SOLVED

Early preview of Microsoft Edge group policies

Microsoft

Update July 22nd 2019:

Hey folks,

Thanks for all the great feedback! We announced last week that Edge is now ready for Enterprise evaluations. 

You can find the latest ADMX files and MSIs/PKGs here:

https://www.microsoftedgeinsider.com/enterprise  

And you can find all the enterprise-focused documentation here:

https://docs.microsoft.com/DeployEdge

 

There is also an Enterprise-focused section of these Insider forums which the team will be monitoring. Direct link here:

https://techcommunity.microsoft.com/t5/Enterprise/bd-p/EdgeInsiderEnterprise

 

Thanks again for the great feedback and engagement. Looking forward to continuing to hear from all of you!

 

(Note: I have removed the ADMX zip file which was originally attached to this mail. Please see the latest versions at the links above)

 

Original post follows:

 

Hi everyone,

 

We've been asked fairly regularly what policies we intend to support. We're still working on the list, but I’d like to share an early preview of the management policies we are working on for the new version of Microsoft Edge.

 

You can find a zip file attached to this post, that includes the ADMX file, an English (US) version of the ADML file, and an English (US) HTML doc with the list of policies and descriptions.

 

Please note that not all of the associated policies have been implemented by current canary or dev builds!

 

Please send us feedback on the list, or the description text in the policies if something seems unclear.

 

IMPORTANT

  1. This is a work in progress. We are sharing this early draft with you for your feedback, but the list will change between now and our final release, with policies being added, removed or changed based on feedback.
  2. The HTML file includes both Mac and Windows policies.
  3. Policies for managing updates aren’t included; those will be in a separate administrative template file.
  4. These are only in English (US). We are working to localize the policy descriptions and documentation before our final release.

 

Please let us know if there are policies missing from the list, and give us feedback on the policy design.

 

Thanks for your interest!

 

Sean, on behalf of the Microsoft Edge team

 

80 Replies

@Sean Lyndersay 

 

Thank you! This was high on my list to see these GPO templates.

 

One setting I am not seeing in this list that would be important to my organization:

 

  • Disable Updater - I know this is probably going to be introduced once new Edge goes production. We need to verify each update with remote vendors and to ensure policies still work as needed.      ***I don't see this one in the ADMX file. Would be important to have.***

@Miguel_Garrido WIP support is in the roadmap. I can't confirm for sure that it will make the first release, but we'll definitely have it pretty soon thereafter.

AAD Sign will be available in Canary builds pretty soon (you can test it by turning on a flag: edge://flags/#edge-sign-in-with-aad) 

@ikkerus IE mode group policies to configure the sitelist will be in a future update. 

 

We will be updating the schema and the documentation, as well as releasing an update to the Site List Manager. 

@Tinshield Thank you for the feedback. Today we support most of the policies in your list. 

  • Show home button - Supported. Policy is in the Startup, home page and new tab page group
  • Assign URL to home button - Supported. Policy is in the Startup, home page and new tab page group
  • Set page for startup - Supported. Policy is in the Startup, home page and new tab page group
  • pop-up allow list - Supported. Policy is in the Content Settings group
  • notification allow list - Supported. Policy is in the Content Settings group
  • Enterprise mode - Will be supported, but policies are not in the current admin template
  • ad blocking - Would you provide more details on what you want?
  • favorite redirection - Would you provide more details on what you want?
  • Choose your layout - Would you provide more details on what you want?
  • Search engine used in the address bar - Supported. Policies are in the Default search provider group
  • Auto install specified chrome extensions - Supported. Policy is in the Extension group

@TheAutisticTechie As Sean said we are partnering with Intune. What has your experience been like with Chrome and Intune?

@Brian Altman thanks for the reply. As far as ad blocking, being able to add extensions will suffice! Favorite redirection may work already as part of folder redirection policies, it does for IE. 

@stevepogue We support silent extension installs - "Control which extensions are installed silently" GP

I've been testing this morning. So happy!

@Sean Lyndersay  going forward where can we find updates for the GPOs?  Are you going to have dedicated page like Google does it?

@anthonymel Yup. We will have a dedicated page on docs.microsoft.com, and a change list for each major release. 

 

Your should expect something conceptually similar to what we've done for the current version of Edge:

https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/

https://docs.microsoft.com/en-us/microsoft-edge/deploy/change-history-for-microsoft-edge?tabs=2018

@Brian Altman Its quite straightforward but does take a bit of time to get set up back when I did it. I've looked recently and Google have exact instructions here: https://support.google.com/chrome/a/answer/9102677

Hello @Sean Lyndersay 

Thanks for this early preview.

Is it possible to add a GPO to sync favorites between Internet Explorer and Edge ? We can do that with the current "EdgeHTML" version of Edge. We can configure KFR Redirection of Favorites in IE, then, if the user creates a favorites in IE, it shows up in Edge and vice-versa.

 

Best,

Lucas

 

Thank you @Lucas. I've shared your request with our favorites feature team.

@Lucas 

 

I agree. This would be a huge feature for corporate and enterprise users. It would be nice to be able to turn on "legacy favorites integration", and a legacy favorites button would appear next to regular favorites. Then users click whichever one they want. 


@Senturion33 and @Lucas 

Thanks for the feedback. 

I'd like to understand a little more about what you are trying to do. We have looked into keeping IE favorites and Edge favorites in sync, and it's a little tricky (for example, with the current EdgeHTML version, when that policy is enabled, device-to-device sync is disabled to avoid loops). We want to make sure we're meeting your needs, so it'd be great if you could elaborate on the specific scenarios so we can do the right thing for you.

 

First, you mentioned that you want to use KFR -- what does using KFR to redirect the favorites folder get you vs using the built in Edge Sync mechansm to sync folders across devices? 

 

Second, you mentioned that you would want a "legacy favorites" integration button. We can automatically migrate IE favorites into the new Edge on first launch (a one time activity), so all IE favorites would be in the new Edge. What would be the scenario in which a user would want to access the IE favorites separately from the Edge favorites? 

 

Many thanks for help in understanding what you're trying to do. 

 

 

@Senturion33 

 

The policies for the update service will be published in a separate ADMX file, but the policy to disable the native update service is definitely part of the set we will have.

@Sean Lyndersay 

About our scenario and KFR :

 

Many of our users are familiar with Internet Explorer, remember its name, know they have to use it "because of reasons" or otherwise some business applications may not work (especially for historical reasons). Users have had their habits for years, and they don't want/don't need to worry about which browser to use.

When Windows 10 arrived, we set Edge as the default browser and enabled redirection to Internet Explorer for some sites.
This is where it starts to get complicated, here's a example:

The user launches the first browser he sees (Edge because it is pinned in the taskbar), start browsing Intranet/Internet. His favorites are still there: so far, so good.
Then the user connects to a website that requires IE, the system starts IE and loads the URL. After that, the user keeps browsing Intranet/Internet but never returns to Edge: in this case, if the favorites are not synchronized, the user is lost, because the next time he'll launch a browser, it may be Edge again (and favorites created in IE must be there).

 

You'll tell me that there's a GPO that sends all sites to Edge if they're not in Enterprise Mode list, but the problem is basically the same because the user will create favorites in Edge and expect to find them in IE.

----

Why KFR ? Because we are not using Azure, and Edge device-to-device sync requires a Microsoft account.

----

It might be OK if you load IE websites directly inside Edge (without opening IE), and if we can redirect IE to Chromium Edge for everything (to catch all shortcuts and entry points towards IE) and store/read the favorites in the Favorites directory (supporting KFR so the user can use another computer and find his favorites).

 

It reminds me of something else: In "EdgeHTML Edge" the Enterprise List is loaded after ~60 seconds, and that's really inconvenient because when a new user profile is created on a computer, the user start Edge, browse to a legacy website: The redirection will not take effect because Edge didn't read the file yet. In this Chromium version, if you can start reading the file as soon as the browser is started, it'd be cool

Thanks for your time, and please tell me if anything is not clear.

@Sean Lyndersay This looks really promising. Will you give a shout on @MSEdgeDev twitter if/when there is updates to the templates

/Jakob

@Sean Lyndersay 

I have a question for one of the settings:

Using the admx/adml templates, whe i what to configure the Administrative Templates\Microsoft Edge\Manage Search Engines setting, the example value is:

[
{
"suggest_url": "https://www.example1.com/qbox?query={searchTerms}",
"search_url": "https://www.example1.com/search?q={searchTerms}",
"name": "Example1",
"keyword": "example1.com",
"is_default": true,
"image_search_url": "https://www.example1.com/images/detail/search?iss=sbiupload"
},
{
"search_url": "https://www.example2.com/search?q={searchTerms}",
"suggest_url": "https://www.example2.com/qbox?query={searchTerms}",
"image_search_url": "https://www.example2.com/images/detail/search?iss=sbiupload",
"name": "Example2",
"keyword": "example2.com"
},
{
"suggest_url": "https://www.example3.com/qbox?query={searchTerms}",
"search_url": "https://www.example3.com/search?q={searchTerms}",
"name": "Example3",
"keyword": "example3.com",
"encoding": "UTF-8",
"image_search_url": "https://www.example3.com/images/detail/search?iss=sbiupload"
}
]

so i wanted to enter:

[
{
"suggest_url": "https://www.google.com/search?output=chrome&q={searchTerms}",
"search_url": "https://www.google.com/search?q={searchTerms}",
"name": "Google",
"keyword": "google.com",
"is_default": true,
"image_search_url": "https://www.google.com/search?q={searchTerms}&tbm=isch"
}
]

but there is only a online textfield.  Is the correct value a path to a .json file or how should it be configured?

Another question

Will it be possible to configure flags as well as settings?

/Jakob