SOLVED

Do the Group Policy templates actually work for stopping/controlling Microsoft Edge Updates?

%3CLINGO-SUB%20id%3D%22lingo-sub-1461695%22%20slang%3D%22en-US%22%3EDo%20the%20Group%20Policy%20templates%20actually%20work%20for%20stopping%2Fcontrolling%20Microsoft%20Edge%20Updates%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1461695%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20current%20testing%20MS%20Edge%20for%20Business%20with%20%3CSTRONG%3Ethe%20specific%20goal%20of%20controlling%20the%20update%20cadence%3C%2FSTRONG%3E%20for%20the%20Stable%20channel.%20I%20want%20complete%20control%20on%20when%20these%20updates%20are%20applied%20and%20ONLY%20deploy%20them%20in%20a%20small%20business%20environment%20via%20WSUS%20or%20ManageEngine%20Desktop%20Central.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20downloaded%20the%20current%20policy%20files%20for%20Edge%20Business%3CSPAN%3E%26nbsp%3Band%20studied%20the%20update%20attributes%20and%20items%20found%20here%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-update-policies%23updatedefault%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-update-policies%23updatedefault%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20I%20have%20some%20serious%20concerns%20about%20the%20validity%20of%20these%20group%20policy%20templates.%20I%20have%20been%20unable%20to%20determine%20the%20exact%20policy%20combination%20to%20get%20the%20updates%20to%20stop%20while%20continuing%20to%20allow%20Edge's%20default%20payloads%20to%20be%20enabled%20(3%20Services%20and%202%20scheduled%20tasks%20that%20appear%20in%20Task%20Scheduler)%20after%20a%20standard%20install%20OR%20an%20update%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20been%20testing%20this%20%3CSTRONG%3Ea%20lot%3C%2FSTRONG%3E%20for%20weeks%20now%20and%20in%20a%20stock%20install%20of%20Edge%20for%20Business%20-%20either%20a%20new%20install%20OR%20an%20update%20to%20an%20existing%20install%20-%20the%20installer%26nbsp%3Badds%20(%3CSTRONG%3EAND%20reactivates%20if%20disabled)%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ethe%20following%20services%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%222020-04-09_6-43-40.png%22%20style%3D%22width%3A%20873px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F198622iAB3540FBC52F9F1E%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%222020-04-09_6-43-40.png%22%20alt%3D%222020-04-09_6-43-40.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%3CSPAN%3EIt%20also%20adds%20(%3C%2FSPAN%3E%3CSTRONG%3Eand%20re-enables%20if%20disabled%3C%2FSTRONG%3E%3CSPAN%3E)%20the%20following%20tasks%20into%20Task%20Scheduler%20as%20well%3A%3C%2FSPAN%3E%3C%2FP%3E%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoftEdgeUpdateTaskMachineCore%3C%2FP%3E%3CP%3EMicrosoftEdgeUpdateTaskMachineUA%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThese%205%20items%20%E2%80%93%20if%20present%20and%20enabled%20%E2%80%93%20would%20seem%20to%20allow%20Edge%20to%20update%20itself%20like%20it%20would%20in%20a%20consumer%20environment%20-%20by%20itself%20-%20every%20hour%20on%20the%20hour%20regardless%20of%20any%20GP%20that%20may%20be%20enabled.%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20only%20way%20I%20have%20found%20to%20exert%20any%20control%20over%20the%20updates%20is%20to%20set%20these%20policies%20(Via%20GPEDIT)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%222020-06-14_8-05-37.png%22%20style%3D%22width%3A%20845px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F198623i464F4531CC98A7BB%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%222020-06-14_8-05-37.png%22%20alt%3D%222020-06-14_8-05-37.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20then%20run%20a%20standalone%20PS%20script%20that%20actually%20DELETES%20the%20scheduled%20tasks%20and%20disables%20two%20of%20the%20three%20services.%20But%20I%20should%20not%20have%20to%20do%20this%20much%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQ%3A%20Does%20the%20group%20policy%20(Update%20policy%20override%20setting)%20actually%20override%2Fstop%20the%20activity%20of%20these%203%20services%20and%202%20tasks%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhile%20I%20always%20believed%20that%20GP%20should%20be%20the%20law%20-%20I%20am%20skeptical%20if%20these%20services%20and%20tasks%20are%20actually%20taken%20out%20of%20the%20equation%20with%20the%20GP%20(Update%20Policy%20Override)%20enabled.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20even%20with%20all%20this%20extra%20work%20-%20if%20a%20user%20goes%20and%20opens%20the%20%22...%22%20menu%20in%20the%20upper%20right%20and%20then%20choose%20Settings-%26gt%3BHelp%20and%20Feedback-%26gt%3BAbout%20Edge%20-%20Edge%20will%20then%20attempt%20update%20itself%20here%20as%20well%20-%20which%20I%20also%20do%20not%20want%20my%20users%20to%20be%20able%20to%20do.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIdeally%20what%20I%20really%20want%20is%20this%20to%20display%20if%20a%20user%20attempts%20to%20select%20%22About%20Edge%22%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%222020-06-14_8-10-24.png%22%20style%3D%22width%3A%20953px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F198624i3DFEF7A405881E73%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%222020-06-14_8-10-24.png%22%20alt%3D%222020-06-14_8-10-24.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAppreciate%20any%20update%20on%20how%20to%20completely%20control%20the%20Edge%20Update%20cycle%20and%20have%20the%20system%20ignore%20these%20tasks%20and%20services%20that%20it%20places%20on%20the%20machine%20during%20each%20update.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBruce%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1464131%22%20slang%3D%22en-US%22%3ERe%3A%20Do%20the%20Group%20Policy%20templates%20actually%20work%20for%20stopping%2Fcontrolling%20Microsoft%20Edge%20Updates%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1464131%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F268007%22%20target%3D%22_blank%22%3E%40Bruce_McDonald%3C%2FA%3E%26nbsp%3BThanks%20for%20reaching%20out.%20I'm%20looping%20in%20our%20Enterprise%20team%20and%20will%20let%20you%20know%20if%20they%20have%20any%20insights%20to%20share.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CI%3EFawkes%20(they%2Fthem)%3CBR%20%2F%3E%3CBR%20%2F%3EProject%20%26amp%3B%20Community%20Manager%20-%20Microsoft%20Edge%3CI%3E%3C%2FI%3E%3C%2FI%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1464175%22%20slang%3D%22en-US%22%3ERe%3A%20Do%20the%20Group%20Policy%20templates%20actually%20work%20for%20stopping%2Fcontrolling%20Microsoft%20Edge%20Updates%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1464175%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F484598%22%20target%3D%22_blank%22%3E%40fawkes%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20update!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20finding%20it%20very%20odd%20that%20there%20is%20not%20a%20lot%20of%20guidance%20on%20this%20subject.%20You%20would%20think%20there%20would%20be%20a%20simple%20article%20somewhere%20on%20the%20web%20saying%20%22make%20the%20following%20settings%20and%20Edge%20is%20under%20control%22%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOR%20-%20every%20other%20admin%20worldwide%20has%20either%20figured%20it%20out%20OR%20is%20letting%20Edge%20update%20itself%20automatically%20and%20not%20worrying%20about%20auto%20updates.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEdge%20for%20Business%20(the%20browser%20itself)%20is%20very%20very%20good%20-%20if%20I%20can%20get%20the%20update%20cadence%20reeled%20in%20a%20bit%20for%20my%20users%20-%20that%20would%20just%20about%20make%20it%20perfect.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBruce%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1468866%22%20slang%3D%22en-US%22%3ERe%3A%20Do%20the%20Group%20Policy%20templates%20actually%20work%20for%20stopping%2Fcontrolling%20Microsoft%20Edge%20Updates%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1468866%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F268007%22%20target%3D%22_blank%22%3E%40Bruce_McDonald%3C%2FA%3E%26nbsp%3BI'm%20glad%20that%20Microsoft%20Edge%20is%20working%20well%20for%20your%20Enterprise%20environment!%20While%20we%20wait%20to%20hear%20back%20from%20the%20team%2C%20I%20will%20do%20my%20best%20to%20address%20your%20questions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20documentation%3A%20%3CA%20title%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-edge%2F%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-edge%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethis%20landing%20page%3C%2FA%3E%20is%20your%20go-to%20source%20for%20all%20MSFT%20Edge%20information.%20After%20a%20quick%20search%2C%20I%20came%20across%20details%20for%26nbsp%3B%3CA%20title%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%23backgroundtemplatelistupdatesenabled%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%23backgroundtemplatelistupdatesenabled%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethis%20policy%3C%2FA%3E%2C%20which%20may%20help%20answer%20your%20question.%20(In%20full%20disclosure%2C%20this%20is%20not%20my%20feature%20area%2C%20so%20please%20use%20your%20own%20discretion%20regarding%20its%20applicability%20to%20you.)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFrom%20what%20I've%20heard%20from%20other%20Admins%2C%20they%20let%20the%20browser%20update%20automatically%20and%20just%20keep%20an%20eye%20on%20our%20shipping%20cadence.%20(Our%20releases%20roughly%20align%20with%20the%20%3CA%20title%3D%22https%3A%2F%2Fchromiumdash.appspot.com%2Fschedule%22%20href%3D%22https%3A%2F%2Fchromiumdash.appspot.com%2Fschedule%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EChromium%20schedule%2C%3C%2FA%3E%26nbsp%3Bin%20order%20to%20deliver%20cohesive%20browsing%20and%20developing%20experiences.)%20We%20also%20recommend%20allowing%20automatic%20updates%20to%20ensure%20that%20your%20machines%20receive%20any%2Fall%20intermittent%20bug%20fixes%20or%20security%20patches.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CI%3EFawkes%20(they%2Fthem)%3CBR%20%2F%3E%3CBR%20%2F%3EProject%20%26amp%3B%20Community%20Manager%20-%20Microsoft%20Edge%3CI%3E%3C%2FI%3E%3C%2FI%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1468928%22%20slang%3D%22en-US%22%3ERe%3A%20Do%20the%20Group%20Policy%20templates%20actually%20work%20for%20stopping%2Fcontrolling%20Microsoft%20Edge%20Updates%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1468928%22%20slang%3D%22en-US%22%3EFawkes%3CBR%20%2F%3E%3CBR%20%2F%3EAppreciate%20the%20info%20and%20update.%3CBR%20%2F%3E%3CBR%20%2F%3EWhile%20I%20may%20consider%20letting%20Edge%20update%20itself%20in%20the%20future%20-%20it%20needs%20some%20maturity%20and%20historical%20context%20before%20I%20would%20consider%20it.%20All%20you%20need%20is%20one%20dicey%20update%20to%20wreak%20havoc.%20Would%20rather%20be%20safe%20than%20sorry.%3CBR%20%2F%3E%3CBR%20%2F%3EHaving%20full%20control%20of%20the%20app%20update%20cadence%20is%20well%20established%20here%20and%20would%20most%20certainly%20apply%20to%20vetting%20major%20items%20like%20the%20web%20browser.%3CBR%20%2F%3E%3CBR%20%2F%3EHoping%20that%20the%20enterprise%20team%20can%20shed%20some%20light%20on%20what%20is%20happening%20here%20so%20I%20can%20sort%20this%20out%20quickly.%20Should%20not%20really%20be%20this%20difficult.%20By%20way%20of%20contrast%20-%20Chrome%20is%20super%20easy%20to%20control%20and%20has%20a%20specific%20set%20of%20policies%20that%20just%20work%20all%20of%20the%20time.%3CBR%20%2F%3E%3CBR%20%2F%3ECheers%3CBR%20%2F%3E%3CBR%20%2F%3EB%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1472112%22%20slang%3D%22en-US%22%3ERe%3A%20Do%20the%20Group%20Policy%20templates%20actually%20work%20for%20stopping%2Fcontrolling%20Microsoft%20Edge%20Updates%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1472112%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F268007%22%20target%3D%22_blank%22%3E%40Bruce_McDonald%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESetting%20the%20%22Update%20policy%20override%22%20to%20%22Updates%20disabled%3A%20Updates%20are%20never%20applied%22%20will%20prevent%20Edge%20from%20being%20updated%20on%20any%20domain-joined%20machine.%20Setting%20this%20is%20sufficient%20to%20prevent%20any%20updating%20from%20happening.%20When%20configured%2C%20the%20services%20%2F%20scheduled%20tasks%20will%20not%20update%20the%20browser.%20They're%20still%20scheduled%20in%20the%20case%20that%20the%20policy%20changes%20from%20%22off%22%20to%20%22on%22.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAndy%20Zeigler%3C%2FP%3E%0A%3CP%3EEdge%20Team%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1472148%22%20slang%3D%22en-US%22%3ERe%3A%20Do%20the%20Group%20Policy%20templates%20actually%20work%20for%20stopping%2Fcontrolling%20Microsoft%20Edge%20Updates%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1472148%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F359930%22%20target%3D%22_blank%22%3E%40azeigler%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAndy%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAppreciate%20the%20update%20-%20but%20does%20the%20logic%20apply%20to%20a%20%22non-domain%22%20joined%20machine%3F%20I%20manage%20several%20small%20business%20layouts%20and%20there%20are%20no%20domains%20present.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20-%20what%20does%20this%20setting%20do%20if%20a%20user%20chooses%20%22About%20Microsoft%20Edge%22%20from%20Help%20and%20Feedback%20under%20the%20main%20menu%20on%20the%20right.%20This%20action%20kicks%20in%20the%20upgrade%20mechanism%20and%20I%20need%20to%20close%20that%20vector%20as%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20advise.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBruce%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1477539%22%20slang%3D%22en-US%22%3ERe%3A%20Do%20the%20Group%20Policy%20templates%20actually%20work%20for%20stopping%2Fcontrolling%20Microsoft%20Edge%20Updates%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1477539%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F359930%22%20target%3D%22_blank%22%3E%40azeigler%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAndy%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20also%20like%20some%20insight%20into%20what%20the%20Edge%20%22About%20Edge%22%20dialog%20is%20doing%20once%20that%20GP%2FReg%20edit%20you%20suggested%20has%20been%20placed.%20During%20testing%20this%20week%20-%20I%20see%20that%20the%20dialog%20now%20displays%20a%20different%2C%20more%20confusing%20message%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%222020-06-19_9-55-12.png%22%20style%3D%22width%3A%20615px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F199761iCD71E30E4609851A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%222020-06-19_9-55-12.png%22%20alt%3D%222020-06-19_9-55-12.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20now%20indicates%20that%20%22something%22%20is%20happening%20and%20to%20come%20back%20in%20a%20bit%20and%20see%20what%20it%20is.%20When%20I%20come%20back%20into%20%22About%20Microsoft%20Edge%22%205%20minutes%20or%2010%20minutes%20or%20any%20minutes%20after%20-%20the%20same%20message%20appears%20-%20yet%20the%20version%20of%20Edge%20installed%20does%20not%20change.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20-%20while%20the%20GP%20setting%20seems%20to%20work%20-%20it%20would%20just%20be%20nice%20if%20the%20user%20was%20told%20straight%20up%20that%20the%20updates%20are%20%22Managed%20By%20your%20Organization%22%20like%20this%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%222020-06-14_8-10-24.png%22%20style%3D%22width%3A%20953px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F199770iDDBD1F625F49D431%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%222020-06-14_8-10-24.png%22%20alt%3D%222020-06-14_8-10-24.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20also%20found%20out%20today%20that%20this%20message%20above%20only%20appears%20if%20Edge%20is%20running%20on%20a%20domain%20connected%20device.%20All%20of%20my%20user%20machines%20are%20in%20a%20workgroup%20and%20do%20not%20display%20this%20message.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBruce%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello

 

I am current testing MS Edge for Business with the specific goal of controlling the update cadence for the Stable channel. I want complete control on when these updates are applied and ONLY deploy them in a small business environment via WSUS or ManageEngine Desktop Central.

 

I have downloaded the current policy files for Edge Business and studied the update attributes and items found here:

 

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-update-policies#updatedefault

 

But I have some serious concerns about the validity of these group policy templates. I have been unable to determine the exact policy combination to get the updates to stop while continuing to allow Edge's default payloads to be enabled (3 Services and 2 scheduled tasks that appear in Task Scheduler) after a standard install OR an update?

 

I have been testing this a lot for weeks now and in a stock install of Edge for Business - either a new install OR an update to an existing install - the installer adds (AND reactivates if disabled) the following services:

 

 

2020-04-09_6-43-40.png

 

It also adds (and re-enables if disabled) the following tasks into Task Scheduler as well:

 

MicrosoftEdgeUpdateTaskMachineCore

MicrosoftEdgeUpdateTaskMachineUA

 

These 5 items – if present and enabled – would seem to allow Edge to update itself like it would in a consumer environment - by itself - every hour on the hour regardless of any GP that may be enabled.,

 

The only way I have found to exert any control over the updates is to set these policies (Via GPEDIT)

 

2020-06-14_8-05-37.png

 

And then run a standalone PS script that actually DELETES the scheduled tasks and disables two of the three services. But I should not have to do this much work.

 

Q: Does the group policy (Update policy override setting) actually override/stop the activity of these 3 services and 2 tasks? 

 

While I always believed that GP should be the law - I am skeptical if these services and tasks are actually taken out of the equation with the GP (Update Policy Override) enabled. 

 

And even with all this extra work - if a user goes and opens the "..." menu in the upper right and then choose Settings->Help and Feedback->About Edge - Edge will then attempt update itself here as well - which I also do not want my users to be able to do.

 

Ideally what I really want is this to display if a user attempts to select "About Edge":

 

2020-06-14_8-10-24.png

 

Appreciate any update on how to completely control the Edge Update cycle and have the system ignore these tasks and services that it places on the machine during each update.

 

Cheers

 

Bruce

7 Replies
Highlighted

@Bruce_McDonald Thanks for reaching out. I'm looping in our Enterprise team and will let you know if they have any insights to share.

 

Fawkes (they/them)
Project & Community Manager - Microsoft Edge

Highlighted

@fawkes 

 

Thanks for the update!

 

I am finding it very odd that there is not a lot of guidance on this subject. You would think there would be a simple article somewhere on the web saying "make the following settings and Edge is under control" :)

 

OR - every other admin worldwide has either figured it out OR is letting Edge update itself automatically and not worrying about auto updates.

 

Edge for Business (the browser itself) is very very good - if I can get the update cadence reeled in a bit for my users - that would just about make it perfect.

 

Cheers

 

Bruce

 

Highlighted

@Bruce_McDonald I'm glad that Microsoft Edge is working well for your Enterprise environment! While we wait to hear back from the team, I will do my best to address your questions.

 

For documentation: this landing page is your go-to source for all MSFT Edge information. After a quick search, I came across details for this policy, which may help answer your question. (In full disclosure, this is not my feature area, so please use your own discretion regarding its applicability to you.)

 

From what I've heard from other Admins, they let the browser update automatically and just keep an eye on our shipping cadence. (Our releases roughly align with the Chromium schedule, in order to deliver cohesive browsing and developing experiences.) We also recommend allowing automatic updates to ensure that your machines receive any/all intermittent bug fixes or security patches. 

 

Fawkes (they/them)
Project & Community Manager - Microsoft Edge

Highlighted
Fawkes

Appreciate the info and update.

While I may consider letting Edge update itself in the future - it needs some maturity and historical context before I would consider it. All you need is one dicey update to wreak havoc. Would rather be safe than sorry.

Having full control of the app update cadence is well established here and would most certainly apply to vetting major items like the web browser.

Hoping that the enterprise team can shed some light on what is happening here so I can sort this out quickly. Should not really be this difficult. By way of contrast - Chrome is super easy to control and has a specific set of policies that just work all of the time.

Cheers

B
Highlighted
Best Response confirmed by fawkes (Microsoft)
Solution

Hi @Bruce_McDonald,

 

Setting the "Update policy override" to "Updates disabled: Updates are never applied" will prevent Edge from being updated on any domain-joined machine. Setting this is sufficient to prevent any updating from happening. When configured, the services / scheduled tasks will not update the browser. They're still scheduled in the case that the policy changes from "off" to "on". 

 

Thanks,

 

Andy Zeigler

Edge Team

 

 

 

Highlighted

@azeigler 

 

Andy

 

Appreciate the update - but does the logic apply to a "non-domain" joined machine? I manage several small business layouts and there are no domains present.

 

And - what does this setting do if a user chooses "About Microsoft Edge" from Help and Feedback under the main menu on the right. This action kicks in the upgrade mechanism and I need to close that vector as well.

 

Please advise.

 

Cheers

 

Bruce

Highlighted

@azeigler 

 

Andy

 

Would also like some insight into what the Edge "About Edge" dialog is doing once that GP/Reg edit you suggested has been placed. During testing this week - I see that the dialog now displays a different, more confusing message:

 

2020-06-19_9-55-12.png

 

This now indicates that "something" is happening and to come back in a bit and see what it is. When I come back into "About Microsoft Edge" 5 minutes or 10 minutes or any minutes after - the same message appears - yet the version of Edge installed does not change.

 

So - while the GP setting seems to work - it would just be nice if the user was told straight up that the updates are "Managed By your Organization" like this:

 

2020-06-14_8-10-24.png 

I also found out today that this message above only appears if Edge is running on a domain connected device. All of my user machines are in a workgroup and do not display this message.

 

Cheers

 

Bruce