Unable to Disable the "Add Profile" Feature in Edge on Windows 365

Brass Contributor



In our cloud-only environment (solely AAD), we've set the following in Intune to "Disabled":

Setting: Enable profile creation from the Identity flyout menu or the Settings page.

Description: Allows users to create new profiles, using the "Add profile" option. If you enable this policy or don't configure it, Microsoft Edge allows users to use **Add profile** on the Identity flyout menu or the Settings page to create new profiles. If you disable this policy, users cannot add new profiles from the Identity flyout menu or the Settings page.


...but it doesn't take effect to add BrowserAddProfileEnabled DWORD with a value of "0" to Windows 365 cloud PCs to disable the ability for users to add (unapproved) profiles to Edge, which is a critical issue of insider threat for data exfiltration using non-work profiles on work cloud PCs. A scalable Intune solution is needed asap.






3 Replies


Think you have to combine with the setting to enforce work-profile logon in Edge... so there is at least one profile...
The you can further restrict what to sync to this profile...


Don't know what other settings you are using, which might conflict... like maybe Enterprise State roaming... 

Think you should be using the following, in addition to "BrowserAddProfileEnabled"... 

But has been long time since I configured this myself and played around with this...

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeDefaultProfileEnabled
  • GP name: Default Profile Setting Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeDefaultProfileEnabled
  • Value Type: REG_SZ
Hello Mathias,
Thanks for the response but I'm unsure how these apply because as I pointed out, this is a cloud-only environment, so no Group Policy ADMX anywhere, only AAD.