Forum Discussion
MicrosoftEarly preview of Microsoft Edge group policies
Update July 22nd 2019:
Hey folks,
Thanks for all the great feedback! We announced last week that Edge is now ready for Enterprise evaluations.
You can find the latest ADMX files and MSIs/PKGs here:
https://www.microsoftedgeinsider.com/enterprise
And you can find all the enterprise-focused documentation here:
https://docs.microsoft.com/DeployEdge
There is also an Enterprise-focused section of these Insider forums which the team will be monitoring. Direct link here:
https://techcommunity.microsoft.com/t5/Enterprise/bd-p/EdgeInsiderEnterprise
Thanks again for the great feedback and engagement. Looking forward to continuing to hear from all of you!
(Note: I have removed the ADMX zip file which was originally attached to this mail. Please see the latest versions at the links above)
Original post follows:
Hi everyone,
We've been asked fairly regularly what policies we intend to support. We're still working on the list, but I’d like to share an early preview of the management policies we are working on for the new version of Microsoft Edge.
You can find a zip file attached to this post, that includes the ADMX file, an English (US) version of the ADML file, and an English (US) HTML doc with the list of policies and descriptions.
Please note that not all of the associated policies have been implemented by current canary or dev builds!
Please send us feedback on the list, or the description text in the policies if something seems unclear.
IMPORTANT
- This is a work in progress. We are sharing this early draft with you for your feedback, but the list will change between now and our final release, with policies being added, removed or changed based on feedback.
- The HTML file includes both Mac and Windows policies.
- Policies for managing updates aren’t included; those will be in a separate administrative template file.
- These are only in English (US). We are working to localize the policy descriptions and documentation before our final release.
Please let us know if there are policies missing from the list, and give us feedback on the policy design.
Thanks for your interest!
Sean, on behalf of the Microsoft Edge team
Ruud van Velsen The policy wasn't ready when Sean shared the administrative template zip file. It will be in the next version we share.
SeanLyndersay-MS Will these same policies also be built into Intune or will we need to inject the ADMX file like we do for Chrome at the moment?
SeanLyndersay-MSThe policies will be available in Intune by default, and updated automatically with every release.
SeanLyndersay-MS Fantastic - do we have a time line on InTune profile updates?
Brian AltmanTheAutisticTechie As Sean said we are partnering with Intune. What has your experience been like with Chrome and Intune?
Brian Altman Its quite straightforward but does take a bit of time to get set up back when I did it. I've looked recently and Google have exact instructions here: https://support.google.com/chrome/a/answer/9102677
SeanLyndersay-MS I'm not seeing any mention of "IE mode" in the preview, is that just because it hasn't gone out to insiders yet? The killer feature I'm looking for is the ability to use GP to automatically whitelist some internal sites for all of my users with that.
Thanks!
- SeanLyndersay-MSThe feature isn't ready yet, but will be fully manageable via policy. It will be using the Enterprise Mode Site List (see link below for current IE11 documentation) to allow you to specify which URLs get IE mode and which don't (as well as "neutral" sites that stay in the mode of the preceding page, e.g. Auth sites)
https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-listSeanLyndersay-MS My main list would be:
- Show home button
- Assign URL to home button
- Set page for startup
- pop-up allow list
- notification allow list
- Enterprise mode
- ad blocking
- favorite redirection
- Choose your layout
- Search engine used in the address bar
- Auto install specified chrome extensions
SeanLyndersay-MS I fully agree with jrasmussen about using Enterprise Mode Site List.
This is a "must" feature for the enterprises.
Are you planning to use "IE" tab in Edge or open a separate window of IE?
- SeanLyndersay-MS
Yes, we are definitely using the Enterprise Mode Site List.
IE mode does not run a separate window. It's not even a separate tab. It's fully integrated into Edge -- as you navigate to a site that requires IE mode, the engine is seamlessly switched out under the covers and the site renders as you would expect it to. When you navigate back to a site that does not require IE mode, it switches back to the modern rendering engine.
If you want to see a detailed explanation and demo of IE mode, you can watch the video below:
https://mybuild.techcommunity.microsoft.com/sessions/77794?source=sessions#top-anchor
- Great video! Among other things, answered my biggest question: will there be ActiveX support? (YES!!!)
- From what I saw in the footage at Build, it just treats one tab of Edge as IE. Huge improvement over the "open in IE" button we have in Edge right now. The seamlessness of that plus chromium compatibility will have me pushing this out ASAP when it's available.
SeanLyndersay-MS the feature i miss is to add a custom 'User Agent String' to the new Edge.
we use this in IE to allow ADFS to distinguish our managed machines from "guest" machines. our domain joined machines get the GPO and thus the custom user agent string, which is added to the ADFS filter This allows windows integrated authentication for our domain joined boxes. while other (non-domain joined) machines get forms authentication.
Hello SeanLyndersay-MS
Thanks for this early preview.
Is it possible to add a GPO to sync favorites between Internet Explorer and Edge ? We can do that with the current "EdgeHTML" version of Edge. We can configure KFR Redirection of Favorites in IE, then, if the user creates a favorites in IE, it shows up in Edge and vice-versa.
Best,
Lucas
- Brian Altman
Thank you Lucas. I've shared your request with our favorites feature team.
I agree. This would be a huge feature for corporate and enterprise users. It would be nice to be able to turn on "legacy favorites integration", and a legacy favorites button would appear next to regular favorites. Then users click whichever one they want.
- SeanLyndersay-MS
Senturion33 and Lucas
Thanks for the feedback.
I'd like to understand a little more about what you are trying to do. We have looked into keeping IE favorites and Edge favorites in sync, and it's a little tricky (for example, with the current EdgeHTML version, when that policy is enabled, device-to-device sync is disabled to avoid loops). We want to make sure we're meeting your needs, so it'd be great if you could elaborate on the specific scenarios so we can do the right thing for you.
First, you mentioned that you want to use KFR -- what does using KFR to redirect the favorites folder get you vs using the built in Edge Sync mechansm to sync folders across devices?
Second, you mentioned that you would want a "legacy favorites" integration button. We can automatically migrate IE favorites into the new Edge on first launch (a one time activity), so all IE favorites would be in the new Edge. What would be the scenario in which a user would want to access the IE favorites separately from the Edge favorites?
Many thanks for help in understanding what you're trying to do.
Chrome Store auto-install
Removal of Manifest v3 anti-adblocking features
Being inactivity/idle lock screen for browser user profiles would be nice. Especially for when AAD sign on for profiles becomes an option. The combination of these two settings would do wonders for shared computers in our environment. As we send more and more processes to Office 365, this gets hard to maintain secure access to our employees who can only use shared computers on our manufacturing side. SeanLyndersay-MS
- Thank you! Is Windows Information Protection support planned for Edge prior to the release? Our two big features to enable our mobile fleet to use this version of Edge remotely hinges on WIP and AAD Sign In support.
- SeanLyndersay-MS
Miguel_Garrido WIP support is in the roadmap. I can't confirm for sure that it will make the first release, but we'll definitely have it pretty soon thereafter.
AAD Sign will be available in Canary builds pretty soon (you can test it by turning on a flag: edge://flags/#edge-sign-in-with-aad)
Thanks for sharing the GPO-Files.
I'm currently testing it locally on my Surface. What I'm missing is a setting for the Enterprise Mode Site list. Is this due to there's no enterprise version of Edge C available, yet?
Or do I have to use the Internet Explorer GPO settings for a Link to the XML file?
And what's up with the Enterprise Mode Site List Manager. Will we see a Version 3 for Edge Chromium? I've heard that the XML scheme has been updated once again.
- SeanLyndersay-MS
ikkerus IE mode group policies to configure the sitelist will be in a future update.
We will be updating the schema and the documentation, as well as releasing an update to the Site List Manager.
Thank you! This was high on my list to see these GPO templates.
One setting I am not seeing in this list that would be important to my organization:
- Disable Updater - I know this is probably going to be introduced once new Edge goes production. We need to verify each update with remote vendors and to ensure policies still work as needed. ***I don't see this one in the ADMX file. Would be important to have.***
- SeanLyndersay-MS
The policies for the update service will be published in a separate ADMX file, but the policy to disable the native update service is definitely part of the set we will have.
