This week Microsoft released their new Edge Chromium based web browser as we can read here. The browser is based on the Chromium project, like many other browsers. The new Edge browser was already available for a while via different Insider channels, which they still are. The browser is released this week not only for Windows, but also for macOS. As it is already available on Android and iOS, the browser is available on multiple, highly used platforms. Only a Linux version is still missing, but that seems to be work in progress.
In a future release of Windows, the new Edge browser will replace the legacy Edge browser. This will also happen when the browser is installed manually, via Intune or via Windows Update (for Business), as you don`t set a policy to restrict this behavior. At the moment of writing, the browser isn`t deployed yet via Windows Update, but you can download it for a manual installation or deploy it with for example Microsoft Intune.
In this blog post I will show you how we can deploy and manage the browser with Microsoft Intune (Endpoint Manager) to Windows 10 and macOS devices.
Deploy Microsoft Edge to Windows 10
Deployment via Microsoft Intune is made very simple by the Intune team. We don`t have to download the installer file and wrap it, they made it available direct in the Intune portal, like Office 365 already was.
- Sign-in to the Endpoint Manager portal
- Browse to Apps – Windows
- Click Add
- From the drop-down list choose Windows 10 under Microsoft Edge
- On the App information tab give the app a Name and Description
- Click OK
- On the Apps settings tab select the Channel you want to deploy
- Click OK
- Click Add
Don`t forget to assign the application. Make it available to your users or assign it as required to your devices.
That`s all for deploying the browser to Windows devices.
Deploy Microsoft Edge to macOS
Deploying the browser to macOS devices is the same as it is for Windows devices.
- Sign-in to the Endpoint Manager portal
- Browse to Apps – macOS
- Click Add
- From the drop-down list choose macOS under Microsoft Edge
- On the App information tab give the app a Name and Description
- Click OK
- On the Apps settings tab the Beta channel is selected
- Click OK
- Click Add
Don`t forget to assign the application. Make it available to your users or assign it as required to your devices.
Manage Edge setting for Windows devices – Administrative Templates
For Windows devices, Microsoft made Administrative Templates available in Intune. With this template we can control settings which we could also control with the Device restrictions policy (for Edge legacy), but the template contains a lot more settings.
With these settings we are for example able to set the Homepage URL, set the Office 365 feed for New tabs and also to make sure the new Edge browser runs next to the Edge legacy browser.
- Sign-in to the Endpoint Manager Portal
- Browse to Devices – Windows – Configuration profiles
- Click Create Profile
- Give the profile a Name
- Fill in the Description (optional)
- Choose Windows 10 and later as Platform
- Choose Administrative Templates as Profile type
- Click Create
- Open the settings tab
- Select Edge version 77 and later from the drop-down list
- Search for the setting you want to configure like Allow Microsoft Edge Side by Side browser experience
- Click the setting of choice to open the options
- Select your preferred option and click OK
Configure all the settings you like to manage on your Intune managed Windows 10 devices. Don`t forget to assign the profile to a security group.
Manage Edge setting for Windows devices – Security Baseline
In Intune we also have Security Baselines. They are available for Defender ATP, Windows 10 and Microsoft Edge. The Microsoft Edge baseline contains security settings Microsoft recommends to apply to the browser.
- In the Endpoint Manager portal browse to Devices
- Browse to Windows – Security baselines
- Click Microsoft Edge baseline
- Browse to Profiles
- Click Create profile
- Give the profile a Name
- Give the profile a Description (Optional)
- Take note of the Platform and Baseline version (at this moment only one is available)
- Click Next
- Leave everything as default or make your choices on the settings
- Click Next
- If needed at a Scope tag on the next tab and click Next
- Assign the policy to a security group
- click Next
- Review the policy and click Create
Don`t forget to assign the baseline to your device security group.
Manage Edge setting for macOS devices
Settings for the macOS version of the Edge browser can be managed using a property list (plist) file. We first have to manually create such a file, with all the setting we like to manage. Such a file can be edited with for example Notepad++ on a Windows device.
Or you can use XCode on your Mac.
When this file is complete with all your settings, it needs to be converted to a .mobileconfig file. Conversion can be done by using mcxToProfile.
The .mobileconfig file can be deployed using Microsoft Intune, with a Preference list profile.
These are the steps involved in short, read this previous article for all detailed steps: How to manage Microsoft Edge for Mac settings with Intune
The end-result
The end-result for an IT admin is the new Microsoft Edge browser deployed to your Windows 10 devices and configured with the required settings.
When the browser is managed with Intune, or via GPO, it is visible on several places in the Browser. An example is when you click the menu (at the bottom of the list).
When you click on that message, another page is opened with information.
It informs you where you can find an overview of all policies which are managed:
If Microsoft Edge is managed, you can view the policies that are set by your organization on the edge://policy page.
Via edge://policy you get an overview of all managed settings.
The end-result for the end-user is a fine working browser. I very much like the Office 365 feed on the new tabs, with recent documents, links SharePoint sites I follow etc.
But also my Favorites are synced across all my devices. I have them on my daily used Windows 10 device, but also on my Mac and Android Mobile.
That`s it for this post.
If you need to create a Kiosk device which runs the new Edge browser (full screen), you might be interested in my previous post: Setup an Edge Chromium based Kiosk device with Microsoft Intune
I also wrote an article about managing Edge Tracking Prevention settings, which is found here.
Thank you for reading this post!
5 Comments
Hi,
Thank you for this amazing post!
I do have one question.
Since EndpointManager seems to update every other week I’m unable to find Edge vers. 77 or higher in the settings of the administrative template.
Do you think this has changed to just Edge?
The whole layout of making a administrative template has changed.
Hi Micha,
Yes the administrative templates part is changed. But if you just create a Administrative templates profile, under Computer Configuration you find Microsoft Edge. There are the settings located I used, which cannot be overwritten by the user.
Good luck!
Do the favorites sync across all devices automatically by default or is there a setting in the administrative templates that needs to be set for that?
For Edge 86 and later you have this setting, supported on Windows and macOS: https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#forcesync
You need to configure that setting to force sync.
Hi, do you have any advice on how I can publish Edge to Android and iOS devices with an App Protection Policy? I don’t know if you perhaps can call it a managed browser? I am not able to get this to work.I am able to publish Edge to the devices, but none of the restrictions I apply.