mirror of
https://github.com/TommyTran732/Microsoft-Edge-Policies
synced 2024-11-24 19:01:33 -05:00
Compare commits
3 Commits
87019b7fe6
...
c9c3bae861
Author | SHA1 | Date | |
---|---|---|---|
c9c3bae861 | |||
8654a613a1 | |||
d19f039c50 |
@ -13,6 +13,14 @@
|
|||||||
"SpotlightExperiencesAndRecommendationsEnabled": false,
|
"SpotlightExperiencesAndRecommendationsEnabled": false,
|
||||||
"FeatureFlagOverridesControl": 1,
|
"FeatureFlagOverridesControl": 1,
|
||||||
"ExtensionInstallBlocklist": [ "*" ],
|
"ExtensionInstallBlocklist": [ "*" ],
|
||||||
|
"ExtensionSettings": {
|
||||||
|
"ddkjiahejlhfcafbddmgiahcphecmpfh": {
|
||||||
|
"installation_mode": "allowed",
|
||||||
|
"update_url": "https://clients2.google.com/service/update2/crx",
|
||||||
|
"override_update_url": true,
|
||||||
|
"sidebar_auto_open_blocked": true
|
||||||
|
}
|
||||||
|
},
|
||||||
"GamerModeEnabled": false,
|
"GamerModeEnabled": false,
|
||||||
"WindowsHelloForHTTPAuthEnabled": false,
|
"WindowsHelloForHTTPAuthEnabled": false,
|
||||||
"ImmersiveReaderGrammarToolsEnabled": false,
|
"ImmersiveReaderGrammarToolsEnabled": false,
|
||||||
@ -56,6 +64,7 @@
|
|||||||
"ConfigureDoNotTrack": true,
|
"ConfigureDoNotTrack": true,
|
||||||
"DefaultShareAdditionalOSRegionSetting": 2,
|
"DefaultShareAdditionalOSRegionSetting": 2,
|
||||||
"DiagnosticData": 0,
|
"DiagnosticData": 0,
|
||||||
|
"Disable3DAPIs": true,
|
||||||
"Edge3PSerpTelemetryEnabled": false,
|
"Edge3PSerpTelemetryEnabled": false,
|
||||||
"EdgeCollectionsEnabled": false,
|
"EdgeCollectionsEnabled": false,
|
||||||
"EdgeEDropEnabled": false,
|
"EdgeEDropEnabled": false,
|
||||||
|
@ -8,14 +8,17 @@ For corporate environments, you will need make approprieate changes, including b
|
|||||||
- Disable `DeveloperToolsAvailability`. Users can be tricked into running malicious code in the browser console otherwise.
|
- Disable `DeveloperToolsAvailability`. Users can be tricked into running malicious code in the browser console otherwise.
|
||||||
- Set `DefaultWebUsbGuardSetting` to "Block". In most cases, the websites will never need to use this API. I need it to flash GrapheneOS and StockOS on my phones.
|
- Set `DefaultWebUsbGuardSetting` to "Block". In most cases, the websites will never need to use this API. I need it to flash GrapheneOS and StockOS on my phones.
|
||||||
- Set `DefaultJavaScriptJitSetting` to "Block". This will prevent users from adding exceptions to Enhanced Security Mode.
|
- Set `DefaultJavaScriptJitSetting` to "Block". This will prevent users from adding exceptions to Enhanced Security Mode.
|
||||||
|
- Remove the uBlock Origin Lite extension whitelist. I am not aware of any way to block users from granting uBlock Origin Lite access to all content on a website, which is a security risk. If you know of a way to enforce that the extension runs permission-less, please let me know.
|
||||||
- Further restrict permissions that websites can prompt for.
|
- Further restrict permissions that websites can prompt for.
|
||||||
- Consider enabling `Disable3DAPIs`. This will break sites that depend on WebGL, so whether to do this highly depends on your organization.
|
- Consider removing the `Disable3DAPIs` policy. Currently, WebGL is disabled in my policies and a few sites will break, so whether to do this highly depends on your organization.
|
||||||
- Consider mandating that `SmartScreenEnabled` is set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings.
|
- Consider mandating that `SmartScreenEnabled` is set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings.
|
||||||
|
|
||||||
## Linux
|
## Linux
|
||||||
|
|
||||||
The mandatory prolicies should be put in `/etc/opt/edge/policies/managed/managed.json`, and the recommended policies should be put in `/etc/opt/edge/policies/recommended/recommended.json`
|
The mandatory prolicies should be put in `/etc/opt/edge/policies/managed/managed.json`, and the recommended policies should be put in `/etc/opt/edge/policies/recommended/recommended.json`
|
||||||
|
|
||||||
|
The
|
||||||
|
|
||||||
## macOS
|
## macOS
|
||||||
|
|
||||||
The mandatory prolicies should be put in `/Library/Managed Preferences/com.microsoft.Edge.plist`, and the recommended policies should be put in `/Library/Preferences/com.microsoft.Edge.plist`
|
The mandatory prolicies should be put in `/Library/Managed Preferences/com.microsoft.Edge.plist`, and the recommended policies should be put in `/Library/Preferences/com.microsoft.Edge.plist`
|
||||||
|
@ -34,6 +34,20 @@
|
|||||||
<array>
|
<array>
|
||||||
<string>*</string>
|
<string>*</string>
|
||||||
</array>
|
</array>
|
||||||
|
<key>ExtensionSettings</key>
|
||||||
|
<dict>
|
||||||
|
<key>ddkjiahejlhfcafbddmgiahcphecmpfh</key>
|
||||||
|
<dict>
|
||||||
|
<key>installation_mode</key>
|
||||||
|
<string>allowed</string>
|
||||||
|
<key>update_url</key>
|
||||||
|
<string>https://clients2.google.com/service/update2/crx</string>
|
||||||
|
<key>override_update_url</key>
|
||||||
|
<true />
|
||||||
|
<key>sidebar_auto_open_blocked</key>
|
||||||
|
<true />
|
||||||
|
</dict>
|
||||||
|
</dict>
|
||||||
<key>GamerModeEnabled</key>
|
<key>GamerModeEnabled</key>
|
||||||
<false />
|
<false />
|
||||||
<key>WindowsHelloForHTTPAuthEnabled</key>
|
<key>WindowsHelloForHTTPAuthEnabled</key>
|
||||||
@ -120,6 +134,8 @@
|
|||||||
<integer>2</integer>
|
<integer>2</integer>
|
||||||
<key>DiagnosticData</key>
|
<key>DiagnosticData</key>
|
||||||
<integer>0</integer>
|
<integer>0</integer>
|
||||||
|
<key>Disable3DAPIs</key>
|
||||||
|
<true />
|
||||||
<key>Edge3PSerpTelemetryEnabled</key>
|
<key>Edge3PSerpTelemetryEnabled</key>
|
||||||
<false />
|
<false />
|
||||||
<key>EdgeCollectionsEnabled</key>
|
<key>EdgeCollectionsEnabled</key>
|
||||||
|
Loading…
Reference in New Issue
Block a user