Device-specific administrative templates in Intune 2101

Device-specific administrative templates in Intune 2101
Advertisements

Let’s first look at the comparative figures between the last article from October 2019 and now. The most changes have been made to Edge Bowser and Internet Explorer. There are also new settings for BitLocker. These were previously only configurable via their own policies in Intune.

Please check also our article User-related administrative templates in Intune (version 2101).

CategoryOctober 2019February 2021
App-V2828
BitLocker08
Edge244414
Error Reporting55
Internet Explorer260248
Network1010
Microsoft Office5663
OneDrive1923
Power Management1010
Remote Assistance44
Remote Desktop Services66
Remote Management2422
RSS22
Security5352
Total721895

Device-specific administrative templates in Intune 2101

Device-specific ADMX for App-V

NamePolicy Pfad
Enable App-V Client\System\App-V
Enable Migration Mode\System\App-V\Client Coexistence
Roaming File Exclusions\System\App-V\Integration
Integration Root User\System\App-V\Integration
Roaming Registry Exclusions\System\App-V\Integration
Integration Root Global\System\App-V\Integration
Enable automatic cleanup of unused appv packages\System\App-V\PackageManagement
Publishing Sevrer 4 Settings\System\App-V\Publishing
Publishing Server 2 Settings\System\App-V\Publishing
Publishing Server 1 Settings\System\App-V\Publishing
Enable Publishing Refresh UX\System\App-V\Publishing
Publishing Server 5 Settings\System\App-V\Publishing
Publishing Server 3 Settings\System\App-V\Publishing
Reporting Server\System\App-V\Reporting
Enable Package Scripts\System\App-V\Scripting
Specify what to load in background (aka AutoLoad)\System\App-V\Streaming
Shared Content Store (SCS) mode\System\App-V\Streaming
Verify certificate revocation list\System\App-V\Streaming
Certificate Filter For Client SSL\System\App-V\Streaming
Package Installation Root\System\App-V\Streaming
Reestablishment Interval\System\App-V\Streaming
Reestablishment Retries\System\App-V\Streaming
Location Provider\System\App-V\Streaming
Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection\System\App-V\Streaming
Package Source Root\System\App-V\Streaming
Enable Support for BranchCache\System\App-V\Streaming
Enable Dynamic Virtualization\System\App-V\Virtualization
Virtual Component Process Allow List\System\App-V\Virtualization

Device-specific ADMX for BitLocker

NamePolicy Pfad
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)\Windows Components\BitLocker Drive Encryption
Deny write access to fixed drives not protected by BitLocker\Windows Components\BitLocker Drive Encryption\Fixed Data Drives
Choose how BitLocker-protected fixed drives can be recovered\Windows Components\BitLocker Drive Encryption\Fixed Data Drives
Require additional authentication at startup\Windows Components\BitLocker Drive Encryption\Operating System Drives
Configure pre-boot recovery message and URL\Windows Components\BitLocker Drive Encryption\Operating System Drives
Choose how BitLocker-protected operating system drives can be recovered\Windows Components\BitLocker Drive Encryption\Operating System Drives
Configure minimum PIN length for startup\Windows Components\BitLocker Drive Encryption\Operating System Drives
Deny write access to removable drives not protected by BitLocker\Windows Components\BitLocker Drive Encryption\Removable Data Drives

Device-specific ADMX for Edge

NamePolicy Pfad
Enable Translate\Microsoft Edge
Force synchronization of browser data and do not show the sync consent prompt\Microsoft Edge
Suppress the unsupported OS warning\Microsoft Edge
Allow importing of open tabs\Microsoft Edge
Disable synchronization of data using Microsoft sync services\Microsoft Edge
Configure whether Microsoft Edge should automatically select a certificate when there are multiple certificate matches for a site configured with “AutoSelectCertificateForUrls”\Microsoft Edge
Block tracking of users’ web-browsing activity\Microsoft Edge
Enable a TLS 1.3 security feature for local trust anchors.\Microsoft Edge
Disable saving browser history\Microsoft Edge
Allow access to sensors on specific sites\Microsoft Edge
Configure the default paste format of URLs copied from Microsoft Edge, and determine if additional formats will be available to users\Microsoft Edge
Block access to a specified list of services and export targets in Collections\Microsoft Edge
Allow pages to send synchronous XHR requests during page dismissal\Microsoft Edge
Show an “Always open” checkbox in external protocol dialog\Microsoft Edge
Set the user data directory\Microsoft Edge
Force networking code to run in the browser process\Microsoft Edge
Allow importing of autofill form data\Microsoft Edge
Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account\Microsoft Edge
Show context menu to open a link in Internet Explorer mode\Microsoft Edge
Set the roaming profile directory\Microsoft Edge
Configure tab lifecycles\Microsoft Edge
Configure the list of names that will bypass the HSTS policy check\Microsoft Edge
Restrict exposure of local IP address by WebRTC\Microsoft Edge
Allow Pin to taskbar wizard\Microsoft Edge
Enable Hiding of Native Windows\Microsoft Edge
Configure tracking prevention exceptions for specific sites\Microsoft Edge
Show Microsoft Rewards experiences\Microsoft Edge
Allow importing of favorites\Microsoft Edge
Allow launching of local files in Internet Explorer mode\Microsoft Edge
Enable spellcheck\Microsoft Edge
Allow surf game\Microsoft Edge
Allow or block audio capture\Microsoft Edge
Allow file selection dialogs\Microsoft Edge
Configure favorites\Microsoft Edge
Disable support for 3D graphics APIs\Microsoft Edge
Define a list of allowed URLs\Microsoft Edge
Allow managed extensions to use the Enterprise Hardware Platform API\Microsoft Edge
Allow importing of shortcuts\Microsoft Edge
Suggest similar pages when a webpage can?t be found\Microsoft Edge
Use a default referrer policy of no-referrer-when-downgrade. (deprecated)\Microsoft Edge
Enable renderer code integrity\Microsoft Edge
Enable specific spellcheck languages\Microsoft Edge
Enable search suggestions\Microsoft Edge
Enable Signed HTTP Exchange (SXG) support\Microsoft Edge
Hide the one-time redirection dialog and the banner on Microsoft Edge\Microsoft Edge
Block the Serial API on specific sites\Microsoft Edge
Enable security warnings for command-line flags\Microsoft Edge
Send required and optional diagnostic data about browser usage\Microsoft Edge
Block all ads on Bing search results\Microsoft Edge
Sites that can access video capture devices without requesting permission\Microsoft Edge
Enable guest mode\Microsoft Edge
Disable Certificate Transparency enforcement for a list of legacy certificate authorities\Microsoft Edge
Control the mode of DNS-over-HTTPS\Microsoft Edge
Control communication with the Experimentation and Configuration Service\Microsoft Edge
Enforce Google SafeSearch\Microsoft Edge
Allow Google Cast to connect to Cast devices on all IP addresses\Microsoft Edge
Enable using roaming copies for Microsoft Edge profile data\Microsoft Edge
Enable globally scoped HTTP auth cache\Microsoft Edge
Manage exposure of local IP addressess by WebRTC\Microsoft Edge
Ads setting for sites with intrusive ads\Microsoft Edge
Copied at InfrastrukturHelden.de\Microsoft Edge
Enable warnings for insecure forms\Microsoft Edge
Default sensors setting\Microsoft Edge
Configure Internet Explorer integration\Microsoft Edge
Extend Adobe Flash content setting to all content\Microsoft Edge
Enable AutoFill for credit cards\Microsoft Edge
Allow importing of browser settings\Microsoft Edge
Allow WebDriver to Override Incompatible Policies (deprecated)\Microsoft Edge
Intranet Redirection Behavior\Microsoft Edge
Allow importing of Cookies\Microsoft Edge
Websites or domains that don’t need permission to use direct Security Key attestation\Microsoft Edge
Allow users to proceed from the HTTPS warning page\Microsoft Edge
Enable profile creation from the Identity flyout menu or the Settings page\Microsoft Edge
Set download directory\Microsoft Edge
Notify a user that a browser restart is recommended or required for pending updates\Microsoft Edge
Enable ending processes in the Browser task manager\Microsoft Edge
Enable site isolation for every site\Microsoft Edge
Configure the Enterprise Mode Site List\Microsoft Edge
Allow default search provider context menu search access\Microsoft Edge
Allow the Web widget at Windows startup\Microsoft Edge
Set the time period for update notifications\Microsoft Edge
Do not set window.opener for links targeting _blank\Microsoft Edge
Disable download file type extension-based warnings for specified file types on domains\Microsoft Edge
Use hardware acceleration when available\Microsoft Edge
Allow user feedback\Microsoft Edge
Enable AutoFill for addresses\Microsoft Edge
Configure Speech Recognition\Microsoft Edge
Restrict the range of local UDP ports used by WebRTC\Microsoft Edge
Configure whether a user always has a default profile automatically signed in with their work or school account\Microsoft Edge
Allow the Serial API on specific sites\Microsoft Edge
Set a timeout for delay of tab navigation for the Enterprise Mode Site List\Microsoft Edge
Manage Search Engines\Microsoft Edge
Open local files in Internet Explorer mode file extension allow list\Microsoft Edge
Enable use of ephemeral profiles\Microsoft Edge
Enable resolution of navigation errors using a web service\Microsoft Edge
Configure Do Not Track\Microsoft Edge
Allow the audio sandbox to run\Microsoft Edge
Enable scrolling to text specified in URL fragments\Microsoft Edge
Allow importing of search engine settings\Microsoft Edge
Enable the Collections feature\Microsoft Edge
Allow or deny screen capture\Microsoft Edge
Define an ordered list of preferred languages that websites should display in if the site supports the language\Microsoft Edge
Allow personalization of ads, search and news by sending browsing history to Microsoft\Microsoft Edge
Send all intranet sites to Internet Explorer\Microsoft Edge
Prevent install of the BHO to redirect incompatible sites from Internet Explorer to Microsoft Edge\Microsoft Edge
Control where security restrictions on insecure origins apply\Microsoft Edge
Browsing Data Lifetime Settings\Microsoft Edge
Allow media autoplay for websites\Microsoft Edge
Enable site isolation for specific origins\Microsoft Edge
Control where developer tools can be used\Microsoft Edge
Configure InPrivate mode availability\Microsoft Edge
Enable the User-Agent Client Hints feature (deprecated)\Microsoft Edge
Clear browsing data when Microsoft Edge closes\Microsoft Edge
Specify if online OCSP/CRL checks are required for local trust anchors\Microsoft Edge
Allow download restrictions\Microsoft Edge
Define a list of protocols that can launch an external application from listed origins without prompting the user\Microsoft Edge
Configure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with.\Microsoft Edge
Allow users to configure Family safety\Microsoft Edge
Save cookies when Microsoft Edge closes\Microsoft Edge
Maximum number of concurrent connections to the proxy server\Microsoft Edge
Delete old browser data on migration\Microsoft Edge
Force direct intranet site navigation instead of searching on single word entries in the Address Bar\Microsoft Edge
Set limit on megabytes of memory a single Microsoft Edge instance can use.\Microsoft Edge
Set disk cache directory\Microsoft Edge
Shopping in Microsoft Edge Enabled\Microsoft Edge
Allow legacy TLS/DTLS downgrade in WebRTC (deprecated)\Microsoft Edge
Automatically import another browser’s data and settings at first run\Microsoft Edge
Allow users to open files using the ClickOnce protocol\Microsoft Edge
Sites that can access audio capture devices without requesting permission\Microsoft Edge
Configure list of force-installed Web Apps\Microsoft Edge
Set application locale\Microsoft Edge
Enable deleting browser and download history\Microsoft Edge
Block smart actions  for a list of services\Microsoft Edge
Enable the Web widget\Microsoft Edge
Enforce Bing SafeSearch\Microsoft Edge
Specify how “in-page” navigations to unconfigured sites behave when started from Internet Explorer mode pages\Microsoft Edge
Configures availability of a vertical layout for tabs on the side of the browser\Microsoft Edge
Allow importing of extensions\Microsoft Edge
Allows the AppCache feature to be re-enabled, even if it’s turned off by default\Microsoft Edge
DNS interception checks enabled\Microsoft Edge
Allow websites to query for available payment methods\Microsoft Edge
Enables background updates to the list of available templates for Collections and other features that use templates\Microsoft Edge
Browser sign-in settings\Microsoft Edge
Allow importing of saved passwords\Microsoft Edge
Control the IntensiveWakeUpThrottling feature\Microsoft Edge
Specify custom help link\Microsoft Edge
Allow QUIC protocol\Microsoft Edge
Disable taking screenshots\Microsoft Edge
Enable Domain Actions Download from Microsoft (deprecated)\Microsoft Edge
Allows users to edit favorites\Microsoft Edge
Show Microsoft Office shortcut in favorites bar\Microsoft Edge
Enable Microsoft Search in Bing suggestions in the address bar\Microsoft Edge
Allow full screen mode\Microsoft Edge
Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes\Microsoft Edge
Specify the TLS cipher suites to disable\Microsoft Edge
Use Windows proxy resolver (deprecated)\Microsoft Edge
Allow importing of browsing history\Microsoft Edge
Allow or block video capture\Microsoft Edge
Send site information to improve Microsoft services\Microsoft Edge
Enable component updates in Microsoft Edge\Microsoft Edge
Minimum TLS version enabled\Microsoft Edge
Re-enable deprecated web platform features for a limited time\Microsoft Edge
Enable network prediction\Microsoft Edge
Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated)\Microsoft Edge
Block access to a list of URLs\Microsoft Edge
Block access to sensors on specific sites\Microsoft Edge
Enable web capture feature in Microsoft Edge\Microsoft Edge
Block third party cookies\Microsoft Edge
Configure the Share experience\Microsoft Edge
Enable stricter treatment for mixed content\Microsoft Edge
Enable Proactive Authentication\Microsoft Edge
Allow Internet Explorer mode testing\Microsoft Edge
Allow suggestions from local providers\Microsoft Edge
Require that the Enterprise Mode Site List is available before tab navigation\Microsoft Edge
Clear cached images and files when Microsoft Edge closes\Microsoft Edge
Allow importing of payment info\Microsoft Edge
Always open PDF files externally\Microsoft Edge
URLs where AutoOpenFileTypes can apply\Microsoft Edge
Restrict which accounts can be used as Microsoft Edge primary accounts\Microsoft Edge
Hide the First-run experience and splash screen\Microsoft Edge
List of file types that should be automatically opened on download\Microsoft Edge
Allow users to open files using the DirectInvoke protocol\Microsoft Edge
Enable Ambient Authentication for InPrivate and Guest profiles\Microsoft Edge
Allow freezing of background tabs\Microsoft Edge
Specify URI template of desired DNS-over-HTTPS resolver\Microsoft Edge
Continue running background apps after Microsoft Edge closes\Microsoft Edge
Enable favorites bar\Microsoft Edge
Control use of the Serial API\Microsoft Edge
Allow queries to a Browser Network Time service\Microsoft Edge
Redirect incompatible sites from Internet Explorer to Microsoft Edge\Microsoft Edge
Allow access to the Enterprise Mode Site List Manager tool\Microsoft Edge
Configure Online Text To Speech\Microsoft Edge
Force disable spellcheck languages\Microsoft Edge
Use built-in DNS client\Microsoft Edge
Allows a page to show popups during its unloading\Microsoft Edge
Set WPAD optimization\Microsoft Edge
Disable Certificate Transparency enforcement for specific URLs\Microsoft Edge
Limits the number of user data snapshots retained for use in case of emergency rollback\Microsoft Edge
Allow importing of home page settings\Microsoft Edge
Enable usage and crash-related data reporting\Microsoft Edge
Configure enhanced hang detection for Internet Explorer mode\Microsoft Edge
Allow recommendations and promotional notifications from Edge\Microsoft Edge
Ask where to save downloaded files\Microsoft Edge
Enable online OCSP/CRL checks\Microsoft Edge
Re-enable Web Components v0 API until M84. (deprecated)\Microsoft Edge
Force minimum YouTube Restricted Mode\Microsoft Edge
Enable full-tab promotional content\Microsoft Edge
Configure the list of types that are excluded from synchronization\Microsoft Edge
Set disk cache size, in bytes\Microsoft Edge
Allow importing of Cookies\Microsoft Edge – Default Settings (users can override)
Redirect incompatible sites from Internet Explorer to Microsoft Edge\Microsoft Edge – Default Settings (users can override)
Enable favorites bar\Microsoft Edge – Default Settings (users can override)
Allow importing of browser settings\Microsoft Edge – Default Settings (users can override)
Allow importing of shortcuts\Microsoft Edge – Default Settings (users can override)
Clear cached images and files when Microsoft Edge closes\Microsoft Edge – Default Settings (users can override)
Enable AutoFill for credit cards\Microsoft Edge – Default Settings (users can override)
Enable AutoFill for addresses\Microsoft Edge – Default Settings (users can override)
Allow importing of saved passwords\Microsoft Edge – Default Settings (users can override)
Continue running background apps after Microsoft Edge closes\Microsoft Edge – Default Settings (users can override)
Shopping in Microsoft Edge Enabled\Microsoft Edge – Default Settings (users can override)
Allow suggestions from local providers\Microsoft Edge – Default Settings (users can override)
Show Microsoft Rewards experiences\Microsoft Edge – Default Settings (users can override)
Disable synchronization of data using Microsoft sync services\Microsoft Edge – Default Settings (users can override)
Enable Translate\Microsoft Edge – Default Settings (users can override)
Enable network prediction\Microsoft Edge – Default Settings (users can override)
Allow importing of payment info\Microsoft Edge – Default Settings (users can override)
Allow importing of browsing history\Microsoft Edge – Default Settings (users can override)
Manage Search Engines\Microsoft Edge – Default Settings (users can override)
Allow download restrictions\Microsoft Edge – Default Settings (users can override)
Set application locale\Microsoft Edge – Default Settings (users can override)
Enable resolution of navigation errors using a web service\Microsoft Edge – Default Settings (users can override)
Allow importing of search engine settings\Microsoft Edge – Default Settings (users can override)
Block smart actions  for a list of services\Microsoft Edge – Default Settings (users can override)
Clear browsing data when Microsoft Edge closes\Microsoft Edge – Default Settings (users can override)
Allow importing of open tabs\Microsoft Edge – Default Settings (users can override)
Set download directory\Microsoft Edge – Default Settings (users can override)
Allow importing of favorites\Microsoft Edge – Default Settings (users can override)
Suggest similar pages when a webpage can?t be found\Microsoft Edge – Default Settings (users can override)
Allow importing of autofill form data\Microsoft Edge – Default Settings (users can override)
Allow importing of extensions\Microsoft Edge – Default Settings (users can override)
Block third party cookies\Microsoft Edge – Default Settings (users can override)
Enable search suggestions\Microsoft Edge – Default Settings (users can override)
Register protocol handlers\Microsoft Edge – Default Settings (users can override)\Content settings
Default search provider keyword\Microsoft Edge – Default Settings (users can override)\Default search provider
Configure the new tab page search box experience\Microsoft Edge – Default Settings (users can override)\Default search provider
Specifies the search-by-image feature for the default search provider\Microsoft Edge – Default Settings (users can override)\Default search provider
Default search provider encodings\Microsoft Edge – Default Settings (users can override)\Default search provider
Enable the default search provider\Microsoft Edge – Default Settings (users can override)\Default search provider
Default search provider URL for suggestions\Microsoft Edge – Default Settings (users can override)\Default search provider
Parameters for an image URL that uses POST\Microsoft Edge – Default Settings (users can override)\Default search provider
Default search provider search URL\Microsoft Edge – Default Settings (users can override)\Default search provider
Default search provider name\Microsoft Edge – Default Settings (users can override)\Default search provider
Enable Password reveal button\Microsoft Edge – Default Settings (users can override)\Password manager and protection
Enable saving passwords to the password manager\Microsoft Edge – Default Settings (users can override)\Password manager and protection
Allow users to be alerted if their passwords are found to be unsafe\Microsoft Edge – Default Settings (users can override)\Password manager and protection
Enable startup boost\Microsoft Edge – Default Settings (users can override)\Performance
Set the system default printer as the default printer\Microsoft Edge – Default Settings (users can override)\Printing
Print headers and footers\Microsoft Edge – Default Settings (users can override)\Printing
Set the background tab inactivity timeout for Sleeping Tabs\Microsoft Edge – Default Settings (users can override)\Sleeping Tabs settings
Configure Sleeping Tabs\Microsoft Edge – Default Settings (users can override)\Sleeping Tabs settings
Block Sleeping Tabs on specific sites\Microsoft Edge – Default Settings (users can override)\Sleeping Tabs settings
Force Microsoft Defender SmartScreen checks on downloads from trusted sources\Microsoft Edge – Default Settings (users can override)\SmartScreen settings
Configure Microsoft Defender SmartScreen\Microsoft Edge – Default Settings (users can override)\SmartScreen settings
Configure Microsoft Defender SmartScreen to block potentially unwanted apps\Microsoft Edge – Default Settings (users can override)\SmartScreen settings
Configure the Microsoft Edge new tab page experience\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Action to take on startup\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Show Home button on toolbar\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Configure the new tab page URL\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Enable preload of the new tab page for faster rendering\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Set the new tab page as the home page\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Configure the home page URL\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Set new tab page quick links\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Sites to open when the browser starts\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Prevent Desktop Shortcut creation upon install default\Microsoft Edge Update\Applications
Allow installation default\Microsoft Edge Update\Applications
Allow Microsoft Edge Side by Side browser experience\Microsoft Edge Update\Applications
Update policy override default\Microsoft Edge Update\Applications
Prevent Desktop Shortcut creation upon install\Microsoft Edge Update\Applications\Microsoft Edge
Update policy override\Microsoft Edge Update\Applications\Microsoft Edge
Target version override\Microsoft Edge Update\Applications\Microsoft Edge
Rollback to Target version\Microsoft Edge Update\Applications\Microsoft Edge
Allow installation\Microsoft Edge Update\Applications\Microsoft Edge
Allow installation\Microsoft Edge Update\Applications\Microsoft Edge Beta
Prevent Desktop Shortcut creation upon install\Microsoft Edge Update\Applications\Microsoft Edge Beta
Target version override\Microsoft Edge Update\Applications\Microsoft Edge Beta
Rollback to Target version\Microsoft Edge Update\Applications\Microsoft Edge Beta
Update policy override\Microsoft Edge Update\Applications\Microsoft Edge Beta
Allow installation\Microsoft Edge Update\Applications\Microsoft Edge Canary
Prevent Desktop Shortcut creation upon install\Microsoft Edge Update\Applications\Microsoft Edge Canary
Update policy override\Microsoft Edge Update\Applications\Microsoft Edge Canary
Rollback to Target version\Microsoft Edge Update\Applications\Microsoft Edge Canary
Target version override\Microsoft Edge Update\Applications\Microsoft Edge Canary
Rollback to Target version\Microsoft Edge Update\Applications\Microsoft Edge Dev
Target version override\Microsoft Edge Update\Applications\Microsoft Edge Dev
Allow installation\Microsoft Edge Update\Applications\Microsoft Edge Dev
Prevent Desktop Shortcut creation upon install\Microsoft Edge Update\Applications\Microsoft Edge Dev
Update policy override\Microsoft Edge Update\Applications\Microsoft Edge Dev
Allow installation\Microsoft Edge Update\Microsoft Edge WebView
Update policy override\Microsoft Edge Update\Microsoft Edge WebView
Auto-update check period override\Microsoft Edge Update\Preferences
Time period in each day to suppress auto-update check\Microsoft Edge Update\Preferences
URL to a proxy .pac file\Microsoft Edge Update\Proxy Server
Choose how to specify proxy server settings\Microsoft Edge Update\Proxy Server
Address or URL of proxy server\Microsoft Edge Update\Proxy Server
Application Guard Container Proxy\Microsoft Edge\Application Guard settings
Enable Google Cast\Microsoft Edge\Cast
Show the cast icon in the toolbar\Microsoft Edge\Cast
Default geolocation setting\Microsoft Edge\Content settings
Allow insecure content on specified sites\Microsoft Edge\Content settings
Allow the Adobe Flash plug-in on specific sites\Microsoft Edge\Content settings
Allow cookies on specific sites\Microsoft Edge\Content settings
Grant access to specific sites to connect to specific USB devices\Microsoft Edge\Content settings
Allow images on these sites\Microsoft Edge\Content settings
Block images on specific sites\Microsoft Edge\Content settings
Block read access via the File System API on these sites\Microsoft Edge\Content settings
Control use of the WebUSB API\Microsoft Edge\Content settings
Automatically select client certificates for these sites\Microsoft Edge\Content settings
Allow JavaScript on specific sites\Microsoft Edge\Content settings
Control use of the File System API for reading\Microsoft Edge\Content settings
Choose whether users can receive customized background images and text, suggestions, notifications,and tips for Microsoft services\Microsoft Edge\Content settings
Allow pop-up windows on specific sites\Microsoft Edge\Content settings
Block the Adobe Flash plug-in on specific sites\Microsoft Edge\Content settings
Default notification setting\Microsoft Edge\Content settings
Block JavaScript on specific sites\Microsoft Edge\Content settings
Block notifications on specific sites\Microsoft Edge\Content settings
Default JavaScript setting\Microsoft Edge\Content settings
Default images setting\Microsoft Edge\Content settings
Default pop-up window setting\Microsoft Edge\Content settings
Configure cookies\Microsoft Edge\Content settings
Control use of insecure content exceptions\Microsoft Edge\Content settings
Allow read access via the File System API on these sites\Microsoft Edge\Content settings
Allow WebUSB on specific sites\Microsoft Edge\Content settings
Block WebUSB on specific sites\Microsoft Edge\Content settings
Revert to legacy SameSite behavior for cookies on specified sites\Microsoft Edge\Content settings
Allow write access to files and directories on these sites\Microsoft Edge\Content settings
Control use of the Web Bluetooth API\Microsoft Edge\Content settings
Control use of the File System API for writing\Microsoft Edge\Content settings
Limit cookies from specific websites to the current session\Microsoft Edge\Content settings
Enable default legacy SameSite cookie behavior setting\Microsoft Edge\Content settings
Block pop-up windows on specific sites\Microsoft Edge\Content settings
Block write access to files and directories on these sites\Microsoft Edge\Content settings
Allow notifications on specific sites\Microsoft Edge\Content settings
Block insecure content on specified sites\Microsoft Edge\Content settings
Default Adobe Flash setting\Microsoft Edge\Content settings
Block cookies on specific sites\Microsoft Edge\Content settings
Configure the new tab page search box experience\Microsoft Edge\Default search provider
Default search provider name\Microsoft Edge\Default search provider
Default search provider encodings\Microsoft Edge\Default search provider
Default search provider search URL\Microsoft Edge\Default search provider
Specifies the search-by-image feature for the default search provider\Microsoft Edge\Default search provider
Default search provider keyword\Microsoft Edge\Default search provider
Enable the default search provider\Microsoft Edge\Default search provider
Parameters for an image URL that uses POST\Microsoft Edge\Default search provider
Default search provider URL for suggestions\Microsoft Edge\Default search provider
Configure allowed extension types\Microsoft Edge\Extensions
Control which extensions cannot be installed\Microsoft Edge\Extensions
Blocks external extensions from being installed\Microsoft Edge\Extensions
Allow specific extensions to be installed\Microsoft Edge\Extensions
Configure extension management settings\Microsoft Edge\Extensions
Configure extension and user script install sources\Microsoft Edge\Extensions
Control which extensions are installed silently\Microsoft Edge\Extensions
Configure list of allowed authentication servers\Microsoft Edge\HTTP authentication
Allow Basic authentication for HTTP\Microsoft Edge\HTTP authentication
Disable CNAME lookup when negotiating Kerberos authentication\Microsoft Edge\HTTP authentication
Supported authentication schemes\Microsoft Edge\HTTP authentication
Allow cross-origin HTTP Basic Auth prompts\Microsoft Edge\HTTP authentication
Include non-standard port in Kerberos SPN\Microsoft Edge\HTTP authentication
Specifies a list of servers that Microsoft Edge can delegate user credentials to\Microsoft Edge\HTTP authentication
Configure address bar editing for kiosk mode public browsing experience\Microsoft Edge\Kiosk Mode settings
Delete files downloaded as part of kiosk session when Microsoft Edge closes\Microsoft Edge\Kiosk Mode settings
Mobile App Management Enabled\Microsoft Edge\Manageability
Allow user-level native messaging hosts (installed without admin permissions)\Microsoft Edge\Native Messaging
Configure native messaging block list\Microsoft Edge\Native Messaging
Control which native messaging hosts users can use\Microsoft Edge\Native Messaging
Enable saving passwords to the password manager\Microsoft Edge\Password manager and protection
Allow users to be alerted if their passwords are found to be unsafe\Microsoft Edge\Password manager and protection
Configure the change password URL\Microsoft Edge\Password manager and protection
Configure password protection warning trigger\Microsoft Edge\Password manager and protection
Configure the list of enterprise login URLs where password protection service should capture fingerprint of password\Microsoft Edge\Password manager and protection
Enable startup boost\Microsoft Edge\Performance
Set the system default printer as the default printer\Microsoft Edge\Printing
Default printing page size\Microsoft Edge\Printing
Restrict background graphics printing mode\Microsoft Edge\Printing
Print using system print dialog\Microsoft Edge\Printing
Print headers and footers\Microsoft Edge\Printing
Disable printer types on the deny list\Microsoft Edge\Printing
Default background graphics printing mode\Microsoft Edge\Printing
Default printer selection rules\Microsoft Edge\Printing
Enable printing\Microsoft Edge\Printing
Configure address or URL of proxy server\Microsoft Edge\Proxy server
Proxy settings\Microsoft Edge\Proxy server
Configure proxy server settings\Microsoft Edge\Proxy server
Set the proxy .pac file URL\Microsoft Edge\Proxy server
Configure proxy bypass rules\Microsoft Edge\Proxy server
Block Sleeping Tabs on specific sites\Microsoft Edge\Sleeping Tabs settings
Configure Sleeping Tabs\Microsoft Edge\Sleeping Tabs settings
Set the background tab inactivity timeout for Sleeping Tabs\Microsoft Edge\Sleeping Tabs settings
Configure Microsoft Defender SmartScreen to block potentially unwanted apps\Microsoft Edge\SmartScreen settings
Force Microsoft Defender SmartScreen checks on downloads from trusted sources\Microsoft Edge\SmartScreen settings
Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings\Microsoft Edge\SmartScreen settings
Prevent bypassing Microsoft Defender SmartScreen prompts for sites\Microsoft Edge\SmartScreen settings
Configure Microsoft Defender SmartScreen\Microsoft Edge\SmartScreen settings
Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads\Microsoft Edge\SmartScreen settings
Action to take on startup\Microsoft Edge\Startup, home page and new tab page
Set new tab page quick links\Microsoft Edge\Startup, home page and new tab page
Show Home button on toolbar\Microsoft Edge\Startup, home page and new tab page
Configure the background types allowed for the new tab page layout\Microsoft Edge\Startup, home page and new tab page
Set the new tab page as the home page\Microsoft Edge\Startup, home page and new tab page
Hide the default top sites from the new tab page\Microsoft Edge\Startup, home page and new tab page
Sites to open when the browser starts\Microsoft Edge\Startup, home page and new tab page
Set new tab page company logo (deprecated)\Microsoft Edge\Startup, home page and new tab page
Configure the Microsoft Edge new tab page experience\Microsoft Edge\Startup, home page and new tab page
Configure the home page URL\Microsoft Edge\Startup, home page and new tab page
Enable preload of the new tab page for faster rendering\Microsoft Edge\Startup, home page and new tab page
Configure the new tab page URL\Microsoft Edge\Startup, home page and new tab page

Device-specific ADMX for error reporting

NamePolicy Pfad
Display Error Notification\Windows Components\Windows Error Reporting
Do not send additional data\Windows Components\Windows Error Reporting
Disable Windows Error Reporting\Windows Components\Windows Error Reporting
Prevent display of the user interface for critical errors\Windows Components\Windows Error Reporting
Customize consent settings\Windows Components\Windows Error Reporting\Consent

Device-specific ADMX for Internet Explorer

NamePolicy Pfad
Turn off the auto-complete feature for web addresses\Windows Components\Internet Explorer
Specify default behavior for a new tab\Windows Components\Internet Explorer
Add a specific list of search providers to the user’s list of search providers\Windows Components\Internet Explorer
Security Zones: Use only machine settings \Windows Components\Internet Explorer
Turn on Suggested Sites\Windows Components\Internet Explorer
Prevent running First Run wizard\Windows Components\Internet Explorer
Restrict search providers to a specific list\Windows Components\Internet Explorer
Prevent changing proxy settings\Windows Components\Internet Explorer
Disable Periodic Check for Internet Explorer software updates\Windows Components\Internet Explorer
Turn on ActiveX Filtering\Windows Components\Internet Explorer
Turn off browser geolocation\Windows Components\Internet Explorer
Prevent managing SmartScreen Filter\Windows Components\Internet Explorer
Turn off Crash Detection\Windows Components\Internet Explorer
Security Zones: Do not allow users to change policies\Windows Components\Internet Explorer
Use the Enterprise Mode IE website list\Windows Components\Internet Explorer
Prevent bypassing SmartScreen Filter warnings\Windows Components\Internet Explorer
Disable changing secondary home page settings\Windows Components\Internet Explorer
Prevent per-user installation of ActiveX controls\Windows Components\Internet Explorer
Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar\Windows Components\Internet Explorer
Turn off the Security Settings Check feature\Windows Components\Internet Explorer
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet\Windows Components\Internet Explorer
Let users turn on and use Enterprise Mode from the Tools menu\Windows Components\Internet Explorer
Specify use of ActiveX Installer Service for installation of ActiveX controls\Windows Components\Internet Explorer
Prevent changing the default search provider\Windows Components\Internet Explorer
Prevent participation in the Customer Experience Improvement Program\Windows Components\Internet Explorer
Security Zones: Do not allow users to add/delete sites\Windows Components\Internet Explorer
Turn off Compatibility View\Windows Components\Internet Explorer\Compatibility View
Turn on Internet Explorer Standards Mode for local intranet\Windows Components\Internet Explorer\Compatibility View
Use Policy List of Internet Explorer 7 sites\Windows Components\Internet Explorer\Compatibility View
Prevent deleting websites that the user has visited\Windows Components\Internet Explorer\Delete Browsing History
Disable “Configuring History”\Windows Components\Internet Explorer\Delete Browsing History
Allow deleting browsing history on exit\Windows Components\Internet Explorer\Delete Browsing History
Prevent ignoring certificate errors\Windows Components\Internet Explorer\Internet Control Panel
Turn off encryption support\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Check for signatures on downloaded programs\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Turn on Enhanced Protected Mode\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Turn off the flip ahead with page prediction feature\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Allow software to run or install even if the signature is invalid\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Check for server certificate revocation\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Locked-Down Internet Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Internet Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Intranet Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Locked-Down Intranet Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Locked-Down Restricted Sites Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Locked-Down Local Machine Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Intranet Sites: Include all network paths (UNCs)\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Local Machine Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Restricted Sites Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Turn on certificate address mismatch warning\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Locked-Down Trusted Sites Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Trusted Sites Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Intranet Sites: Include all local (intranet) sites not listed in other zones\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Site to Zone Assignment List\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Enable dragging of content from different domains across windows\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Turn on Cross-Site Scripting Filter\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow loading of XAML files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Use Pop-up Blocker\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Turn on Protected Mode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow VBScript to run in Internet Explorer\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow script-initiated windows without size or position constraints\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow only approved domains to use ActiveX controls without prompt\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Launching applications and files in an IFRAME\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow only approved domains to use the TDC ActiveX control\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Download unsigned ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Enable MIME Sniffing\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Include local path when user is uploading files to a server\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Enable dragging of content from different domains within a window\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Run .NET Framework-reliant components signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow updates to status bar via script\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow scripting of Internet Explorer WebBrowser controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Don’t run antimalware programs against ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Show security warning for potentially unsafe files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Logon options\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow cut, copy or paste operations from the clipboard via script\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow drag and drop or copy and paste files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Download signed ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Don’t run antimalware programs against ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Don’t run antimalware programs against ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow only approved domains to use ActiveX controls without prompt\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow loading of XAML files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Run ActiveX controls and plugins\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Turn on Protected Mode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Don’t run antimalware programs against ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow script-initiated windows without size or position constraints\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow active scripting\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow cut, copy or paste operations from the clipboard via script\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow META REFRESH\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Show security warning for potentially unsafe files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Launching applications and files in an IFRAME\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow drag and drop or copy and paste files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Script ActiveX controls marked safe for scripting\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Enable dragging of content from different domains across windows\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Enable dragging of content from different domains within a window\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow VBScript to run in Internet Explorer\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Run .NET Framework-reliant components signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow binary and script behaviors\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Include local path when user is uploading files to a server\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Download signed ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow scripting of Internet Explorer WebBrowser controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Turn on Cross-Site Scripting Filter\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Download unsigned ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Enable MIME Sniffing\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Use Pop-up Blocker\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow updates to status bar via script\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow only approved domains to use the TDC ActiveX control\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Logon options\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Scripting of Java applets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Don’t run antimalware programs against ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Go to an intranet site for a one-word entry in the Address bar\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Turn off InPrivate Browsing\Windows Components\Internet Explorer\Privacy
Allow fallback to SSL 3.0 (Internet Explorer)\Windows Components\Internet Explorer\Security Features
Remove “Run this time” button for outdated ActiveX controls in Internet Explorer \Windows Components\Internet Explorer\Security Features\Add-on Management
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects\Windows Components\Internet Explorer\Security Features\Add-on Management
Turn off blocking of outdated ActiveX controls for Internet Explorer\Windows Components\Internet Explorer\Security Features\Add-on Management
Turn off automatic download of the ActiveX VersionList\Windows Components\Internet Explorer\Security Features\Add-on Management
Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains\Windows Components\Internet Explorer\Security Features\Add-on Management
Add-on List\Windows Components\Internet Explorer\Security Features\Add-on Management
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Notification bar
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Restrict File Download
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions

Device-specific ADMX for Network

NamePolicy Pfad
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)\MSS (Legacy)
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)\MSS (Legacy)
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes\MSS (Legacy)
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers\MSS (Legacy)
Prohibit installation and configuration of Network Bridge on your DNS domain network\Network\Network Connections
Hardened UNC Paths\Network\Network Provider
Prohibit connection to non-domain networks when connected to domain authenticated network\Network\Windows Connection Manager
Set 3G Cost\Network\WWAN Service\WWAN Media Cost
Set 4G Cost\Network\WWAN Service\WWAN Media Cost
Set Per-App Cellular Access UI Visibility\Network\WWAN Service\WWAN UI Settings

Device-specific ADMX for Microsoft Office

NamePolicy Pfad
Default Office theme\Microsoft Office 2016 (Machine)\Global Options\Customize
Use shared computer activation\Microsoft Office 2016 (Machine)\Licensing Settings
Use a device-based license for Office 365 ProPlus\Microsoft Office 2016 (Machine)\Licensing Settings
Enable EDU Org ID Sign In in Office from Windows Store\Microsoft Office 2016 (Machine)\Licensing Settings
Allow extended offline use for Office 365 ProPlus\Microsoft Office 2016 (Machine)\Licensing Settings
Specify the location to save the licensing token used by shared computer activation\Microsoft Office 2016 (Machine)\Licensing Settings
Use Viewer Mode\Microsoft Office 2016 (Machine)\Licensing Settings
Age out documents older than n days\Microsoft Office 2016 (Machine)\Miscellaneous
Open Directly in Office Client Application\Microsoft Office 2016 (Machine)\Miscellaneous
Age out the locally cached copies of server document versions that are more than n days old.\Microsoft Office 2016 (Machine)\Miscellaneous
File Previewing\Microsoft Office 2016 (Machine)\Miscellaneous
Prevent document inspectors from running\Microsoft Office 2016 (Machine)\Miscellaneous
Set the max size of the Office Document Cache\Microsoft Office 2016 (Machine)\Miscellaneous
Graphics filter import\Microsoft Office 2016 (Machine)\Security Settings
Disable Password Caching\Microsoft Office 2016 (Machine)\Security Settings
Disable VBA for Office applications\Microsoft Office 2016 (Machine)\Security Settings
Disable Package Repair\Microsoft Office 2016 (Machine)\Security Settings
Disable user name and password\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Object Caching Protection\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Scripted Window Security Restrictions\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Restrict File Download\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Consistent Mime Handling\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Restrict ActiveX Install\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Information Bar\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Saved from URL\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Mime Sniffing Safety Feature\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Add-on Management\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Local Machine Zone Lockdown Security\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Navigate URL\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Block popups\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Protection From Zone Elevation\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Bind to object\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Don?t install Microsoft Teams with new installations or updates of Office\Microsoft Office 2016 (Machine)\Updates
Update Channel\Microsoft Office 2016 (Machine)\Updates
Upgrade Office 2019 to Office 365 ProPlus\Microsoft Office 2016 (Machine)\Updates
Enable Automatic Updates\Microsoft Office 2016 (Machine)\Updates
Don?t install extension for Microsoft Search in Bing that makes Bing the default search engine\Microsoft Office 2016 (Machine)\Updates
Target Version\Microsoft Office 2016 (Machine)\Updates
Prioritize BITS\Microsoft Office 2016 (Machine)\Updates
Hide Update Notifications\Microsoft Office 2016 (Machine)\Updates
Delay downloading and installing updates for Office\Microsoft Office 2016 (Machine)\Updates
Prevent Office from being updated to a specific version\Microsoft Office 2016 (Machine)\Updates
Update Path\Microsoft Office 2016 (Machine)\Updates
Hide option to enable or disable updates\Microsoft Office 2016 (Machine)\Updates
Online Repair\Microsoft Office 2016 (Machine)\Updates
Update Deadline\Microsoft Office 2016 (Machine)\Updates
Office 365 Client Management\Microsoft Office 2016 (Machine)\Updates
Use only Token Activation\Microsoft Office 2016 (Machine)\Volume Activation
Prevent Token Activation dialog from closing\Microsoft Office 2016 (Machine)\Volume Activation
Turn on an external converter as the default for a file extension\Microsoft PowerPoint 2016 (Machine)\Converters
Require logon credentials\Skype for Business 2016\Microsoft Lync Feature Policies
Trusted Domain List\Skype for Business 2016\Microsoft Lync Feature Policies
Prevent users from running Microsoft Lync\Skype for Business 2016\Microsoft Lync Feature Policies
Configure SIP security mode\Skype for Business 2016\Microsoft Lync Feature Policies
Disable HTTP fallback for SIP connection\Skype for Business 2016\Microsoft Lync Feature Policies
Global Address Book Download Initial Delay\Skype for Business 2016\Microsoft Lync Feature Policies
Enable using BITS to download Address Book Service files\Skype for Business 2016\Microsoft Lync Feature Policies
Configure SIP compression mode\Skype for Business 2016\Microsoft Lync Feature Policies
Disable automatic upload of sign-in failure logs\Skype for Business 2016\Microsoft Lync Feature Policies
Allow storage of user passwords\Skype for Business 2016\Microsoft Lync Feature Policies
Specify server\Skype for Business 2016\Microsoft Lync Feature Policies
Additional server versions supported\Skype for Business 2016\Microsoft Lync Feature Policies
Disable server version check\Skype for Business 2016\Microsoft Lync Feature Policies

Device-specific ADMX for OneDrive

NamePolicy Pfad
Set the maximum size of a user’s OneDrive that can download automatically\OneDrive
Prevent users from redirecting their Windows known folders to their PC\OneDrive
Silently move Windows known folders to OneDrive\OneDrive
Use OneDrive Files On-Demand\OneDrive
Configure team site libraries to sync automatically\OneDrive
Silently sign in users to the OneDrive sync app with their Windows credentials\OneDrive
Require users to confirm large delete operations\OneDrive
Convert synced team site files to online-only files\OneDrive
Prevent users from moving their Windows known folders to OneDrive\OneDrive
Prevent users from syncing libraries and folders shared from other organizations\OneDrive
Block syncing OneDrive accounts for specific organizations\OneDrive
Prevent the sync app from generating network traffic until users sign in\OneDrive
Enable automatic upload bandwidth management for OneDrive\OneDrive
Block file downloads when users are low on disk space\OneDrive
Prompt users when they delete multiple OneDrive files on their local computer\OneDrive
Limit the sync app upload rate to a percentage of throughput\OneDrive
Specify the OneDrive location in a hybrid environment\OneDrive
Specify SharePoint Server URL and organization name\OneDrive
Allow OneDrive to disable Windows permission inheritance in folders synced read-only\OneDrive
Set the sync app update ring\OneDrive
Prompt users to move Windows known folders to OneDrive \OneDrive
Warn users who are low on disk space\OneDrive
Allow syncing OneDrive accounts for only specific organizations\OneDrive

Device-specific ADMX for power management

NamePolicy Pfad
Allow standby states (S1-S3) when sleeping (plugged in)\System\Power Management\Sleep Settings
Specify the system sleep timeout (plugged in)\System\Power Management\Sleep Settings
Specify the system sleep timeout (on battery)\System\Power Management\Sleep Settings
Require a password when a computer wakes (plugged in)\System\Power Management\Sleep Settings
Specify the system hibernate timeout (on battery)\System\Power Management\Sleep Settings
Allow standby states (S1-S3) when sleeping (on battery)\System\Power Management\Sleep Settings
Require a password when a computer wakes (on battery)\System\Power Management\Sleep Settings
Specify the system hibernate timeout (plugged in)\System\Power Management\Sleep Settings
Turn off the display (plugged in)\System\Power Management\Video and Display Settings
Turn off the display (on battery)\System\Power Management\Video and Display Settings

Device-specific ADMX for Remote Assistance

NamePolicy Pfad
Turn on session logging\System\Remote Assistance
Customize warning messages\System\Remote Assistance
Configure Offer Remote Assistance\System\Remote Assistance
Configure Solicited Remote Assistance\System\Remote Assistance

Device-specific ADMX for Remote Desktop Services

NamePolicy Pfad
Do not allow passwords to be saved\Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Allow users to connect remotely by using Remote Desktop Services\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Do not allow drive redirection\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Always prompt for password upon connection\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Set client connection encryption level\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Require secure RPC communication\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security

Device-specific ADMX for remote management

NamePolicy Pfad
Trusted Hosts\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Disallow Negotiate authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Disallow Digest authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Allow unencrypted traffic\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Allow CredSSP authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Allow Basic authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Specify channel binding token hardening level\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Turn On Compatibility HTTP Listener\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Allow unencrypted traffic\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Disallow Negotiate authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Allow CredSSP authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Allow remote server management through WinRM\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Allow Basic authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Turn On Compatibility HTTPS Listener\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Disallow WinRM from storing RunAs credentials\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Allow Remote Shell Access\Windows Components\Windows Remote Shell
MaxConcurrentUsers\Windows Components\Windows Remote Shell
Specify idle Timeout\Windows Components\Windows Remote Shell
Specify maximum number of remote shells per user\Windows Components\Windows Remote Shell
Specify maximum amount of memory in MB per Shell\Windows Components\Windows Remote Shell
Specify Shell Timeout\Windows Components\Windows Remote Shell
Specify maximum number of processes per Shell\Windows Components\Windows Remote Shell

Device-specific ADMX for RSS

NamePolicy Pfad
Prevent downloading of enclosures\Windows Components\RSS Feeds
Turn off background synchronization for feeds and Web Slices\Windows Components\RSS Feeds

Device-specific ADMX for security

NamePolicy Pfad
Prevent enabling lock screen slide show\Control Panel\Personalization
Prevent enabling lock screen camera\Control Panel\Personalization
Configure SMB v1 client driver\MS Security Guide
WDigest Authentication (disabling may require KB2871997)\MS Security Guide
Configure SMB v1 server\MS Security Guide
Enable Structured Exception Handling Overwrite Protection (SEHOP)\MS Security Guide
Apply UAC restrictions to local accounts on network logons\MS Security Guide
Turn on Windows Defender protection against Potentially Unwanted Applications (DEPRECATED)\MS Security Guide
Allow printers to be published\Printers
Point and Print Restrictions\Printers
Remote host allows delegation of non-exportable credentials\System\Credentials Delegation
Prevent device metadata retrieval from the Internet\System\Device Installation
Prevent installation of devices using drivers that match these device setup classes\System\Device Installation\Device Installation Restrictions
Allow installation of devices using drivers that match these device setup classes\System\Device Installation\Device Installation Restrictions
Prevent installation of devices not described by other policy settings\System\Device Installation\Device Installation Restrictions
Allow installation of devices that match any of these device IDs\System\Device Installation\Device Installation Restrictions
Prevent installation of devices that match any of these device IDs\System\Device Installation\Device Installation Restrictions
Boot-Start Driver Initialization Policy\System\Early Launch Antimalware
Do not allow Windows to activate Enhanced Storage devices\System\Enhanced Storage Access
Turn off downloading of print drivers over HTTP\System\Internet Communication Management\Internet Communication settings
Turn off Internet download for Web publishing and online ordering wizards\System\Internet Communication Management\Internet Communication settings
Turn off printing over HTTP\System\Internet Communication Management\Internet Communication settings
Fail authentication requests when Kerberos armoring is not available\System\Kerberos
Kerberos client support for claims, compound authentication and Kerberos armoring\System\Kerberos
Set maximum Kerberos SSPI context token buffer size\System\Kerberos
Require strict KDC validation\System\Kerberos
Use forest search order\System\Kerberos
Do not display network selection UI\System\Logon
Turn off app notifications on the lock screen\System\Logon
Turn off picture password sign-in\System\Logon
Turn on convenience PIN sign-in\System\Logon
Enumerate local users on domain-joined computers\System\Logon
Enable RPC Endpoint Mapper Client Authentication\System\Remote Procedure Call
Restrict Unauthenticated RPC clients\System\Remote Procedure Call
Enable svchost.exe mitigation options\System\Service Control Manager Settings\Security Settings
Turn off System Restore\System\System Restore
Approved Installation Sites for ActiveX Controls\Windows Components\ActiveX Installer Service
Allow Microsoft accounts to be optional\Windows Components\App runtime
Disallow Autoplay for non-volume devices\Windows Components\AutoPlay Policies
Turn off Autoplay\Windows Components\AutoPlay Policies
Set the default behavior for AutoRun\Windows Components\AutoPlay Policies
Enumerate administrator accounts on elevation\Windows Components\Credential User Interface
Do not display the password reveal button\Windows Components\Credential User Interface
Control Event Log behavior when the log file reaches its maximum size\Windows Components\Event Log Service\Application
Specify the maximum log file size (KB)\Windows Components\Event Log Service\Application
Specify the maximum log file size (KB)\Windows Components\Event Log Service\Security
Specify the maximum log file size (KB)\Windows Components\Event Log Service\System
Turn off Data Execution Prevention for Explorer\Windows Components\File Explorer
Turn off heap termination on corruption\Windows Components\File Explorer
Sign-in and lock last interactive user automatically after a restart\Windows Components\Windows Logon Options
Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot\Windows Components\Windows Logon Options
Turn on PowerShell Script Block Logging\Windows Components\Windows PowerShell

Translation notice

This article is a translation of the Infrastrukturhelden.de article “Gerätespezifische Administrativen Vorlagen in Intune (Version 2101)“. Links may refer to other Infrastrukturhelden.de articles, these may also be available in English language.

Also it can be, that I still use screenshots of German systems. However, where it is possible for me with little effort, I insert screenshots of English systems.

Fabian Niesen has been working as an IT consultant for years. Here he writes privately and independently of his employer. Among others he is certified as MCSA Windows Server 2008 / 2012, MCSA Office 365, MCSA Windows 10, MCSE Messaging, MCT and Novell Certified Linux Administrator. Since 2016 he is also MCT Regional Lead for Germany. His hobbies are social media, blogging, medieval markets, historical songs and house building.

0 Comments on “Device-specific administrative templates in Intune 2101

Leave a Reply

Your email address will not be published. Required fields are marked *

*