cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Found a bug in Edge 87 policy

HotCakeX
MVP

‎Oct 20 2020 02:40 PM - edited ‎Oct 20 2020 02:44 PM

‎Oct 20 2020 02:40 PM - edited ‎Oct 20 2020 02:44 PM

Found a bug in Edge 87 policy

So whenever I enable this policy

 

5.png

 

This option in Edge which is related to secure DNS lookups, becomes unavailable and disabled

 

1.png

 

I see no relation between the 2 options.

 

in Edge policy I only have this

 

2.png

 

which should only apply to this

 

3.png

 

and not other settings. so In my perspective this is a bug/unwanted behavior.

 

I'll report it using feedback button on Edge too.

 

Edge Dev 87-88

Windows 10 20H2

 

if for any reason this is actually an expected behavior, please let me know with some explanation, thank you.

 

Labels:
2,381 Views
1 Like
8 Replies
Reply
8 Replies
Kelly_Y

‎Oct 20 2020 03:48 PM

‎Oct 20 2020 03:48 PM

Re: Found a bug in Edge 87 policy

@HotCakeX Hi!  I'm checking with our team about what you've noticed when DefaultGeolocationSetting is enabled.  I'll follow up once I can gather some information.  Thanks!

 

-Kelly

3 Likes
Reply
Eric_Lawrence

‎Oct 20 2020 05:19 PM

‎Oct 20 2020 05:19 PM

Re: Found a bug in Edge 87 policy

@HotCakeX - If the browser detects that the user is in a “managed” environment, then DoH can be configured only by policy, not the end-user. That’s because Enterprise environments often have specific requirements for network configuration that are more likely to be broken by Secure DNS.

 

On Windows, that detection shouldn't be tied to whether you've set a policy-- it should instead be tied to whether the machine is domain joined. On Mac, it looks like it may be tied to whether any policy is set.

 

https://blog.chromium.org/2020/05/a-safer-and-more-private-browsing-DoH.html

If you are an IT administrator, Chrome will disable Secure DNS if it detects a managed environment via the presence of one or more enterprise policies. We’ve also added new DNS-over-HTTPS enterprise policies to allow for a managed configuration of Secure DNS and encourage IT administrators to look into deploying DNS-over-HTTPS for their users.

2 Likes
Reply
HotCakeX

‎Oct 21 2020 02:48 AM

‎Oct 21 2020 02:48 AM

Re: Found a bug in Edge 87 policy

@Eric_Lawrence 
Thank you, that makes sense in enterprise environment,

but I only downloaded the latest policy files and installed them on my personal non-managed Windows 10 20H2

 

0 Likes
Reply
Eric_Lawrence

‎Oct 21 2020 09:13 AM - edited ‎Oct 21 2020 01:40 PM

‎Oct 21 2020 09:13 AM - edited ‎Oct 21 2020 01:40 PM

Re: Found a bug in Edge 87 policy

@HotCakeX The "Your browser is managed by your organization" banner in your Settings screenshot indicates that your system is "Managed".

I misread the Chromium code-- the check falls through, so if your machine has any policies set (see about:policy), it's deemed "Managed": 

 

if (base::IsMachineExternallyManaged())  // <-- this is the domain join check 
return true;
#endif
#if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
if (g_browser_process->browser_policy_connector()
                  ->HasMachineLevelPolicies())  // <-- this is the policy check
return true;
#endif
0 Likes
Reply
HotCakeX

‎Oct 21 2020 09:25 AM

‎Oct 21 2020 09:25 AM

Re: Found a bug in Edge 87 policy

@Eric_Lawrence 

Hi,

okay so I just tried this, instead of using computer configuration, i used user configuration group policies,

but I'm still getting the managed device banner and basically the same result

 

1.png

 

gfdgdgd.png

 

0 Likes
Reply
HotCakeX

‎Oct 21 2020 09:29 AM

‎Oct 21 2020 09:29 AM

Re: Found a bug in Edge 87 policy

By "machineLevelPolicies" you mean the policies that are under "Computer Configuration" right? then no I have nothing set under that, just 1 policy under "User Configuration"

0 Likes
Reply
best response confirmed by HotCakeX (MVP)
Microsoft Verified Best Answer
Eric_Lawrence

‎Oct 21 2020 01:42 PM

‎Oct 21 2020 01:42 PM

Solution

Re: Found a bug in Edge 87 policy

The nomenclature used in the code is a bit misleading; by "machine level policies" they mean policies set by the platform policy provider (on Windows, that's Group Policy). Basically, if you see anything listed in about:policy (even a dummy policy name that doesn't really exist) the device is considered "Managed" and you'll get the "Managed Device" banners and end-user configuration of Secure DNS will be blocked in about:settings.
0 Likes
Reply
HotCakeX

‎Oct 21 2020 02:03 PM

‎Oct 21 2020 02:03 PM

Re: Found a bug in Edge 87 policy

That clears up the confusion, thank you very much
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by HotCakeX (MVP)
Microsoft Verified Best Answer
Eric_Lawrence

‎Oct 21 2020 01:42 PM

‎Oct 21 2020 01:42 PM

Solution

Re: Found a bug in Edge 87 policy

The nomenclature used in the code is a bit misleading; by "machine level policies" they mean policies set by the platform policy provider (on Windows, that's Group Policy). Basically, if you see anything listed in about:policy (even a dummy policy name that doesn't really exist) the device is considered "Managed" and you'll get the "Managed Device" banners and end-user configuration of Secure DNS will be blocked in about:settings.

View solution in original post

0 Likes
Reply