1
0
mirror of https://github.com/TommyTran732/Microsoft-Edge-Policies synced 2024-11-21 18:01:34 -05:00

Update README

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2023-12-03 23:44:17 -07:00
parent 35c2513583
commit 87019b7fe6
No known key found for this signature in database
GPG Key ID: D30DEC268D3FEB17

View File

@ -5,11 +5,12 @@ These policies are written with personal use in mind, so that I can configure Mi
Smartscreen is left as recommended to be be off, as it sends the FULL URLs of what are being visted to Microsoft. I decide whether to use it or not depending on the actual system that I am using.
For corporate environments, you will need make approprieate changes, including but not limited to:
- Disabling `DeveloperToolsAvailability`. Users can be tricked into running malicious code in the browser console otherwise.
- Setting `DefaultWebUsbGuardSetting` to "Block". In most cases, the websites will never need to use this API. I need it to flash GrapheneOS and StockOS on my phones.
- Setting `DefaultJavaScriptJitSetting` to "Block". This will prevent users from adding exceptions to Enhanced Security Mode.
- Further restricting permissions that websites can prompt for.
- Madating that `SmartScreenEnabled` is set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings.
- Disable `DeveloperToolsAvailability`. Users can be tricked into running malicious code in the browser console otherwise.
- Set `DefaultWebUsbGuardSetting` to "Block". In most cases, the websites will never need to use this API. I need it to flash GrapheneOS and StockOS on my phones.
- Set `DefaultJavaScriptJitSetting` to "Block". This will prevent users from adding exceptions to Enhanced Security Mode.
- Further restrict permissions that websites can prompt for.
- Consider enabling `Disable3DAPIs`. This will break sites that depend on WebGL, so whether to do this highly depends on your organization.
- Consider mandating that `SmartScreenEnabled` is set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings.
## Linux