SOLVED

ExternalProtocolDialogShowAlwaysOpenCheckbox policy no longer works in Edge Dev and Canary

Iron Contributor

Hi there,

 

We have the ExternalProtocolDialogShowAlwaysOpenCheckbox policy enabled so that folks can have the browser remember their preference for frequently-used protocol handler links. It looks like this policy still works in Edge Beta 81.0.416.20, but stopped working in Edge Dev 82.0.432.3 and later. The checkbox is simply not shown in the later versions. I tested using skype:// and another application we use in-house. The policy is visible in edge://policy, but it is ignored for whatever reason.

 

Thanks!

Andrew

 

 

21 Replies

@AndrewSAIF Thanks for reaching out and letting us know. We're sorry to hear that it isn't working! We just pushed 83.0.470.0 to Canary; are you still seeing this behavior there? If so, let us know and we'll loop in the GPO team. And in the meantime, can you please submit detailed feedback and diagnostic data through the browser, if you haven't yet?

 

Fawkes (they/them)
Project & Community Manager - Microsoft Edge

@Deleted 

 

Hi Fawkes,

 

I updated Canary to the latest version and got the same result. It is easy to duplicate this behavior on a machine that has Office installed if you set the policy, then type skype:// into the address bar and press enter. 

 

AndrewSAIF_0-1585598044532.png

 

I have the feedback feature disabled in my group policy, but if that is a better way to report issues I can set up a test machine to be excluded. 

 

Thanks!

Andrew

best response
Solution

@AndrewSAIF 

 

Hi Andrew,

This policy to show the checkbox was recently restricted to only work from secure (i.e. https) pages.  I suspect that you are expecting to see the checkbox from a non-secure page and that it is not showing up.  

 

Can you confirm?

 

This change was made as part of a broader set of changes to the opt-out checkbox, including:

  • The checkbox now applies per-origin.  So if you select the checkbox because you tried to launch skype: from sharepoint.com, that combination will skip the prompt in the future, but other origins will still see the prompt when launching skype: until opted out.
  • The checkbox will be turned on by default for all users in an upcoming release, so that the group policy is no longer needed.  It will continue to be possible to ensure the checkbox is never shown by explicitly disabling the policy though.

Todd

 

Hi Todd,

 

Thanks for the quick reply. Yes, I am expecting to see the checkbox from a non-https site. 

 

The reason this policy was useful to me is because we have web apps on an http intranet site that contain protocol handler links to open a separate application. For various reasons, we cannot easily make these sites HTTPS. 

 

For this use case, users are clicking several of these links in a short timeframe. The popup for confirmation becomes very obtrusive. I was excited to have this policy since the only other solution at the time was to manually edit the preferences file (or script it). 

 

There was a backlash when this checkbox was removed from Chrome from enterprise users, and I thought this policy was a response to that backlash. I don't think my use case is uncommon and I suspect this will be a big deal for several organizations. 

 

Do you have a timeline or version target for when the checkbox is available by default, and when this happens will the checkbox still only appear for HTTPS? 

 

@todd_sahl 

Not the solution I prefer, but it looks like as a workaround I can just throw the page on my IE Mode list. No popups at all. 

 

Andrew

@Deleted I was also using this on an intranet website served over http. With the latest update to edge chromium, it suddenly stopped working. 

Any chance there's an override for certain domains to be able to get the remember checkbox in conjunction with "Enable remembering protocol launch prompting preferences" being enabled in edge://flags?

It looks like edge chromium no longer honors internet options in control panel (which makes sense) but I'd like a per-domain override as I suddenly no longer have the functionality I had, even though it's still in edge.

@todd_sahl @Deleted 
Hi there. Is there any update on the status of this policy? The behavior appears to be the same still in v85.

 

Thanks!

@AndrewSAIF Our customers are in a similar position, their intranet has specific rules which mean they've twice tried to migrate from IE11 to Edge but had to revert (the most recent to Chrome).
I was hoping with the Chrome based version of Edge that it would honour ExternalProtocolDialogShowAlwaysOpenCheckbox in either Chrome or Edge's reg keys.
The annoyance to the customer of having to click the popup confirmation each time is a deal-breaker,

Hi Todd,

This restriction ruins intranet app experience. Will there be a change in this restriction?

Omer

@AndrewSAIF   Could be good news on the horizon.

Just looked on the beta v84 version of Edge, and the documentation says:

 

"As of Microsoft Edge 84, if you don't configure this policy, when an external protocol confirmation prompt is shown, the user can select "Always allow" to skip all future confirmation prompts for the protocol on this site"

 

Hopefully v84 of Edge will honour the setting, same as Chrome

 

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#externalprotocoldialogshowalways... 

 

@RichardStantonPropsoft 

 

Hm, maybe I'm missing something, but the example I gave (skype://) still shows me a checkbox with this policy enabled on Edge Stable 81 and still does not show me a checkbox on Edge Canary 85. 

@AndrewSAIF  Ah sorry, just tried the v84 beta and you're right - Microsoft still aren't complying with their own documentation.

Not reassuring that you're on an even newer beta than me, and that version is also incorrect.

Hopefully Microsoft will get their act together by v86 and comply with their own documentation.

Until then, our customers will have to stay with a mix of IE and Chrome, which do honour the policy setting.

https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#externalprotocoldialogshowalways... says nothing about secure and non-secure sites.

Currently Dev 85 doesn't show "always open checkbox" for non https.

 

What's the situation right now? Which version of Edeg, which checkbox for which http/https?

@Deleted 

 

Hi,

 

I just encountered this issue too and would like to add my voice to those here requesting a fix.  For our use case we are interested in the behaviour when a custom URL is entered directly into the address bar, as well the case where the link is placed in a page with an HTTP URL rather than HTTPS.  As others have said, in all cases this impacts UX quite badly, it is a blocker for Edge adoption for us at this time.

 

Kind regards,

 

Mike

@Deleted @todd_sahl 

It looks like a solution to this problem is to add the URLAllowlist policy, then add your handler to that:

https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#urlallowlist

 

Use this format:

handlername://*

 

Hope this helps someone. This definitely wasn't clear from the description of the policy. Maybe this isn't even intended behavior, but I'm sure glad it works. 

 

Andrew

 

@AndrewSAIF 

 

Thank you, all! We'll look into this.

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge

1 best response

Accepted Solutions
best response
Solution

@AndrewSAIF 

 

Hi Andrew,

This policy to show the checkbox was recently restricted to only work from secure (i.e. https) pages.  I suspect that you are expecting to see the checkbox from a non-secure page and that it is not showing up.  

 

Can you confirm?

 

This change was made as part of a broader set of changes to the opt-out checkbox, including:

  • The checkbox now applies per-origin.  So if you select the checkbox because you tried to launch skype: from sharepoint.com, that combination will skip the prompt in the future, but other origins will still see the prompt when launching skype: until opted out.
  • The checkbox will be turned on by default for all users in an upcoming release, so that the group policy is no longer needed.  It will continue to be possible to ensure the checkbox is never shown by explicitly disabling the policy though.

Todd

View solution in original post