- Specops uReset review: Active Directory password reset as a self-service - Thu, May 21 2020
- Configure updates and reboot options for Windows 10 using group policies - Mon, May 4 2020
- Microsoft 365 Business: Configure macro security settings via group policies - Wed, Apr 29 2020
After the announcement to give up its own rendering engine and to use Chromium as a basis for Edge, the to-dos for Microsoft have been basically clear. In addition to adapting the Edge user interface to Chromium, these primarily include integration with Windows and the company's own cloud services.
Edge integration with cloud services at an early stage ^
The latter aims to replace Google services with their Microsoft equivalents. This includes setting up Bing as the standard search engine, synchronizing user profiles via Azure instead of Google Cloud, or using SmartScreen instead of Google Safe Browsing.
In a further step, Microsoft wants to integrate services that are particularly appealing to companies. Examples include logging on to Azure Active Directory with support for conditional access and integrating the Information Protection DRM service to prevent users from printing or copying specific pages.
An enterprise tab is also planned, which automatically displays content from an intranet, frequently used web applications, or documents from Office 365 when opened.
The integration of most of these services is underway and will be available in upcoming releases. At some point, the Windows 10 security feature "Application Guard" will run the browser in an isolated VM to prevent malware from infecting the system.
Due to its management features, Microsoft has already declared the current preview to be Ready for Business. The focus is on the administrative templates that are now available, so that companies can manage the browser using group policies. In the future, the settings available for GPOs will also be offered as CSPs for Mobile Device Management.
ADMX from the Chromium project ^
One might be surprised that Microsoft was able to provide more than 180 GPO settings for the Chromium-based browser right away, since the predecessor only had about 50 after several updates.
However, a comparison with Chrome's group policies shows that Microsoft did not develop the GPO support for Edge itself. The ADMX template is essentially from Chromium, and Microsoft has only added or changed a few settings.
Microsoft did not or was not allowed to completely remove those settings that were tailored for Google services. Hence, the template still contains settings for Google SafeSearch, YouTube, and Cast.
The settings follow Chrome's logic, which is atypical for group policies, because some of them only define default values that can be changed by the user. The configuration by GPOs is normally mandatory, whereas the Group Policy Preferences are meant to set modifiable default values.
This design by Google is obviously a tribute to a multi-platform browser that should be managed with similar settings across all operating systems.
In order not to lose track of the many settings admins might have configured through group policies, Edge provides a detailed list, which can be found using the URL
Again, this is not an invention of Microsoft. Rather, all Chromium-based browsers have this feature (in Chrome you enter chrome://policy). In addition, the ZIP archive with the ADMX templates contains documentation in HTML format like Chrome, and the file is called microsoftedge_policy_list.html.
Deployment via offline installer ^
Microsoft advertises the availability of an offline installer as another business feature. Private users receive a setup program by default that downloads the required binaries from the Internet. The MSI package contains all the files required for the browser. It also allows silent installation via group policies, SCCM, or similar tools.
As you can easily see, the new Edge is a Win32 application and no longer a UWP app. The implementation as an app turned out to be a major mistake. As such, it has not been available on older versions of Windows or on Windows 10 LTSC. Because of its dependence on Windows 10, Edge's market share has remained low so far.
It can be safely assumed that the Chromium-based browser will be shipped with the operating system in the future. But if you are still working with older versions of the OS, you can install Edge yourself. Previews for Windows 7 and 8.x are already available. Microsoft also offers the browser for macOS; Edge already runs on Chromium under Android.
Installation into the user profile ^
From Chromium, Edge also inherits a peculiarity that admins don't like much. If users lack administrative rights, the setup will install the browser in their profile. This allows them to bypass the company's standard browser.
However, if you install Edge as an administrator under the directory %ProgramFiles%, the setup removes the private installations on this computer.
No more updates using WSUS ^
Due to Edge's multi-platform orientation, Microsoft uses a unified mechanism for updates like the one already used in Chrome.
If admins do not want to have another auto-updater in their network that receives the bits for each individual computer separately, they can disable it via a GPO. Microsoft provides its own ADMX template for the management of updates.
However, it is then up to the companies to keep the browser up to date by distributing the latest MSIs. This is especially important when security issues have been fixed. Compared to Internet Explorer, this means a step backwards because the legacy browser can be automatically updated via WSUS in a corporate environment.
Switching between languages ^
The decoupling of Edge from Windows is also evident in another feature. Chromium-based Edge allows the user to switch between different languages. Normally, a Windows application should automatically adopt the regional settings of the operating system.
In a browser, switching between display languages can lead to unwanted problems because the value for ACCEPT_LANGUAGE in the HTTP header also changes. Many websites then automatically present their content in the language specified there.
Internet Explorer mode ^
As an additional feature for companies in the current preview, Microsoft names the Internet Explorer mode, previously known as IE Enterprise mode. Its purpose is to redirect web pages to the IE if they cannot be displayed properly in a modern browser.
To do this, you create a site list in XML format and load it via a GPO. The URLs stored there will be opened automatically by Internet Explorer in the future. This process is transparent for the user, the page will simply open in a new tab.
For this reason, it will not be easy for Microsoft to differentiate itself from other Chromium-based browsers with Edge. But it will be easy for anyone familiar with Google's GPO settings to make the switch to Edge.
Replacing Google's cloud services with those of Microsoft may be an argument in favor of using Edge for those who dislike Google's aggressive practice of data collection. Other services, such as Information Protection, may be interesting for some professional users, but they will hardly determine Edge's success.
For Windows admins, the move to a multi-platform browser is not progress. In the future, they will have to ensure that users get a current and patched version of Edge. Auto-Updater is not a reliable and good solution for businesses.