From d19f039c5099ba48a556f5c9ab267896be550729 Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 4 Dec 2023 22:05:25 -0700 Subject: [PATCH] Disable3DAPIs Signed-off-by: Tommy --- Linux/managed.json | 1 + README.md | 4 +++- macOS/Managed Preferences/com.microsoft.Edge.plist | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Linux/managed.json b/Linux/managed.json index 7dd52e8..e65ae29 100644 --- a/Linux/managed.json +++ b/Linux/managed.json @@ -56,6 +56,7 @@ "ConfigureDoNotTrack": true, "DefaultShareAdditionalOSRegionSetting": 2, "DiagnosticData": 0, + "Disable3DAPIs": true, "Edge3PSerpTelemetryEnabled": false, "EdgeCollectionsEnabled": false, "EdgeEDropEnabled": false, diff --git a/README.md b/README.md index 2fc2306..e5f9db2 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,15 @@ For corporate environments, you will need make approprieate changes, including b - Set `DefaultWebUsbGuardSetting` to "Block". In most cases, the websites will never need to use this API. I need it to flash GrapheneOS and StockOS on my phones. - Set `DefaultJavaScriptJitSetting` to "Block". This will prevent users from adding exceptions to Enhanced Security Mode. - Further restrict permissions that websites can prompt for. -- Consider enabling `Disable3DAPIs`. This will break sites that depend on WebGL, so whether to do this highly depends on your organization. +- Consider removing the `Disable3DAPIs` policy. Currently, WebGL is disabled in my policies and a few sites will break, so whether to do this highly depends on your organization. - Consider mandating that `SmartScreenEnabled` is set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings. ## Linux The mandatory prolicies should be put in `/etc/opt/edge/policies/managed/managed.json`, and the recommended policies should be put in `/etc/opt/edge/policies/recommended/recommended.json` +The + ## macOS The mandatory prolicies should be put in `/Library/Managed Preferences/com.microsoft.Edge.plist`, and the recommended policies should be put in `/Library/Preferences/com.microsoft.Edge.plist` diff --git a/macOS/Managed Preferences/com.microsoft.Edge.plist b/macOS/Managed Preferences/com.microsoft.Edge.plist index 979642f..c64e9f0 100644 --- a/macOS/Managed Preferences/com.microsoft.Edge.plist +++ b/macOS/Managed Preferences/com.microsoft.Edge.plist @@ -120,6 +120,8 @@ 2 DiagnosticData 0 + Disable3DAPIs + Edge3PSerpTelemetryEnabled EdgeCollectionsEnabled