SOLVED

Keep Favorites Synced between Internet Explorer and Edge NOT available in Edge Chromium

Iron Contributor

85 does have Roaming with AD Sync to a users home drive. 

So not Folder Redirection but this works. Except I cannot seem to get Collections Roaming enabled no matter how hard I try. It is "locked" when I go to Sync. So I expect that it isn't supported in AD Sync because I have not blocked it in GPO at all. 

Note that the Home Drives are redirected to the server share with %homeshare%%homepath% and it does successfully add to the Edge folder on the server home drive. You can see it here. edge://sync-internals/

Edge Settings to enable the Roaming 

User Configuration - Administrative Templates

Microsoft Edge
Browser sign-in settings = Enabled - Browser sign-in settings = Enable browser sign-in

Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account = Enabled - Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account Sign in and make domain account non-removable

Enable using roaming copies for Microsoft Edge profile data = Enabled
Set the roaming profile directory = Enabled
Set the roaming profile directory = ${documents}\Edge


Configure the list of types that are excluded from synchronization = Enabled - Configure the list of types that are excluded from synchronization
passwords
extensions
addressesAndMore

Enable the Collections feature = Enabled (Although this doesn't roam which I am not sure why)


Original Post.
We run a huge hospital domain with 86,000 workstations. We have extended support for Windows 7 because many of the hospital apps need IE and ActiveX to run.
We are trying to move the users off IE and onto Edge Chromium but one KEY part is missing in the Group Policies.

The "Keep Favorites Synced between Internet Explorer and Edge" NOT available in Edge Chromium Group Policy. This setting is ESSENTIAL to our clients. Favorites are stored via Folder Redirection on the Active Directory Home Drive Servers so nurses that roam between 30 machines always have their Favorites.
If their Links are not available then it will impact patient care.

We have the setting set in Microsoft Edge and it works just fine. Where is the Setting for Edge Chromium?

I don't understand why Microsoft would abandon the ability to have Favorites and Links Roam.

"If you enable this setting, employees can sync their favorites between Internet Explorer and Microsoft Edge."

163 Replies

@HotCakeX 

Hi there,
We have exactly the same problem in our hospital in Germany
I have now read that there is a function in Chrome / Chromium.

It's called: RoamingProfileSupport see

https://support.google.com/chrome/a/answer/7349337?hl=en

If you use the RoamingProfileSupport function instead, only the file "profile.pb" which "bookmarks, AutoFill data, passwords, parts of the browser history, the browser settings and the installed extensions." diverted.

This makes it possible to use the browser on different PCs at the same time and the relevant data is loaded when the application is started. This function does not exist in the Edge or has been removed.

But it were exactly what we needed and how it had worked in Internet Explorer for years. We will stop the rollout of the new Edge now for better or worse
and put on the original Chrome.

@simsoo 

After reading your message I took at look at the Google Chrome policy documentation and indeed, the following two policies would do exactly what we need.


- RoamingprofileSupportEnabled (https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RoamingProfileSupportEnabled)
- RoamingProfileLocation (https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RoamingProfileLocation)

 

According to the documentation the policy "SyncDisabled" needs to be set to 0 or not be configured for this to work.

 

Sadly I cannot test this with the new Edge at the moment because as soon as I create the "RoamingprofileSupportEnabled" registry key under "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" Edge refuses to start completely. With no error whatsoever. (Current stable version)

 

But if Edge were able to utilize this Google Chrome policy then we'd have everything we really need.

Maybe this could be a short-term solution? I'm sure it would be much easier to implement an already existing policy from Chrome into the new Edge than developing your own solution from scratch.

@Chris Jackson 

"What I was hoping to then understand is - if we had on-prem sync for the new Microsoft Edge, do you STILL need to sync with IE, or does that actually solve the problem for you? In other words, is syncing with IE just a means to an end (you do this to make up for a missing sync approach in Microsoft Edge) or is it something you want for other reasons?

 

It sounds like you're planning to use IE mode, and not launch Internet Explorer directly. If that's true, then I think solving for on-prem sync gives you what your users need. I'm just making sure that's true, and that we're not missing a scenario where you would still want the same favorites to appear in stand-alone IE."

Hi,

Synching with IE is not required BUT using the "Favorites" Folder Redirection is. So a Folder Redirection GPO that can redirect the Edge Bookmarks to the users Home Drive would work just fine. Note I have see the "user content" GPO that lets me redirect all the garbage but I don't need the garbage, JUST the favorites. So if it just say redirected the favorites to %homeshare%%homepath%\bookmarks.htm or something like that, that would work fine.

Users are in Active Directory Domain. Folder Redirection is enabled. UEV is enabled (for most). Local Profiles are wiped every 30 days so we don't keep anything cached locally.

That is why Chrome is a TERRIBLE browser for Corporate use and only used when there are no other alternatives. It is about as 1990's as you can get. I have been a web designer for decades and Chrome hasn't changed all that much.
#1 problem with Chrome - BLOAT. One user can have 1GB of crap that does nothing.
#2 problem with Chrome - SPYWARE - It collects data and reports home worse than any spywhere out there.
#3 problem with Chrome - RAM HOG - One Chrome session can take 10x the amount of Ram as IE.

Chromium Edge is a dream come true. It has all the benefits of IE and Edge and the dumb rendering of Chrome so it is  browser replacement for all of them.

@lforbes 

Spoiler

@lforbes wrote:

That is why Chrome is a TERRIBLE browser for Corporate use and only used when there are no other alternatives. It is about as 1990's as you can get. I have been a web designer for decades and Chrome hasn't changed all that much.
#1 problem with Chrome - BLOAT. One user can have 1GB of crap that does nothing.
#2 problem with Chrome - SPYWARE - It collects data and reports home worse than any spywhere out there.
#3 problem with Chrome - RAM HOG - One Chrome session can take 10x the amount of Ram as IE.

Chromium Edge is a dream come true. It has all the benefits of IE and Edge and the dumb rendering of Chrome so it is  browser replacement for all of them.


So true..

@simsoo 

Spoiler

@simsoo wrote:

@HotCakeX 

Hi there,
We have exactly the same problem in our hospital in Germany
I have now read that there is a function in Chrome / Chromium.

It's called: RoamingProfileSupport see

https://support.google.com/chrome/a/answer/7349337?hl=en

If you use the RoamingProfileSupport function instead, only the file "profile.pb" which "bookmarks, AutoFill data, passwords, parts of the browser history, the browser settings and the installed extensions." diverted.

This makes it possible to use the browser on different PCs at the same time and the relevant data is loaded when the application is started. This function does not exist in the Edge or has been removed.

But it were exactly what we needed and how it had worked in Internet Explorer for years. We will stop the rollout of the new Edge now for better or worse
and put on the original Chrome.


If you think Google Chrome is safer than Edge then good luck, Google loves companies/persons like you that want to give them more data to mine

 

Edit: I mean Google already has medical records of Americans, so why not have medical and health records of Germans  :smile:

 

https://arstechnica.com/science/2019/11/would-you-trust-google-with-your-medical-records-it-might-al...

@HotCakeX 

One can argue whether the data on Google or Microsoft are more secure.
The fact is, Chromium Edge still lacks basic functions that work with Internet Explorer, Classic Edge and Chrome. Therefore, we are currently unable to use a Chromium Edge.
Why doesn't Microsoft just enable Chromium's RoamingProfileSupport? Then everyone would be happy.

@simsoo 

I have opened a ticket/call with Microsoft about the whole issue and informed them about the "RoamingProfileSupport" possibility in that call.

They do have plans for an on-premise sync but its slightly overkill. No answer back on the "RoamingProfileSupport" policy yet though. Haven't heared back from them in 2 days, so lets see what they say when they get back to me.

@simsoo 

Spoiler

@simsoo wrote:

@HotCakeX 

One can argue whether the data on Google or Microsoft are more secure.
The fact is, Chromium Edge still lacks basic functions that work with Internet Explorer, Classic Edge and Chrome. Therefore, we are currently unable to use a Chromium Edge.
Why doesn't Microsoft just enable Chromium's RoamingProfileSupport? Then everyone would be happy.


Google's business in based on data mining, Microsoft's business is based on providing services, that explains everything.

@HotCakeX @lforbes @narutards @simsoo Thank you all for your valuable input. We've been actively discussing this behind the scenes, and I have an update to share from Scott, a senior program manager from the Microsoft Edge Services team.

"We’ve heard the feedback loud and clear for a need to manage on-premise favorites sync in the new Microsoft Edge, and I know that it is a deployment blocker for many of you. I’m part of a team that is looking into how we can support this as soon as we can. For example, we are evaluating the pros and cons of Chrome’s RoamingProfile* policies as a starting point.

 

For those of you that are considering cloud sync, we are also planning additional documentation around Microsoft’s protection of synced cloud data, which will be particularly interesting to customers who adhere to regulations such as HIPAA or GDPR. We have some documentation here which covers some related topics like how admins can leverage Azure Information Protection for synced data; you can expect to see more detailed information in the coming weeks."

Fawkes (they/them)
Project & Community Manager - Microsoft Edge


@Deleted 

@HotCakeX @lforbes @narutards @simsoo 

"We’ve heard the feedback loud and clear for a need to manage on-premise favorites sync in the new Microsoft Edge, and I know that it is a deployment blocker for many of you. I’m part of a team that is looking into how we can support this as soon as we can. For example, we are evaluating the pros and cons of Chrome’s RoamingProfile* policies as a starting point.

 

For those of you that are considering cloud sync, we are also planning additional documentation around Microsoft’s protection of synced cloud data, which will be particularly interesting to customers who adhere to regulations such as HIPAA or GDPR. We have some documentationherewhich covers some related topics like how admins can leverage Azure Information Protection for synced data;you can expect to see more detailed information in the coming weeks."

Hi,

Thanks for this.

Note that there is a USER FOLDER redirect option already in Edgium Group Policies but we do NOT want to fill our network drives up with excess of 1GB of profile junk that Chrome creates. It is a nightmare how much data Chrome creates in their "profile". 
We use Chrome too and it is horrible for filling up SSD's which is why we are trying to get rid of it. 

All we need is a network redirect solution for storing the bookmarks file which is quite small. 

Just be aware that IE itself was pretty awesome at 1) Limiting Ram Usage and 2) Limiting drive usage. We want the benefits of that. If we wanted Chrome we would have stuck with it.

@HotCakeX 
So I have wireshark data that proves that Microsoft Servers in the United States are constantly communicating and collecting data from our Canadian BC Windows 10 workstations TO US Microsoft servers. I have the IP Address' to show it. See the attached document. It is about 50-100MB per 30 min per machine.
In Canada, where we operate, Federal and Provincial laws dictate that NO communication or data from Health Care and Government machines can be sent from computers within Canada to servers outside of Canada. Period end of story. No getting around Federal law. 
Note this is with Telemetry and all "collection" services disabled, Windows Defender disabled (we use Symantec) SCCM providing all Windows Updates and the Apps set to not update, and the Windows Store blocked in GPO.  Even with privacy locked down as tight as it can go the chatter is excessive. 

So we need to stop this data chatter with US servers and have an internal solution.

@cjc2112 

 

Spoiler

"One thing that doesn't make sense is why you are on extended support for windows 7, because IE is on windows 10. Unless the problem is windows based and Windows 10 won't let you sync between the same account, there's no problem that would keep you from upgrading.

 

Also, off topic but you mentioned that you don't update the computers because of connection problems, but windows has a feature that will allow it to update by using the updates of a computer around it, without internet connection. If this is unrelated to the problem, disregard it."

 

We have 86,000 workstations in hospitals from the rural north to the big cities. They run software for CT scans and Medical Equipment that can be up to 15-20 years old that costs upwards of millions to replace and most of the software won't run on 64bit. So we still have Windows 7 and 7 32bit running IE because they run unsigned ActiveX that are 10+ years old.

However, with the cost of extended patching service being expensive we are trying to upgrade them all to Windows 10 as soon as possible. However, that means we need a standard browser that works on Windows 10 and supports newer websites AND the older IE mode ones at the same time. New Edgium seems to fit this but for the case here of the favorites we are focussing on Windows 10 only which is about 50,000 workstations now. 

We have distribution SCCM servers in each remote area and within each subnet they use Branch Cache. We use a 10.x.x.x subnet which is internal. Branchcache is very efficient for Windows Updates and rollups etc and it works fine.

 

The problem comes with not having an Internal SCCM solution for Modern Apps. Delivery Optimization, the ONLY solution for Modern App Updates is 100% cloud based and requires registration with Microsoft servers outside of Canada which as I mentioned is banned for privacy reasons via Federal and Provincial Law.  As IP addresses are considered Private Information even under the GDPR https://eugdprcompliant.com/personal-data/ and cannot be collected.

 

@lforbes 

Spoiler

@lforbes wrote:

@HotCakeX 
So I have wireshark data that proves that Microsoft Servers in the United States are constantly communicating and collecting data from our Canadian BC Windows 10 workstations TO US Microsoft servers. I have the IP Address' to show it. See the attached document. It is about 50-100MB per 30 min per machine.
In Canada, where we operate, Federal and Provincial laws dictate that NO communication or data from Health Care and Government machines can be sent from computers within Canada to servers outside of Canada. Period end of story. No getting around Federal law. 
Note this is with Telemetry and all "collection" services disabled, Windows Defender disabled (we use Symantec) SCCM providing all Windows Updates and the Apps set to not update, and the Windows Store blocked in GPO.  Even with privacy locked down as tight as it can go the chatter is excessive. 

So we need to stop this data chatter with US servers and have an internal solution.


So why are you using Symantec then? it sends data to their servers, for communication, updates and more.

the IP addresses can mean anything.

that doesn't even prove they are originating from Edge.

 

edit: btw not every domain name containing the word "edge" means they are somehow related to the Edge browser. I've seen domain names before from Microsoft having the word edge in them and yet they didn't have anything to do with the actual Edge browser.

@lforbes 

Spoiler

@lforbes wrote:

 

Spoiler

"One thing that doesn't make sense is why you are on extended support for windows 7, because IE is on windows 10. Unless the problem is windows based and Windows 10 won't let you sync between the same account, there's no problem that would keep you from upgrading.

 

Also, off topic but you mentioned that you don't update the computers because of connection problems, but windows has a feature that will allow it to update by using the updates of a computer around it, without internet connection. If this is unrelated to the problem, disregard it."

 

We have 86,000 workstations in hospitals from the rural north to the big cities. They run software for CT scans and Medical Equipment that can be up to 15-20 years old that costs upwards of millions to replace and most of the software won't run on 64bit. So we still have Windows 7 and 7 32bit running IE because they run unsigned ActiveX that are 10+ years old.

However, with the cost of extended patching service being expensive we are trying to upgrade them all to Windows 10 as soon as possible. However, that means we need a standard browser that works on Windows 10 and supports newer websites AND the older IE mode ones at the same time. New Edgium seems to fit this but for the case here of the favorites we are focussing on Windows 10 only which is about 50,000 workstations now. 

We have distribution SCCM servers in each remote area and within each subnet they use Branch Cache. We use a 10.x.x.x subnet which is internal. Branchcache is very efficient for Windows Updates and rollups etc and it works fine.

 

The problem comes with not having an Internal SCCM solution for Modern Apps. Delivery Optimization, the ONLY solution for Modern App Updates is 100% cloud based and requires registration with Microsoft servers outside of Canada which as I mentioned is banned for privacy reasons via Federal and Provincial Law.  As IP addresses are considered Private Information even under the GDPR https://eugdprcompliant.com/personal-data/ and cannot be collected.

 


is there an online official documentation to use as a reference for reading this part of the Canadian law?

@lforbes 

Spoiler

@lforbes wrote:

@HotCakeX 
So I have wireshark data that proves that Microsoft Servers in the United States are constantly communicating and collecting data from our Canadian BC Windows 10 workstations TO US Microsoft servers. I have the IP Address' to show it. See the attached document. It is about 50-100MB per 30 min per machine.
In Canada, where we operate, Federal and Provincial laws dictate that NO communication or data from Health Care and Government machines can be sent from computers within Canada to servers outside of Canada. Period end of story. No getting around Federal law. 
Note this is with Telemetry and all "collection" services disabled, Windows Defender disabled (we use Symantec) SCCM providing all Windows Updates and the Apps set to not update, and the Windows Store blocked in GPO.  Even with privacy locked down as tight as it can go the chatter is excessive. 

So we need to stop this data chatter with US servers and have an internal solution.


Oh hey, by the way, those URLs don't even belong to Microsoft:

 

https://www.whois.com/whois/akamaiedge.net

 

Spoiler
Domain:
akamaiedge.net
 
Registrar:
Akamai Technologies, Inc.
 
Registered On:
2001-10-04
 
Expires On:
2021-10-04
 
Updated On:
2019-10-09
 
Status:
clientDeleteProhibited
clientTransferProhibited
clientUpdateProhibited
serverDeleteProhibited
serverTransferProhibited
serverUpdateProhibited
 
Name Servers:
a1-192.akamaiedge.net
a11-192.akamaiedge.net
a12-192.akamaiedge.net
a13-192.akamaiedge.net
a28-192.akamaiedge.net
a6-192.akamaiedge.net
la1.akamaiedge.net
la3.akamaiedge.net
lar2.akamaiedge.net
ns3-194.akamaiedge.net
ns5-194.akamaiedge.net
ns6-194.akamaiedge.net
ns7-194.akamaiedge.net



Registrant Contact
Name:
Hostmaster Billing
 
Organization:
Akamai Technologies, inc.
 
Street:
145 Broadway
 
City:
Cambridge
 
State:
MA
 
Postal Code:
02142
 
Country:
US
 
Phone:
+1.6174443000
 
Fax:
+1.6174443001
 
Email:
 

 

@akamai.com



What is Akamai Tech? basically a CDN that a lot of softwares and services use.

 

Spoiler
Akamai Technologies, Inc. is an American content delivery network, cybersecurity, and cloud service provider headquartered in Cambridge, Massachusetts, in the United States. Akamai's content delivery network is one of the world's largest distributed computing platforms, responsible for serving between 15% and 30% of all web traffic. The company operates a network of servers around the world and rents out capacity on these servers to customers who want their websites to work faster by distributing content from locations close to the user. When a user navigates to the URL of an Akamai customer, their browser is redirected to one of Akamai's copies of the website.

What is CDN?

 

Spoiler
A content delivery network or content distribution network (CDN) is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and high performance by distributing the service spatially relative to end-users. CDNs came into existence in the late 1990s as a means for alleviating the performance bottlenecks of the Internet, even as the Internet was starting to become a mission-critical medium for people and enterprises. Since then, CDNs have grown to serve a large portion of the Internet content today, including web objects (text, graphics and scripts), downloadable objects (media files, software, documents), applications (e-commerce, portals), live streaming media, on-demand streaming media, and social media sites.

 

What is Edge server?

 

An edge server, in a system administration context, is any server that resides on the "edge" between two networks, typically a private network and the Internet.

This was a painful thread to read through but I wanted to throw my hat in because we have the same concern and will be monitoring this thread for the new GPO options to be added.

@scsmartt Thanks for sharing your voice, and welcome to the Microsoft Edge Insider community. I can confirm that this is top-of-mind for our Enterprise team, and that they are actively considering different solutions.

 

Fawkes (they/them)
Project & Community Manager - Microsoft Edge

@lforbes 

I'm following this because I am looking for a similar solution, but wow what a painful read.  Last year when my organization upgraded from Exchange 2010 to 2019 on premise I remember posting questions and would be met with the replies "why don't you just go to O365"?

 

Its like... Yes, I know it exists... Yes, I know it will do what I'm asking for help with the on-prem solution, but you know what, the business leaders have rules and concerns that are above my pay grade and influence, so even though you can do something like sync browser favorites between systems using a cloud service, my business policy doesn't allow it so lets just drop the discussion of why I should use solution B instead of A because the powers that be have decided that solution A is the way to go and that is the world that I have to live with.

@scsmartt 

Spoiler

@scsmartt wrote:

This was a painful thread to read through 

I feel the same