Deploying and Managing Microsoft Edge (Chromium) with Microsoft Intune
When Microsoft first announced that they were working on a Chromium-based version of Microsoft Edge, I was skeptical. I thought it would be another attempt to try to regain a foothold in an area where they’ve been in a steady decline for many years.
However after using it as an end-user and managing it as an IT admin, it’s become my favourite browser on Windows and I often suggest it to customers when starting a modern device management and provisioning project. If you think about it; what is one of the biggest reasons users (myself included) switched from IE and MSEdge (non-Chromium) to Chrome?
Speed
Website compatibility
Extensions.
Organisations moved to Chrome for the same reason but unless an organisation used G Suite, then bookmark synchronisation wasn’t possible without creating a Google Account which IT had zero control of. With Edge, you simply login with your AAD account and you’re good to go.
Moving to Intune/Microsoft Endpoint Manager with Chrome was also possible via OMA-URI configuration profiles which ingested the Chrome ADMX but let’s be honest; it was a huge pain in the backside to maintain and modfy. On the other hand, Microsoft update the ADMX templates for Edge and provide a nice GUI.
Recently I noticed that the ADMX templates in Intune/Microsoft Endpoint Manager have been updated to the latest version which include some settings which always had me adding a ‘but’ to the conversation about Edge deployment within an organisation. I believe Edge is now in a position to be widely adopted
So let’s go through what I’d recommend as a ‘baseline’ set of Edge policies for your organisation and deploy them using Intune.
The policies
These policies will do the following:
Set Google Chrome as the default search engine
Force the user to sign-in to use the browser
Hide the first-run experience (where Edge goes full screen and shows the transition from old Edge logo to new logo)
Force the user to always have a profile signed in using their AAD credentials.
Force the synchronisation of bookmarks
So let’s get into them.
Setting Chrome as default search engine
To set Chrome as the default search engine, you have to configure the following:
Default search provider URL for suggestions
{google:baseURL}complete/search?output=chrome&q={searchTerms}
Default search provider name
Enable the default search provider
Set to enabled.
Default search provider search URL
{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}ie={inputEncoding}
I’m not going to go through enabling the other policies in the above screenshot because they’re simply policies that you enable.
Once deployed to a device, you’ll notice the above items are automatically configured and within Edge settings, there’s a briefcase icon next to the controlled setting to indicate that it’s an item which is controlled via policy. You can view the policies within Edge by going to edge://policy.
Final thoughts
These settings should be good to get you up and running. Depending on your environment, there are a few other settings worth looking at:
Managed Bookmarks
IE mode in Edge for those lingering web apps you may have internally which rely on ActiveX
Managed Extensions
If there’s interest, I’ll put together a blog post on how to set those up as well.
Feel free to comment and I’ll try to respond as soon as I can.