Forum Discussion
SeanLyndersay-MS
Microsoft
MicrosoftEarly preview of Microsoft Edge group policies
Update July 22nd 2019:
Hey folks,
Thanks for all the great feedback! We announced last week that Edge is now ready for Enterprise evaluations.
You can find the latest ADMX files and MSIs/PKGs here:
https://www.microsoftedgeinsider.com/enterprise
And you can find all the enterprise-focused documentation here:
https://docs.microsoft.com/DeployEdge
There is also an Enterprise-focused section of these Insider forums which the team will be monitoring. Direct link here:
https://techcommunity.microsoft.com/t5/Enterprise/bd-p/EdgeInsiderEnterprise
Thanks again for the great feedback and engagement. Looking forward to continuing to hear from all of you!
(Note: I have removed the ADMX zip file which was originally attached to this mail. Please see the latest versions at the links above)
Original post follows:
Hi everyone,
We've been asked fairly regularly what policies we intend to support. We're still working on the list, but I’d like to share an early preview of the management policies we are working on for the new version of Microsoft Edge.
You can find a zip file attached to this post, that includes the ADMX file, an English (US) version of the ADML file, and an English (US) HTML doc with the list of policies and descriptions.
Please note that not all of the associated policies have been implemented by current canary or dev builds!
Please send us feedback on the list, or the description text in the policies if something seems unclear.
IMPORTANT
- This is a work in progress. We are sharing this early draft with you for your feedback, but the list will change between now and our final release, with policies being added, removed or changed based on feedback.
- The HTML file includes both Mac and Windows policies.
- Policies for managing updates aren’t included; those will be in a separate administrative template file.
- These are only in English (US). We are working to localize the policy descriptions and documentation before our final release.
Please let us know if there are policies missing from the list, and give us feedback on the policy design.
Thanks for your interest!
Sean, on behalf of the Microsoft Edge team
Ruud van Velsen The policy wasn't ready when Sean shared the administrative template zip file. It will be in the next version we share.
- Would also like the ability to enforce an extension even in private mode.
SeanLyndersay-MS Ability to turn off the "Administrator Mode Detected" popup via GPO.
- Thank you! Is Windows Information Protection support planned for Edge prior to the release? Our two big features to enable our mobile fleet to use this version of Edge remotely hinges on WIP and AAD Sign In support.
SeanLyndersay-MSMiguel_Garrido WIP support is in the roadmap. I can't confirm for sure that it will make the first release, but we'll definitely have it pretty soon thereafter.
AAD Sign will be available in Canary builds pretty soon (you can test it by turning on a flag: edge://flags/#edge-sign-in-with-aad)
Being inactivity/idle lock screen for browser user profiles would be nice. Especially for when AAD sign on for profiles becomes an option. The combination of these two settings would do wonders for shared computers in our environment. As we send more and more processes to Office 365, this gets hard to maintain secure access to our employees who can only use shared computers on our manufacturing side. SeanLyndersay-MS
SeanLyndersay-MS the feature i miss is to add a custom 'User Agent String' to the new Edge.
we use this in IE to allow ADFS to distinguish our managed machines from "guest" machines. our domain joined machines get the GPO and thus the custom user agent string, which is added to the ADFS filter This allows windows integrated authentication for our domain joined boxes. while other (non-domain joined) machines get forms authentication.
Chrome Store auto-install
Removal of Manifest v3 anti-adblocking features
SeanLyndersay-MS I fully agree with jrasmussen about using Enterprise Mode Site List.
This is a "must" feature for the enterprises.
Are you planning to use "IE" tab in Edge or open a separate window of IE?
- SeanLyndersay-MS
Yes, we are definitely using the Enterprise Mode Site List.
IE mode does not run a separate window. It's not even a separate tab. It's fully integrated into Edge -- as you navigate to a site that requires IE mode, the engine is seamlessly switched out under the covers and the site renders as you would expect it to. When you navigate back to a site that does not require IE mode, it switches back to the modern rendering engine.
If you want to see a detailed explanation and demo of IE mode, you can watch the video below:
https://mybuild.techcommunity.microsoft.com/sessions/77794?source=sessions#top-anchor
Great video SeanLyndersay-MS !
Thank you for sharing it.
- From what I saw in the footage at Build, it just treats one tab of Edge as IE. Huge improvement over the "open in IE" button we have in Edge right now. The seamlessness of that plus chromium compatibility will have me pushing this out ASAP when it's available.
SeanLyndersay-MS I'm not seeing any mention of "IE mode" in the preview, is that just because it hasn't gone out to insiders yet? The killer feature I'm looking for is the ability to use GP to automatically whitelist some internal sites for all of my users with that.
Thanks!
- SeanLyndersay-MSThe feature isn't ready yet, but will be fully manageable via policy. It will be using the Enterprise Mode Site List (see link below for current IE11 documentation) to allow you to specify which URLs get IE mode and which don't (as well as "neutral" sites that stay in the mode of the preceding page, e.g. Auth sites)
https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-listSeanLyndersay-MS My main list would be:
- Show home button
- Assign URL to home button
- Set page for startup
- pop-up allow list
- notification allow list
- Enterprise mode
- ad blocking
- favorite redirection
- Choose your layout
- Search engine used in the address bar
- Auto install specified chrome extensions
SeanLyndersay-MS Will these same policies also be built into Intune or will we need to inject the ADMX file like we do for Chrome at the moment?
Brian AltmanTheAutisticTechie As Sean said we are partnering with Intune. What has your experience been like with Chrome and Intune?
Brian Altman Its quite straightforward but does take a bit of time to get set up back when I did it. I've looked recently and Google have exact instructions here: https://support.google.com/chrome/a/answer/9102677
- SeanLyndersay-MS
The policies will be available in Intune by default, and updated automatically with every release.
SeanLyndersay-MS Fantastic - do we have a time line on InTune profile updates?
