Forum Discussion
Solved
Found a bug in Edge 87 policy
So whenever I enable this policy
This option in Edge which is related to secure DNS lookups, becomes unavailable and disabled
I see no relation between the 2 options.
in Edge policy I only have this
which should only apply to this
and not other settings. so In my perspective this is a bug/unwanted behavior.
I'll report it using feedback button on Edge too.
Edge Dev 87-88
Windows 10 20H2
if for any reason this is actually an expected behavior, please let me know with some explanation, thank you.
- The nomenclature used in the code is a bit misleading; by "machine level policies" they mean policies set by the platform policy provider (on Windows, that's Group Policy). Basically, if you see anything listed in about:policy (even a dummy policy name that doesn't really exist) the device is considered "Managed" and you'll get the "Managed Device" banners and end-user configuration of Secure DNS will be blocked in about:settings.
- Eric_Lawrence
Microsoft
HotCakeX - If the browser detects that the user is in a “managed” environment, then DoH can be configured only by policy, not the end-user. That’s because Enterprise environments often have specific requirements for network configuration that are more likely to be broken by Secure DNS.
On Windows, that detection shouldn't be tied to whether you've set a policy-- it should instead be tied to whether the machine is domain joined. On Mac, it looks like it may be tied to whether any policy is set.
https://blog.chromium.org/2020/05/a-safer-and-more-private-browsing-DoH.html
If you are an IT administrator, Chrome will disable Secure DNS if it detects a managed environment via the presence of one or more enterprise policies. We’ve also added new DNS-over-HTTPS enterprise policies to allow for a managed configuration of Secure DNS and encourage IT administrators to look into deploying DNS-over-HTTPS for their users.
Eric_Lawrence
Thank you, that makes sense in enterprise environment,but I only downloaded the latest policy files and installed them on my personal non-managed Windows 10 20H2
- Eric_Lawrence
HotCakeX The "Your browser is managed by your organization" banner in your Settings screenshot indicates that your system is "Managed".
I misread the Chromium code-- the check falls through, so if your machine has any policies set (see about:policy), it's deemed "Managed":if (base::IsMachineExternallyManaged()) // <-- this is the domain join checkreturn true;!defined(OS_ANDROID) && !defined(OS_CHROMEOS)if (g_browser_process->browser_policy_connector()
->HasMachineLevelPolicies()) // <-- this is the policy checkreturn true;
