Forum Discussion

MattiasB3's avatar
MattiasB3
Copper Contributor
Jul 14, 2022

July 12, 2022—KB5015807 (OS Builds 19042.1826, 19043.1826, and 19044.1826)

Hi, since installing July KB Internet Explorer Mode (IE Mode) does no longer work. https://www.reddit.com/r/edge/comments/vy5ety/ie_retirement_emie_site_list_suddenly_not_working/   Can't really ...
EdwinLJ's avatar
EdwinLJ
Copper Contributor
Jul 21, 2022

MattiasB3 Microsoft have come back to us and said they are looking into the cause for now they have provided a couple of possible work arounds I have used the NeutralResources via Intune Policies rather than GPO but the result should be the same.  My users can now access the few URL's we need to work via IE computability mode.  I dismissed the option of disabling Edge MDAG completely however we did test that on a test device and it also fixed the issue so seems to be something in the MDAG isolation policies causing the issue post patch.

Add the sites in the IE Mode list as trusted in the Network Isolation policy. On the gpedit the path to the polices -> Computer Configuration\Administrative Templates\Network\Network Isolation.

  1. For intRAnet sites, you’ll need to add their IP addresses & the corresponding Network Domains to EnterpriseIPRanges (Network Isolation\Private network ranges for apps) & EnterpriseNetworkDomainNames (Intune only) policy
  2. For intERnet sites, you’ll need to add their domains to either EnterpriseCloudResources (Network Isolation\Enterprise resource domains hosted in the cloud) or NeutralResources (Network Isolation\Domains categorized as both work and personal) policy

OR

                  Stop targeting Edge MDAG policies to those machines

 

Hope this helps you.

InkzzZ's avatar
InkzzZ
Copper Contributor
Jul 25, 2022

EdwinLJ  Thanks so much.  Our Edge would go in to IE mode and show a 'cannot connect' error.  If you refreshed, it wouldn't use IE mode but show the webpage.  If you refreshed again it would go back in to IE mode with a 'cannot connect' error.  We have been running with the same configuration for months with no issues.

 

I can confirm that this fixed it for us.  I would never have found the cause of this!

  • InkzzZ's avatar
    InkzzZ
    Copper Contributor
    Aug 02, 2022
    I actually removed the MDAG policies in the end but I also had it working by configuring Enterprise Cloud Resources under Network Isolation in a settings catalog device configuration profile in InTune.
  • EdwinLJ's avatar
    EdwinLJ
    Copper Contributor
    Aug 02, 2022

    VMStrengell 

     

    I am fortunate not to have any intranet sites needing IE compatibility mode so can't confirm if there is a difference for intranet sites but for the 3rd Party ones I configured it in InTune.  So I go Endpoint Security -> Attack Surface Reduction -> Edit my policy for "App and Browser Isolation" -> Neutral Resources -> add sites and IP's as needed.  My devices normally take a couple of manual syncs or just leave them for a couple of hours for them to pickup the policy setting change.

     

    Sorry I can't be of more help.

  • MikePalmer75's avatar
    MikePalmer75
    Brass Contributor
    Aug 02, 2022

    VMStrengell We unassigned the policy from our devices but that was only due to the fact the policies were not production ready or tested.

     

    Mike

  • VMStrengell's avatar
    VMStrengell
    Copper Contributor
    Aug 02, 2022
    Did you configure the GPO/Intune policies or just disabled MDAG policies? Having the same problem but cant get those intranet sites working..

Resources