- SystoLOCK in review: Logging in to Active Directory with multi-factor authentication without passwords - Tue, Dec 5 2023
- New Group Policy settings in Windows 11 23H2 - Mon, Nov 20 2023
- Windows Server 2025 will support SMB over QUIC in all editions - Fri, Nov 17 2023
After the announcement to give up its own rendering engine and to use Chromium as a basis for Edge, the to-dos for Microsoft have been basically clear. In addition to adapting the Edge user interface to Chromium, these primarily include integration with Windows and the company's own cloud services.
Edge integration with cloud services at an early stage
The latter aims to replace Google services with their Microsoft equivalents. This includes setting up Bing as the standard search engine, synchronizing user profiles via Azure instead of Google Cloud, or using SmartScreen instead of Google Safe Browsing.
In a further step, Microsoft wants to integrate services that are particularly appealing to companies. Examples include logging on to Azure Active Directory with support for conditional access and integrating the Information Protection DRM service to prevent users from printing or copying specific pages.
Integration with AAD Conditional Access is designed to restrict access to resources under certain conditions
An enterprise tab is also planned, which automatically displays content from an intranet, frequently used web applications, or documents from Office 365 when opened.
The integration of most of these services is underway and will be available in upcoming releases. At some point, the Windows 10 security feature "Application Guard" will run the browser in an isolated VM to prevent malware from infecting the system.
Due to its management features, Microsoft has already declared the current preview to be Ready for Business. The focus is on the administrative templates that are now available, so that companies can manage the browser using group policies. In the future, the settings available for GPOs will also be offered as CSPs for Mobile Device Management.
ADMX from the Chromium project
One might be surprised that Microsoft was able to provide more than 180 GPO settings for the Chromium-based browser right away, since the predecessor only had about 50 after several updates.
However, a comparison with Chrome's group policies shows that Microsoft did not develop the GPO support for Edge itself. The ADMX template is essentially from Chromium, and Microsoft has only added or changed a few settings.
Microsoft did not or was not allowed to completely remove those settings that were tailored for Google services. Hence, the template still contains settings for Google SafeSearch, YouTube, and Cast.
Some GPO settings for Edge apply to Google services
The settings follow Chrome's logic, which is atypical for group policies, because some of them only define default values that can be changed by the user. The configuration by GPOs is normally mandatory, whereas the Group Policy Preferences are meant to set modifiable default values.
The division of the GPO settings into mandatory and changeable ones follows the logic of Chrome
This design by Google is obviously a tribute to a multi-platform browser that should be managed with similar settings across all operating systems.
In order not to lose track of the many settings admins might have configured through group policies, Edge provides a detailed list, which can be found using the URL
edge://policy
The browser shows which settings from which source it has been configured with
Again, this is not an invention of Microsoft. Rather, all Chromium-based browsers have this feature (in Chrome you enter chrome://policy). In addition, the ZIP archive with the ADMX templates contains documentation in HTML format like Chrome, and the file is called microsoftedge_policy_list.html.
Documentation of Edge's GPO settings in HTML format
Deployment via offline installer
Microsoft advertises the availability of an offline installer as another business feature. Private users receive a setup program by default that downloads the required binaries from the Internet. The MSI package contains all the files required for the browser. It also allows silent installation via group policies, SCCM, or similar tools.
Offline installer is available for 32 and 64 bit Windows as well as for macOS
As you can easily see, the new Edge is a Win32 application and no longer a UWP app. The implementation as an app turned out to be a major mistake. As such, it has not been available on older versions of Windows or on Windows 10 LTSC. Because of its dependence on Windows 10, Edge's market share has remained low so far.
It can be safely assumed that the Chromium-based browser will be shipped with the operating system in the future. But if you are still working with older versions of the OS, you can install Edge yourself. Previews for Windows 7 and 8.x are already available. Microsoft also offers the browser for macOS; Edge already runs on Chromium under Android.
Installation into the user profile
From Chromium, Edge also inherits a peculiarity that admins don't like much. If users lack administrative rights, the setup will install the browser in their profile. This allows them to bypass the company's standard browser.
If the admin rights are missing, the setup offers to install Edge in the user profile
However, if you install Edge as an administrator under the directory %ProgramFiles%, the setup removes the private installations on this computer.
No more updates using WSUS
Due to Edge's multi-platform orientation, Microsoft uses a unified mechanism for updates like the one already used in Chrome.
If admins do not want to have another auto-updater in their network that receives the bits for each individual computer separately, they can disable it via a GPO. Microsoft provides its own ADMX template for the management of updates.
GPO setting to configure Edge Update
However, it is then up to the companies to keep the browser up to date by distributing the latest MSIs. This is especially important when security issues have been fixed. Compared to Internet Explorer, this means a step backwards because the legacy browser can be automatically updated via WSUS in a corporate environment.
Switching between languages
The decoupling of Edge from Windows is also evident in another feature. Chromium-based Edge allows the user to switch between different languages. Normally, a Windows application should automatically adopt the regional settings of the operating system.
Changing the display language in Edge is independent of the operating system
In a browser, switching between display languages can lead to unwanted problems because the value for ACCEPT_LANGUAGE in the HTTP header also changes. Many websites then automatically present their content in the language specified there.
Internet Explorer mode
As an additional feature for companies in the current preview, Microsoft names the Internet Explorer mode, previously known as IE Enterprise mode. Its purpose is to redirect web pages to the IE if they cannot be displayed properly in a modern browser.
Configuring the way how Edge will display selected web pages in Internet Explorer using Group Policy
To do this, you create a site list in XML format and load it via a GPO. The URLs stored there will be opened automatically by Internet Explorer in the future. This process is transparent for the user, the page will simply open in a new tab.
Conclusion
With the current preview, you can see quite clearly where Microsoft is heading with Edge. Chromium provides much more infrastructure than just the rendering and JavaScript engine. It includes the ADMX templates, the numerous extensions for Google Chrome, and the update mechanism.
For this reason, it will not be easy for Microsoft to differentiate itself from other Chromium-based browsers with Edge. But it will be easy for anyone familiar with Google's GPO settings to make the switch to Edge.
Replacing Google's cloud services with those of Microsoft may be an argument in favor of using Edge for those who dislike Google's aggressive practice of data collection. Other services, such as Information Protection, may be interesting for some professional users, but they will hardly determine Edge's success.
Subscribe to 4sysops newsletter!
For Windows admins, the move to a multi-platform browser is not progress. In the future, they will have to ensure that users get a current and patched version of Edge. Auto-Updater is not a reliable and good solution for businesses.
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
I guess the fact that Edge Chromium has yet to make it to a beta release means its probably going to be at least Spring 2020 before we see a Edge Chromium stable release. I've seen features come and go in Canary and a lot of work is still in progress from new features. I don't think Microsoft should be pushing a Dev. or Canary preview on mainstream enterprise. I get the feeling Microsoft is feeling compelled to keep Edge in the mix as a viable browser because every month it keeps losing more users to Chrome with the original Edge. The big question still is will anyone really care when Edge chromium finally makes it to stable? There are many Chrome clone's out there that have not garnered a whole lot of users besides the fringe who want a uniquely featured browser. I have to wonder exactly how many Chrome users will really switch? The other interesting question is exactly how many users are even testing Edge chromium now?
This post aged badly (joking) 😉
Actually two parts are totally outdated: updates will be delivered over WSUS (while the early previews only provided Google's auto updater) and Edge cannot be installed into the user's profile any more. The GPO part is still valid. But update to this article is coming soon 🙂
Just wondering how an admin should change the display language of Edge Chromium to their desired language in an enterprise environment?
We use intune to set our (very few as possible) policies but I cannot find any settings in either the ADMX GPO or Intune options to centrally manage that specific setting. I assume that almost any other country who's native tongue isn't english would like to change such a setting.
I find it hard to believe that Microsoft expects admins to let this be done by their end-user base?! In my case that would mean the creation of some handy manuals and instruction vid's and hence thereon lots of support calls to my helpdesk. 🙂
Any thoughts, pointers, tips how to change this in a managed way?