Jean-Sébastien DUCHENE Blog's

Actualité, Tips, Articles sur l'ensemble des Technologies Microsoft (SCCM/SMS, EMS, Microsoft Intune, Microsoft Azure, Windows 10, SCOM, MDOP...)

Microsoft a publié une mise à jour de son fichier de listing des paramétrages de stratégies de groupe (GPO) pour Windows 10 1709 (Fall Creators Update). On retrouve de nombreux nouveaux paramétrages dont :

  • Pour Windows Defender Application Guard :
    • Allow data persistence for Windows Defender Application Guard
    • Allow auditing events in Windows Defender Application Guard
  • Pour Microsoft Edge :
    • Always show the Books Library in Microsoft Edge
    • Provision Favorites
    • Prevent changes to Favorites on Microsoft Edge
  • Pour Windows Defender Exploit Guard :
    • Use a common set of exploit protection settings
  • Pour Windows Hello for Business :
    • Configure device unlock factors
    • Configure dynamic lock factors
    • Turn off smart card emulation
    • Allow enumeration of emulated smart card for all users
  • Pour Windows Defender :
    • Prevent users and apps from accessing dangerous websites
    • Configure Controlled folder access
    • Configure Attack Surface Reduction rules
    • Exclude files and paths from Attack Surface Reduction Rules
    • Configure allowed applications
    • Configure protected folders
  • Pour Windows Defender Security Center :
    • Hide the Virus and threat protection area
    • Hide the Firewall and network protection area
    • Hide the App and browser protection area
    • Prevent users from modifying settings
    • Hide the Device performance and health area
    • Hide the Family options area
    • Hide all notifications
    • Hide non-critical notifications
    • Configure customized notifications
    • Configure customized contact information
    • Specify contact company name
    • Specify contact phone number or Skype ID
    • Specify contact email address or Email ID
    • Specify contact website
  • Pour Windows Update :
    • Allow updates to be downloaded automatically over metered connections
    • Do not allow update deferral policies to cause scans against Windows Update
  • Pour OneDrive :
    • Prevent OneDrive from generating network traffic until the user signs in to OneDrive
  • Pour Internet Explorer :
    • Hide the button (next to the New Tab button) that opens Microsoft Edge
  • Pour MDM :
    • Auto MDM Enrollment with AAD Token
  • Plus généralement :
    • Let Windows apps communicate with unpaired devices
    • Allow Online Tips
    • Limit Enhanced diagnostic data to the minimum required by Windows Analytics
    • Enable usage of FIDO devices to sign on
    • Handwriting Panel Default Mode Docked
    • Allow Message Service Cloud Sync
    • Specify global DNS
    • Enables Activity Feed
    • Allow publishing of User Activities
    • Turn off Power Throttling
    • Turn off Push To Install service
    • Allow Cloud Search
    • Allow downloading updates to the Disk Failure Prediction Model
    • Enable Device Health Attestation Monitoring and Reporting
    • Configure the system to clear the TPM if it is not in a ready state.
    • Set Per-App Cellular Access UI Visibility
    • Let Windows apps access cellular data

 

Télécharger Group Policy Settings Reference for Windows and Windows Server

Facebook Like
Anonymous