新的 Microsoft Edge appNew Microsoft Edge app

新的 Microsoft Edge 瀏覽器 提供世界一流的效能,具有更多隱私權、生產力和更多的流覽能力。The new Microsoft Edge browser provides world-class performance with more privacy, more productivity, and more value while you browse. Microsoft 受管理的桌面為您環境中的新 Edge browser 的部署提供公開預覽。Microsoft Managed Desktop is offering a public preview of deployment of the new Edge browser in your environment.

初始部署Initial deployment

若要將 Microsoft 受管理的桌面裝置遷移至新的 Microsoft Edge browser,請透過 Microsoft 受管理的桌面入口網站,將 IT 支援票證檔。To migrate your Microsoft Managed Desktop devices to the new Microsoft Edge browser, file an IT Support Ticket through the Microsoft Managed Desktop Portal. 當您為票證進行檔案時,我們會將 Edge 穩定通道部署到測試群組,然後在每個後續的部署群組中每隔24小時部署一次。We will deploy the Edge Stable channel to the Test Group when you file the ticket, and then deploy it in each subsequent deployment group every 24 hours. 若要暫停部署,請 file 另一個票證要求作業保留。To pause the deployment, file another ticket asking Operations to hold.

測試通道也可在組織中要求代表驗證的要求。The Beta Channel is also available upon request for representative validation within your organization. Microsoft 受管理的桌面會依照測試和第一個群組的需要部署應用程式,這樣,除了穩定通道之外,所有使用者都有 Beta 通道。Microsoft Managed Desktop will deploy the application as required to the Test and First Groups so that all of those users have the Beta Channel in addition to the Stable Channel. 對於任何需要存取 Beta 通道的其他使用者,請將其新增至 新式的 Workplace Edge Beta 使用者 群組,並將其從公司入口網站安裝For any other users who need access to the Beta Channel, add them to the Modern Workplace - Edge Beta Users group and have them install it from the Company Portal

Microsoft Edge 的更新Updates to Microsoft Edge

Microsoft 受管理的桌面部署的 Microsoft Edge 穩定通道 ,它會自動更新每六周。Microsoft Managed Desktop deploys the Stable channel of Microsoft Edge, which is auto-updated about every six weeks. 「穩定通道」上的更新會由 Microsoft Edge 產品群組 逐步 展開,以確保客戶獲得最佳的體驗。Updates on the Stable channel are rolled out progressively by the Microsoft Edge product group in order to ensure the best experience for customers.

測試和第一個群組中的裝置會部署 Beta 通道 至組織內的代表驗證。The Beta Channel is deployed to devices in both the Test and First groups for representative validation within the organization. 此通道完全受支援,且每六周大約會以新功能自動更新。This channel is fully supported and is auto-updated with new features approximately every six weeks.

為了確保 Microsoft Edge 正確更新,請勿修改 Microsoft Edge 更新原則To ensure that Microsoft Edge updates correctly, do not modify the Microsoft Edge update policies.

Microsoft 受管理的桌面所管理的設定Settings managed by Microsoft Managed Desktop

Microsoft 受管理的桌面已建立一組預設的 Microsoft Edge 原則,以保護瀏覽器的安全。Microsoft Managed Desktop has created a default set of policies for Microsoft Edge to secure the browser. 預設瀏覽器設定如下:The default browser settings are as follows:

Microsoft Edge 擴充Microsoft Edge extensions

Microsoft 受管理的桌面裝置上的 Microsoft Edge 安全性基準會設定兩個原則,以停用所有的 Chrome 副檔名及安全的使用者。The security baseline for Microsoft Edge on Microsoft Managed Desktop devices sets two policies to disable all Chrome extensions and secure users. 若要啟用及部署環境中的擴充功能,請參閱您管理的設定。To enable and deploy extensions in your environment, see Settings you manage.

擴充安裝 blocklistExtension installation blocklist

預設值: 所有Default value: All

Microsoft 受管理的桌面會設定此原則,以防止在受管理的端點上安裝 Chrome 擴充功能。Microsoft Managed Desktop sets this policy to prevent Chrome extensions from being installed on managed endpoints. Chromium 擴充模型有相關的已知風險,包括資料遺失防護、隱私權及可能危及裝置的其他威脅。There are known risks associated with the Chromium extension model including data loss protection, privacy, and other risks that can compromise devices.

允許未以系統管理員許可權安裝的使用者層級原生郵件主機 () Allow user-level native messaging hosts (installed without admin permissions)

預設值: 禁用Default value: Disabled

停用此原則之後,Microsoft Edge 只會使用系統層級上安裝的原生郵件主機。By disabling this policy, Microsoft Edge will only use native messaging hosts installed on the system level. 原生郵件主機是 Chrome extensions 的一部分,可讓瀏覽器與使用者端點的其他部分互動,以建立各種安全性考慮。Native messaging hosts are a part of Chrome extensions, which allow for the browser to interact with other parts of user’s endpoint, creating a variety of security concerns.

安全通訊端層 (TLS/SSL) Secure Sockets Layer (TLS/SSL)

最低 TLS 版本Minimum TLS version

預設值: 支援的最小 TLS 1。2Default value: Minimum TLS 1.2 supported

如果您想要使用較不安全的 TLS 1.1,您可以將要求歸檔以進行此作業。If you want to use the less secure TLS 1.1, you can file a request to do so.

允許使用者從 [SSL 警告] 頁面繼續。Allows users to proceed from the SSL warning page

預設值: 禁用Default value: Disabled

建議您不要啟用此設定,因為它可讓使用者透過 TSL 錯誤來訪問網站。We don't recommend enabling this setting since it allows users to visit sites with TSL errors.

Microsoft Defender SmartScreenMicrosoft Defender SmartScreen

設定 Windows Defender SmartScreenConfigure Windows Defender SmartScreen

預設值: 啟用Default value: Enabled

預設為啟用,以協助保護使用者。Enabled by default to help protect users.

Windows Defender SmartScreen 提示網站Windows Defender SmartScreen prompts for sites

預設值: 啟用Default value: Enabled

[!附注] 建議您不要停用此設定,因為這樣可讓使用者忽略警告,並繼續進行可能惡意的網站。We do not recommend disabling this setting since that would allow users to ignore warnings and continue to potentially malicious sites.

避免繞過 Windows Defender SmartScreen 有關下載的警告Prevent bypassing of Windows Defender SmartScreen warnings about downloads

預設值: 啟用Default value: Enabled

建議您不要停用此設定,因為這樣可讓使用者忽略警告,並完成未驗證的下載。We do not recommend disabling this setting since that would allow users to ignore warnings and complete unverified downloads.

Adobe FlashAdobe Flash

預設 Adobe Flash 設定Default Adobe Flash setting

預設值: 禁用Default value: Disabled

因為有相關的安全性風險,所以不建議使用 Flash。We don't recommend using Flash because of associated security risks. 如果您仍然有依賴 Flash 的進程,請設定 PluginsAllowedForUrls 原則,為需要它的網站啟用 Flash。If you still have processes that depend on Flash, set the PluginsAllowedForUrls policy to enable Flash for sites that need it. 如果您無法保留允許的網站清單以使用 Flash,請提交變更要求,以變更值以 按一下 [播放],這可讓使用者選擇適當的時間來執行 flash。If you can't maintain an allowed list of sites to use Flash, file a change request to change the value to Click to Play, which allows users choose when it's appropriate to run Flash.

密碼管理員Password manager

啟用將密碼儲存至密碼管理員Enable saving passwords to the password manager

預設值: 禁用Default value: Disabled

建議您不要讓使用者將密碼儲存在其裝置上。We do not recommend allowing users to save passwords on their device.

Microsoft Edge 中的 Internet Explorer 模式Internet Explorer Mode in Microsoft Edge

Microsoft Edge 的 IE 模式可讓您輕鬆地在單一瀏覽器中使用貴組織所需的所有網站。IE mode on Microsoft Edge makes it easy to use all of the sites your organization needs in a single browser. 它會針對與 Chromium 轉譯引擎相容的網站使用整合式 Chromium 引擎,並從 Internet Explorer 11 (IE11) 使用 Trident MSHTML 引擎,以取得 IE 功能上沒有相關性的網站。It uses the integrated Chromium engine for sites that are compatible with the Chromium rendering engine and it uses the Trident MSHTML engine from Internet Explorer 11 (IE11) for sites that aren't or have dependencies on IE functionality. [深入瞭解] (https://docs.microsoft.com/DeployEdge/edge-ie-mode)[Learn more] (https://docs.microsoft.com/DeployEdge/edge-ie-mode)

Microsoft 受管理的桌面預設會啟用裝置的 Internet Explorer 模式Microsoft Managed Desktop enables Internet Explorer mode for your devices by default

Internet Explorer 模式整合Internet Explorer mode integration

預設值: Internet Explorer 模式Default Value: Internet Explorer mode

依預設,裝置會設定為使用 Internet Explorer 模式,但您可以將其設定為在獨立的 Internet Explorer 11 視窗中開啟網站。By default, devices are set to use Internet Explorer mode, but you can set them to open sites in a standalone Internet Explorer 11 window instead. 若要變更此行為,請歸檔支援要求。To change this behavior, file a support request.

將網站新增至企業模式網站清單Add sites to the Enterprise Mode Site list

若要在 Internet Explorer 模式中開啟網站,您必須將其包含在 企業網站清單中。For sites to open in Internet Explorer mode you must include them on the Enterprise Site list. 維護和部署企業網站清單是您的責任。Maintaining and deploying the Enterprise Site list is your responsibility. 如需詳細資訊,請參閱 configure using The Configure Enterprise Mode Site List policyFor details, see Configure using the Configure Enterprise Mode Site List policy

其他設定Other settings

針對每個網站啟用網站隔離Enable site isolation for every site

預設值: 啟用Default value: Enabled

啟用此原則時,使用者將無法選擇每個網站在自己的處理中執行的預設行為。When this policy is enabled, users can't opt out of the default behavior in which each site runs in its own process.

支援的驗證架構Supported authentication schemes

預設值: NTLM、協商Default value: NTLM, Negotiate

Microsoft 受管理的桌面不支援基本或摘要驗證架構。Microsoft Managed Desktop doesn't support Basic or Digest Authentication schemes.

在第一次執行時自動匯入另一個瀏覽器的資料和設定Automatically import another browser's data and settings at first run

預設值: 從預設瀏覽器自動匯入所有支援的資料類型和設定Default value: Automatically import all supported datatypes and settings from the default browser

套用此原則之後,初次執行體驗將會略過 [匯入] 區段,最小化使用者互動。With this policy applied, the First Run Experience will skip the import section, minimizing user interaction. 在第一次執行時,不論此設定為何,瀏覽器資料在第一次執行時,總會會以無訊息方式遷移。The browser data from older versions of Microsoft Edge will always be silently migrated at the first run, regardless of this setting.

您管理的設定Settings you manage

您可以使用 Microsoft Intune 中的「管理範本」設定檔,部署先前並未描述的任何 Microsoft Edge 設定。You can deploy any Microsoft Edge settings not previously described by using the Administrative Templates profile in Microsoft Intune. 如需詳細資訊,請參閱 使用 Microsoft Intune 設定 Microsoft Edge 原則設定For details, see Configure Microsoft Edge policy settings with Microsoft Intune. 如果您想要評估的原則目前未包含在 Intune 的 Microsoft Edge 系統管理範本中,您可以在 Intune 中使用 Windows 10 裝置的自訂設定。If you want to evaluate a policy that is not currently included in the Microsoft Edge Administrative Templates in Intune, you can use custom settings for Windows 10 devices in Intune.

啟用特定的 Chrome 副檔名Enabling specific Chrome extensions

系統管理範本提供使用 Microsoft Intune 部署特定 Chrome extensions 的設定。The Administrative Template offers a setting to deploy particular Chrome extensions with Microsoft Intune. 您可以在 [電腦設定] 中找到該 > Microsoft Edge > 擴充 > 允許安裝特定的分機 號碼。You can find it in Computer Configuration > Microsoft Edge > Extensions > Allow Specific Extensions to be installed.

無訊息安裝分機Install extensions silently

您也可以使用系統管理範本來設定 Microsoft Edge,以安裝分機,而不會提醒使用者。You can also use the Administrative Template to set Microsoft Edge to install extensions without alerting the user. 您可以在 [電腦設定 >] 中找到它, > 擴充 > 控制以無訊息方式安裝的分機 號碼。You can find it in Computer Configuration > Microsoft Edge > Extensions > Control which extensions are installed silently.

Microsoft Edge 更新原則Microsoft Edge update policies

為了確保 Microsoft Edge 正確更新,請勿修改 Microsoft Edge 更新原則To ensure that Microsoft Edge updates correctly, do not modify the Microsoft Edge update policies.

其他常見的企業原則Other common enterprise policies

Microsoft Edge 提供許多其他的原則。Microsoft Edge offers a great many other policies. 以下是一些較為常見的專案:These are some of the more common ones: