Jul 30 2021 02:42 AM - edited Jul 30 2021 02:44 AM
I am trying to configure the ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy to allow EML and MSG attachments from our HR systems to be downloaded automatically, without having to allow them.
We use DNS aliases, so I have whitelisted ".hrm.app.ourcompany.com", ".hrm.appdev.ourcompany.com" and ".hrm.appacc.ourcompany.com", as I read in the documentation that you need to start with a period to match that specific entry. We don't want to whitelist our entire domain if possible, for security reasons.
I have configured this through Group Policy using the example in the documentation, and it loads correctly in the edge://policy list. Its strange that "domains" and "file_extension" are swapped around, although it says OK. In edge://policy I have the following:
{ "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ], "file_extension": "eml" } ,{ "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ], "file_extension": "msg" }
But this doesn't work, my users still receive the message that they first need to allow the file. Is there somewhere I can check the internal processing of these rules? I don't see anything in DevTools, unless I am looking in the wrong place.
Has anybody successfully implemented this policy?
Jul 30 2021 03:38 PM
@Tom_Fox Hi! There have been some recent discussions about this same policy. Re: SmartScreen turned off -> Java Webstart JNLP Files are marked as "can harm your computer - Micro...
Also, separately we've had a user mention that if using the GP editor "each file_extension MUST be entered on a separate line in the editor, or the policy will not apply."
-Kelly
Sep 03 2021 05:22 AM - edited Sep 03 2021 05:23 AM
Hi @Kelly_Y,
Sorry for my late reply to this. After extensive testing, we can confirm that this policy works fine when we specify server names, but fails when we use DNS aliases. I believe this a bug. Please can you ask your Dev Team to replicate this to confirm.
I tried looking in the DevTools logs when launching a download, to see if I can find a check on these rules, but didn't find anything. Can you confirm if there is some logging generated when downloading?
Tom Fox
Sep 07 2021 02:11 PM
@Tom_Fox Hi! I've reached out to the team about the issue you are having with DNS aliases. We will follow up with any insights from them. Thanks!
-Kelly
Sep 23 2021 10:32 AM
Sep 24 2021 02:33 PM
You need to put each file extension on a new line. In my example, this is as follows:
{"file_extension": "eml", "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ] }
{"file_extension": "msg", "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ] }
Sep 27 2021 12:20 AM
Sep 27 2021 11:38 PM
How are you configuring this setting, through Group Policy, InTune or directly in the registry?
Tom
Sep 28 2021 12:20 AM
Sep 28 2021 02:55 PM
Feb 16 2022 08:06 PM
Mar 22 2022 05:26 PM
Mar 23 2022 05:35 AM
Mar 23 2022 02:36 PM
I finally got this to work, incase you or anyone else want to know how I did it let me know!
-Shon
Mar 28 2022 12:54 AM
Mar 28 2022 05:38 AM - edited Mar 28 2022 05:40 AM
Sure! Create (2) keys under: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
Under AutoOpenFileTypes, create a string and name it "1" and add value "jnlp" no quotes
Create another string under: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
Also named "1" with the following value:
{"file_extension": "jnlp", "domains": ["yourDomain"]}
That's it! Hope this works for you!
-Shon