Introduction
The new Microsoft Edge Chromium browser is a real treat, and not too long ago this delicious new browser was deemed ready for testing in the enterprise.
Therefore I figured it would make a decent blog post to give some insights on, how you can manage the new settings using SCCM (System Center Configuration Manager).
I have previously shown how you can install Google Chrome extensions also using SCCM. This post is based on the same approach: https://www.imab.dk/forcefully-deploy-the-windows-defender-google-chrome-extension-using-configuration-manager/
Group Policy
The primary and current available option to configure the settings of the new Microsoft Edge browser is to use group policy.
- Microsoft provides administrative templates available for download here: https://docs.microsoft.com/en-us/DeployEdge/configure-microsoft-edge
I’m not a big fan of using group policy for this particular purpose and I’m trying to avoid that when managing settings on my devices. ConfigMgr to the rescue!
Configuration Manager
Instead of using Group Policy, I’m leveraging a Configuration Baseline. As mentioned, I’m avoiding group policy for several reasons, but mainly because of speed and to be less dependent on the on-prem domain (trying to get rid of that darn on-prem domain join).
Configuration Item
My current CI (Configuration Item) looks like below illustration. There are MANY more settings available through the administrative templates, but for the sake of the example and what’s relevant to my environment, I’m going to stick with these.
Note: Find the entire Configuration Baseline available for download later down the post 🙂
Extensions
One of the most popular setting to manage will probably be to add extensions to the new Microsoft Edge browser. This can be done with following setting in the Configuration Item:
- Hive Name: HKEY_LOCAL_MACHINE
- Key Name: Software\Policies\Microsoft\Edge\ExtensionInstallForcelist
- Value Name: 1
With following compliance rule to it. The value in this example translates into the AdBlock extension.
Value: ndcileolkflehcjpmjnfbnaibdcgglog;https://extensionwebstorebase.edgesv.net/v1/crx
Internet Explorer 11 Mode
Another awesome feature is the Internet Explorer 11 mode. IE11 mode provides an integrated browsing experience in Microsoft Edge, using the integrated Chromium engine for modern sites and leveraging IE11 for legacy sites.
To enable IE11 mode, you configure following settings in the Configuration Item:
- Hive Name: HKEY_LOCAL_MACHINE
- Key Name: Software\Policies\Microsoft\Edge
- Value Name: InternetExplorerIntegrationLevel
With following compliance rule to it:
Enterprise Mode
This setting gives you the option to manage exactly which Intranet sites that is being rendered in IE11 mode. This is done by maintaining a list of sites in a .xml file.
To enable enterprise mode, configure following setting in the Configuration Item:
- Hive Name:Â HKEY_LOCAL_MACHINE
- KeyName: Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode
- Value Name:Â SiteList
With following compliance rule:
Value: \\ServerNameShare\sites.xml
Note: There are other options to host the .xml file on a IIS (https://localhost/sites.xml) as well as a local file (file:///c:/Windows/sites.xml)
The XML file used here can be created manually or by downloading and running the Enterprise Mode Site List Manager here: https://www.microsoft.com/en-us/download/details.aspx?id=49974
I recommend using something like Notepad++ when editing .xml files. Have a peek of an example of such .xml file below:
End Results
The end user experience for the Internet Explorer 11 Mode is similar to below, where I have specified that my local intranet site imab/ should be opened in Edge Chromium, but in IE11 mode (Notice the highlighted IE icon which is the indicator):
And finally taking a peek at edge://policy, too see all the settings that is being managed:
Download
Save time and use the download here: CB-Microsoft-Edge-Chromium.zip (8638 downloads ) 🙂
More Information
- https://docs.microsoft.com/en-us/DeployEdge/configure-microsoft-edge
- https://docs.microsoft.com/en-us/DeployEdge/edge-ie-mode
- https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool#create-an-enterprise-mode-site-list-xml-file-using-the-v2-version-of-the-enterprise-mode-schema
Is there a way to remove or uninstall the AdBlock extension through CI and CB
Yeah, that would be possible. In that case you would add the extension id to the list of extensions that cannot be installed. If it’s added to that list, current installations of adblock would be removed again.
Hello
Is it possible to add this Configuration Item in a Task sequence?
Hi ,
Is it possible to change Value 1 to some other number ?. We have conflict with other extensions.
Yeah, that would be a headache. The number is unique and you can add the next available number. Also see this: https://www.imab.dk/install-google-chrome-extensions-using-microsoft-intune/ where I have created a script to cater for that situation.
Getting errors when attempting to import this on 2303.
CI – The Ci contains a missing or invalid CI Reference
CB – General failure storing content