Chromium-based Edge is making further progress and is now suitable for enterprises, according to Microsoft. New features include configuration via group policies and compatibility with old web applications. But Microsoft's multi-platform strategy has downsides for Windows admins.

Wolfgang Sommergut

Wolfgang Sommergut has over 20 years of experience in IT journalism. He has also worked as a system administrator and as a tech consultant. Today he runs the German publication WindowsPro.de.

After the announcement to give up its own rendering engine and to use Chromium as a basis for Edge, the to-dos for Microsoft have been basically clear. In addition to adapting the Edge user interface to Chromium, these primarily include integration with Windows and the company's own cloud services.

Edge integration with cloud services at an early stage ^

The latter aims to replace Google services with their Microsoft equivalents. This includes setting up Bing as the standard search engine, synchronizing user profiles via Azure instead of Google Cloud, or using SmartScreen instead of Google Safe Browsing.

In a further step, Microsoft wants to integrate services that are particularly appealing to companies. Examples include logging on to Azure Active Directory with support for conditional access and integrating the Information Protection DRM service to prevent users from printing or copying specific pages.

Integration with AAD Conditional Access is designed to restrict access to resources under certain conditions

Integration with AAD Conditional Access is designed to restrict access to resources under certain conditions

An enterprise tab is also planned, which automatically displays content from an intranet, frequently used web applications, or documents from Office 365 when opened.

The integration of most of these services is underway and will be available in upcoming releases. At some point, the Windows 10 security feature "Application Guard" will run the browser in an isolated VM to prevent malware from infecting the system.

Due to its management features, Microsoft has already declared the current preview to be Ready for Business. The focus is on the administrative templates that are now available, so that companies can manage the browser using group policies. In the future, the settings available for GPOs will also be offered as CSPs for Mobile Device Management.

ADMX from the Chromium project ^

One might be surprised that Microsoft was able to provide more than 180 GPO settings for the Chromium-based browser right away, since the predecessor only had about 50 after several updates.

However, a comparison with Chrome's group policies shows that Microsoft did not develop the GPO support for Edge itself. The ADMX template is essentially from Chromium, and Microsoft has only added or changed a few settings.

Microsoft did not or was not allowed to completely remove those settings that were tailored for Google services. Hence, the template still contains settings for Google SafeSearch, YouTube, and Cast.

Some GPO settings for Edge apply to Google services

Some GPO settings for Edge apply to Google services

The settings follow Chrome's logic, which is atypical for group policies, because some of them only define default values that can be changed by the user. The configuration by GPOs is normally mandatory, whereas the Group Policy Preferences are meant to set modifiable default values.

The division of the GPO settings into mandatory and changeable ones follows the logic of Chrome

The division of the GPO settings into mandatory and changeable ones follows the logic of Chrome

This design by Google is obviously a tribute to a multi-platform browser that should be managed with similar settings across all operating systems.

In order not to lose track of the many settings admins might have configured through group policies, Edge provides a detailed list, which can be found using the URL

edge://policy

The browser shows which settings from which source it has been configured with

The browser shows which settings from which source it has been configured with

Again, this is not an invention of Microsoft. Rather, all Chromium-based browsers have this feature (in Chrome you enter chrome://policy). In addition, the ZIP archive with the ADMX templates contains documentation in HTML format like Chrome, and the file is called microsoftedge_policy_list.html.

Documentation of Edge's GPO settings in HTML format

Documentation of Edge's GPO settings in HTML format

Deployment via offline installer ^

Microsoft advertises the availability of an offline installer as another business feature. Private users receive a setup program by default that downloads the required binaries from the Internet. The MSI package contains all the files required for the browser. It also allows silent installation via group policies, SCCM, or similar tools.

Offline installer is available for 32 and 64 bit Windows as well as for macOS

Offline installer is available for 32 and 64 bit Windows as well as for macOS

As you can easily see, the new Edge is a Win32 application and no longer a UWP app. The implementation as an app turned out to be a major mistake. As such, it has not been available on older versions of Windows or on Windows 10 LTSC. Because of its dependence on Windows 10, Edge's market share has remained low so far.

It can be safely assumed that the Chromium-based browser will be shipped with the operating system in the future. But if you are still working with older versions of the OS, you can install Edge yourself. Previews for Windows 7 and 8.x are already available. Microsoft also offers the browser for macOS; Edge already runs on Chromium under Android.

Installation into the user profile ^

From Chromium, Edge also inherits a peculiarity that admins don't like much. If users lack administrative rights, the setup will install the browser in their profile. This allows them to bypass the company's standard browser.

If the admin rights are missing, the setup offers to install Edge in the user profile

If the admin rights are missing, the setup offers to install Edge in the user profile

However, if you install Edge as an administrator under the directory %ProgramFiles%, the setup removes the private installations on this computer.

No more updates using WSUS ^

Due to Edge's multi-platform orientation, Microsoft uses a unified mechanism for updates like the one already used in Chrome.

If admins do not want to have another auto-updater in their network that receives the bits for each individual computer separately, they can disable it via a GPO. Microsoft provides its own ADMX template for the management of updates.

GPO setting to configure Edge Update

GPO setting to configure Edge Update

However, it is then up to the companies to keep the browser up to date by distributing the latest MSIs. This is especially important when security issues have been fixed. Compared to Internet Explorer, this means a step backwards because the legacy browser can be automatically updated via WSUS in a corporate environment.

Switching between languages ^

The decoupling of Edge from Windows is also evident in another feature. Chromium-based Edge allows the user to switch between different languages. Normally, a Windows application should automatically adopt the regional settings of the operating system.

Changing the display language in Edge is independent of the operating system

Changing the display language in Edge is independent of the operating system

In a browser, switching between display languages can lead to unwanted problems because the value for ACCEPT_LANGUAGE in the HTTP header also changes. Many websites then automatically present their content in the language specified there.

Internet Explorer mode ^

As an additional feature for companies in the current preview, Microsoft names the Internet Explorer mode, previously known as IE Enterprise mode. Its purpose is to redirect web pages to the IE if they cannot be displayed properly in a modern browser.

Configuring the way how Edge will display selected web pages in Internet Explorer using Group Policy

Configuring the way how Edge will display selected web pages in Internet Explorer using Group Policy

To do this, you create a site list in XML format and load it via a GPO. The URLs stored there will be opened automatically by Internet Explorer in the future. This process is transparent for the user, the page will simply open in a new tab.

Conclusion ^

With the current preview, you can see quite clearly where Microsoft is heading with Edge. Chromium provides much more infrastructure than just the rendering and JavaScript engine. It includes the ADMX templates, the numerous extensions for Google Chrome, and the update mechanism.

For this reason, it will not be easy for Microsoft to differentiate itself from other Chromium-based browsers with Edge. But it will be easy for anyone familiar with Google's GPO settings to make the switch to Edge.

Replacing Google's cloud services with those of Microsoft may be an argument in favor of using Edge for those who dislike Google's aggressive practice of data collection. Other services, such as Information Protection, may be interesting for some professional users, but they will hardly determine Edge's success.

For Windows admins, the move to a multi-platform browser is not progress. In the future, they will have to ensure that users get a current and patched version of Edge. Auto-Updater is not a reliable and good solution for businesses.

Are you an IT pro? Apply for membership!

1+

Users who have LIKED this post:

  • avatar
Share
1 Comment
  1. JohnIL 1 month ago

    I guess the fact that Edge Chromium has yet to make it to a beta release means its probably going to be at least Spring 2020 before we see a Edge Chromium stable release. I've seen features come and go in Canary and a lot of work is still in progress from new features. I don't think Microsoft should be pushing a Dev. or Canary preview on mainstream enterprise. I get the feeling Microsoft is feeling compelled to keep Edge in the mix as a viable browser because every month it keeps losing more users to Chrome with the original Edge. The big question still is will anyone really care when Edge chromium finally makes it to stable? There are many Chrome clone's out there that have not garnered a whole lot of users besides the fringe who want a uniquely featured browser. I have to wonder exactly how many Chrome users will really switch? The other interesting question is exactly how many users are even testing Edge chromium now? 

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account