This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Is this page helpful? Please rate your experience Yes No. Any additional feedback? Note Some security policy settings require that the device be restarted before the setting takes effect. Any change to the user rights assignment for an account becomes effective the next time the owner of the account logs on. Note If this security policy has not yet been defined, select the Define these policy settings check box.
Note If you want to configure security settings for many devices on your network, you can use the Group Policy Management Console.
Important Always test a newly created policy in a test organizational unit before you apply it to your network. When you change a security setting through a GPO and click OK , that setting will take effect the next time you refresh the settings.
Submit and view feedback for This product This page. Configure whether the Home button will be shown, and what should happen when it is selected. To configure this setting and also allow users to make changes to the Home button, see the UnlockHomeButton setting.
Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. Specify which pages should load when Microsoft Edge opens. Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab. Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge.
Specify whether users can access the about:flags page, which is used to change developer settings and to enable experimental features. Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites.
Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. Applies to Windows 10, version and earlier only. Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names. Specify a custom URL for the Home button. You should also enable the ConfigureHomeButton setting and select the Show the home button; clicking the home button loads a specific URL option.
Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list.
Specify whether organizations should use a folder shared across users to store books from the Books Library. Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. This setting disables the visibility of the credential provider that triggers the PC refresh on a device.
This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. Format is a semicolon delimited list. Last write win.
To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. Specify a list of file type extensions to ignore durinng a scan. Separate each file type in the list by using. Specify a list of directory paths to ignore during a scan. Separate each path in the list by using.
Specify a list of files opened by processes to ignore durinng a scan. Specify the interval in hours that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval.
Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. Allows you to delay the use of an HTTP source in a foreground interactive download that is allowed to use peer-to-peer. Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully.
Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size Specify any value between 1 and in percentage to allow the device to upload data to LAN and group peers while on battery power.
Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth.
Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
Turns on virtualization based security VBS at the next reboot. Specify whether the user must input a PIN or password when the device resumes from an idle state. Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. Specify whether PINs or passwords such as "" or "" are allowed. For the desktop, it also controls the use of picture passwords.
Specify the maximum amount of time in minutes allowed after the device is idle that will cause the device to become PIN or password locked. Specify the number of complex element types uppercase and lowercase letters, numbers, and punctuation required for a strong PIN or password. Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. Turn on experiences that are typically for consumers only, such as Start suggetions, membership notifications, post-OOBE app install, and redirect tiles.
List of exceptions to the blocked website URLs with wildcard support. List of blocked website URLs with wildcard support. This is used to configure blocked URLs kiosk browsers cannot navigate to.
Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state.
The default value is empty which means there is no idle timeout within the kiosk browser. Specify whether the Windows sign-in screen will show the username of the last person who signed in.
Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. Specify the period of inactivity before Windows transitions the system to hibernate while on battery. Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. Specify whether the user is prompted for a password when the system resumes from sleep while on battery.
Specify whether the user is prompted for a password when the system resumes from sleep while plugged in.
