Forum Discussion
Edge Insider ADMX
WBrady1965 - The new version of Edge will have a large set of Group Policy options which largely mirrors those in Chromium with several additions and removals based on Edge's feature set.
Having said that, like Chromium, the new Edge does not have "Zones" per-se and as a consequence most policies apply to all sites. It would be helpful to understand what aspects of Zones you were using previously, and whether the equivalent features in Chromium policy (e.g. site lists) are usable as an alternative.
Things we would absolutely need to be able to control with group policy include blocking user installation of extensions (students like to install VPN extensions), force installing certain extensions (and disabling removal of these by the user). Setting homepages and start up URLs is also extremely important as well as disabling developer mode, in-browser task managers and making pre-set bookmarks.
These settings would be great., along with Enterprise Mode options.
Stu R, I second all that.
But really, you need to nail this, Microsoft, to make Enterprises shift from Google Chrome.
If there is a feature in Google Chrome, that is customizable with Chrome for Work, it needs to be native configurable with Group Policy.
And everything, that you add as configurable from the UI into Edge, needs to be configurable with Group Policy.
These Chrome for Work Policies are regularly used to lock down Chrome:
| Administrative Templates\Google\Google Chrome | Enable Printing |
| Administrative Templates\Google\Google Chrome | Enable autofill properties |
| Administrative Templates\Google\Google Chrome | Restrict which users are allowed to sign in to Google Chrome |
| Administrative Templates\Google\Google Chrome | Hide the Web Store from the New Tab Page and app launcher |
| Administrative Templates\Google\Google Chrome\Extensions | Configure Extension installation blacklist |
| Administrative Templates\Google\Google Chrome\Default Search Provider | Enable the default search provider |
| Administrative Templates\Google\Google Chrome | Incognito mode availability |
| Administrative Templates\Google\Google Chrome | Block access to a list of URLs Properties & Allows access to a list of URLs |
| Administrative Templates\Google\Google Chrome | Allow Invocation of file selection dialogs |
| Administrative Templates\Google\Google Chrome | Enable bookmark bar |
| Administrative Templates\Google\Google Chrome | Enable add person in profile manager |
| Administrative Templates\Google\Google Chrome | Enable Guest mode in browser properties |
| Administrative Templates\Google\Google Chrome | Enable Google Cloud Print proxy & Enable submission of documents to Google Cloud Print |
| Administrative Templates\Google\Google Chrome | Set Google Chrome as default browser |
| Administrative Templates\Google\Google Chrome | Disable developer tools |
| Administrative Templates\Google\Google Chrome | Specify whether plugin finder should be disabled |
| Administrative Templates\Google\Google Chrome | Disable taking screenshots |
| Administrative Templates\Google\Google Chrome | Enables or Disables Bookmark editing |
| Administrative Templates\Google\Google Chrome | Ephemeral Profile |
| Administrative Templates\Google\Google Chrome | Disable saving browser history |
| Administrative Templates\Google\Google Chrome | Enable Search Suggestions |
| Administrative Templates\Google\Google Chrome | Show the apps shortcut in the bookmarks bar |
| Administrative Templates\Google\Google Chrome | Enable or disable spell checking web service |
| Administrative Templates\Google\Google Chrome | Disable synchronization of data with Google |
| Administrative Templates\Google\Google Chrome | Enable Translate |
| Administrative Templates\Google\Google Chrome | Specify a list of disabled plugins |
| Administrative Templates\Google\Google Chrome\Home Page | Configure the Home Page URL |
| Administrative Templates\Google\Google Chrome\Home Page | Use New Tab Page as homepage |
| Administrative Templates\Google\Google Chrome\Locally Managed Users Settings | Enable creation of supervised users |
| Administrative Templates\Google\Google Chrome\Native Messaging | Allow user-level Native Messaging hosts (installed without admin permissions) |
| Administrative Templates\Google\Google Chrome\Password Manager | Enable the password manager |
| Administrative Templates\Google\Google Chrome\Password Manager | Allow users to show passwords in Password Manager |
| Administrative Templates\Google\Google Chrome\Startup Pages | Action on startup |
| Administrative Templates\Google\Google Chrome\Startup Pages | URLs to open on startup |
| Administrative Templates\Google\Google Chrome\Extensions | Configure the list of force-installed apps and extensions |
| Administrative Templates\Google\Google Update\Applications\Google Chrome | Update policy override |
| Administrative Templates\Google\Google Update\Applications\Google Chrome Binaries | Update policy override |
| Administrative Templates\Google\Google Chrome\Content Settings | Allow popups on these sites |
All the GPO Settings for the old Edge and IE should be ported to the new Edge, unless they are no longer relevant on the Chromium based Edge.
That list is great, but what we have to have is before we can switch is the ability to do 2-hop authentication, which we can do with Chrome using:
https://www.chromium.org/administrators/policy-list-3#AuthNegotiateDelegateWhitelist
Which in GPO is implemented as (see screenshot).
- Eric_Lawrence
Microsoft
Keith Davis Thanks. Yes, that policy is expected to be available in Edge.
