Forum Discussion
SeanLyndersay-MS
Microsoft
MicrosoftEarly preview of Microsoft Edge group policies
Update July 22nd 2019:
Hey folks,
Thanks for all the great feedback! We announced last week that Edge is now ready for Enterprise evaluations.
You can find the latest ADMX files and MSIs/PKGs here:
https://www.microsoftedgeinsider.com/enterprise
And you can find all the enterprise-focused documentation here:
https://docs.microsoft.com/DeployEdge
There is also an Enterprise-focused section of these Insider forums which the team will be monitoring. Direct link here:
https://techcommunity.microsoft.com/t5/Enterprise/bd-p/EdgeInsiderEnterprise
Thanks again for the great feedback and engagement. Looking forward to continuing to hear from all of you!
(Note: I have removed the ADMX zip file which was originally attached to this mail. Please see the latest versions at the links above)
Original post follows:
Hi everyone,
We've been asked fairly regularly what policies we intend to support. We're still working on the list, but I’d like to share an early preview of the management policies we are working on for the new version of Microsoft Edge.
You can find a zip file attached to this post, that includes the ADMX file, an English (US) version of the ADML file, and an English (US) HTML doc with the list of policies and descriptions.
Please note that not all of the associated policies have been implemented by current canary or dev builds!
Please send us feedback on the list, or the description text in the policies if something seems unclear.
IMPORTANT
- This is a work in progress. We are sharing this early draft with you for your feedback, but the list will change between now and our final release, with policies being added, removed or changed based on feedback.
- The HTML file includes both Mac and Windows policies.
- Policies for managing updates aren’t included; those will be in a separate administrative template file.
- These are only in English (US). We are working to localize the policy descriptions and documentation before our final release.
Please let us know if there are policies missing from the list, and give us feedback on the policy design.
Thanks for your interest!
Sean, on behalf of the Microsoft Edge team
Ruud van Velsen The policy wasn't ready when Sean shared the administrative template zip file. It will be in the next version we share.
Will there be any management from the mac side? We are now officially managing macs in our environment and I’d like to understand how I will be able to manage their settings as well. #macOS
SeanLyndersay-MSMany of the policies support Mac (and there are a few Mac-specific policies). Policies are deployed by pushing a plist file with the right policies set. We have tested with Jamf and a few other Mac management tools and will be publishing documentation with step-by-step instructions.SeanLyndersay-MS Thank you much, we are using JAMF so this will be helpful. Appreciate your quick response and looking forward to these changes.
Chrome/Chromium have some settings stating "This policy is not available on Windows instances that are not joined to a Microsoft® Active Directory® domain.".
For example "Action on startup - Restore the last session', the URLs that were open last time Google Chrome was closed will be reopened and the browsing session will be restored as it was left.".
Are there similar limitations for some settings in Edge?
- SeanLyndersay-MS
P3c4s0 Yes, some of the policies have that restriction.
Generally, this restriction exists to limit the impact of policies that are often used by adware/grayware to make changes to the browser bypassing the usual protections against manipulating settings. Enforcing that the device is domain-joined makes it less likely that adware will use those particular settings (since they won't work on most machines). The current version of Edge has similar limitations on policies that impact homepages and search providers (the most commonly misused policies).
The particular policy you cited can be used to specify a specific set of URLs to open on startup, which can be misused to effectively do a homepage takeover, which is why the limitation exists.
- Any way to configure edge://flags/#edge-windows-credentials-for-http-auth via GPO? That setting being Enabled disallows users from copying credentials from Password management extensions so we'd need a way to disable that.
Do any of these policies affect the normal windows 10 Edge (am i safe to deploy test policies without breaking anything other than Edge Chromium
- SeanLyndersay-MSYes, you're safe to deploy these policies. The new Edge does not share policies with the current version of Edge.
I have a question for one of the settings:
Using the admx/adml templates, whe i what to configure the Administrative Templates\Microsoft Edge\Manage Search Engines setting, the example value is:
[
{
"suggest_url": "https://www.example1.com/qbox?query={searchTerms}",
"search_url": "https://www.example1.com/search?q={searchTerms}",
"name": "Example1",
"keyword": "example1.com",
"is_default": true,
"image_search_url": "https://www.example1.com/images/detail/search?iss=sbiupload"
},
{
"search_url": "https://www.example2.com/search?q={searchTerms}",
"suggest_url": "https://www.example2.com/qbox?query={searchTerms}",
"image_search_url": "https://www.example2.com/images/detail/search?iss=sbiupload",
"name": "Example2",
"keyword": "example2.com"
},
{
"suggest_url": "https://www.example3.com/qbox?query={searchTerms}",
"search_url": "https://www.example3.com/search?q={searchTerms}",
"name": "Example3",
"keyword": "example3.com",
"encoding": "UTF-8",
"image_search_url": "https://www.example3.com/images/detail/search?iss=sbiupload"
}
]so i wanted to enter:
[
{
"suggest_url": "https://www.google.com/search?output=chrome&q={searchTerms}",
"search_url": "https://www.google.com/search?q={searchTerms}",
"name": "Google",
"keyword": "google.com",
"is_default": true,
"image_search_url": "https://www.google.com/search?q={searchTerms}&tbm=isch"
}
]but there is only a online textfield. Is the correct value a path to a .json file or how should it be configured?
Another question
Will it be possible to configure flags as well as settings?
/Jakob
SeanLyndersay-MS This looks really promising. Will you give a shout on @MSEdgeDev twitter if/when there is updates to the templates
/Jakob
- SeanLyndersay-MSWill do!
Hello SeanLyndersay-MS
Thanks for this early preview.
Is it possible to add a GPO to sync favorites between Internet Explorer and Edge ? We can do that with the current "EdgeHTML" version of Edge. We can configure KFR Redirection of Favorites in IE, then, if the user creates a favorites in IE, it shows up in Edge and vice-versa.
Best,
Lucas
I agree. This would be a huge feature for corporate and enterprise users. It would be nice to be able to turn on "legacy favorites integration", and a legacy favorites button would appear next to regular favorites. Then users click whichever one they want.
- SeanLyndersay-MS
Senturion33 and Lucas
Thanks for the feedback.
I'd like to understand a little more about what you are trying to do. We have looked into keeping IE favorites and Edge favorites in sync, and it's a little tricky (for example, with the current EdgeHTML version, when that policy is enabled, device-to-device sync is disabled to avoid loops). We want to make sure we're meeting your needs, so it'd be great if you could elaborate on the specific scenarios so we can do the right thing for you.
First, you mentioned that you want to use KFR -- what does using KFR to redirect the favorites folder get you vs using the built in Edge Sync mechansm to sync folders across devices?
Second, you mentioned that you would want a "legacy favorites" integration button. We can automatically migrate IE favorites into the new Edge on first launch (a one time activity), so all IE favorites would be in the new Edge. What would be the scenario in which a user would want to access the IE favorites separately from the Edge favorites?
Many thanks for help in understanding what you're trying to do.
Brian AltmanThank you Lucas. I've shared your request with our favorites feature team.
SeanLyndersay-MS going forward where can we find updates for the GPOs? Are you going to have dedicated page like Google does it?
- SeanLyndersay-MS
anthonymel Yup. We will have a dedicated page on docs.microsoft.com, and a change list for each major release.
Your should expect something conceptually similar to what we've done for the current version of Edge:
https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/
https://docs.microsoft.com/en-us/microsoft-edge/deploy/change-history-for-microsoft-edge?tabs=2018
I've been testing this morning. So happy!
Thank you! This was high on my list to see these GPO templates.
One setting I am not seeing in this list that would be important to my organization:
- Disable Updater - I know this is probably going to be introduced once new Edge goes production. We need to verify each update with remote vendors and to ensure policies still work as needed. ***I don't see this one in the ADMX file. Would be important to have.***
- SeanLyndersay-MS
The policies for the update service will be published in a separate ADMX file, but the policy to disable the native update service is definitely part of the set we will have.
Thanks for sharing the GPO-Files.
I'm currently testing it locally on my Surface. What I'm missing is a setting for the Enterprise Mode Site list. Is this due to there's no enterprise version of Edge C available, yet?
Or do I have to use the Internet Explorer GPO settings for a Link to the XML file?
And what's up with the Enterprise Mode Site List Manager. Will we see a Version 3 for Edge Chromium? I've heard that the XML scheme has been updated once again.
- SeanLyndersay-MS
ikkerus IE mode group policies to configure the sitelist will be in a future update.
We will be updating the schema and the documentation, as well as releasing an update to the Site List Manager.
