June 7, 2016 10:01 am

Managing Microsoft Edge in the enterprise

At last year’s Microsoft Ignite conference, we introduced the enterprise story for the web on Windows 10. Microsoft Edge is designed from the ground up to provide a modern, interoperable, and secure browsing experience; in addition, Internet Explorer 11 is also a part of Windows 10 to help bring all your legacy line of business (LOB) applications forward.

Microsoft Edge and Internet Explorer 11 work together to help ease IT management overhead, and also provide a seamless user experience for your users. In this post, we’ll walk through the policies you can use to manage Microsoft Edge in the enterprise for both PCs and mobile devices, including some new policies coming in the Windows 10 Anniversary Update.

Policies currently supported in Microsoft Edge

With Microsoft Edge, we set out to provide a simple, consistent set of scenario-driven management policies to help manage Windows 10 browser deployments on both desktop and mobile. The policies for Microsoft Edge on desktop are available as both Group Policy settings and MDM settings. On mobile they are available as MDM settings.

Here is a summary of all the policies supported by Microsoft Edge grouped by Windows 10 releases:

  • Available in Windows 10 version 1507 or later:
    • Configure Autofill
    • Configure Cookies
    • Configure Do Not Track
    • Configure Password Manager
    • Configure Pop up Blocker
    • Configure search suggestions in the Address bar
    • Configure the Enterprise Mode Site List
    • Configure the SmartScreen Filter
    • Send all intranet sites to Internet Explorer 11
  • Available in Windows 10 version 1511 or later:
    • Allow Developer Tools
    • Allow InPrivate browsing
    • Allow web content on New Tab page
    • Configure Favorites
    • Configure Home pages (see additional note below)
    • Prevent bypassing SmartScreen prompts for files
    • Prevent bypassing SmartScreen prompts for sites
    • Prevent sharing LocalHost IP address for WebRTC

What’s new in Windows 10 Anniversary update

We have added support for the following new Microsoft Edge management policies as a part of the Windows 10 Anniversary Update:

  • Allow access to the about:flags page
  • Allow usage of extensions
  • Show a transitional message when opening Internet Explorer sites

We’ve made a few updates to existing policies based on feedback from customers.  First, all of the Microsoft Edge Group Policy settings on desktop are now available in both the User and Machine policy hives. Second, the home page policy configured on a domain-joined device will no longer allow the user to override the setting.

You can find further details on all Microsoft Edge policies on TechNet, including info about Windows 10 policies that also apply to Microsoft Edge, such as Cortana and Sync settings. Your feedback is important to us, so please let us know what you think or if you have any questions about these changes!

– Dalen Abraham, Principal Program Manager Lead
– Jatinder Mann, Senior Program Manager Lead
– Josh Rennert, Program Manager

Updated June 22, 2016 11:25 am

Join the conversation

  1. I just noticed today in local policy (gpedit.msc) for build 14342 the following verbiage change for the local policy setting for Edge, “Allow employees to send Do Not Track Headers”:

    “Turning this setting off, or not configuring it, stops your employees from sending Do Not Track headers”.

    Previously, the description of the policy read “If you don’t configure this setting, employees can *choose* whether to send Do Not Track requests to websites asking for traffic info.”

    The new verbiage suggests that the local setting is ignored entirely unless the enterprise explicitly allows the end user’s setting to be adhered to. I find this to be a very troubling change, regardless of how effective DNT headers actually . Why on earth was this behavior changed?

    • “I find this to be a very troubling change, regardless of how effective DNT headers actually are” is how that second-to-last sentence was supposed to read.

  2. Would it be possible to add a group policy to disable Flash Player support on Edge for desktop?
    It seems like something that should have been supported since day 1.

    I really hope you are considering implementing it. Having to rely on undocumented registry changes to disable Flash in Edge is very annoying.

  3. When can we push out extensions like we can with Google Chrome?! We have a couple out of 200 users that use Edge for some reason.
    We had a virus try to install on a users machine because they didn’t have uBlock Origin with their Edge…or noone does like they do with Chrome because we push out uBlock Origin.
    Thanks to Applocker, the virus of course didn’t install, but regardless, one can only be so lucky.

    WE NEED A GPO TO PUSH EXTENSIONS TO EDGE PLEASE!
    Thank you.