- Delegate permissions for domain join - Mon, Jun 5 2023
- Join Windows 11 to an Active Directory domain - Thu, Jun 1 2023
- Change Windows network profiles between public and private - Wed, May 24 2023
After the decline of the once-dominant Internet Explorer (IE) and the failure of Edge as a Universal Windows Platform (UWP) app, Microsoft is now making its next move into the browser market. Compared to its predecessors, the "new Edge" is based on a different concept in several respects.
For example, Microsoft is no longer developing the rendering and JavaScript engine in house. Rather, they're using Google's open-source project Chromium. And unlike IE, Edge isn't just a browser for Windows anymore—it is also available for macOS. In addition, a version for iOS and Android, also based on Chromium, has been around for quite some time.
The Chromium based Edge browser runs on several operating systems
This is a thorough departure from the position Microsoft has held for years. According to Microsoft, IE was (for antitrust reasons) a tightly integrated and unremovable component of the operating system. The downside of this approach has been long update cycles and finally the loss of market leadership.
Edge shipped with Windows
By decoupling it from Windows, the new Edge is still by no means a pure download option, such as for Firefox or numerous other Chromium browsers (Opera, Vivaldi, etc.). Rather, Microsoft would like to make it the standard browser of its operating system.
In the future, Microsoft will include Edge on the installation media for Windows 10, and thus, new PCs will have it preloaded. In addition, Microsoft is now beginning to roll out the browser to private users via Windows Update.
Unlike in the past, the manufacturer still does not want to abuse its dominant position in desktop operating systems. For example, it respects existing settings and does not set Edge as the default browser when updating. Likewise, it does not configure Bing as the preferred search engine if the user has previously picked a different one.
Deployment in companies
Automatic installation of the new Edge via Windows Update only affects the Home and Pro editions, excluding the Enterprise, Workstation Pro, and Education editions. However, smaller companies that obtain their updates directly from Microsoft and use the Pro edition can prevent the download of Edge for the time being by using the Blocker Toolkit.
This consists of an .admx template for group policies and a batch file to enter the required key directly into the registry.
For centrally managed environments, Microsoft offers two alternative deployment options. First, administrators can download a standalone installer as an .msi and distribute it via the company's own mechanisms such as System Center Configuration Manager (SCCM) or group policies.
In contrast, the normal installer for consumers requests the required files for each individual PC via the internet. If employees want to use it to install Edge on their own, they need administrative privileges. User-level installations like with Chrome or previews of Edge no longer work with the stable version.
Standard users can no longer install the new Edge into their user profiles
The preferred channel for companies to obtain Edge will probably be via Windows Server Update Services (WSUS). Microsoft will use it to deliver not only security updates but also complete releases. Microsoft has announced such feature updates for every six weeks—similar intervals as for Google or Firefox.
Admins must activate Microsoft Edge as a separate product in WSUS
To receive updates for Microsoft Edge via WSUS, admins must subscribe to it as a separate product under the Windows category. The WSUS server then retrieves updates for all Edge development channels and thus also obtains Dev and Beta. There is currently no filter to limit the downloads to Stable.
Microsoft also ships beta and development versions of Edge via WSUS
Management via group policies
Microsoft also takes advantage of the Chromium project's groundwork by reusing the .admx templates, which you can download from the Edge for Business website. They contain mostly the same settings as Google Chrome.
Download the administrative templates for Microsoft Edge
Many of these settings are relevant for browser security, such as those that allow admins to control the installation of extensions. Edge supports not only those from Microsoft's own store but also extensions for Google Chrome. However, the latter are not necessarily trustworthy.
Microsoft delivers extensions for Edge via a separate store, although all Chrome extensions work as well
To assist administrators in securely configuring Edge, Microsoft provides a security baseline, as it does for Windows and Office. This contains a complete list of all Group Policy settings and recommends which ones to configure. The baseline is part of the Security Compliance Toolkit available from Microsoft Download.
Recommended settings from the security baseline for Microsoft Edge
Edge-specific Group Policy additions include those that affect Microsoft's own services, such as SmartScreen or Bing. They also allow admins to control the integration with older Microsoft browsers.
Compatibility with IE and Edge I
Internet Explorer mode, which was already available for IE11 as Enterprise mode, opens certain applications with an older browser engine. The functionality remains unchanged with Edge.
For configuration, you first activate this compatibility mode via the Configure Internet Explorer Integration setting and then upload a list of URLs where Edge should start IE. You must create this site list in an XML format. The Enterprise Mode Site List Manager will simplify this task.
Enabling Internet Explorer mode via Group Policy Management Editor
You store the list of URLs for old or incompatible web applications on a web server and then enter the address into the Configure the Enterprise Mode Site List setting.
Providing a site list with URLs that Edge opens in IE
Only one setting lets you control the relationship to the original Edge browser. It toggles the possibility to use the predecessor at all. By default, this is no longer accessible after installing the new Edge, and all corresponding calls are redirected to the new version.
Go to Computer Configuration > Policies > Administrative Templates > Microsoft Edge Update > Applications > Allow Microsoft Edge Side by Side browser experience to ensure that the old Edge is still available. You must activate this before updating to the new browser.
If you want to keep the old Edge, you have to ensure this via a Group Policy Object (GPO) before updating to Edge Chromium
However, there are probably not many reasons to do this, since Microsoft has recently removed epub support, one of the few exclusive features of first generation Edge.
Conclusion
Microsoft wants to end its failed web browser strategy by quickly integrating the Chromium-based Edge into its operating system. Home users will receive the software via Windows Update, while companies have several deployment options.
For professional users, the new Edge should be appealing because you can update it via WSUS and manage it with GPOs. Another argument in its favor is that it contains Chromium's leading HTML engine but without ties to Google services. A relatively strict default setting also prevents excessive tracking.
Subscribe to 4sysops newsletter!
Finally, you can even install Edge Chromium under Server Core, where the browser can serve as a local console for Windows Admin Center.
@ Wolfgang , Thanks for your interesting article.
Personally I found this one the main reason to install Edge Chromium.
Hi Paolo, then I must have done something wrong. The most important information should be at the beginning, not the end of the article 😉
Hi Wolfgang, ok good point
please do not modify nothing, the article is really clear and well written. My only oncern is about how Microsoft consider their browsers for SMB and large corporations environments. Maybe I work a lot of time with Safari or Firefox, new Edge is not really familiar for my fingers yet, but I will test it more.
Under Admins must activate Microsoft Edge as a separate product in WSUS pic, I have already chosen Edge as a product to sync. I am using Server 2012 not r2 with wsus 6. Using the Windows Internal Database, but on that same image on the left windows pain after expanding the updates tabs, I see all the standard catagoris such as critical updates and so on but, I do not see a category that says Microsoft Edge. Is something wrong with my Windows Internal database? I assume you can deploy it with that wsus version? (I do see it as a category to select and sync) so Why cant I see it under updates? Any help would be great, I have yet to see any stipulations for WSUS where I either can or cant deploy it.
It would have been helpful if someone had posted how to auto-approve updates for WSUS, so I insert my code here which filters the x64 ones :
$AllUpdates = Get-WsusUpdate -Classification All -Approval Unapproved $EdgeStableUpdates = $AllUpdates | ? {$_.Update.Title -like "Microsoft Edge-Stable Channel Version*x64*"} If ($EdgeStableUpdates -ne $null) { $EdgeStableUpdates | Approve-WsusUpdate -Action Install -TargetGroupName "All Computers" }