Apr 08 2019 01:27 PM
I'm wondering if there are any new ADMX templates for Edge Insider and I also want to know if the current Group Policy settings for regular Edge still apply.
Thanks!
WB
Apr 08 2019 01:29 PM
Apr 08 2019 01:43 PM
I don't have a specific feature per se but I work in a highly regulated industry, particularly in regard to electronic data record keeping so I wanted to see how granular we can get when setting policies. I really like the zone structure in IE and how finely we can tune settings.
Apr 08 2019 02:38 PM - edited Apr 08 2019 02:39 PM
@Elliot Kirk +1 here for requesting Group Policy ADMX templates for the new Edge Chromium browser.
To give you some background (and hopefully be of some use to your team), I am an IT professional and we work principally with large schools in the UK. We currently use Google Chrome with ADMX templates to control the user experience in Chrome with Group Policy - this is mandatory in a school as kids will exploit any feature they don't need access to.
We have had to largely ditch the EdgeHTML version of Edge due to a lack of group policy control (though this had improved greatly) and incompatibility with some websites.
Things we would absolutely need to be able to control with group policy include blocking user installation of extensions (students like to install VPN extensions), force installing certain extensions (and disabling removal of these by the user). Setting homepages and start up URLs is also extremely important as well as disabling developer mode, in-browser task managers and making pre-set bookmarks.
Finally, being able to centrally set the directory for user downloads would be very beneficial as many establishments redirect downloads to a network share.
If you could incorporate these into future ADMX group policy templates, it would be an enormous benefit and I can see many IT managers sticking with this new version of Edge and not even bothering to deploy Chrome anymore.
Regards
Gigagator
Apr 08 2019 07:13 PM
Things we would absolutely need to be able to control with group policy include blocking user installation of extensions (students like to install VPN extensions), force installing certain extensions (and disabling removal of these by the user). Setting homepages and start up URLs is also extremely important as well as disabling developer mode, in-browser task managers and making pre-set bookmarks.
These settings would be great., along with Enterprise Mode options.
Apr 09 2019 02:30 AM
@Stu R, I second all that.
But really, you need to nail this, Microsoft, to make Enterprises shift from Google Chrome.
If there is a feature in Google Chrome, that is customizable with Chrome for Work, it needs to be native configurable with Group Policy.
And everything, that you add as configurable from the UI into Edge, needs to be configurable with Group Policy.
These Chrome for Work Policies are regularly used to lock down Chrome:
Administrative Templates\Google\Google Chrome | Enable Printing |
Administrative Templates\Google\Google Chrome | Enable autofill properties |
Administrative Templates\Google\Google Chrome | Restrict which users are allowed to sign in to Google Chrome |
Administrative Templates\Google\Google Chrome | Hide the Web Store from the New Tab Page and app launcher |
Administrative Templates\Google\Google Chrome\Extensions | Configure Extension installation blacklist |
Administrative Templates\Google\Google Chrome\Default Search Provider | Enable the default search provider |
Administrative Templates\Google\Google Chrome | Incognito mode availability |
Administrative Templates\Google\Google Chrome | Block access to a list of URLs Properties & Allows access to a list of URLs |
Administrative Templates\Google\Google Chrome | Allow Invocation of file selection dialogs |
Administrative Templates\Google\Google Chrome | Enable bookmark bar |
Administrative Templates\Google\Google Chrome | Enable add person in profile manager |
Administrative Templates\Google\Google Chrome | Enable Guest mode in browser properties |
Administrative Templates\Google\Google Chrome | Enable Google Cloud Print proxy & Enable submission of documents to Google Cloud Print |
Administrative Templates\Google\Google Chrome | Set Google Chrome as default browser |
Administrative Templates\Google\Google Chrome | Disable developer tools |
Administrative Templates\Google\Google Chrome | Specify whether plugin finder should be disabled |
Administrative Templates\Google\Google Chrome | Disable taking screenshots |
Administrative Templates\Google\Google Chrome | Enables or Disables Bookmark editing |
Administrative Templates\Google\Google Chrome | Ephemeral Profile |
Administrative Templates\Google\Google Chrome | Disable saving browser history |
Administrative Templates\Google\Google Chrome | Enable Search Suggestions |
Administrative Templates\Google\Google Chrome | Show the apps shortcut in the bookmarks bar |
Administrative Templates\Google\Google Chrome | Enable or disable spell checking web service |
Administrative Templates\Google\Google Chrome | Disable synchronization of data with Google |
Administrative Templates\Google\Google Chrome | Enable Translate |
Administrative Templates\Google\Google Chrome | Specify a list of disabled plugins |
Administrative Templates\Google\Google Chrome\Home Page | Configure the Home Page URL |
Administrative Templates\Google\Google Chrome\Home Page | Use New Tab Page as homepage |
Administrative Templates\Google\Google Chrome\Locally Managed Users Settings | Enable creation of supervised users |
Administrative Templates\Google\Google Chrome\Native Messaging | Allow user-level Native Messaging hosts (installed without admin permissions) |
Administrative Templates\Google\Google Chrome\Password Manager | Enable the password manager |
Administrative Templates\Google\Google Chrome\Password Manager | Allow users to show passwords in Password Manager |
Administrative Templates\Google\Google Chrome\Startup Pages | Action on startup |
Administrative Templates\Google\Google Chrome\Startup Pages | URLs to open on startup |
Administrative Templates\Google\Google Chrome\Extensions | Configure the list of force-installed apps and extensions |
Administrative Templates\Google\Google Update\Applications\Google Chrome | Update policy override |
Administrative Templates\Google\Google Update\Applications\Google Chrome Binaries | Update policy override |
Administrative Templates\Google\Google Chrome\Content Settings | Allow popups on these sites |
All the GPO Settings for the old Edge and IE should be ported to the new Edge, unless they are no longer relevant on the Chromium based Edge.
Apr 09 2019 03:34 AM
Apr 09 2019 05:48 AM
+1 for a full featured ADMX for chromium Edge. @Elliot Kirk
Apr 09 2019 06:03 AM
+1 on this
Because of some required third-party extensions (listed in Chrome Web Store) we need to use a Chrome compatible browser in our company. We are M365 customer and don't use any Google services but Search, so it would be great to have a chromium based Microsoft browser with full integration in the Windows world (WSUS / ADMX / GPO-manageability).
Apr 11 2019 04:17 AM
+1 for this -
We are having to block users from installing as we block extensions in Chrome and IE\Edge
Apr 15 2019 08:04 AM
And please, please, please Microsoft: Do not go down the "you can only configure it with Intune" road.
Don't sacrifice your browser's market share to advertise for Intune.
If you want Enterprises to use Edge, you need to provide ADMX files, that sums up, what you can do with Chrome for Work ADMX today PLUS, what you can do with "old" Edge and IE using ADMX.
It needs to be at least the total sum.
Otherwise, Enterprises will see no reason to switch from Chrome to Edge.
Apr 15 2019 08:51 AM
Solution@WBrady1965 - The new version of Edge will have a large set of Group Policy options which largely mirrors those in Chromium with several additions and removals based on Edge's feature set.
Having said that, like Chromium, the new Edge does not have "Zones" per-se and as a consequence most policies apply to all sites. It would be helpful to understand what aspects of Zones you were using previously, and whether the equivalent features in Chromium policy (e.g. site lists) are usable as an alternative.
Apr 16 2019 07:01 AM
The biggest reason I use zones is to relax my restriction on scripting for sites that are business critical and we will allow those sites more control over random Internet sites.
May 06 2019 10:55 AM
That list is great, but what we have to have is before we can switch is the ability to do 2-hop authentication, which we can do with Chrome using:
https://www.chromium.org/administrators/policy-list-3#AuthNegotiateDelegateWhitelist
Which in GPO is implemented as (see screenshot).
May 06 2019 11:32 AM
@Keith Davis Thanks. Yes, that policy is expected to be available in Edge.
May 07 2019 07:02 AM
There are several settings we have which are different. Scripting controls were mentioned above, but copy/paste from the clipboard, access data sources / navigate windows and frames across domains, scripted windows, blocking downloading of any ActiveX controls, etc.
It really allows us to keep a tight control over regular internet sites while enabling vendor sites, which often use outdated and poor coding/security methods, to work.
Thanks!
WB
May 23 2019 06:23 PM
Jun 20 2019 01:44 PM
@WBrady1965
We have provided a pre-release of the policies for the Chromium based Microsoft Edge browser in the discussion at:
https://techcommunity.microsoft.com/t5/Discussions/Early-preview-of-Microsoft-Edge-group-policies/m-...
In this discussion, there is an attached ZIP file that contains the ADMX, ADM, and basic documentation in an HTML file.
Please take a look and let us know what you think.
Jun 20 2019 01:50 PM
Apr 15 2019 08:51 AM
Solution@WBrady1965 - The new version of Edge will have a large set of Group Policy options which largely mirrors those in Chromium with several additions and removals based on Edge's feature set.
Having said that, like Chromium, the new Edge does not have "Zones" per-se and as a consequence most policies apply to all sites. It would be helpful to understand what aspects of Zones you were using previously, and whether the equivalent features in Chromium policy (e.g. site lists) are usable as an alternative.