With the release of Windows 10, Microsoft also introduced its new default web-browser Microsoft Edge. Let’s try to figure out whether it is possible to centrally manage Microsoft Edge settings in the enterprise environment through Group Policy.
If you open the Local Group Policy Editor console (gpedit.msc) on Windows 10 RTM, then under section Computer Configuration -> Administrative Template -> Windows Components -> Microsoft Edge (and User Settings -> Administrative Template -> Windows Components -> Microsoft Edge) you can find 10 different Group Policy settings (quite a small amount comparing to almost 1500 different GPO settings for Internet Explorer browser). The following policies are available to manage Microsoft Edge settings:
- Allows you to let people use autofill on websites
- Allows you to let people send Do Not Track headers
- Allows you to configured password manager
- Allows you to run pop-ups
- Stops address bar from showing search suggestions
- Allows you to configure SmartScreen
- Configure how Microsoft Edge treats cookies
- Allows you to configured the Enterprise Site list
- Sends all intranet traffic over to Internet Explorer
In the following Windows 10 builds, the number of Microsoft Edge settings that can be managed via GPO progressively increased.
To see all new options, you need:
- Download the latest version of registry-based Administrative Templates (.admx) for Windows 10 and Windows Server 2016 (v2.0, 1/8/2017 — https://www.microsoft.com/en-us/download/details.aspx?id=53430).
- To install new .admx files, run the file Windows 10 and Windows Server 2016 ADMX.msi
- If you want to manage Microsoft Edge settings using local GPO, copy all content (or only two files: admx and en-US\MicrosoftEdge.adml) from a folder C:\Program Files (x86)\Microsoft Group Policy\Windows 10 and Windows Server 2016 (Version 2.0)\ to the local directory C:\Windows\PolicyDefinitions.
- If you want to use new administrative templates to manage Edge settings on a computers in the AD domain, copy the content of a local folder C:\Program Files (x86)\Microsoft Group Policy\Windows 10 and Windows Server 2016 (Version 2.0)\ to Central Store folder on the domain controller (for example, \\com\SYSVOL\theitbros.com\Policies\PolicyDefinitions). Now you create a new domain GPOs with Edge settings using Group Policy Management Console (GPMC)
After installing a new administrative templates under section Computer Configuration -> Administrative Template -> Windows Components -> Microsoft Edge, you will get 20 different settings available (also specified Windows 10 build, in which the policy can be applied).
- Configure Autofill
- Allow Developer Tools (Windows 10 build 1511 and above)
- Configure Do Not Track
- Allow Extensions – (Windows 10 build 1607 and above)
- Allow InPrivate browsing (Windows 10 build 1511 and above)
- Configure Password Manager
- Configure Pop-up Blocker
- Configure search suggestions in Address bar
- Configure SmartScreen Filter
- Allow web content on New Tab page
- Configure cookies
- Configure the Enterprise Mode Site List
- Configure Favorites (Windows 10 build 1511 and above)
- Prevent using Localhost IP address for WebRTC (Windows 10 build 1511 and above)
- Configure Home pages (Windows 10 build 1511 and above)
- Prevent access to the about:flags page (Windows 10 build 1607 and above)
- Prevent bypassing SmartScreen prompts for sites (Windows 10 build 1511 and above)
- Prevent bypassing SmartScreen prompts for files (Windows 10 build 1511 and above)
- Send all intranet sites to Internet Explorer 11
- Show message when opening sites in Internet Explore
As you can see, at this moment not so much Group Policies for configuring Edge implemented in Windows 10. Most likely, new Group Policy settings soon will be added to the new versions of Microsoft Edge and Windows 10.