed; minimizing the amount of time required to start up Mi

story exists before this policy was disabled the previous browsing history remains visible in the History pane. This policy when disabled do
ions in Microsoft Edge is not allowed. Extensions can be installed only through Microsoft store (including a store for business) enterprise s
your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages s
m making changes in Microsoft Edge's UI settings. To let your users change the Microsoft Edge UI settings enable the Unlock Home Button
Edge.You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise these settings are ignored. To learn m
-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to
Start Pages policy.- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages po
disabled or not configured overriding certificate errors are allowed.
extensions defined in this policy such as allow for InPrivate browsing. Any additional permissions requested by future updates of the exte
g: Blank or not configuredRelated policy: Configure Home Button
bled you can set the default New Tab page URL.If disabled or not configured the default Microsoft Edge new tab page is used.Default setti
L are enabled.If enabled the UI settings for the home button are enabled allowing your users to make changes including hiding and showin
d the privacy experience will not launch for newly-created user accounts or for accounts that would have been prompted to choose their p
hat the computer should no longer be connected to a network. When soft disconnect is enabled: - When Windows decides that the c
do not display shortcuts at the bottom of the File menu. In addition the Jump Lists off of programs in the Start Menu and Taskbar do not sh

d disable the "Show app list in Start menu" in Settings so users cannot turn it to On.Selecting "Remove and disable setting" will remove the

bled in Settings page which allows people to erase all diagnostic data collected by Microsoft from that device.
tic Data Viewer will be enabled in Settings page.

ount of time required to start up Microsoft Edge.If you prevent pre-launch Microsoft Edge won’t pre-launch during Windows sign in wh
of time required to start up Microsoft Edge and to start a new tab.If you prevent preloading Microsoft Edge won’t load the Start or New

. This policy when disabled does not stop roaming of existing history or history coming from other roamed devices.
tore for business) enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage). When disabled this policy does
t your organization manages some settings. The show bar/hide bar option is hidden from the context menu.If disabled the favorites bar is
able the Unlock Home Button policy.If Enabled AND:- Show home button & set to Start page is selected clicking the home button loads th
settings are ignored. To learn more about assigned access and kiosk configuration see “Configure kiosk and shared devices running Win
as a single app for this policy to work. Once the idle time meets the time specified a confirmation message prompts the user to continue an
g the Configure Start Pages policy.- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected you m

by future updates of the extension gets granted automatically.When you enable this policy you must provide a semi-colon delimited list o

tab page is used.Default setting: Disabled or not configuredRelated policy: Allow web content on New Tab page
es including hiding and showing the home button as well as configuring a custom URL.If disabled or not configured the UI settings for the h
en prompted to choose their privacy settings after an upgrade.If this policy is disabled or not configured then the privacy experience may l
is feature would have blocked access if it were set to Block then a record of the event will be in the event logs. Disabled: Potential

plications inside Windows Defender Application Guard will be unable to access the camera and microphone on the user’s device.Impo
I in Windows that enables them to explicitly trust selected files.2. Allow users to manually trust after an antivirus check: Users can open U
ng certificates are not shared with the Windows Defender Application Guard container.Example: b4e72779a8a362c860c36a6461f31e3aa
o explicitly trust a network location and prevent files from that location from opening in Application Guard use one of the Network Isolatio
Windows Hello for Business certificates as smart card certificates and biometric factors are available when a user is asked to authorize the u

policy “Configure Automatic Updates” so that devices aren’t automatically getting updates neither you nor device users will be a

ng shown instead.This policy has two modes: it can either specify a list of settings pages to show or a list of pages to hide. To specify a list

ount of time required to start up Microsoft Edge.If you prevent pre-launch Microsoft Edge won’t pre-launch during Windows sign in wh
of time required to start up Microsoft Edge and to start a new tab.If you prevent preloading Microsoft Edge won’t load the Start or New

. This policy when disabled does not stop roaming of existing history or history coming from other roamed devices.
tore for business) enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage). When disabled this policy does
t your organization manages some settings. The show bar/hide bar option is hidden from the context menu.If disabled the favorites bar is
able the Unlock Home Button policy.If Enabled AND:- Show home button & set to Start page is selected clicking the home button loads th
settings are ignored. To learn more about assigned access and kiosk configuration see “Configure kiosk and shared devices running Win
as a single app for this policy to work. Once the idle time meets the time specified a confirmation message prompts the user to continue an
g the Configure Start Pages policy.- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected you m

by future updates of the extension gets granted automatically.When you enable this policy you must provide a semi-colon delimited list o

tab page is used.Default setting: Disabled or not configuredRelated policy: Allow web content on New Tab page
es including hiding and showing the home button as well as configuring a custom URL.If disabled or not configured the UI settings for the h
en prompted to choose their privacy settings after an upgrade.If this policy is disabled or not configured then the privacy experience may l
en Windows decides that the computer should no longer be connected to a network it waits for traffic to settle on that network. The existi
rt Menu and Taskbar do not show lists of recently or frequently used files folders or websites.If you disable or do not configure this setting

isable setting" will remove the all apps list from Start and disable the "Show app list in Start menu" in Settings so users cannot turn it to On

nch during Windows sign in when the system is idle or each time Microsoft Edge is closed.
won’t load the Start or New Tab page during Windows sign in and each time Microsoft Edge is closed.

When disabled this policy does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this in Group Pol
If disabled the favorites bar is hidden and the favorites bar toggle resets to Off but disabled preventing your users from making changes. A
king the home button loads the Start page.- Show home button & set to New tab page is selected clicking the home button loads a New ta
nd shared devices running Windows desktop editions” (https://aka.ms/E489vw).If enabled and set to 0 (Default or not configured):- If it
rompts the user to continue and if no user action Microsoft Edge resets after 30 seconds.If you set this policy to 0 Microsoft Edge does not
policy load(s). If selected you must specify at least one URL in Configure Start Pages; otherwise this policy is ignored.When enabled and yo

de a semi-colon delimited list of extension package family names (PFNs). For example adding Microsoft.OneNoteWebClipper_8wekyb3d8b

figured the UI settings for the home button are disabled preventing your users from making changes.Default setting: Disabled or not config
n the privacy experience may launch for newly-created user accounts or for accounts that should be prompted to choose their privacy setti
gs. Disabled: Potentially unwanted software will not be blocked. Not configured: Same as Disabled.

on the user’s device.Important: If you turn on this policy a compromised container could bypass camera and microphone permissions
virus check: Users can open UI in Windows that enables them to explicitly trust selected files. The files are trusted only after they are clea
a8a362c860c36a6461f31e3aa7e58c141b1d49f06d2a697a544a1059bd59a7b058cda924
se one of the Network Isolation policies.3. Files with Mark of the Web (MotW): Files stamped with MotW will always open in Windows De
user is asked to authorize the use of the certificate's private key.This policy setting is incompatible with Windows Hello for Business creden

you nor device users will be aware of critical security quality or feature updates and your devices may be at risk.

pages to hide. To specify a list of pages to show the policy string must begin with "showonly:" (without quotes) and to specify a list of page

nch during Windows sign in when the system is idle or each time Microsoft Edge is closed.
won’t load the Start or New Tab page during Windows sign in and each time Microsoft Edge is closed.

When disabled this policy does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this in Group Pol
If disabled the favorites bar is hidden and the favorites bar toggle resets to Off but disabled preventing your users from making changes. A
king the home button loads the Start page.- Show home button & set to New tab page is selected clicking the home button loads a New ta
nd shared devices running Windows desktop editions” (https://aka.ms/E489vw).If enabled and set to 0 (Default or not configured):- If it
rompts the user to continue and if no user action Microsoft Edge resets after 30 seconds.If you set this policy to 0 Microsoft Edge does not
policy load(s). If selected you must specify at least one URL in Configure Start Pages; otherwise this policy is ignored.When enabled and yo

de a semi-colon delimited list of extension package family names (PFNs). For example adding Microsoft.OneNoteWebClipper_8wekyb3d8b

figured the UI settings for the home button are disabled preventing your users from making changes.Default setting: Disabled or not config
n the privacy experience may launch for newly-created user accounts or for accounts that should be prompted to choose their privacy setti
ttle on that network. The existing TCP session will continue uninterrupted. - Windows then checks the traffic level on the network perio
or do not configure this setting the system will store and display shortcuts to recently and frequently used files folders and websites.Note:

gs so users cannot turn it to On. Select this option for compatibility with earlier versions of Windows.If you disable or do not configure this

l. To prevent this in Group Policy Editor enable Allows development of Windows Store apps and installing them from an integrated develo
users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some
e home button loads a New tab page.- Show home button & set a specific page is selected clicking the home button loads the URL specifie
efault or not configured):- If it’s a single app it runs InPrivate full screen for digital signage or interactive displays.- If it’s one of man
y to 0 Microsoft Edge does not use an idle timer.If disabled or not configured the default value is 5 minutes.If you do not configure Micros
ignored.When enabled and you want to make changes you must first set the Disable Lockdown of Start Pages to not configured make the

NoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper a

setting: Disabled or not configuredRelated policy:-Configure Home Button-Set Home Button URL
ed to choose their privacy settings after an upgrade.

and microphone permissions and access the camera and microphone without the user’s knowledge. To prevent unauthorized access
rusted only after they are cleared by the antivirus program that is installed on the user’s device. If you disable or don't configure this s

ll always open in Windows Defender Application Guard.If you disable or don't configure this setting only files downloaded from Applicatio
dows Hello for Business credentials provisioned when the "Turn off smart card emulation" is enabled.Windows requires a user to lock and

es) and to specify a list of pages to hide it must begin with "hide:". If a page in a showonly list would normally be hidden for other reasons
l. To prevent this in Group Policy Editor enable Allows development of Windows Store apps and installing them from an integrated develo
users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some
e home button loads a New tab page.- Show home button & set a specific page is selected clicking the home button loads the URL specifie
efault or not configured):- If it’s a single app it runs InPrivate full screen for digital signage or interactive displays.- If it’s one of man
y to 0 Microsoft Edge does not use an idle timer.If disabled or not configured the default value is 5 minutes.If you do not configure Micros
ignored.When enabled and you want to make changes you must first set the Disable Lockdown of Start Pages to not configured make the

NoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper a

setting: Disabled or not configuredRelated policy:-Configure Home Button-Set Home Button URL
ed to choose their privacy settings after an upgrade.
ffic level on the network periodically. If the traffic level is above a certain threshold no further action is taken. The computer stays connect
es folders and websites.Note: The system saves document shortcuts in the user profile in the System-drive\Users\User-name\Recent fold

isable or do not configure this setting the all apps list will be visible by default and the user can change "Show app list in Start" in Settings.

em from an integrated development environment (IDE) which is located at:Computer Configuration > Administrative Templates > Window
r organization manages some settings.If not configured the favorites bar is hidden but is visible on the Start and New Tab pages and the fa
button loads the URL specified in the Set Home Button URL policy.- Hide home button is selected the home button is hidden in Microsoft
displays.- If it’s one of many apps Microsoft Edge runs as normal.If enabled and set to 1:- If it’s a single app it runs a limited multi-ta
f you do not configure Microsoft Edge in assigned access then this policy does not take effect.
es to not configured make the changes to the Configure Open Microsoft Edge With policy and then enable the Disable Lockdown of Start P

off the OneNote Web Clipper and Office Online extension.When enabled removing extensions from the list does not uninstall the extensio

prevent unauthorized access we recommend that camera and microphone privacy settings be turned off on the user’s device when th
sable or don't configure this setting users will not be able to trust files that open in Application Guard.

s downloaded from Application Guard for Microsoft Edge will open in Application Guard for Microsoft Word Excel or PowerPoint.
ws requires a user to lock and unlock their session after changing this setting if the user is currently signed in.

y be hidden for other reasons (such as a missing hardware device) this policy will not force that page to appear. After this the policy string
em from an integrated development environment (IDE) which is located at:Computer Configuration > Administrative Templates > Window
r organization manages some settings.If not configured the favorites bar is hidden but is visible on the Start and New Tab pages and the fa
button loads the URL specified in the Set Home Button URL policy.- Hide home button is selected the home button is hidden in Microsoft
displays.- If it’s one of many apps Microsoft Edge runs as normal.If enabled and set to 1:- If it’s a single app it runs a limited multi-ta
f you do not configure Microsoft Edge in assigned access then this policy does not take effect.
es to not configured make the changes to the Configure Open Microsoft Edge With policy and then enable the Disable Lockdown of Start P

off the OneNote Web Clipper and Office Online extension.When enabled removing extensions from the list does not uninstall the extensio
n. The computer stays connected to the network and continues to use it. For example if the network connection is currently being used to
Users\User-name\Recent folder.Also see the "Remove Recent Items menu from Start Menu" and "Clear history of recently opened docum

w app list in Start" in Settings.

nistrative Templates > Windows Components > App Package DeploymentSupported versions: Microsoft Edge on Windows 10 version 1809
and New Tab pages and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes.
button is hidden in Microsoft Edge.Default setting: Disabled or not configuredRelated policies:- Set Home Button URL- Unlock Home Butto
le app it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize close or op

he Disable Lockdown of Start Pages policy.If disabled or not configured and you enable the Disable Lockdown of Start Pages policy your use

oes not uninstall the extension from the user’s computer automatically. To uninstall the extension use any available enterprise deploy

n the user’s device when they are not needed.

Excel or PowerPoint.

ear. After this the policy string must contain a semicolon-delimited list of settings page identifiers. The identifier for any given settings page
nistrative Templates > Windows Components > App Package DeploymentSupported versions: Microsoft Edge on Windows 10 version 1809
and New Tab pages and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes.
button is hidden in Microsoft Edge.Default setting: Disabled or not configuredRelated policies:- Set Home Button URL- Unlock Home Butto
le app it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize close or op

he Disable Lockdown of Start Pages policy.If disabled or not configured and you enable the Disable Lockdown of Start Pages policy your use

oes not uninstall the extension from the user’s computer automatically. To uninstall the extension use any available enterprise deploy
tion is currently being used to download files from the Internet the files will continue to be downloaded using that network connection.
ory of recently opened documents on exit" policies in this folder.If you enable this setting but do not enable the "Remove Recent Items m

e on Windows 10 version 1809Default setting: Disabled or not configuredRelated policies:- Allows development of Windows Store apps an
ake changes.
utton URL- Unlock Home Button
can’t minimize close or open windows or customize Microsoft Edge but can clear browsing data and downloads and restart by clicking

n of Start Pages policy your users can change or customize the Start page.Default setting: A specific page or pages (default)Related policies

ny available enterprise deployment channel.If you enable the Allow Developer Tools policy then this policy does not prevent users from de

fier for any given settings page is the published URI for that page minus the "ms-settings:" protocol part.Example: to specify that only the
e on Windows 10 version 1809Default setting: Disabled or not configuredRelated policies:- Allows development of Windows Store apps an
ake changes.
utton URL- Unlock Home Button
can’t minimize close or open windows or customize Microsoft Edge but can clear browsing data and downloads and restart by clicking

n of Start Pages policy your users can change or customize the Start page.Default setting: A specific page or pages (default)Related policies

ny available enterprise deployment channel.If you enable the Allow Developer Tools policy then this policy does not prevent users from de
ng that network connection. - When the network traffic drops below this threshold the computer will be disconnected from the network
the "Remove Recent Items menu from Start Menu" setting the Recent Items menu appears on the Start menu but it is empty.If you enab

ent of Windows Store apps and installing them from an integrated development environment (IDE)- Allow all trusted apps to install​

wnloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “

pages (default)Related policies:-Disable Lockdown of Start Pages-Configure Start Pages

does not prevent users from debugging and altering the logic on an extension.If disabled or not configured extensions defined as part of th

mple: to specify that only the About and Bluetooth pages should be shown (their respective URIs are ms-settings:about and ms-settings:bl
ent of Windows Store apps and installing them from an integrated development environment (IDE)- Allow all trusted apps to install​

wnloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “

pages (default)Related policies:-Disable Lockdown of Start Pages-Configure Start Pages

does not prevent users from debugging and altering the logic on an extension.If disabled or not configured extensions defined as part of th
isconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example email
nu but it is empty.If you enable this setting but then later disable it or set it to Not Configured the document shortcuts saved before the se

l trusted apps to install​

d of inactivity by using the “Configure kiosk reset after idle timeout” policy.- If it’s one of many apps it runs in a limited multi-tab

xtensions defined as part of this policy get ignored.Default setting: Disabled or not configuredRelated policies: Allow Developer ToolsRela

ttings:about and ms-settings:bluetooth) and all other pages hidden:showonly:about;bluetoothExample: to specify that only the Bluetooth p
l trusted apps to install​

d of inactivity by using the “Configure kiosk reset after idle timeout” policy.- If it’s one of many apps it runs in a limited multi-tab

xtensions defined as part of this policy get ignored.Default setting: Disabled or not configuredRelated policies: Allow Developer ToolsRela
ely using it (for example email apps) might lose their connection. If this happens these apps should re-establish their connection over a diff
t shortcuts saved before the setting was enabled reappear in the Recent Items menu and program File menus and Jump Lists.This setting d

ps it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize close and open multiple InPriv

es: Allow Developer ToolsRelated Documents:- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm

ecify that only the Bluetooth page (which has URI ms-settings:bluetooth) should be hidden:hide:bluetooth
ps it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize close and open multiple InPriv

es: Allow Developer ToolsRelated Documents:- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm
lish their connection over a different network. This policy setting depends on other group policy settings. For example if 'Minimize the n
us and Jump Lists.This setting does not hide or prevent the user from pinning files folders or websites to the Jump Lists. See the "Do not all

close and open multiple InPrivate windows but they can’t customize Microsoft Edge.

ocs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)- How to manage apps you purchased from the Microsoft


close and open multiple InPrivate windows but they can’t customize Microsoft Edge.

ocs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)- How to manage apps you purchased from the Microsoft


For example if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled Windows will not dis
Jump Lists. See the "Do not allow pinning items in Jump Lists" setting. This policy also does not hide Tasks that the application has provide

purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-busin
purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-busin
disabled Windows will not disconnect from any networks.
at the application has provided for their Jump List. This setting does not hide document shortcuts displayed in the Open dialog box. See th

tune/windows-store-for-business)- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-d


tune/windows-store-for-business)- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-d
in the Open dialog box. See the "Hide the dropdown list of recent files" setting.Note: It is a requirement for third-party applications with W

oft.com/en-us/intune/apps-deploy)- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (htt
oft.com/en-us/intune/apps-deploy)- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (htt
third-party applications with Windows 2000 or later certification to adhere to this setting.

r Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)


r Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
e-windows-store-for-business)- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/in
e-windows-store-for-business)- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/in
//docs.microsoft.com/en-us/intune/lob-apps-windows)
//docs.microsoft.com/en-us/intune/lob-apps-windows)

You might also like