Security baseline settings

Article
05/02/2023

The following are the security policy setting names, the policy paths, and the settings used in Microsoft Managed Desktop.

PUAProtection

Policy path: ./Device/Vendor/MSFT/Policy/Config/Defender/PUAProtection
Setting: 1

SetDisablePauseUXAccess

Policy path: ./Device/Vendor/MSFT/Policy/Config/Update/SetDisablePauseUXAccess
Setting: 1

SvchostProcessMitigation

Policy path: ./Device/Vendor/MSFT/Policy/Config/ServiceControlManager/SvchostProcessMitigation
Setting: <Enabled/>

LetAppsActivateWithVoice

Policy path: ./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsActivateWithVoice
Setting: 2

ConfigureTelemetryOptinChangeNotification

Policy path: ./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptinChangeNotification
Setting: 0

ConfigureTelemetryOptInSettingsUX

Policy path: ./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUX
Setting: 0

DisableDeviceDelete

Policy path: ./Device/Vendor/MSFT/Policy/Config/System/DisableDeviceDelete
Setting: 0

AllowMicrosoftAccountsToBeOptional

Policy path: ./Device/Vendor/MSFT/Policy/Config/AppRuntime/AllowMicrosoftAccountsToBeOptional
Setting: <Enabled/>

DisallowAutoplayForNonVolumeDevices

Policy path: ./Device/Vendor/MSFT/Policy/Config/Autoplay/DisallowAutoplayForNonVolumeDevices
Setting: <Enabled/>

SetDefaultAutoRunBehavior

Policy path: ./Device/Vendor/MSFT/Policy/Config/Autoplay/SetDefaultAutoRunBehavior
Setting: <Enabled/><Data id=""""NoAutorun_Dropdown"""" value=""""1""""/>

TurnOffAutoPlay

Policy path: ./Device/Vendor/MSFT/Policy/Config/Autoplay/TurnOffAutoPlay
Setting: <Enabled/><Data id=""""Autorun_Box"""" value=""""255""""/>

HardenedUNCPaths

Policy path: ./Device/Vendor/MSFT/Policy/Config/Connectivity/HardenedUNCPaths
Setting: "<Enabled/><Data id=""Pol_HardenedPaths"" value=""\\*\SYSVOLRequireMutualAuthentication=1,RequireIntegrity=1\\*\NETLOGONRequireMutualAuthentication=1,RequireIntegrity=1""/>"

DisableDownloadingOfPrintDriversOverHTTP

Policy path: ./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableDownloadingOfPrintDriversOverHTTP
Setting: <Enabled/>

DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards

Policy path:./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
Setting: <Enabled/>

DiablePrintingOverHTTP

Policy path: ./Device/Vendor/MSFT/Policy/Config/Connectivity/DiablePrintingOverHTTP
Setting: <Disabled/>

AllowPINLogon

Policy path: ./Device/Vendor/MSFT/Policy/Config/CredentialProviders/AllowPINLogon
Setting: <Disabled/>

RemoteHostAllowsDelegationOfNonExportableCredentials

Policy path: ./Device/Vendor/MSFT/Policy/Config/CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials
Setting: <Enabled/>

EnumerateAdministrators

Policy path: ./Device/Vendor/MSFT/Policy/Config/CredentialsUI/EnumerateAdministrators
Setting: <Disabled/>

PreventInstallationOfMatchingDeviceSetupClasses

Policy path: ./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses
Setting: <Enabled/><Data id=""""DeviceInstall_Classes_Deny_List"""" value=""""1{d48179be-ec20-11d1-b6b8-00c04fa372a7}""""/><Data id=""""DeviceInstall_Classes_Deny_Retroactive"""" value=""""true""""/>

PreventLockScreenSlideShow

Policy path: ./Device/Vendor/MSFT/Policy/Config/DeviceLock/PreventLockScreenSlideShow
Setting: <Enabled/>

PreventEnablingLockScreenCamera

Policy path: ./Device/Vendor/MSFT/Policy/Config/DeviceLock/PreventEnablingLockScreenCamera
Setting: <Enabled/>

SpecifyMaximumFileSizeApplicationLog

Policy path: ./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeApplicationLog
Setting: <Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""32768""""/>

SpecifyMaximumFileSizeSecurityLog

Policy path: ./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeSecurityLog
Setting: <Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""196608""""/>

SpecifyMaximumFileSizeSystemLog

Policy path: ./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeSystemLog
Setting: <Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""32768""""/>

TurnOffDataExecutionPreventionForExplorer

Policy path: ./Device/Vendor/MSFT/Policy/Config/FileExplorer/TurnOffDataExecutionPreventionForExplorer
Setting:<Disabled/>

TurnOffHeapTerminationOnCorruption

Policy path: ./Device/Vendor/MSFT/Policy/Config/FileExplorer/TurnOffHeapTerminationOnCorruption
Setting: <Disabled/>

DoNotAllowUsersToAddSites

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowUsersToAddSites
Setting: <Enabled/>

DoNotAllowUsersToChangePolicies

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowUsersToChangePolicies
Setting: <Enabled/>

DisableEncryptionSupport

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableEncryptionSupport
Setting: <Enabled/><Data id=""""Advanced_WinInetProtocolOptions"""" value=""""2688""""/>

AllowEnhancedProtectedMode

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowEnhancedProtectedMode
Setting: <Enabled/>

IncludeAllNetworkPaths

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IncludeAllNetworkPaths
Setting: <Disabled/>

InternetZoneAllowAccessToDataSources

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowAccessToDataSources
Setting: <Enabled/><Data id=""""IZ_Partname1406"""" value=""""3""""/>

RestrictedSitesZoneAllowAccessToDataSources

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources
Setting: <Enabled/><Data id=""""IZ_Partname1406"""" value=""""3""""/>

InternetZoneAllowScriptlets

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptlets
Setting: <Enabled/><Data id=""""IZ_Partname1209"""" value=""""3""""/>

RestrictedSitesZoneAllowScriptlets

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptlets
Setting: <Enabled/><Data id=""""IZ_Partname1209"""" value=""""3""""/>

InternetZoneAllowAutomaticPromptingForFileDownloads

Policy path: `./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads
Setting: <Enabled/><Data id=""""IZ_Partname2200"""" value=""""3""""/>

RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
Setting: <Enabled/><Data id=""""IZ_Partname2200"""" value=""""3""""/>

InternetZoneInitializeAndScriptActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneInitializeAndScriptActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

IntranetZoneInitializeAndScriptActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

TrustedSitesZoneInitializeAndScriptActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

RestrictedSitesZoneInitializeAndScriptActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

InternetZoneNavigateWindowsAndFrames

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneNavigateWindowsAndFrames
Setting: <Enabled/><Data ID=""""IZ_Partname1607""" value=""""3""""/>

RestrictedSitesZoneNavigateWindowsAndFrames

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames
Setting: <Enabled/><Data id=""""IZ_Partname1607"""" value=""""3""""/>

InternetZoneAllowNETFrameworkReliantComponents`

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents
Setting: <Enabled/><Data id=""""IZ_Partname2004"""" value=""""3""""/>

RestrictedSitesZoneAllowNETFrameworkReliantComponents

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents
Setting: <Enabled/><Data id=""""IZ_Partname2004"""" value=""""3""""/>

InternetZoneAllowSmartScreenIE

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowSmartScreenIE
Setting: <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

LockedDownInternetZoneAllowSmartScreenIE

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE
Setting: <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

RestrictedSitesZoneAllowSmartScreenIE

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE
Setting: <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

LockedDownRestrictedSitesZoneAllowSmartScreenIE

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE
Setting: <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

InternetZoneAllowUserDataPersistence

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowUserDataPersistence
Setting: <Enabled/><Data id=""""IZ_Partname1606"""" value=""""3""""/>

RestrictedSitesZoneAllowUserDataPersistence

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
Setting: <Enabled/><Data id=""""IZ_Partname1606"""" value=""""3""""/>

InternetZoneAllowLessPrivilegedSites

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowLessPrivilegedSites
Setting: <Enabled/><Data id=""""IZ_Partname2101"""" value=""""3""""/>

RestrictedSitesZoneAllowLessPrivilegedSites

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites
Setting: <Enabled/><Data id=""""IZ_Partname2101"""" value=""""3""""/>

DoNotBlockOutdatedActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotBlockOutdatedActiveXControls
Setting: <Disabled/>

DisableEnclosureDownloading

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableEnclosureDownloading
Setting: <Enabled/>

DisableBypassOfSmartScreenWarnings

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableBypassOfSmartScreenWarnings
Setting: <Enabled/>

DisableBypassOfSmartScreenWarningsAboutUncommonFiles

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
Setting: <Enabled/>

RestrictedSitesZoneAllowActiveScripting

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowActiveScripting
Setting: <Enabled/><Data id=""""IZ_Partname1400"""" value=""""3""""/>

RestrictedSitesZoneAllowBinaryAndScriptBehaviors

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors
Setting: <Enabled/><Data id=""""IZ_Partname2000"""" value=""""3""""/>

InternetZoneAllowCopyPasteViaScript

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowCopyPasteViaScript
Setting: <Enabled/><Data id=""""IZ_Partname1407"""" value=""""3""""/>

RestrictedSitesZoneAllowCopyPasteViaScript

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript
Setting: <Enabled/><Data id=""""IZ_Partname1407"""" value=""""3""""/>

InternetZoneAllowDragAndDropCopyAndPasteFiles

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles
Setting: <Enabled/><Data id=""""IZ_Partname1802"""" value=""""3""""/>

RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
Setting: <Enabled/><Data id=""""IZ_Partname1802"""" value=""""3""""/>

AllowFallbackToSSL3

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowFallbackToSSL3
Setting: <Enabled/><Data id=""""Advanced_EnableSSL3FallbackOptions"""" value=""""0""""/>

RestrictedSitesZoneAllowFileDownloads

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowFileDownloads
Setting: <Enabled/><Data id=""""IZ_Partname1803"""" value=""""3""""/>

InternetZoneAllowLoadingOfXAMLFiles

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles
Setting: <Enabled/><Data id=""""IZ_Partname2402"""" value=""""3""""/>

RestrictedSitesZoneAllowLoadingOfXAMLFiles

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles
Setting: <Enabled/><Data id=""""IZ_Partname2402"""" value=""""3""""/>

RestrictedSitesZoneAllowMETAREFRESH

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH
Setting: <Enabled/><Data id=""""IZ_Partname1608"""" value=""""3""""/>

InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname120b"""" value=""""3""""/>

RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
Setting:<Enabled/><Data id=""""IZ_Partname120b"""" value=""""3""""/>

InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
Setting: <Enabled/><Data id=""""IZ_Partname120c"""" value=""""3""""/>

RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
Setting: <Enabled/><Data id=""""IZ_Partname120c"""" value=""""3""""/>

InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
Setting: <Enabled/><Data id=""""IZ_Partname1206"""" value=""""3""""/>

RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls`

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
Setting: <Enabled/><Data id=""""IZ_Partname1206"""" value=""""3""""/>

InternetZoneAllowScriptInitiatedWindows

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptInitiatedWindows
Setting: <Enabled/><Data id=""""IZ_Partname2102"""" value=""""3""""/>

RestrictedSitesZoneAllowScriptInitiatedWindows

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows
Setting: <Enabled/><Data id=""""IZ_Partname2102"""" value=""""3""""/>

AllowSoftwareWhenSignatureIsInvalid

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowSoftwareWhenSignatureIsInvalid
Setting: <Disabled/>

InternetZoneAllowUpdatesToStatusBarViaScript

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript
Setting: <Enabled/><Data id=""""IZ_Partname2103"""" value=""""3""""/>

RestrictedSitesZoneAllowUpdatesToStatusBarViaScript

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
Setting: <Enabled/><Data id=""""IZ_Partname2103"""" value=""""3""""/>

CheckServerCertificateRevocation

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/CheckServerCertificateRevocation
Setting: <Enabled/>

CheckSignaturesOnDownloadedPrograms

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/CheckSignaturesOnDownloadedPrograms
Setting: <Enabled/>

DoNotAllowActiveXControlsInProtectedMode

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
Setting: <Enabled/>

InternetZoneDoNotRunAntimalwareAgainstActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

IntranetZoneDoNotRunAntimalwareAgainstActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
Setting <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

PreventManagingSmartScreenFilter

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/PreventManagingSmartScreenFilter
Setting: <Enabled/><Data id=""""IE9SafetyFilterOptions"""" value=""""1""""/>

InternetZoneDownloadSignedActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDownloadSignedActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname1001"""" value=""""3""""/>

RestrictedSitesZoneDownloadSignedActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname1001"""" value=""""3""""/>

InternetZoneDownloadUnsignedActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDownloadUnsignedActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname1004"""" value=""""3""""/>

RestrictedSitesZoneDownloadUnsignedActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls
Setting: <Enabled/><Data id=""""IZ_Partname1004"""" value=""""3""""/>

InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
Setting: <Enabled/><Data id=""""IZ_Partname2709"""" value=""""3""""/>

RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
Setting: <Enabled/><Data id=""""IZ_Partname2709"""" value=""""3""""/>

InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
Setting <Enabled/><Data id=""""IZ_Partname2708"""" value=""""3""""/>

RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
Setting: <Enabled/><Data id=""""IZ_Partname2708"""" value=""""3""""/>

InternetZoneIncludeLocalPathWhenUploadingFilesToServer

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer
Setting: <Enabled/><Data id=""""IZ_Partname160A"""" value=""""3""""/>

RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
Setting: <Enabled/><Data id=""""IZ_Partname160A"""" value=""""3""""/>

ConsistentMimeHandlingInternetExplorerProcesses

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
Setting: <Enabled/>

MimeSniffingSafetyFeatureInternetExplorerProcesses

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
Setting: <Enabled/>

MKProtocolSecurityRestrictionInternetExplorerProcesses

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses
Setting: <Enabled/>

NotificationBarInternetExplorerProcesses

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/NotificationBarInternetExplorerProcesses
Setting: <Enabled/>

ProtectionFromZoneElevationInternetExplorerProcesses

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses
Setting: <Enabled/>

RestrictActiveXInstallInternetExplorerProcesses

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses
Setting: <Enabled/>

RestrictFileDownloadInternetExplorerProcesses

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictFileDownloadInternetExplorerProcesses
Setting: <Enabled/>

ScriptedWindowSecurityRestrictionsInternetExplorerProcesses

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
Setting: <Enabled/>

InternetZoneJavaPermissions

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneJavaPermissions
Setting: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

IntranetZoneJavaPermissions

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneJavaPermissions
Setting: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""65536""""/>

LocalMachineZoneJavaPermissions

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LocalMachineZoneJavaPermissions
Setting: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

LockedDownLocalMachineZoneJavaPermissions

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownLocalMachineZoneJavaPermissions
Setting: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

LockedDownRestrictedSitesZoneJavaPermissions

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions
Setting: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

LockedDownTrustedSitesZoneJavaPermissions

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions
Setting: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

RestrictedSitesZoneJavaPermissions

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneJavaPermissions
Setting: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

TrustedSitesZoneJavaPermissions

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneJavaPermissions
Setting: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""65536""""/>

InternetZoneLaunchingApplicationsAndFilesInIFRAME

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME
Setting: <Enabled/><Data id=""""IZ_Partname1804"""" value=""""3""""/>

RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
Setting: <Enabled/><Data id=""""IZ_Partname1804"""" value=""""3""""/>

InternetZoneLogonOptions

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneLogonOptions
Setting: <Enabled/><Data id=""""IZ_Partname1A00"""" value=""""65536""""/>

RestrictedSitesZoneLogonOptions

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneLogonOptions
Setting: <Enabled/><Data id=""""IZ_Partname1A00"""" value=""""196608""""/>

DisableIgnoringCertificateErrors

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableIgnoringCertificateErrors
Setting: <Enabled/>

PreventPerUserInstallationOfActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/PreventPerUserInstallationOfActiveXControls
Setting: <Enabled/>

RemoveRunThisTimeButtonForOutdatedActiveXControls

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls
Setting: <Enabled/>

InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
Setting: <Enabled/><Data id=""""IZ_Partname2001"""" value=""""3""""/> |

RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
Setting: <Enabled/><Data id=""""IZ_Partname2001"""" value=""""3""""/>

RestrictedSitesZoneRunActiveXControlsAndPlugins

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins
Setting: <Enabled/><Data id=""""IZ_Partname1200"""" value=""""3""""/>

RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
Setting: <Enabled/><Data id=""""IZ_Partname1405"""" value=""""3""""/>

RestrictedSitesZoneScriptingOfJavaApplets

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets
Setting: <Enabled/><Data id=""""IZ_Partname1402"""" value=""""3""""/>

SecurityZonesUseOnlyMachineSettings

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/SecurityZonesUseOnlyMachineSettings
Setting: <Enabled/>

InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
Setting: <Enabled/><Data id=""""IZ_Partname1806"""" value=""""1""""/>

RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
Setting: <Enabled/><Data id=""""IZ_Partname1806"""" value=""""3""""/>

SpecifyUseOfActiveXInstallerService

Policy path:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/SpecifyUseOfActiveXInstallerService
Setting: <Enabled/>

DisableCrashDetection

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableCrashDetection
Setting: <Enabled/>

DisableSecuritySettingsCheck

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableSecuritySettingsCheck
Setting: <Disabled/>

DisableProcessesInEnhancedProtectedMode

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableProcessesInEnhancedProtectedMode
Setting: <Enabled/>

AllowCertificateAddressMismatchWarning

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowCertificateAddressMismatchWarning
Setting: <Enabled/>

InternetZoneEnableCrossSiteScriptingFilter

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter
Setting: <Enabled/><Data id=""""IZ_Partname1409"""" value=""""0""""/>

RestrictedSitesZoneEnableCrossSiteScriptingFilter

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter
Setting: <Enabled/><Data id=""""IZ_Partname1409"""" value=""""0""""/>

InternetZoneEnableProtectedMode

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableProtectedMode
Setting" <Enabled/><Data id=""""IZ_Partname2500"""" value=""""0""""/>

RestrictedSitesZoneTurnOnProtectedMode

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode
Setting: <Enabled/><Data id=""""IZ_Partname2500"""" value=""""0""""/>

InternetZoneUsePopupBlocker

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneUsePopupBlocker
Setting: <Enabled/><Data id=""""IZ_Partname1809"""" value=""""0""""/>

RestrictedSitesZoneUsePopupBlocker

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneUsePopupBlocker
Setting: <Enabled/><Data id=""""IZ_Partname1809"""" value=""""0""""/>

InternetZoneAllowVBScriptToRunInInternetExplorer

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer
Setting: <Enabled/><Data id=""""IZ_Partname140C"""" value=""""3""""/>

LockedDownIntranetJavaPermissions

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownIntranetJavaPermissions
Setting: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer

Policy path: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer
Setting: <Enabled/><Data id=""""IZ_Partname140C"""" value=""""3""""/>

ApplyUACRestrictionsToLocalAccountsOnNetworkLogon

Policy path: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon
Setting: <Enabled/>

ConfigureSMBV1Server

Policy path: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1Server
Setting: <Disabled/>

ConfigureSMBV1ClientDriver

Policy path: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1ClientDriver
Setting: <Enabled/><Data id=""""Pol_SecGuide_SMB1ClientDriver"""" value=""""4""""/>

EnableStructuredExceptionHandlingOverwriteProtection

Policy path: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection
Setting: <Enabled/>

WDigestAuthentication

Policy path: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/WDigestAuthentication
Setting: <Disabled/>

TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications

Policy path: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications
Setting: <Enabled/>

IPv6SourceRoutingProtectionLevel

Policy path: ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPv6SourceRoutingProtectionLevel
Setting: <Enabled/><Data id=""""DisableIPSourceRoutingIPv6"""" value=""""2""""/>

IPSourceRoutingProtectionLevel

Policy path: ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPSourceRoutingProtectionLevel
Setting: <Enabled/><Data id=""""DisableIPSourceRouting"""" value=""""2""""/>

AllowICMPRedirectsToOverrideOSPFGeneratedRoutes

Policy path: ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
Setting: <Disabled/>

AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers

Policy path: ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
Setting: <Enabled/>

AllowStandbyWhenSleepingPluggedIn

Policy path: ./Device/Vendor/MSFT/Policy/Config/Power/AllowStandbyWhenSleepingPluggedIn
Setting: <Disabled/>

RequirePasswordWhenComputerWakesOnBattery

Policy path: ./Device/Vendor/MSFT/Policy/Config/Power/RequirePasswordWhenComputerWakesOnBattery
Setting: <Enabled/>

RequirePasswordWhenComputerWakesPluggedIn

Policy path: ./Device/Vendor/MSFT/Policy/Config/Power/RequirePasswordWhenComputerWakesPluggedIn
Setting: <Enabled/>

AllowStandbyStatesWhenSleepingOnBattery

Policy path: ./Device/Vendor/MSFT/Policy/Config/Power/AllowStandbyStatesWhenSleepingOnBattery
Setting: <Disabled/>

SolicitedRemoteAssistance

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteAssistance/SolicitedRemoteAssistance
Setting: <Disabled/>

DoNotAllowPasswordSaving

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DoNotAllowPasswordSaving
Setting: <Enabled/>

DoNotAllowDriveRedirection

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DoNotAllowDriveRedirection
Setting: <Enabled/>

PromptForPasswordUponConnection

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/PromptForPasswordUponConnection
Setting: <Enabled/>

RequireSecureRPCCommunication

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/RequireSecureRPCCommunication
Setting: <Enabled/>

ClientConnectionEncryptionLevel

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/ClientConnectionEncryptionLevel
Setting: <Enabled/><Data id=""""TS_ENCRYPTION_LEVEL"""" value=""""3""""/>

AllowBasicAuthentication_Client

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowBasicAuthentication_Client
Setting: <Disabled/>

AllowBasicAuthentication_Service

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowBasicAuthentication_Service
Setting: <Disabled/>

AllowUnencryptedTraffic_Client

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowUnencryptedTraffic_Client
Setting: <Disabled/>

AllowUnencryptedTraffic_Service

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowUnencryptedTraffic_Service
Setting: <Disabled/>

DisallowDigestAuthentication

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/DisallowDigestAuthentication
Setting: <Enabled/>

DisallowStoringOfRunAsCredentials

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/DisallowStoringOfRunAsCredentials
Setting: <Enabled/>

RestrictUnauthenticatedRPCClients

Policy path: ./Device/Vendor/MSFT/Policy/Config/RemoteProcedureCall/RestrictUnauthenticatedRPCClients
Setting: <Enabled/><Data id=""""RpcRestrictRemoteClientsList"""" value=""""1""""/> |

BootStartDriverInitialization

Policy path: ./Device/Vendor/MSFT/Policy/Config/System/BootStartDriverInitialization
Setting: <Enabled/><Data id=""""SelectDriverLoadPolicy"""" value=""""3""""/>

ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork

Policy path: ./Device/Vendor/MSFT/Policy/Config/WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork
Setting: <Enabled/>

EnumerateLocalUsersOnDomainJoinedComputers

Policy path: ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers
Setting: <Disabled/>

AllowAutomaticRestartSignOn

Policy path: ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/AllowAutomaticRestartSignOn
Setting: <Disabled/>

TurnOnPowerShellScriptBlockLogging

Policy path: ./Device/Vendor/MSFT/Policy/Config/WindowsPowerShell/TurnOnPowerShellScriptBlockLogging
Setting: <Enabled/><Data id=""""EnableScriptBlockInvocationLogging"""" value=""""true""""/>

AllowAutoComplete

Policy path: ./User/Vendor/MSFT/Policy/Config/InternetExplorer/AllowAutoComplete
Setting: <Disabled/>

AllowGameDVR

Policy path: ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/AllowGameDVR
Setting: 0

MSIAlwaysInstallWithElevatedPrivileges

Policy path: ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
Setting: 0

MSIAllowUserControlOverInstall

Policy path: ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/MSIAllowUserControlOverInstall
Setting: 0

AllowPasswordManager

Policy path: ./Device/Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager
Setting: 0

AllowSmartScreen

Policy path: ./Device/Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
Setting: 1

PreventSmartScreenPromptOverride

Policy path: ./Device/Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverride
Setting: 1

PreventSmartScreenPromptOverrideForFiles

Policy path: ./Device/Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
Setting: 1

AllowBehaviorMonitoring

Policy path: ./Device/Vendor/MSFT/Policy/Config/Defender/AllowBehaviorMonitoring
Setting: 1

AllowCloudProtection

Policy path: ./Device/Vendor/MSFT/Policy/Config/Defender/AllowCloudProtection
Setting: 1

AllowEmailScanning

Policy path: ./Device/Vendor/MSFT/Policy/Config/Defender/AllowEmailScanning
Setting: 1

AllowFullScanRemovableDriveScanning

Policy path: ./Device/Vendor/MSFT/Policy/Config/Defender/AllowFullScanRemovableDriveScanning
Setting: 1

EnableNetworkProtection

Policy path: ./Device/Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection
Setting 1

SubmitSamplesConsent

Policy path: ./Device/Vendor/MSFT/Policy/Config/Defender/SubmitSamplesConsent
Setting: 1

DisallowExploitProtectionOverride

Policy path: ./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
Setting: 1

EnableVirtualizationBasedSecurity

Policy path: ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/EnableVirtualizationBasedSecurity
Setting: 1

RequirePlatformSecurityFeatures

Policy path: ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/RequirePlatformSecurityFeatures
Setting: 3

LsaCfgFlags

Policy path: ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/LsaCfgFlags
Setting: 1

AllowThirdPartySuggestionsInWindowsSpotlight

Policy path: ./User/Vendor/MSFT/Policy/Config/Experience/AllowThirdPartySuggestionsInWindowsSpotlight
Setting: 0

AllowWindowsConsumerFeatures

Policy path: ./Device/Vendor/MSFT/Policy/Config/Experience/AllowWindowsConsumerFeatures
Setting: 1

EnableInsecureGuestLogons

Policy path: ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/EnableInsecureGuestLogons
Setting: 0

AllowIndexingEncryptedStoresOrItems

Policy path: ./Device/Vendor/MSFT/Policy/Config/Search/AllowIndexingEncryptedStoresOrItems Setting: 0

EnableSmartScreenInShell

Policy path: ./Device/Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell
Setting: 1

PreventOverrideForFilesInShell

Policy path: ./Device/Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell
Setting: 1

AllowAutoConnectToWiFiSenseHotspots

Policy path: ./Device/Vendor/MSFT/Policy/Config/Wifi/AllowAutoConnectToWiFiSenseHotspots
Setting: 0

AllowInternetSharing

Policy path: ./Device/Vendor/MSFT/Policy/Config/Wifi/AllowInternetSharing
Setting: 0

AllowWindowsInkWorkspace

Policy path: ./Device/Vendor/MSFT/Policy/Config/WindowsInkWorkspace/AllowWindowsInkWorkspace
Setting: 1

InteractiveLogon_SmartCardRemovalBehavior

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
Setting: 1

NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
Setting: O:BAG:BAD:(A;;RC;;;BA)

Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
Setting: 1

InteractiveLogon_MachineInactivityLimit

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
Setting: 900

MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
Setting: 0

MicrosoftNetworkServer_DigitallySignCommunicationsAlways

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
Setting: 1

NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
Setting: 1

NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares`

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
Setting: 1

NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
Setting: 1

NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
Setting: 1

NetworkSecurity_LANManagerAuthenticationLevel

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
Setting: 5

NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
Setting: 537395200

UserAccountControl_UseAdminApprovalMode

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
Setting: 1

UserAccountControl_BehaviorOfTheElevationPromptForAdministrators

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
Setting: 2

UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers

Policy path:./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
Setting: 3

UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
Setting: 1

UserAccountControl_RunAllAdministratorsInAdminApprovalMode

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
Setting: 1

UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
Setting: 1

UserAccountControl_DetectApplicationInstallationsAndPromptForElevation

Policy path: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
Setting: 1

MinimumPasswordAge

Policy path: ./Device/Vendor/MSFT/Policy/Config/DeviceLock/MinimumPasswordAge
Setting: 1

BackupFilesAndDirectories

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/BackupFilesAndDirectories
Setting: *S-1-5-32-544

CreatePageFile

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/CreatePageFile
Setting: *S-1-5-32-544

CreateSymbolicLinks

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/CreateSymbolicLinks
Setting: *S-1-5-32-544

DebugPrograms

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/DebugPrograms
Setting: *S-1-5-32-544

DenyLocalLogOn

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/DenyLocalLogOn
Setting: *S-1-5-32-546

RemoteShutdown

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/RemoteShutdown
Setting: *S-1-5-32-544

LoadUnloadDeviceDrivers

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/LoadUnloadDeviceDrivers
Setting: *S-1-5-32-544

ManageAuditingAndSecurityLog

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/ManageAuditingAndSecurityLog
Setting: *S-1-5-32-544

ModifyFirmwareEnvironment`

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/ModifyFirmwareEnvironment
Setting: *S-1-5-32-544

ManageVolume

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/ManageVolume
Setting: *S-1-5-32-544

ProfileSingleProcess

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/ProfileSingleProcess
Setting: *S-1-5-32-544

RestoreFilesAndDirectories

Policy path:./Device/Vendor/MSFT/Policy/Config/UserRights/RestoreFilesAndDirectories
Setting: *S-1-5-32-544

TakeOwnership

Policy path: ./Device/Vendor/MSFT/Policy/Config/UserRights/TakeOwnership
Setting: *S-1-5-32-544

AllowToasts

Policy path: ./Device/Vendor/MSFT/Policy/Config/AboveLock/AllowToasts
Setting: 0

AllowDirectMemoryAccess`

Policy path: ./Device/Vendor/MSFT/Policy/Config/DataProtection/AllowDirectMemoryAccess
Setting: 0

AttackSurfaceReductionRules

Policy path: ./Device/Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules
Setting:
- 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84=2|3b576869-a4ec-4529-8536-b80a7769e899=2|
- d4f940ab-401b-4efc-aadc-ad5f3c50688a=2|92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B=2|
- 5beb7efe-fd9a-4556-801d-275e5ffc04cc=2|d3e037e1-3eb8-44c8-a917-57927947596d=2|
- be9ba2d9-53ea-4cdc-84e5-9b1eeee46550=2|9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2=2|
- b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4=2|7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c=2|

FacialFeaturesUseEnhancedAntiSpoofing

Policy path: ./Device/Vendor/MSFT/PassportForWork/Biometrics/FacialFeaturesUseEnhancedAntiSpoofing
Setting: TRUE

EnableFirewall

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
Setting: TRUE

DefaultInboundAction

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DefaultInboundAction
Setting: 1

DefaultOutboundAction

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DefaultOutboundAction
Setting: 0

DisableInboundNotifications

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DisableInboundNotifications
Setting: TRUE

EnableFirewall (privae profile)

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
Setting: TRUE

DefaultInboundAction (private profile)

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DefaultInboundAction
Setting: 1

DefaultOutboundAction (private profile)

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DefaultOutboundAction
Setting: 0

DisableInboundNotifications (private profile)

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DisableInboundNotifications
Setting: TRUE

EnableFirewall (public profile)

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
Setting: TRUE

DefaultInboundAction (public profile)

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DefaultInboundAction
Setting: 1

DefaultOutboundAction (public profile)

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DefaultOutboundAction
Setting: 0

DisableInboundNotifications (public profile)

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DisableInboundNotifications
Setting: TRUE

AllowLocalPolicyMerge

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/AllowLocalPolicyMerge
Setting: FALSE

AllowLocalIpsecPolicyMerge

Policy path: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/AllowLocalIpsecPolicyMerge
Setting: FALSE

ExploitProtectionSettings

Policy path: ./Device/Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings
Setting:

<?xml version=""""1.0"""" encoding=""""UTF-8""""?><MitigationPolicy><AppConfig Executable=""""ONEDRIVE.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""firefox.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /></AppConfig><AppConfig Executable=""""fltldr.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><ChildProcess DisallowChildProcessCreation=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""GROOVE.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /><ChildProcess DisallowChildProcessCreation=""""true"""" /></AppConfig><AppConfig Executable=""""Acrobat.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""AcroRd32.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""chrome.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /></AppConfig><AppConfig Executable=""""EXCEL.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""iexplore.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""INFOPATH.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""java.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""javaw.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""javaws.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""LYNC.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""MSACCESS.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""MSPUB.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""OIS.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""OUTLOOK.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""plugin-container.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""POWERPNT.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""PPTVIEW.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""VISIO.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""VPREVIEW.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""WINWORD.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""wmplayer.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""wordpad.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig></MitigationPolicy>

BlockPicturePassword

Policy path: ./Device/Vendor/MSFT/Policy/Config/CredentialProviders/BlockPicturePassword
Setting: <Enabled/>

DontDisplayNetworkSelectionUI

Policy path: .Device/Vendor/MSFT/Policy/Config/WindowsLogon/DontDisplayNetworkSelectionUI
Setting: <Disabled/>

CloudExtendedTimeout

Policy path: ./Device/Vendor/MSFT/Policy/Config/Defender/CloudExtendedTimeout
Setting: 10

Share via