SOLVED

Early preview of Microsoft Edge group policies

Microsoft

Update July 22nd 2019:

Hey folks,

Thanks for all the great feedback! We announced last week that Edge is now ready for Enterprise evaluations. 

You can find the latest ADMX files and MSIs/PKGs here:

https://www.microsoftedgeinsider.com/enterprise  

And you can find all the enterprise-focused documentation here:

https://docs.microsoft.com/DeployEdge

 

There is also an Enterprise-focused section of these Insider forums which the team will be monitoring. Direct link here:

https://techcommunity.microsoft.com/t5/Enterprise/bd-p/EdgeInsiderEnterprise

 

Thanks again for the great feedback and engagement. Looking forward to continuing to hear from all of you!

 

(Note: I have removed the ADMX zip file which was originally attached to this mail. Please see the latest versions at the links above)

 

Original post follows:

 

Hi everyone,

 

We've been asked fairly regularly what policies we intend to support. We're still working on the list, but I’d like to share an early preview of the management policies we are working on for the new version of Microsoft Edge.

 

You can find a zip file attached to this post, that includes the ADMX file, an English (US) version of the ADML file, and an English (US) HTML doc with the list of policies and descriptions.

 

Please note that not all of the associated policies have been implemented by current canary or dev builds!

 

Please send us feedback on the list, or the description text in the policies if something seems unclear.

 

IMPORTANT

  1. This is a work in progress. We are sharing this early draft with you for your feedback, but the list will change between now and our final release, with policies being added, removed or changed based on feedback.
  2. The HTML file includes both Mac and Windows policies.
  3. Policies for managing updates aren’t included; those will be in a separate administrative template file.
  4. These are only in English (US). We are working to localize the policy descriptions and documentation before our final release.

 

Please let us know if there are policies missing from the list, and give us feedback on the policy design.

 

Thanks for your interest!

 

Sean, on behalf of the Microsoft Edge team

 

80 Replies

@Sean Lyndersay 

 

Do any of these policies affect the normal windows 10 Edge (am i safe to deploy test policies without breaking anything other than Edge Chromium

Yes, you're safe to deploy these policies. The new Edge does not share policies with the current version of Edge.

Chrome/Chromium have some settings stating "This policy is not available on Windows instances that are not joined to a Microsoft® Active Directory® domain.".

For example "Action on startup - Restore the last session', the URLs that were open last time Google Chrome was closed will be reopened and the browsing session will be restored as it was left.".

Are there similar limitations for some settings in Edge?

Will there be any management from the mac side?  We are now officially managing macs in our environment and I’d like to understand how I will be able to manage their settings as well.  #macOS  

Many of the policies support Mac (and there are a few Mac-specific policies). Policies are deployed by pushing a plist file with the right policies set. We have tested with Jamf and a few other Mac management tools and will be publishing documentation with step-by-step instructions.

@Sean Lyndersay Thank you much, we are using JAMF so this will be helpful.  Appreciate your quick response and looking forward to these changes. 

I still don't see a way to customize 'top sites' or new tab layout.

Would be nice to have a list of sites to open in IE mode.

 

@Lucas 

 

very much agree to the Sync between Edge/IE. This is a hassle free solution as we already redirect them (as documents, desktop, links) to work folders.

Automatic backup of both and sync between them.

 

@Sean Lyndersay Any particular reason the "Prevent bypassing Windows Defender SmartScreen prompts for files" isn't in there yet? This setting is in the standard Microsoft security baseline for Edge, so I expected it here as well.

@P3c4s0 Yes, some of the policies have that restriction. 

 

Generally, this restriction exists to limit the impact of policies that are often used by adware/grayware to make changes to the browser bypassing the usual protections against manipulating settings. Enforcing that the device is domain-joined makes it less likely that adware will use those particular settings (since they won't work on most machines). The current version of Edge has similar limitations on policies that impact homepages and search providers (the most commonly misused policies). 

 

The particular policy you cited can be used to specify a specific set of URLs to open on startup, which can be misused to effectively do a homepage takeover, which is why the limitation exists.

 

 

best response confirmed by Ruud van Velsen (Microsoft)
Solution

@Ruud van Velsen The policy wasn't ready when Sean shared the administrative template zip file. It will be in the next version we share.

@Sean Lyndersay Are there policies to autoselectcertificateforurl? I do not see this in Preview, will it came later? Thanks.

@Petr Vlk Yes, the policy is "Automatically select client certificates for these sites" in Content Settings.

 Hello everyone,

 

We're excited to announce we released our first official version of the administrative templates for the next version of Microsoft Edge today. Get started by downloading the preview builds and policy templates at www.microsoftedgeinsider.com/enterprise. The policy file download includes the administrative templates for configuring Microsoft Edge Group Policies on Windows and an example file for configuring Microsoft Edge on MacOS.

 

We look forward to hearing from you about how these enterprise-focused features work in your environment and improve end-user productivity. We want you to be confident that the next version of Microsoft Edge is the right browser for you to deploy in your environment. You can learn more at Deploy Microsoft Edge and the Microsoft Edge Enterprise evaluation and roadmap blog.

 

Please keep sharing your feedback and questions about policies here. General feedback can be provided through: https://techcommunity.microsoft.com/t5/Microsoft-Edge-Insider/ct-p/MicrosoftEdgeInsider.

 

Thank you,

Brian, on behalf of the Microsoft Edge team

I have noticed an issue with the policies regarding the "configure the home page URL" policy and the "configure the new tab URL" policy. If you assign a URL to the home button but leave the new tab URL unconfigured, the home button does not honor group policy. If I assign the same URL to both policies they work properly. Not sure if this is just my setup or what. I am on the new policies just released and Version 77.0.211.3 (Official build) dev (64-bit).  Also, when I click on the home button, the proper page will load but the address bar is blank. 

@Brian Altman Thanks! Ideal for one customer who facing certificates prompts on Registered Devices, we will deploy in test the new shine Edge with that. Really appreciate this work.

The roaming profile feature of chromium is really useful when using it with onedrive known folders. I wonder if you can transfer this GPO over: "Set the roaming profile directory" and "Enable the creation of roaming copies for Google Chrome profile data" @Sean Lyndersay 

@Tinshield thanks for the feedback! "configure the home page URL" literally sets the URL value for the home button, but does not automatically switch the home button away from new tab. You can confirm this in both the new Microsoft Edge as well as Chrome by setting "configure the home page URL" and then going into settings to inspect the value. You'll also see that the home button is still set to new tab.

 

To achieve your expected result, you also need to configure "Set the new tab page as the home page" as disabled. This will cause the new Microsoft Edge (and Chrome) to use the provided URL instead of the new tab page. I *think* right now the new Microsoft Edge by default hides the home button (can't remember as I write this), and if so, you might also consider enabling "Show Home button on toolbar" to ensure it's visible for your users.

 

The reason it loads the URL when you set the URL on both the home button and the new tab is because the home button is loading the new tab, which has a custom URL set.

@ChadRoth yes, it's confusing but your explanation helped straighten it out. Thanks!

 

Annotation 2019-07-19 211107.png

Just a suggestion to the Edge Team.  On this site https://www.microsoftedgeinsider.com/en-us/enterprise could you include version numbers for the installers and policy templates? It would be a clue that something was updated recently. Especially for the templates as controls get added all the time.