Edge Browser Management, Security Enhancements in Windows 10 Detailed
Microsoft this week outlined some of the increased capabilities arriving with the latest "creators update" for Windows 10 .
The latest list adds to improvements announced last month with the release of Windows 10 version 1703. Back then, Microsoft had noted that its Edge browser includes a new app container sandbox, which can reduce attack surfaces by "up to 90% in some areas." The Edge browser also has two protections against memory exploit attacks, namely "Arbitrary Code Guard" and "Code Integrity Guard."
In a separate announcement today for Windows Insider Program participants, Microsoft explained that its emerging Windows Defender Application Guard feature is just now getting released in preview form. Windows Defender Application Guard is a coming feature highlighted at last year's Ignite event. It's a Windows 10 Enterprise edition capability that leverages Hyper-V virtualization and device hardware for added security. It provides protection by running untrusted sites in a virtual machine, which aims to isolate malware, and even zero-day exploits, from running on the physical machine.
The latest Windows 10 preview also will be bringing a new PDF form filling capability plus PDF annotations within the Microsoft Edge browser.
Today, Microsoft noted that Edge and Internet Explorer will now synchronize user "favorites" settings "in real time" when running Windows 10 Version 1703. When a user marks (or "bookmarks") a favorite site in either browser, it'll show up in the other browser via automated synchronization. Microsoft sees this feature as helping organizations that use its Enterprise Mode Site List to control which browser opens a particular site, an approach typically adopted when organizations need to support older Web apps or intranet sites.
"Combined with the Enterprise Mode Site List, your users should never need to remember which browser to use to open a site -- it should all be done automatically," Microsoft's announcement explained regarding the new synchronized favorites feature.
Microsoft's announcement also explained that it recommends using the new Enterprise Mode Site List Portal (rather than the Enterprise Mode Site List Manager) to specify browser use if organizations have site lists that are "relatively large."
The Adobe Flash Player can now be turned off in the Edge browser when using Windows 10 version 1703, if wanted. IT pros also can configure Edge policies to permit Flash to run or they can permit it to run only if a user clicks on it. The latter policy is the default one in Windows 10 version 1703.
IT pros can disable the "first run" user experience in the Edge browser, if wanted. The first run experience apparently is an initial introductory screen in the browser. When first run is disabled, users get directed to "their default start page."
IT pros also have greater controls over the browser's Start pages. They can lock them down or they can specify Start pages without a lockdown.
Microsoft added three policies for controlling search-engine access in Edge. First, IT pros can specify a list of search provider options for end users to select. Next, they can specify a default search provider for them. Lastly, there's a policy that will prevent end users from changing the search provider.
In addition, Microsoft added an option that will block the browser from suggesting searches when users start typing search queries into their browsers' address bars. Alternatively, IT pros can enable that capability. Another new option for IT pros is the ability to specify that the Edge browser will delete end user browsing data at the end of a browsing session, if that's wanted.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.