Home
Microsoft

Update March 12, 2019: Since this post was published, I’ve received some customer questions on the future of Internet Explorer. We are committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it’s installed. For details, see: https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer.

From time to time, I am asked by customers, “How do I ensure that all web traffic goes to Internet Explorer?” In fact, I was recently asked this question by someone trying to help a hospital. Now, I understand the scenario. In healthcare (as in many other industries), it’s often the case that you’re running with an extremely thin team. As a result, it can seem that using Internet Explorer be default for all situations is the “easy button” because, well, most of your sites were designed for Internet Explorer, so…just…always use it, ok?

In short, this seems like a deliberate decision to take on some technical debt. It’s true that most organizations have some technical debt lying around. (For example, if you’ve disabled User Account Control, require a 32-bit OS or 32-bit Office suite, or are paying for extended support for a legacy version of Java, you have some technical debt.) But this technical debt? Well, it’s different.

Creating technical debt by default

In the past, Internet Explorer was optimized for simplicity at the expense of technical debt. Looking all the way back to Internet Explorer 6, the very concept of “standards mode” vs. “quirks mode” comes from this “easy button” approach. All existing content (which had no DOCTYPE) would get quirks mode; you got standards mode by adding a specific DOCTYPE.

This, of course, had one little pesky problem: most people neither manually type HTML nor obsessively read the documentation to make sure they get the right DOCTYPE. You see, in the bad old days, you couldn’t just put in <DOCTYPE HTML>, you had to put in a full document type definition (DTD), and what you put in determined whether you’d get standards or quirks. So, it wasn’t just the presence or absence of a declaration, but also whether you put in a correctly formatted and properly chosen DTD, that would promote you to standards mode.

So, what really happened is that developer tools either added this in the skeleton code, or they didn’t. Which meant, if your tool didn’t add this in, you would get Internet Explorer 5 emulation (quirks mode) by default. Getting modern was opt-in because that was easier.

Fast forward, as Internet Explorer standards mode supported more and more standards, we decided not to just update the mode we called standards mode because, when we did, we risked breaking applications written for an older interpretation of the standards. So, with Internet Explorer 8 (IE8), we added IE8 standards, but also kept Internet Explorer 7 (IE7) standards. That meant, for sites in the Internet zone, it would default to IE8 standards, but, for sites in the local intranet zone, it would default to IE7 standards.

Another easy button.

As you can see, by going with the “technical debt by default” approach, we ended up in a scenario whereby if you create a brand-new webpage today, run it in the local intranet zone, and don’t add any additional markup, you will end up using a 1999 implementation of web standards by default. Yikes!

Enough is enough

When we introduced Enterprise Mode for Internet Explorer 11 in 2014, we made the very deliberate decision not to include wild card support. You must add all the sites that you want so that we don’t continue the chain of “debt by default” that was initiated back in 2001. But you’re probably even busier today when you were back then—if, in fact, you were working in technology in 2001, which many people weren’t!—so how do we do that without making you pay the price?

We had to simplify creating that initial blacklist (legacy by exception, not by default). First, we launched Enterprise Site Discovery so you could gather this data from your endpoints. We then enabled similar functionality from Windows Analytics Site Discovery so you could gather this data without needing to build a new set of infrastructure and processes. Once you have that initial list, it should be all downhill from there: simply remove sites as you modernize them.

By making it easy to take a blacklist approach (legacy by exception), we were finally able to move away from taking a whitelist approach (legacy by default).

Why shouldn’t I just keep doing what I have been doing?

So, why was it so important that we invert our approach to legacy? Because if we didn’t, you would end up in a predicament—and probably sooner than you think.

You see, Internet Explorer is a compatibility solution. We’re not supporting new web standards for it and, while many sites work fine, developers by and large just aren’t testing for Internet Explorer these days. They’re testing on modern browsers. So, if we continued our previous approach, you would end up in a scenario where, by optimizing for the things you have, you end up not being able to use new apps as they come out. As new apps are coming out with greater frequency, what we want to help you do is avoid having to miss out on a progressively larger portion of the web!

64 Comments
New Contributor

@Chris Jackson- thanks for writing this up!  We have been working toward getting off of IE across the board but do still have a small handful of sites that require it.  We are close to knowing that exact list.  Do you know if there is a way to only allow IE to open those specific sites and anything else open in Edge?  If I understand Enterprise Mode correctly, I think we would have to explicitly add each site that we would want opened in Edge.  So I'm hoping there is a way to kind of do the opposite.  

I have to side with @Oleg K not everyone can switch. My company can't due to government sites that require IE, we cannot change this, they are not ours. We have to use them to conduct our business. I know some have mentioned Enterprise Mode, but that isn't a complete solution. We cannot use Edge on server, so what are we to do with our remote environment. We cannot expect users to use a different browser when using that environment than when they are on one of our physical PCs, then we are also back to having to remember which sites require "the blue e". The only way we can truly stop using IE is if these required sites get upgraded, which would be very welcome from me. However who is going to push this change? The state is certainly not going to listen to us telling them they need to spend a ton of money completely rebuilding them. Maybe Microsoft can start lobbying the banks and governments to finally catch up instead of whatever else they are wasting money on lobbying?
Super Contributor

Mitch, just instruct users to use Edge all the time and add these few sites that require IE to Enterprise Mode and set them to open in IE. So if a user using Edge would navigate to such site it will redirect to IE.

New Contributor

@Oleg KYeah, that's what we are probably going to have to do unless there's a way to enforce IE the ability to only browse specific list of sites.  The problem is our users will open a legacy site in IE, then continue using only that browser going forward because it's already open.  We wanted to figure out if there was a way to enforce a user to use Edge.  For example if I have legacy site X open in IE because site X is on our explicit list that must be opened in IE, then the user spawns a new IE tab to go to microsoft.com, what I was hoping was that we could enforce that action to open microsoft.com in Edge even if microsoft.com is not in Enterprise Mode list.  

Super Contributor

There probably might be ways to allow IE to only access a set of sites (settings, policies, firewall rules), but it would show an error when navigating to another site. Not very user friendly. I haven't heard of a way to make IE redirect to Edge. I know that they have designed Enterprise Mode to use "add sites" design versus "add exclusions", but maybe they will add something like that in the future. At least to enforce Edge, not IE.

Occasional Visitor
Interesting article but clearly does not meet the needs of large companies where there are multiple scenarios to cover.
That IE 11 is not replaced is need applet, active x, etc., are still present in core applications.
Why hasn't Microsoft integrated Edge in IE11?
How to perform SSO between different applications with a main access point if each one is executed by a different browser? I think we should think more.
What strategy do you propose while you migrate?
The solution installs whatever you want, it's a bit basic.
Finally, I think that the browser is a facilitator and should not be a limitation if an application should work in IE11 because there is a period of coexistence this should not be a problem when the period ends the application will continue to work in new browsers.
It's just my opinion, thank you.
New Contributor

@Oleg K- it appears that it is possible to do what I was talking about with Intune!  Check out this blog! 

 

https://osddeployment.dk/2019/02/14/how-to-manage-microsoft-internet-explorer-browser-on-a-modern-de...

 

"You also what to restricted the use of Internet Explorer and guide the to Microsoft Edge when using Internet Explorer with a site not listed in the Site List Manager."

Super Contributor

@Mitch Beckthat's a nice find (and nice blog to bookmark). And it was just posted today! :) I really like an option to set Enterprise Mode list through Intune and not having to do GPO with direct registry editing (although it seems it does the same thing, just through Intune policy and well it only works with Windows 10). If one already has Intune licenses, this is a good option.

Visitor

@Chris Jackson, this is all great and we did change the default browser to be Edge but what about the VDIs that run in an RDS environment? There, we have no choice since MS is not supporting Edge in the Server environment. That is a bit strange in the context of this article, don’t you think? 

Occasional Visitor

I don't mind not using Internet Explorer, in fact i hardly ever do. However we STILL need Internet Explorer to set several security settings used in Edge.
Why can't I use Edge to do that?

New Contributor

@Oleg K- good news if you're not using Intune.  If you go through that article and apply those settings locally they still work.  https://osddeployment.dk/2019/02/14/how-to-manage-microsoft-internet-explorer-browser-on-a-modern-de...

Occasional Visitor
The only one corporative web browser are dead and will never return...
Occasional Visitor

"Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it’s installed."

 

But Windows 10 is now an evergreen service. That familiar idea of IE going away on its own, sinking with a disused OS, will not happen this time.

Occasional Visitor

If you are so opposed to us using Internet Explorer, why does Outlook still offer to "view in a web browser" if you have trouble seeing an email message, and then only opens in Internet Explorer? (Very unexpected behavior when IE is not set as a browser! Should at least say, "open in IE") I've tested, you haven't even bothered to enable opening .mht email files in Edge. Now, I am all in favor of updating software to use modern browsers. But if you're going to preach it, you need to lead by example.