Apologies if I'm posting something that's already known but I've come across an issue that's giving me some headaches.  We limit our devices to Edge and use Intune to push out a bunch of policies (settings, extensions, etc).  Some of these are for security-related functions and we don't want our users to be able to bypass them.  Unfortunately we discovered they are removing extensions by browsing to the Edge folder in AppData and deleting or altering files so they can't be started.  Users are non-admins and machines are Applockered but that doesn't make any difference as they have full control of their AppData folder by default.  I raised a ticket with the Edge team and they closed it as behaviour by design.  That's true as this seems to be a Chromium design issue rather than specifically Edge.  Doesn't help though!