Forum Discussion
Ability to block all downloads but allow users to select Keep
MicrosoftKevinJ613 Hello! Just to confirm, was the DownloadRestrictions policy working for your organization prior to the v91 update? (Example: it prompted the users to choose "Keep" or "Delete" for every file downloaded) Then after the update to v91, the behavior of the policy changed?
I scanned through the policies and saw the PromptForDownloadLocation policy (https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#promptfordownloadlocation)
would something like this help users consciously decide before downloading a file?
Thanks!
-Kelly
No, we have never had that prompt show up until version 91 was released, but even then it ONLY showed up after I made a change to the DownloadRestrictions Policy.
So my Policy was originally set to BlockDangerousDownloads, which allowed files to be downloaded (again never got that Keep or delete message for any downloads that I am aware of).
As soon as the release of v91, we were getting full blocks (no changes to the GPO)
I then changed the Policy to ' No Special restrictions' and we were now getting this
Once you choose Keep from the menu, after a few minutes the next time this file type is clicked to be downloaded, it will just present the Open/Save As/Save option.
The above screenshots is an .msg file from a ticketing system, which we also later found out people trying to download internal applications were also being blocked.
I started reading this https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-downloads-interruptions and got me thinking what if we can ALWAYS enable the prompt that asks a user to Keep or Delete?
I don't fully understand what is actually happening, because according to that page (and subsequent links) the .msg file should not have been blocked as it has always been opened before.. the difference is, that was done prior to version 91.
We have a requirement of the following:
If any of the executable test files are downloaded successfully and can be executed without a warning and prompt for the user to decide whether or not to proceed then record a Fail result for this sub-test. Otherwise, record a Pass result for this sub-test.
So to me this fits that requirement, even if it is not intended to do so..
So I don't want to Block the files, I just want it to always prompt regardless of what files being downloaded. So any "known good files" from lets say Microsoft will still give us this prompt and then we have to click Keep.
This is a total PITA move, but we have special requirements from au
Bonus points if we can exclude internal domains from being prompted.
And to answer your question, I don't see how Prompt for location would provide me with the block prompt and then the option to Keep or Delete.
I get the intent of asking where to save each time, but that is not necessarily a warning, where the above one is a warning if you will.
KevinJ613 I am also in this same situation. If you found a resolution I'd be interested in hearing it so I can give it a shot. Thanks!
- I had a ticket opened with MS Edge team, and there really are no options to do what we want. The support agent stated they would bring it up with the product team.. but i dunno.
So i am still looking for a solution to do this (or at least something close to it.KevinJ613 I'm not so sure if this is helpful or not but this helped move me a bit forward. https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
I do not want to manage some giant list of websites and file types but this is letting files download from sites that I've got the Allow Download Restrictions piece set to Block Dangerous Downloads.
