SOLVED

Best practice to enforce updates on Microsoft Edge to have the latest security updates installed

%3CLINGO-SUB%20id%3D%22lingo-sub-3199578%22%20slang%3D%22en-US%22%3EBest%20practice%20to%20enforce%20updates%20on%20Edge%20to%20have%20the%20latest%20security%20updates%20installed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3199578%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20would%20like%20to%20know%20the%20best%20practice%20to%20enforce%20Edge%20updates%20across%20all%20devices%20in%20the%20organisation.%20We%20opened%20a%20ticket%20with%20Microsoft%20support%20and%20the%20feedback%20we%20got%20was%20that%20we%20can%20only%20enforce%20updates%20on%20the%20edge%20browsers%20that%20are%20pushed%20to%20intune%26nbsp%3Bvia%20Company%20portal.%20This%20is%20counterproductive%20because%20that%20means%20all%20the%20colleagues%20would%20have%20to%20uninstall%20the%20pre-installed%20edge%20browser%20and%20we%20will%20then%20push%20it%20to%20them%20via%20the%20company%20portal.%20Does%20anyone%20have%20other%20suggestions%20on%20how%20we%20can%20achieve%20this%3F%20Please%20see%20the%20attached%20image.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3199578%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3199685%22%20slang%3D%22en-US%22%3ERe%3A%20Best%20practice%20to%20enforce%20updates%20on%20Microsoft%20Edge%20to%20have%20the%20latest%20security%20updates%20installed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3199685%22%20slang%3D%22en-US%22%3E%3CP%3EThats%20odd%2C%20assuming%20you%20are%20talking%20about%20windows%20devices%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20long%20as%20the%20devices%20are%20%22managed%22%20you%20could%20push%20settings%20like%20these%20below%20in%20intune%3CBR%20%2F%3E%5CMicrosoft%20Edge%20Update%5CPreferences%5CAuto-update%20check%20period%20override%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20looking%20closer%20at%20this%20msdocs%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-update-policies%23updatedefault%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-update-policies%23updatedefault%3C%2FA%3E%3CBR%20%2F%3EIt%20just%20adds%20a%20registry%20key%20in%26nbsp%3B%3CSPAN%3EHKEY_LOCAL_MACHINE%5CSOFTWARE%5CPolicies%5CMicrosoft%5CEdgeUpdate%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThat%20should%20be%20weird%20if%20edge%20doesn't%20listen%20to%20it%20%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20open%26nbsp%3B%3CSPAN%3Eedge%3A%2F%2Fpolicy%20to%20take%20a%20look%20at%20what%20policies%20are%20applied%20after%20you%20made%20sure%20an%20edge%20policy%20has%20arrived%20at%20the%20device%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hello Everyone,

 

we would like to know the best practice to enforce Edge updates across all devices in the organisation. We opened a ticket with Microsoft support and the feedback we got was that we can only enforce updates on the edge browsers that are pushed to intune via Company portal. This is counterproductive because that means all the colleagues would have to uninstall the pre-installed edge browser and we will then push it to them via the company portal. Does anyone have other suggestions on how we can achieve this? Please see the attached image.

3 Replies
best response confirmed by omaderemi (Contributor)
Solution

Thats odd, assuming you are talking about windows devices

As long as the devices are "managed" you could push settings like these below in intune
\Microsoft Edge Update\Preferences\Auto-update check period override

 

When looking closer at this msdocs
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-update-policies#updatedefault
It just adds a registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate

That should be weird if edge doesn't listen to it ?

 

Could you open edge://policy to take a look at what policies are applied after you made sure an edge policy has arrived at the device



Thank you so much for this useful information. We were able to deploy the settings via intune
Hi, Nice to hear! If the above was the solution please mark it as the "answer" so people looking for the same question know it worked.