SOLVED

Early preview of Microsoft Edge group policies

Microsoft

Update July 22nd 2019:

Hey folks,

Thanks for all the great feedback! We announced last week that Edge is now ready for Enterprise evaluations. 

You can find the latest ADMX files and MSIs/PKGs here:

https://www.microsoftedgeinsider.com/enterprise  

And you can find all the enterprise-focused documentation here:

https://docs.microsoft.com/DeployEdge

 

There is also an Enterprise-focused section of these Insider forums which the team will be monitoring. Direct link here:

https://techcommunity.microsoft.com/t5/Enterprise/bd-p/EdgeInsiderEnterprise

 

Thanks again for the great feedback and engagement. Looking forward to continuing to hear from all of you!

 

(Note: I have removed the ADMX zip file which was originally attached to this mail. Please see the latest versions at the links above)

 

Original post follows:

 

Hi everyone,

 

We've been asked fairly regularly what policies we intend to support. We're still working on the list, but I’d like to share an early preview of the management policies we are working on for the new version of Microsoft Edge.

 

You can find a zip file attached to this post, that includes the ADMX file, an English (US) version of the ADML file, and an English (US) HTML doc with the list of policies and descriptions.

 

Please note that not all of the associated policies have been implemented by current canary or dev builds!

 

Please send us feedback on the list, or the description text in the policies if something seems unclear.

 

IMPORTANT

  1. This is a work in progress. We are sharing this early draft with you for your feedback, but the list will change between now and our final release, with policies being added, removed or changed based on feedback.
  2. The HTML file includes both Mac and Windows policies.
  3. Policies for managing updates aren’t included; those will be in a separate administrative template file.
  4. These are only in English (US). We are working to localize the policy descriptions and documentation before our final release.

 

Please let us know if there are policies missing from the list, and give us feedback on the policy design.

 

Thanks for your interest!

 

Sean, on behalf of the Microsoft Edge team

 

80 Replies

@Sean Lyndersay Will these same policies also be built into Intune or will we need to inject the ADMX file like we do for Chrome at the moment?

@Sean Lyndersay I'm not seeing any mention of "IE mode" in the preview, is that just because it hasn't gone out to insiders yet? The killer feature I'm looking for is the ability to use GP to automatically whitelist some internal sites for all of my users with that.

 

Thanks!

The policies will be available in Intune by default, and updated automatically with every release. 

The feature isn't ready yet, but will be fully manageable via policy. It will be using the Enterprise Mode Site List (see link below for current IE11 documentation) to allow you to specify which URLs get IE mode and which don't (as well as "neutral" sites that stay in the mode of the preceding page, e.g. Auth sites)

https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use...

@Sean Lyndersay My main list would be:

  • Show home button
  • Assign URL to home button
  • Set page for startup
  • pop-up allow list
  • notification allow list
  • Enterprise mode 
  • ad blocking
  • favorite redirection
  • Choose your layout
  • Search engine used in the address bar
  • Auto install specified chrome extensions

@Sean Lyndersay I fully agree with @jrasmussen about using Enterprise Mode Site List.

This is a "must" feature for the enterprises.

Are you planning to use "IE" tab in Edge or open a separate window of IE?

From what I saw in the footage at Build, it just treats one tab of Edge as IE. Huge improvement over the "open in IE" button we have in Edge right now. The seamlessness of that plus chromium compatibility will have me pushing this out ASAP when it's available.

@KPetkov 

Yes, we are definitely using the Enterprise Mode Site List.

 

IE mode does not run a separate window. It's not even a separate tab. It's fully integrated into Edge -- as you navigate to a site that requires IE mode, the engine is seamlessly switched out under the covers and the site renders as you would expect it to. When you navigate back to a site that does not require IE mode, it switches back to the modern rendering engine.

 

If you want to see a detailed explanation and demo of IE mode, you can watch the video below:

https://mybuild.techcommunity.microsoft.com/sessions/77794?source=sessions#top-anchor

Policy to force install Chrome extensions:

- silently;

- and in the Computer hive

- @Tinshield 

Chrome Store auto-install

Removal of Manifest v3  anti-adblocking features

 

@Sean Lyndersay Fantastic - do we have a time line on InTune profile updates? 

@Sean Lyndersay the feature i miss is to add a custom 'User Agent String' to the new Edge. 

we use this in IE to allow ADFS to distinguish our managed machines from "guest" machines. our domain joined machines get the GPO and thus the custom user agent string, which is added to the ADFS filter This allows windows integrated authentication for our domain joined boxes. while other (non-domain joined) machines get forms authentication.

Being inactivity/idle lock screen for browser user profiles would be nice.  Especially for when AAD sign on for profiles becomes an option.  The combination of these two settings would do wonders for shared computers in our environment.  As we send more and more processes to Office 365, this gets hard to maintain secure access to our employees who can only use shared computers on our manufacturing side. @Sean Lyndersay 

Thank you! Is Windows Information Protection support planned for Edge prior to the release? Our two big features to enable our mobile fleet to use this version of Edge remotely hinges on WIP and AAD Sign In support.

@Sean Lyndersay Ability to turn off the "Administrator Mode Detected" popup via GPO. 

Great video! Among other things, answered my biggest question: will there be ActiveX support? (YES!!!)
Would also like the ability to enforce an extension even in private mode.

Great video @Sean Lyndersay !

Thank you for sharing it.

Thanks for sharing the GPO-Files.

 

I'm currently testing it locally on my Surface. What I'm missing is a setting for the Enterprise Mode Site list. Is this due to there's no enterprise version of Edge C available, yet?

Or do I have to use the Internet Explorer GPO settings for a Link to the XML file?

 

And what's up with the Enterprise Mode Site List Manager. Will we see a Version 3 for Edge Chromium? I've heard that the XML scheme has been updated once again.

1 best response

Accepted Solutions
best response confirmed by Ruud van Velsen (Microsoft)
Solution

@Ruud van Velsen The policy wasn't ready when Sean shared the administrative template zip file. It will be in the next version we share.

View solution in original post