cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

Tom_Fox
Iron Contributor

‎Jul 30 2021 02:42 AM - edited ‎Jul 30 2021 02:44 AM

‎Jul 30 2021 02:42 AM - edited ‎Jul 30 2021 02:44 AM

ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

I am trying to configure the ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy to allow EML and MSG attachments from our HR systems to be downloaded automatically, without having to allow them.

 

edge error.png

 

We use DNS aliases, so I have whitelisted ".hrm.app.ourcompany.com", ".hrm.appdev.ourcompany.com" and ".hrm.appacc.ourcompany.com", as I read in the documentation that you need to start with a period to match that specific entry.  We don't want to whitelist our entire domain if possible, for security reasons.

 

I have configured this through Group Policy using the example in the documentation, and it loads correctly in the edge://policy list.  Its strange that "domains" and "file_extension" are swapped around, although it says OK.  In edge://policy I have the following:

 

{ "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ], "file_extension": "eml" } ,{ "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ], "file_extension": "msg" }

 

But this doesn't work, my users still receive the message that they first need to allow the file.  Is there somewhere I can check the internal processing of these rules?  I don't see anything in DevTools, unless I am looking in the wrong place.

 

Has anybody successfully implemented this policy?

Preview file
7 KB
13.9K Views
0 Likes
15 Replies
Reply
15 Replies
Kelly_Y

‎Jul 30 2021 03:38 PM

‎Jul 30 2021 03:38 PM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

@Tom_Fox Hi!  There have been some recent discussions about this same policy.  Re: SmartScreen turned off -> Java Webstart JNLP Files are marked as "can harm your computer - Micro...

 

Also, separately we've had a user mention that if using the GP editor "each file_extension MUST be entered on a separate line in the editor, or the policy will not apply." 

 

-Kelly

0 Likes
Reply
Tom_Fox

‎Sep 03 2021 05:22 AM - edited ‎Sep 03 2021 05:23 AM

‎Sep 03 2021 05:22 AM - edited ‎Sep 03 2021 05:23 AM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

Hi @Kelly_Y,

Sorry for my late reply to this. After extensive testing, we can confirm that this policy works fine when we specify server names, but fails when we use DNS aliases. I believe this a bug. Please can you ask your Dev Team to replicate this to confirm.

I tried looking in the DevTools logs when launching a download, to see if I can find a check on these rules, but didn't find anything. Can you confirm if there is some logging generated when downloading?

Tom Fox

0 Likes
Reply
Kelly_Y

‎Sep 07 2021 02:11 PM

‎Sep 07 2021 02:11 PM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

@Tom_Fox Hi!  I've reached out to the team about the issue you are having with DNS aliases.  We will follow up with any insights from them.  Thanks!

 

-Kelly

0 Likes
Reply
astee1280

‎Sep 23 2021 10:32 AM

‎Sep 23 2021 10:32 AM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

Hi Kelly,
Are you able to offer the syntax for multi files types on a single domain? We use MEM and OMA-URI to achieve this, but struggling to get more than one file type accepted.
Thanks,
Alex
0 Likes
Reply
Tom_Fox

‎Sep 24 2021 02:33 PM

‎Sep 24 2021 02:33 PM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

@astee1280 

 

You need to put each file extension on a new line. In my example, this is as follows:

 

{"file_extension": "eml", "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ] }

{"file_extension": "msg", "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ] }

0 Likes
Reply
astee1280

‎Sep 27 2021 12:20 AM

‎Sep 27 2021 12:20 AM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

Hi @Tom_Fox,

Our current working example is;
<Enabled/><data id="ExemptDomainFileTypePairsFromFileTypeDownloadWarningsDesc" value='1&#xF000;{"file_extension": "eml", "domains": ["mydomain"]}'/>

Should the 2 line example be;

<Enabled/><data id="ExemptDomainFileTypePairsFromFileTypeDownloadWarningsDesc" value='1&#xF000;{"file_extension": "eml", "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ] }, {"file_extension": "msg", "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ] }'/>

Would you be able to copy out your working string?

Thanks,
Alex
0 Likes
Reply
Tom_Fox

‎Sep 27 2021 11:38 PM

‎Sep 27 2021 11:38 PM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

@astee1280 

 

How are you configuring this setting, through Group Policy, InTune or directly in the registry?

 

Tom

0 Likes
Reply
astee1280

‎Sep 28 2021 12:20 AM

‎Sep 28 2021 12:20 AM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

@Tom_Fox

Via MEM (Intune). They are set as OMA-URI strings.
0 Likes
Reply
Tom_Fox

‎Sep 28 2021 02:55 PM

‎Sep 28 2021 02:55 PM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

@astee1280 I'm not familiar with Intune but found this example of multiple items in Edge policies. I hope you can work it out. Search for multiple on this page

https://docs.microsoft.com/en-us/deployedge/configure-edge-with-mdm
1 Like
Reply
TofuFace

‎Feb 16 2022 08:06 PM

‎Feb 16 2022 08:06 PM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

Hi Astee1280, Did you ever work this out? I'm trying to get the OMA-URI settings right for this setting for intune too.
0 Likes
Reply
shocol

‎Mar 22 2022 05:26 PM

‎Mar 22 2022 05:26 PM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

@Tom_Fox
Did you ever get this to work for you?

-Shon
0 Likes
Reply
astee1280

‎Mar 23 2022 05:35 AM

‎Mar 23 2022 05:35 AM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

@TofuFace 

 

Unfortunately not. Used Device configuration profile - Settings Catalog instead. 

0 Likes
Reply
shocol

‎Mar 23 2022 02:36 PM

‎Mar 23 2022 02:36 PM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

@astee1280 

 

I finally got this to work, incase you or anyone else want to know how I did it let me know!

 

-Shon

0 Likes
Reply
astee1280

‎Mar 28 2022 12:54 AM

‎Mar 28 2022 12:54 AM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

Please share the syntax. Thanks
1 Like
Reply
shocol

‎Mar 28 2022 05:38 AM - edited ‎Mar 28 2022 05:40 AM

‎Mar 28 2022 05:38 AM - edited ‎Mar 28 2022 05:40 AM

Re: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy

@astee1280 

 

Sure! Create (2) keys under:  Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge

 

Regkeys1.png

Under AutoOpenFileTypes, create a string and name it "1" and add value "jnlp" no quotes

jnlp.jpg

 

Create another string under: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings

Also named "1" with the following value:  

{"file_extension": "jnlp", "domains": ["yourDomain"]}

testDomain.jpg

That's it! Hope this works for you!

 

-Shon

 

0 Likes
Reply