Excluding specific files from being uploaded to OneDrive

This week is another relatively short blog post, again somewhat related to Microsoft Edge. This week, however, is about configuring some specific OneDrive configurations. More specifically, the focus will be on excluding specific files from being uploaded to OneDrive. Not something really new, but the importance became clear again this week. There can be many reasons why organizations might want to exclude specific files from being uploaded to OneDrive, but there are also some generic reasons that are applicable to most organizations. An often heard reason is related to desktop shortcuts. Synchronizing desktop shortcuts (or even shortcuts in general) often results in either duplicate shortcuts or shortcuts to missing applications. Another reason is related to organizational branding in Microsoft Edge. Customizing organizational branding relies on …

Read more

Protecting against typosquatting with website typo protection in Microsoft Edge

This week is a short post about website typo protection in Microsoft Edge. That subject was briefly mentioned earlier when discussing Enhanced Security Mode in this blog post about tightening browser security in Microsoft Edge. This week is mainly focused on awareness for website typo protection. Website typo protection is aimed at protecting users against typosquatting. Typosquatting is intended to hijack traffic of users that meant to visit well-known sites, but that made a spelling mistake. That hijacking is achieved by using addresses with common misspellings or typographical errors of those well-known sites. Often that is used as prank, ad, or (friendly) competition, but more and more often that is also being used for phishing and malware. In the latter cases, users will get to …

Read more

Blocking other browsers with policies for Microsoft Edge (be careful)

This week is all about creating awareness. Creating awareness for the configuration options that are available for Microsoft Edge via the Microsoft 365 admin center, also known as the Microsoft Edge management service. The Microsoft Edge management service is an alternative method, besides Microsoft Intune, for configuring the Microsoft Edge browser via the Cloud. The configurations are stored in the Cloud and the settings can be applied through a group assignment. The user must be signed into the browser to receive those settings, and the browser must be restarted to make new settings applicable. So, pretty similar to the capabilities within Microsoft Intune. Besides that, the Microsoft Edge management service also provides access to additional settings, such as organization branding, AI, and specific security settings. …

Read more

Preventing scareware with scareware blocker in Microsoft Edge

This week is all about a relatively new security feature within the Microsoft Edge browser, and that feature is scareware blocker. Scareware blocker is a security feature to protect against scareware attacks. Scareware attacks often display as full-screen pop-ups with all sorts of warnings claiming that the device has been compromised. The idea behind those attacks is often to frighten users into calling fraudulent support numbers or downloading harmful software. Scareware blocker can automatically detect and stop these attacks, by using machine learning. This post will start with a brief introduction about scareware blocker in Microsoft Edge, followed with the steps to enable it. This post will end with an overview of the user experience. Note: At the moment of writing scareware blocker is still …

Read more

Configuring a single app, full-screen kiosk with Microsoft Edge on Windows 11

This week is all about configuring a single app, full-screen kiosk with Microsoft Edge on Windows 11 devices. A kiosk is nothing new and the Microsoft Edge browser not either. And even the combination of both is nothing new. That being said, there are often unknowns in the configuration options and what actually happens with Microsoft Edge when configuring it as the kiosk application. And that often causes questions. So, this post should take some of those questions away. One of the things that’s often forgotten, for example, is that the Microsoft Edge browser will also run in kiosk mode. And that puts limitations on its capabilities. This post will focus on configuring a single app, full-screen kiosk with Microsoft Edge on Windows 11 devices, …

Read more

Working with in-browser protection in Microsoft Edge for Business

This week another blog post focused on the security capabilities within Microsoft Edge. With the introduction of Microsoft Edge for Business, there is a larger focus on providing a Microsoft Edge experience for work. That experience provides IT administrators with the ability to give their users a productive and secure browser for work, across managed and unmanaged devices. With that, Microsoft Edge can be the secure enterprise browser for many organizations. Especially with the focus of Microsoft Edge on security, privacy, and manageability. And not just that, it includes enhanced productivity alongside the security features. That brings us to the focus of this week and that is in-browser protection. In-browser protection is a great example of that combination as it reduces the need for proxies, …

Read more

Tightening browser security with Enhanced Security Mode in Microsoft Edge

This week is all about tightening security in Microsoft Edge and making sure that it’s one step closer to a secure enterprise browser. Especially nowadays when users spends most of their time in a web browser, it’s important to make sure that the right controls are in place to protect the users and the corporate data. That can be achieved by having a closer look at the different security features that Microsoft Edge brings to the table. And that are many different features. When specifically looking at protecting the user, think about features like Microsoft Defender SmartScreen, typosquatting protection, and Enhanced Security Mode. Three different security features, all with their own focus. Microsoft Defender SmartScreen to protect against phishing and malware, typosquatting protection to warn …

Read more

Managing Microsoft Edge browser extensions on Windows devices

This week is all about browser extensions. And more specifically, about Microsoft Edge browser extension on Windows devices. There are many reasons why organizations might want to look into managing and controlling Microsoft Edge browser extensions. Most of those reasons, however, are security related and focussed on staying in control of corporate data. Lately, there have been multiple examples of malicious browser extensions – not specific to the Microsoft Edge browser – that would collect user data and exfiltrate it to a malicious website. A good reason to get in control of the browser extensions that are being used within the organization. Either by fully controlling which browser extensions can be installed, or by at least blocking unwanted browser extensions. This post will look specifically …

Read more

Managing automatic switching in Microsoft Edge for Business

This week is all about Microsoft Edge for Business and the automatic switching feature. Microsoft Edge for Business is the dedicated Microsoft Edge experience that is created for work accounts. It provides IT administrators with the capabilities to provide users with a productive and secure browsing experience across managed and unmanaged devices. That includes the ability to manage the automatic switching behavior between work and personal profiles. Automatically switching between profiles can help users to keep their work and personal browsing separate. When the device has an existing work profile, it enables automatic switching when adding a personal profile, to enforce the browsing context separation. That behavior can also be managed. The automatic switching is not always desirable, or sometimes needs some tuning. This post will …

Read more

Troubleshooting MAM for Windows

This week is a short follow-up on a post of a few months ago about getting started with Mobile Application Management (MAM) for Windows. That post was really focused on getting started with MAM for Windows, while this post will be more focused on what’s coming after that. The concept and the basic configuration of MAM for Windows is pretty straight forward, once being familiar with the available configuration options. However, it gets more challenging when verifying the configuration and the behavior. Especially when there is not that much information available. The (location of the) log file is not really well documented, as is the process to verify the applied configuration. This post will provide answers to those questions. It will described were to find …

Read more