Microsoft has released the first stable version of its new browser based on Chromium 79. While private users can get it via Windows Update, companies have various deployment options. Numerous settings for group policies let you manage Edge centrally.

After the decline of the once-dominant Internet Explorer (IE) and the failure of Edge as a Universal Windows Platform (UWP) app, Microsoft is now making its next move into the browser market. Compared to its predecessors, the "new Edge" is based on a different concept in several respects.

For example, Microsoft is no longer developing the rendering and JavaScript engine in house. Rather, they're using Google's open-source project Chromium. And unlike IE, Edge isn't just a browser for Windows anymore—it is also available for macOS. In addition, a version for iOS and Android, also based on Chromium, has been around for quite some time.

The Chromium based Edge browser runs on several operating systems

The Chromium based Edge browser runs on several operating systems

This is a thorough departure from the position Microsoft has held for years. According to Microsoft, IE was (for antitrust reasons) a tightly integrated and unremovable component of the operating system. The downside of this approach has been long update cycles and finally the loss of market leadership.

Edge shipped with Windows ^

By decoupling it from Windows, the new Edge is still by no means a pure download option, such as for Firefox or numerous other Chromium browsers (Opera, Vivaldi, etc.). Rather, Microsoft would like to make it the standard browser of its operating system.

In the future, Microsoft will include Edge on the installation media for Windows 10, and thus, new PCs will have it preloaded. In addition, Microsoft is now beginning to roll out the browser to private users via Windows Update.

Unlike in the past, the manufacturer still does not want to abuse its dominant position in desktop operating systems. For example, it respects existing settings and does not set Edge as the default browser when updating. Likewise, it does not configure Bing as the preferred search engine if the user has previously picked a different one.

Deployment in companies ^

Automatic installation of the new Edge via Windows Update only affects the Home and Pro editions, excluding the Enterprise, Workstation Pro, and Education editions. However, smaller companies that obtain their updates directly from Microsoft and use the Pro edition can prevent the download of Edge for the time being by using the Blocker Toolkit.

This consists of an .admx template for group policies and a batch file to enter the required key directly into the registry.

For centrally managed environments, Microsoft offers two alternative deployment options. First, administrators can download a standalone installer as an .msi and distribute it via the company's own mechanisms such as System Center Configuration Manager (SCCM) or group policies.

In contrast, the normal installer for consumers requests the required files for each individual PC via the internet. If employees want to use it to install Edge on their own, they need administrative privileges. User-level installations like with Chrome or previews of Edge no longer work with the stable version.

Standard users can no longer install the new Edge into their user profiles

Standard users can no longer install the new Edge into their user profiles

The preferred channel for companies to obtain Edge will probably be via Windows Server Update Services (WSUS). Microsoft will use it to deliver not only security updates but also complete releases. Microsoft has announced such feature updates for every six weeks—similar intervals as for Google or Firefox.

Admins must activate Microsoft Edge as a separate product in WSUS

Admins must activate Microsoft Edge as a separate product in WSUS

To receive updates for Microsoft Edge via WSUS, admins must subscribe to it as a separate product under the Windows category. The WSUS server then retrieves updates for all Edge development channels and thus also obtains Dev and Beta. There is currently no filter to limit the downloads to Stable.

Microsoft also ships beta and development versions of Edge via WSUS

Microsoft also ships beta and development versions of Edge via WSUS

Management via group policies ^

Microsoft also takes advantage of the Chromium project's groundwork by reusing the .admx templates, which you can download from the Edge for Business website. They contain mostly the same settings as Google Chrome.

Download the administrative templates for Microsoft Edge

Download the administrative templates for Microsoft Edge

Many of these settings are relevant for browser security, such as those that allow admins to control the installation of extensions. Edge supports not only those from Microsoft's own store but also extensions for Google Chrome. However, the latter are not necessarily trustworthy.

Microsoft delivers extensions for Edge via a separate store, although all Chrome extensions work as well

Microsoft delivers extensions for Edge via a separate store, although all Chrome extensions work as well

To assist administrators in securely configuring Edge, Microsoft provides a security baseline, as it does for Windows and Office. This contains a complete list of all Group Policy settings and recommends which ones to configure. The baseline is part of the Security Compliance Toolkit available from Microsoft Download.

Recommended settings from the security baseline for Microsoft Edge

Recommended settings from the security baseline for Microsoft Edge

Edge-specific Group Policy additions include those that affect Microsoft's own services, such as SmartScreen or Bing. They also allow admins to control the integration with older Microsoft browsers.

Compatibility with IE and Edge I ^

Internet Explorer mode, which was already available for IE11 as Enterprise mode, opens certain applications with an older browser engine. The functionality remains unchanged with Edge.

For configuration, you first activate this compatibility mode via the Configure Internet Explorer Integration setting and then upload a list of URLs where Edge should start IE. You must create this site list in an XML format. The Enterprise Mode Site List Manager will simplify this task.

Enabling Internet Explorer mode via Group Policy Management Editor

You store the list of URLs for old or incompatible web applications on a web server and then enter the address into the Configure the Enterprise Mode Site List setting.

Providing a site list with URLs that Edge opens in IE

Providing a site list with URLs that Edge opens in IE

Only one setting lets you control the relationship to the original Edge browser. It toggles the possibility to use the predecessor at all. By default, this is no longer accessible after installing the new Edge, and all corresponding calls are redirected to the new version.

Go to Computer Configuration > Policies > Administrative Templates > Microsoft Edge Update > Applications > Allow Microsoft Edge Side by Side browser experience to ensure that the old Edge is still available. You must activate this before updating to the new browser.

If you want to keep the old Edge, you have to ensure this via a Group Policy Object (GPO) before updating to Edge Chromium

However, there are probably not many reasons to do this, since Microsoft has recently removed epub support, one of the few exclusive features of first generation Edge.

Conclusion ^

Microsoft wants to end its failed web browser strategy by quickly integrating the Chromium-based Edge into its operating system. Home users will receive the software via Windows Update, while companies have several deployment options.

For professional users, the new Edge should be appealing because you can update it via WSUS and manage it with GPOs. Another argument in its favor is that it contains Chromium's leading HTML engine but without ties to Google services. A relatively strict default setting also prevents excessive tracking.

Finally, you can even install Edge Chromium under Server Core, where the browser can serve as a local console for Windows Admin Center.

Read 4sysops without ads by becoming a member!

Your question was not answered? Ask in the forum!

3+

Users who have LIKED this post:

  • avatar
Share
3 Comments
  1. @ Wolfgang , Thanks for your interesting article.
    Personally I found this one the main reason to install Edge Chromium.

    Finally, you can even install Edge Chromium under Server Core, where the browser can serve as a local console for Windows Admin Center.

    0

  2. Wolfgang Sommergut 2 months ago

    Hi Paolo, then I must have done something wrong. The most important information should be at the beginning, not the end of the article 😉

    1+

    Users who have LIKED this comment:

    • avatar
    • Hi Wolfgang, ok good pointsmiley please do not modify nothing, the article is really clear and well written. My only oncern is about how Microsoft consider their browsers for SMB and large corporations environments. Maybe I work a lot of time with Safari or Firefox, new Edge is not really familiar for my fingers yet, but I will test it more.

      0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account