Windows 10 is full of great functionality for the enterprise, but not every environment is suitable for everything Windows 10 has to offer. Fortunately, each feature or app lends itself to a good amount of tuning to fit the needs of both users and organizational policies. And by using Group Policy or mobile management device (MDM) settings, an administrator can set a policy setting and then copy it for multiple users, computers or devices, greatly reducing administrative effort.\nThis article looks at ways to wrangle Cortana, Windows Hello, Microsoft Edge and Windows Store settings, whether that means restricting parameters for more control or disabling them outright.\nCortana, the personal assistant\nCortana is the voice-driven personal assistant feature in Windows 10 that ratchets up the productivity level of business users in the office or on the go. It's also available as an app in Windows Phone, iOS and Android. Cortana is a powerful search tool for both the local device and Web. It opens applications by name, works with Microsoft Power BI to provide on-the-fly data analytics (revenue for the last two quarters, average customer spending by location, etc.), handles calendar appointments and processes fairly complex requests for reminders (for example "Remind me when I\u2019m near to buy printer paper").\nAlthough Cortana is super handy, its chattiness can be disruptive to co-workers within earshot and isn't conducive to certain business environments. To disable Cortana dictation on the desktop for a single user, open the Settings app, go to Privacy > Speech, Inking and Typing, and click the Stop getting to know me button. Be aware that, in addition to voice control, this setting enables Cortana to gather data about the user, which helps the feature deliver services. Disabling the feature also deletes data collected by Cortana previously.\n[Related: Why DISM is the Swiss Army knife of Windows 10 maintenance]\nAdministrators can control Cortana at the Group Policy and MDM level as well. For example, to turn off Cortana but still allow users to perform searches, modify these settings:\n\nGroup policy: Computer ConfigurationAdministrative TemplatesWindows ComponentsSearchAllow Cortana\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\nMDM: Experience\/AllowCortana\n\nSeveral other settings may be disabled, but doing so also disables Cortana functionality. Some of those settings are automatic learning (where speech, typing, handwriting and calendar information is collected), location-aware search and safe search (to filter adult content; applies to Windows Mobile only). The same applies to several Start menu search box settings, such as whether the menu may search for files, programs, Control Panel items and communications.\nWindows Hello for biometrics and authentication\nWindows Hello uses biometrics \u2013 fingerprint, facial or iris \u2013 to sign in to Windows 10 devices with just a finger swipe or a look into the device's camera (backed by a PIN), effectively eliminating the need for users to memorize long, complex passwords. After recognition using Windows Hello, Microsoft Passport provides multi-factor authentication before allowing access to any resources.\nMicrosoft Passport servers can be added to an existing on-premises infrastructure, without the need to change the domain or forest functional level, or can be deployed using Microsoft Azure Active Directory. Like Cortana, an administrator can use Group Policy or MDM to control Microsoft Passport settings. In the Group Policy Editor (GPE), the settings for Microsoft Passport are located at Computer Configuration > Policies > Administrative Templates > Windows Components > Microsoft Passport for Work. The MDM settings use the PassportForWork configuration service provider (CSP), which is an interface for manipulating settings on the device.\nHere, an administrator can enable Microsoft Passport for Work, which provisions the feature using keys or certificates, and enable biometrics. If a PIN is used, there are various PIN complexity settings available, such as minimum and maximum length, as well as requiring digits, uppercase and lowercase letters.\u00a0\nAs a security precaution, Windows Hello biometric data is always stored on the local device and not transferred to a server.\nMicrosoft Edge for Web browsing\nMicrosoft Edge, the default browser for Windows 10, can be controlled by Group Policy or Microsoft Intune (for MDM) to manage settings and preferences. Using Group Policy, navigate to Computer ConfigurationAdministrative TemplatesWindows ComponentsMicrosoft Edge. Some settings that can be modified are:\n\nWhether content appears (or does not) when Microsoft Edge opens a new tab\nSending Do Not Track headers to Web sites that request tracking information\nAllowing or blocking cookies\nAllowing or blocking pop-ups\nWhether an intranet site should use Internet Explorer 11 by default\nWhich sites appear on the default Favorites list\nWhether to use Enterprise Mode for compatibility with certain Web apps\nWhether users can override SmartScreen Filter warnings\nWhether users can use Autofill for form fields\n\nSome Web apps, such as those that use ActiveX controls, tags and certain other elements, don't work well or render properly in Microsoft Edge. Windows 10 offers Enterprise Mode as a work-around for compatibility issues with Microsoft Edge. In this mode, Windows consults a list of Web sites that are known to be incompatible with Microsoft Edge, and opens them in Internet Explorer 11 instead, which does not disrupt productivity and lets users keep Microsoft Edge as their default Web browser.\n[Related: How to perform a clean install of Windows 10]\nSome other Windows 10 settings that are associated with Microsoft Edge include the Allow Cortana setting (described previously in this article) and these:\n\nWhether a user can use the Sync your Settings option to sync user settings to and from a device: Computer ConfigurationAdministrative TemplatesWindows Componentssync your settingsDo not sync\nWhether a browser group can use the Sync your Settings options (for things like History and Favorites): Computer ConfigurationAdministrative TemplatesWindows Componentssync your settingsDo not sync browser settings\n\nWindows Store for apps\nMany IT departments do not allow users to download and install Windows Store apps on company-owned computers and devices as a matter of policy. Windows 10 Enterprise and Windows 10 Mobile let administrators block Windows Store access using AppLocker, and Group Policy can be used to control the same in Windows 10 Enterprise.\nThe AppLocker method requires opening the Local Security Policy Editor, drilling down to AppLocker, and creating a new rule under Packaged app Rules. (Full instructions are on the Configure Access to Windows Store page in TechNet for Windows 10). For the Group Policy method, you turn off the Windows Store app. To do so, go to Computer Configuration > Administrative Templates > Windows Components > Store in the GPE. In the Setting pane, click Turn Off Store application, and then click Edit Policy Setting. On the Turn Off Store application setting page, click Enabled and then click OK.