Managing Microsoft Edge Chromium settings with SCCM (System Center Configuration Manager)

Introduction

The new Microsoft Edge Chromium browser is a real treat, and not too long ago this delicious new browser was deemed ready for testing in the enterprise.

Therefore I figured it would make a decent blog post to give some insights on, how you can manage the new settings using SCCM (System Center Configuration Manager).

I have previously shown how you can install Google Chrome extensions also using SCCM. This post is based on the same approach: https://www.imab.dk/forcefully-deploy-the-windows-defender-google-chrome-extension-using-configuration-manager/

Group Policy

The primary and current available option to configure the settings of the new Microsoft Edge browser is to use group policy.

I’m not a big fan of using group policy for this particular purpose and I’m trying to avoid that when managing settings on my devices. ConfigMgr to the rescue!

Configuration Manager

Instead of using Group Policy, I’m leveraging a Configuration Baseline. As mentioned, I’m avoiding group policy for several reasons, but mainly because of speed and to be less dependent on the on-prem domain (trying to get rid of that darn on-prem domain join).

Configuration Item

My current CI (Configuration Item) looks like below illustration. There are MANY more settings available through the administrative templates, but for the sake of the example and what’s relevant to my environment, I’m going to stick with these.

Note: Find the entire Configuration Baseline available for download later down the post 🙂

Extensions

One of the most popular setting to manage will probably be to add extensions to the new Microsoft Edge browser. This can be done with following setting in the Configuration Item:

  • Hive Name: HKEY_LOCAL_MACHINE
  • Key Name: Software\Policies\Microsoft\Edge\ExtensionInstallForcelist
  • Value Name: 1

With following compliance rule to it. The value in this example translates into the AdBlock extension.

Value: ndcileolkflehcjpmjnfbnaibdcgglog;https://extensionwebstorebase.edgesv.net/v1/crx

Internet Explorer 11 Mode

Another awesome feature is the Internet Explorer 11 mode. IE11 mode provides an integrated browsing experience in Microsoft Edge, using the integrated Chromium engine for modern sites and leveraging IE11 for legacy sites.

To enable IE11 mode, you configure following settings in the Configuration Item:

  • Hive Name: HKEY_LOCAL_MACHINE
  • Key Name: Software\Policies\Microsoft\Edge
  • Value Name: InternetExplorerIntegrationLevel

With following compliance rule to it:

Enterprise Mode

This setting gives you the option to manage exactly which Intranet sites that is being rendered in IE11 mode. This is done by maintaining a list of sites in a .xml file.

To enable enterprise mode, configure following setting in the Configuration Item:

  • Hive Name: HKEY_LOCAL_MACHINE
  • KeyName: Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode
  • Value Name: SiteList

With following compliance rule:

Value: \\ServerNameShare\sites.xml

Note: There are other options to host the .xml file on a IIS (https://localhost/sites.xml) as well as a local file (file:///c:/Windows/sites.xml)

The XML file used here can be created manually or by downloading and running the Enterprise Mode Site List Manager here: https://www.microsoft.com/en-us/download/details.aspx?id=49974

I recommend using something like Notepad++ when editing .xml files. Have a peek of an example of such .xml file below:

End Results

The end user experience for the Internet Explorer 11 Mode is similar to below, where I have specified that my local intranet site imab/ should be opened in Edge Chromium, but in IE11 mode (Notice the highlighted IE icon which is the indicator):

And finally taking a peek at edge://policy, too see all the settings that is being managed:

Download

Save time and use the download here: CB-Microsoft-Edge-Chromium.zip (130 downloads) 🙂

More Information

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.