The new FSLogix version, which was released in October, introduces a long-awaited feature: VHDX compaction. FSLogix is a standalone product acquired in late 2017 by Microsoft for profile management and application masking features. It is primarily used in virtual desktop or RDSH solutions to provide users with a persistent experience in nonpersistent environments.
Many websites ask users whether they want to receive notifications. In managed environments, this feature can be disabled via group policies. Both Chromium-based browsers and Firefox allow whitelisting and blacklisting of such websites.
User Account Control helps to implement proper permission levels for users accessing systems. Instead of needing administrator privileges, UAC allows admins to set up standard user permissions for users and escalate privileges in a granular way. In corporate networks, admins can use Group Policy to configure various UAC settings, including disabling UAC. Thanks to Windows Hello, you can now use a PIN for UAC.
Microsoft released version 22H2 of Windows 10 (Windows 10 2022 Update). It offers practically no new features for end users but introduces some changes that are relevant for admins. These include extensive alignment of group policies and the security baseline with Windows 11 22H2.
In Windows 10 1809, Microsoft introduced a clipboard with multiple entries and added the ability to sync its contents among several devices. This cloud clipboard poses certain security risks, such as data leakage. However, it can be restricted by using Group Policy.
The current release of Windows 11 includes over 70 new settings for group policies. Most of these serve as security improvements and have largely been included in the security baseline. In addition, there are new policies for the Windows UI, the package manager winget, and Internet Explorer.
Together with the release of Windows 11 2022, Microsoft published the corresponding security baseline. It recommends activating a whole range of additional group policies, most of which are new with this OS version. One main focus is on safeguarding printers.
When you access a file share in Windows and the conditions for access are not met, you are normally presented with a generic access denied message. It is actually possible to customize the error message to provide more meaningful and understandable output that aids with dynamic access control, rather than the simple "contact your network administrator," which will invariably result in a call to the service desk. However, there are a couple of limitations to this functionality.
Obtaining effective protection by virus scanners requires that they always use the latest definitions. Therefore, Microsoft Defender is not limited to getting its signature updates from the standard source for OS updates. Rather, you may specify several at once.
In addition to the virus scanner, Microsoft Defender offers other security functions. These include the reduction of the attack surface, which hardens applications such as Office, browsers, and Adobe Reader. The feature is not active by default and can be configured via group policies or PowerShell.
The new Edge is great but since it’s from Microsoft, Bing is the default search engine out of the box. To change it, you can simply go to the Settings page, Privacy, search, and services, and click the Address bar and search at the bottom of the page. From there, you can manage search engines, add or set one as default, etc.
This will be fine if you are setting it for yourself. If you have many computers to manage through Active Directory, setting it up via Group Policy make things a lot easier.
Open Group Policy Manager, heading over to the following:
User Configuration > Policies > Administrative Templates > Microsoft Edge
Double click the Manage Search Engines setting on the right.
Microsoft Edge has a beautiful new tab page that has a search box defaulting to Bing. So to make things a bit more consistently, I’d recommend to enable and set the “Configure the new tab page search box experience” policy to Address bar. What it does is that when you type the search term in the search box in the new tab page, it will redirect you to the address bar, which uses the browser’s default search engine.
The policy is located at:
User Configuration > Policies > Administrative Templates > Microsoft Edge > Default search provider