cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to Disable the "Add Profile" Feature in Edge on Windows 365

techieg4
Brass Contributor

‎Feb 23 2023 01:02 AM - edited ‎Feb 28 2023 06:36 AM

‎Feb 23 2023 01:02 AM - edited ‎Feb 28 2023 06:36 AM

Unable to Disable the "Add Profile" Feature in Edge on Windows 365

Hello,

 

In our cloud-only environment (solely AAD), we've set the following in Intune to "Disabled":

Setting: Enable profile creation from the Identity flyout menu or the Settings page.

Description: Allows users to create new profiles, using the "Add profile" option. If you enable this policy or don't configure it, Microsoft Edge allows users to use **Add profile** on the Identity flyout menu or the Settings page to create new profiles. If you disable this policy, users cannot add new profiles from the Identity flyout menu or the Settings page.

 

...but it doesn't take effect to add BrowserAddProfileEnabled DWORD with a value of "0" to Windows 365 cloud PCs to disable the ability for users to add (unapproved) profiles to Edge, which is a critical issue of insider threat for data exfiltration using non-work profiles on work cloud PCs. A scalable Intune solution is needed asap.

techieg4_0-1677106944622.png

 

Thanks,

 

Jimmy

3,233 Views
0 Likes
3 Replies
Reply
3 Replies
Matthias Vandenberghe

‎Feb 28 2023 05:59 AM - edited ‎Feb 28 2023 06:14 AM

‎Feb 28 2023 05:59 AM - edited ‎Feb 28 2023 06:14 AM

Re: Unable to Disable the "Add Profile" Feature in Edge on Windows 365

Hi,

Think you have to combine with the setting to enforce work-profile logon in Edge... so there is at least one profile...
The you can further restrict what to sync to this profile...

 

Don't know what other settings you are using, which might conflict... like maybe Enterprise State roaming... 

Think you should be using the following, in addition to "BrowserAddProfileEnabled"... 

But has been long time since I configured this myself and played around with this...

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeDefaultProfileEnabled
  • GP name: Default Profile Setting Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeDefaultProfileEnabled
  • Value Type: REG_SZ
0 Likes
Reply
techieg4

‎Feb 28 2023 06:36 AM

‎Feb 28 2023 06:36 AM

Re: Unable to Disable the "Add Profile" Feature in Edge on Windows 365

Hello Mathias,
Thanks for the response but I'm unsure how these apply because as I pointed out, this is a cloud-only environment, so no Group Policy ADMX anywhere, only AAD.
0 Likes
Reply