Disable: 'Support device authentication using certificate'
Support for device authentication using certificate will require connectivity to a DC in the device account domain which supports certificate authentication for computer accounts.
This policy setting allows you to set support for Kerberos to attempt authentication using the certificate for the device to the domain.
If you enable ...
Ensure No Auditing for 'Audit Policy: Object Access: Filtering Platform Connection'
This subcategory reports when connections are allowed or blocked by WFP. These events can be high in volume. Events for this subcategory include:
- 5031: The Windows Firewall Service blocked an application from accepting incoming connections on the network.
- 5154: The Windows Filtering Platform has permi ...
Disable: 'Prevent users app data from being stored on non-system volumes'
Prevent users' app data from moving to another location when an app is moved or installed on another location.
If you enable this setting, all users' app data will stay on the system volume, regardless of where the app is installed.
If you disable or do not configure this setting, then when an app is ...
Disable: 'Use biometrics'
Microsoft Passport for Work enables users to use biometric gestures, such as face and fingerprints, as an alternative to the PIN gesture. However users must still configure a work PIN to use in case of failures.
If you enable this policy setting, Microsoft Passport for Work allows the use biometric gestures on.
If you disable this policy setting, Microsoft Passpo ...
Disable: 'Disable pre-release features or settings' for EnableConfigFlighting
This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. A value of 1 permits Microsoft to configure device settings only. A value of 2 allows Microsoft to conduct full experimentations.
If you disable this policy setting, all experimentati ...
Specify the 'Cipher suite order (Lanman Server)' value
This policy setting determines the cipher suites used by the SMB server.
If you enable this policy setting, cipher suites are prioritized in the order specified.
If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite ...