SOLVED

Edge Insider ADMX

Brass Contributor

I'm wondering if there are any new ADMX templates for Edge Insider and I also want to know if the current Group Policy settings for regular Edge still apply.

 

Thanks!

 

WB

20 Replies
Hi @WBrady1965, we will have more information about managability and Group Policy coming soon, is there a specific concern or feature that you are looking to be supported by default? Thanks, Elliot

@Elliot Kirk 

I don't have a specific feature per se but I work in a highly regulated industry, particularly in regard to electronic data record keeping so I wanted to see how granular we can get when setting policies. I really like the zone structure in IE and how finely we can tune settings.

@Elliot Kirk +1 here for requesting Group Policy ADMX templates for the new Edge Chromium browser.

 

To give you some background (and hopefully be of some use to your team), I am an IT professional and we work principally with large schools in the UK. We currently use Google Chrome with ADMX templates to control the user experience in Chrome with Group Policy - this is mandatory in a school as kids will exploit any feature they don't need access to.

 

We have had to largely ditch the EdgeHTML version of Edge due to a lack of group policy control (though this had improved greatly) and incompatibility with some websites.

 

Things we would absolutely need to be able to control with group policy include blocking user installation of extensions (students like to install VPN extensions), force installing certain extensions (and disabling removal of these by the user). Setting homepages and start up URLs is also extremely important as well as disabling developer mode, in-browser task managers and making pre-set bookmarks.

 

Finally, being able to centrally set the directory for user downloads would be very beneficial as many establishments redirect downloads to a network share.

 

If you could incorporate these into future ADMX group policy templates, it would be an enormous benefit and I can see many IT managers sticking with this new version of Edge and not even bothering to deploy Chrome anymore.

 

Regards

 

Gigagator

Things we would absolutely need to be able to control with group policy include blocking user installation of extensions (students like to install VPN extensions), force installing certain extensions (and disabling removal of these by the user). Setting homepages and start up URLs is also extremely important as well as disabling developer mode, in-browser task managers and making pre-set bookmarks.

These settings would be great., along with Enterprise Mode options.

@Stu R, I second all that.

But really, you need to nail this, Microsoft, to make Enterprises shift from Google Chrome.

 

If there is a feature in Google Chrome, that is customizable with Chrome for Work, it needs to be native configurable with Group Policy.

And everything, that you add as configurable from the UI into Edge, needs to be configurable with Group Policy.

 

These Chrome for Work Policies are regularly used to lock down Chrome:

Administrative Templates\Google\Google ChromeEnable Printing
Administrative Templates\Google\Google ChromeEnable autofill properties
Administrative Templates\Google\Google ChromeRestrict which users are allowed to sign in to Google Chrome
Administrative Templates\Google\Google ChromeHide the Web Store from the New Tab Page and app launcher
Administrative Templates\Google\Google Chrome\ExtensionsConfigure Extension installation blacklist
Administrative Templates\Google\Google Chrome\Default Search ProviderEnable the default search provider
Administrative Templates\Google\Google ChromeIncognito mode availability
Administrative Templates\Google\Google ChromeBlock access to a list of URLs Properties & Allows access to a list of URLs
Administrative Templates\Google\Google ChromeAllow Invocation of file selection dialogs
Administrative Templates\Google\Google ChromeEnable bookmark bar
Administrative Templates\Google\Google ChromeEnable add person in profile manager
Administrative Templates\Google\Google ChromeEnable Guest mode in browser properties
Administrative Templates\Google\Google ChromeEnable Google Cloud Print proxy & Enable submission of documents to Google Cloud Print
Administrative Templates\Google\Google ChromeSet Google Chrome as default browser
Administrative Templates\Google\Google ChromeDisable developer tools
Administrative Templates\Google\Google ChromeSpecify whether plugin finder should be disabled
Administrative Templates\Google\Google ChromeDisable taking screenshots
Administrative Templates\Google\Google ChromeEnables or Disables Bookmark editing
Administrative Templates\Google\Google ChromeEphemeral Profile
Administrative Templates\Google\Google ChromeDisable saving browser history
Administrative Templates\Google\Google ChromeEnable Search Suggestions
Administrative Templates\Google\Google ChromeShow the apps shortcut in the bookmarks bar
Administrative Templates\Google\Google ChromeEnable or disable spell checking web service
Administrative Templates\Google\Google ChromeDisable synchronization of data with Google
Administrative Templates\Google\Google ChromeEnable Translate
Administrative Templates\Google\Google ChromeSpecify a list of disabled plugins
Administrative Templates\Google\Google Chrome\Home PageConfigure the Home Page URL
Administrative Templates\Google\Google Chrome\Home PageUse New Tab Page as homepage
Administrative Templates\Google\Google Chrome\Locally Managed Users SettingsEnable creation of supervised users
Administrative Templates\Google\Google Chrome\Native MessagingAllow user-level Native Messaging hosts (installed without admin permissions)
Administrative Templates\Google\Google Chrome\Password ManagerEnable the password manager
Administrative Templates\Google\Google Chrome\Password ManagerAllow users to show passwords in Password Manager
Administrative Templates\Google\Google Chrome\Startup PagesAction on startup
Administrative Templates\Google\Google Chrome\Startup PagesURLs to open on startup
Administrative Templates\Google\Google Chrome\ExtensionsConfigure the list of force-installed apps and extensions
Administrative Templates\Google\Google Update\Applications\Google ChromeUpdate policy override
Administrative Templates\Google\Google Update\Applications\Google Chrome BinariesUpdate policy override
Administrative Templates\Google\Google Chrome\Content Settings

Allow popups on these sites

 


All the GPO Settings for the old Edge and IE should be ported to the new Edge, unless they are no longer relevant on the Chromium based Edge.

Chrome like ADMX are a must have for corporate users.

+1 for a full featured ADMX for chromium Edge. @Elliot Kirk 

@WBrady1965 

+1 on this


Because of some required third-party extensions (listed in Chrome Web Store) we need to use a Chrome compatible browser in our company. We are M365 customer and don't use any Google services but Search, so it would be great to have a chromium based Microsoft browser with full integration in the Windows world (WSUS / ADMX / GPO-manageability).

 

@WBrady1965 

 

+1 for this -

We are having to block users from installing as we block extensions in Chrome and IE\Edge

@Gigagator 

And please, please, please Microsoft: Do not go down the "you can only configure it with Intune" road.

 

Don't sacrifice your browser's market share to advertise for Intune.

 

If you want Enterprises to use Edge, you need to provide ADMX files, that sums up, what you can do with Chrome for Work ADMX today PLUS, what you can do with "old" Edge and IE using ADMX.

It needs to be at least the total sum.

 

Otherwise, Enterprises will see no reason to switch from Chrome to Edge.

best response confirmed by Peter Haigh (Microsoft)
Solution

@WBrady1965 - The new version of Edge will have a large set of Group Policy options which largely mirrors those in Chromium with several additions and removals based on Edge's feature set. 

 

Having said that, like Chromium, the new Edge does not have "Zones" per-se and as a consequence most policies apply to all sites. It would be helpful to understand what aspects of Zones you were using previously, and whether the equivalent features in Chromium policy (e.g. site lists) are usable as an alternative.

@Eric_Lawrence 

 

The biggest reason I use zones is to relax my restriction on scripting for sites that are business critical and we will allow those sites more control over random Internet sites.

 

 

@Eric_Lawrence Any indications on timeframe?

@martinj 

 

That list is great, but what we have to have is before we can switch is the ability to do 2-hop authentication, which we can do with Chrome using:

 

https://www.chromium.org/administrators/policy-list-3#AuthNegotiateDelegateWhitelist

 

Which in GPO is implemented as (see screenshot).

 

 

@Keith Davis Thanks. Yes, that policy is expected to be available in Edge.

@Eric_Lawrence 

There are several settings we have which are different. Scripting controls were mentioned above, but copy/paste from the clipboard, access data sources / navigate windows and frames across domains, scripted windows, blocking downloading of any ActiveX controls, etc.

It really allows us to keep a tight control over regular internet sites while enabling vendor sites, which often use outdated and poor coding/security methods, to work.

 

Thanks!

WB

+1 for the Edge Chromium admx

I think the question should be will it reuse back the Edge admx? or it will has a new Edge Chromium admx?

@WBrady1965  
We have provided a pre-release of the policies for the Chromium based Microsoft Edge browser in the discussion at:
https://techcommunity.microsoft.com/t5/Discussions/Early-preview-of-Microsoft-Edge-group-policies/m-...

 

In this discussion, there is an attached ZIP file that contains the ADMX, ADM, and basic documentation in an HTML file. 

 

Please take a look and let us know what you think.

@WBrady1965  To address your question, the existing group policies for the EdgeHTML version will not be read and used by the Chromium version. A new set of group policies is defined and are configured separately.
1 best response

Accepted Solutions
best response confirmed by Peter Haigh (Microsoft)
Solution

@WBrady1965 - The new version of Edge will have a large set of Group Policy options which largely mirrors those in Chromium with several additions and removals based on Edge's feature set. 

 

Having said that, like Chromium, the new Edge does not have "Zones" per-se and as a consequence most policies apply to all sites. It would be helpful to understand what aspects of Zones you were using previously, and whether the equivalent features in Chromium policy (e.g. site lists) are usable as an alternative.

View solution in original post