Edge Chromium Sccm



  • New Edge, Credge, Edgium or Credgium – no matter what you call it, the Edge browser based on chromium was released on Jan 15th 2020. To deploy the new versions using SCCM 1910 (or above) Add “Microsoft Edge” a product that is sync’ed in your software update point component properties.
  • When users install the new edge browser, the old edge browser (legacy) is replaced with a new chromium edge and all the bookmarks, favorites everything will gets moved. This all worked well until an issue was discovered in the new Edge Chromium and its incompatibility or feature missing with WIP.
  • Jan 08, 2021 Microsoft announced that the general availability of the new Microsoft Edge Chromium on January 15, 2020.SCCM and Intune are already ready for this launch as both products include a feature to deploy and manage updates for Microsoft Edge.
Install edge chromium sccm

For those customers using System Center Configuration Manager (SCCM) or Microsoft Intune, we’re working to make the deployment and configuration experience as easy as possible. We will also work with third parties, ensuring that deploying and configuring Microsoft Edge is a great experience with those tools as well.

Microsoft has been release Edge browser when Windows 10 published (at 2015). But MS needs fast, secure and private browser more than another browsers. At this point MS released new Edge Chromium browser at 15 January 2020. You won’t be able to find how to deploy Edge Chromium using SCCM but you will be able to find how to manage Edge Chromium using SCCM in this article. So you should find a lot of articles when you search in Google.

Hint: Old Edge browser will be uninstall automatically when you install Edge Chromium.

We can manage Edge Chromium with registry settings. So I will give descriptions for all settings and registry values. at finally I will share how to manage and apply Edge Chromium setting using SCCM (MEM).

Let’s start!

Policy Name: Password manager enabled

You can see this setting is active by default. But I don’t want save password for clients. So we will make disable this setting.

Policy Name: Set the system default printer as the default printer

This setting defines default printer for Edge browser.

Policy Name: Action to take on startup

This setting determines Edge browser behaviour at startup. We have 3 options for this setting:

  • Start with a new tab.
  • Start with old open tabs.
  • Start with defined specific urls.

We will apply start with a new tab setting.

Policy Name: Configure the home page URL

Set homepage with this setting.

Policy Name: Sites to open when the browser starts

This setting determines first page when open start the Edge browser.

Policy Name: Configure the new tab page URL

This setting determines browser behaviour when click new tab. We will set blank page for new tab.

Policy Name: Show Home button on toolbar

If we want visible the homepage button we must apply this setting. If we don’t apply this setting our client will be decide visible or invisible the homepage button. We will make registy value data to 1 for visible homepage button.

Policy Name: Allow download restrictions

This setting determines browser behaviour when user download a file. If we set registry value data to 2, we can block potential dangerous download process.

Policy Name: Block third party cookies

Creating

When we visit the website this site interacts with other sites. (For example advertisment or news sites). Those sites leaves cookies to our clients computers. If we set registry value data to 1 we may not allow third part sites cookies.

Deploy Edge Chromium Sccm Task Sequence

Policy Name: Enable AutoFill for credit cards

Nowadays, we often experience theft of credit card information. So we have to deny save credit card informations to browsers. We will set value data to 0 (zero) for this setting.

Before apply this policy:

After apply this policy:

Policy Name: Set download directory

We can set download directory with this setting. If you want download directory as user’ download folders you should apply this registry setting.

Policy Name: Suggest similar pages when a webpage can’t be found

When we visit a website and if that site doesn’t work, Edge Chromium offers similiar web sites.

Policy Name: Default geolocation setting

Sccm

Some sites needs location info when we visit. We will set value data to 3 and than website asks location info to user.

Policy Name: Block extensions

Some extensions could be dangerous for enterprise companies. So we need block all extensions and we can deploy necessary extensions to client computers. (I will share how to deploy extension using SCCM in this article).

Important Note: Users could be installed some extensions. But those extensions can’t be use in that computers when we apply this setting.

Policy Name: Allow media autoplay for websites

Some websites uses auto-play option. We will set value data to 0 (zero) and we will disable this option.

Policy Name: Update policy override default

Does your Edge Chromium browser running with another application? (For example proxy application). If your answer is yes you should turn off automatic update.

Policy Name: Set Microsoft Edge as default browser

When open the Edge browser, Edge asks “would you like to set Microsoft Edge as your default browser? ” If you use another browser as default you can apply this setting for deny question pop-up.

Policy Name: Control where developer tools can be used

Developer mode is active by default. We can set value data to 2 and we will disable this option.

Before apply this policy:

After apply this policy:

Policy Name: Allow specific extensions to be installed

We talked about for block extensions. Now I share how to deploy extension using SCCM. You should see sample registry value at below.

Important Note 1: My suggestion you should apply these settings in test machine registry. When prepare these settings as SCCM configuration baseline you should connect that machine and take settings easily from test machine to configuration item.

Important Note 2: Edge Chromium extensions like that Google Chrome extensions. When we need an extension we can use this page. When open an extension page that page seems like this:

https://chrome.google.com/webstore/detail/test-feedback/gnldpbnocfnlkkicnaplmkaphfdnlplb?hl=en-US

At the same time this link gives extension id to us: gnldpbnocfnlkkicnaplmkaphfdnlplb

If you ready we can start make configuration item and configuration baseline for extension deployment.

Open Assets and Compliance Settings.

Click Configuration Item button and than click Create Configuration Item button.

Fill name box and select the platforms for apply this setting.

Leave blank Specify settings page. We will set later.

Leave blank Specify compliance page. We will set later.

You should read summary page and if it’s correct your configuration press Next button.

Progress will be completed and close this wizard with close button.

Go to properties Edge Chromium Settings. And than click settings tab and press New button.

We talked about test machine for Edge settings. And now we will connect to the test machine and take registry settings from this machine to SCCM.

Click Browse button for connection.

Enter the test machine mane and click connect button.

Go to registry path in test machine.

HKLMSOFTWAREPoliciesMicrosoftEdgeExtensionInstallAllowlist

Select registry value and click OK button.

When select registry setting, compliance rule creates automatically. Configuration baseline will check this registry value with that rule and than will give report to you for compliant / non-compliant.

But we’re working for client machine hasn’t this extension in this scneario. So we will create a new rule and create this registry value in client machines.

Click New button in Compliance Rule tab and press Create Rule button.

Define rule name as Cisco Webex Extension and write this value in the following values tab:

jlhmfgmfgeifomenelglieieghnjghma;https://clients2.google.com/service/update2/crx

An other important point, remediate noncompliant rules when supported and Report noncompliance if this setting instance is not found options must be select. If SCCM configuration baseline doesn’t find this registry in client computers, SCCM will use remediation option and create needed registry key.

Finally create a configuration baseline for this configuration item and deploy to necessary collection.

Note: You should apply all registry settings in this configuration item. I shared important and necessary settings for me. But you can find a lot of settings for Edge Chromium at the Microsoft link.

That’s all about Edge for now 🙂

On January 15th, 2020, Microsoft released the new Microsoft Edge browser based on the Chromium platform. I wrote a blog early January describing this change which can be found here.

There are few ways to manage the configuration of Edge settings to enforce security as well as control the updates to Edge. The two most common methods available to the legal community are via Group Policy or Microsoft Intune.

Sccm Creating Edge Download Invalid Location

Download the latest Administrative template files at https://www.microsoft.com/en-us/edge/business/download

Drop the ADMX and ADML files in the PolicyDefinition folder on a local PC for testing in your Central Store. If you are not using Central Store to manage your enterprise GPO Administrative templates, I highly recommend it. Here’s a link to help you create and manage a Central Store.

Launch the Group Policy Management MMC and create a new GPO specific to Edge Chromium management. Right-click and edit your new GPO, once the GPO templates are loaded, you will see the new Edge Chromium settings under Administrative Templates in the Computer Configuration as well as the User Configuration nodes. As you will see, Edge now supports Default settings where the users can override while also have mandatory settings (users can’t override). We recommend making changes in the Computer Configuration section.

Edge Chromium Sccm Deployment

Microsoft has also released security baselines recommendations for Edge last December. You can find the information and the baseline download here.

The download includes the baseline GPOs, spreadsheets outlining changes, HTML output of the GPO, and PowerShell scripts to import the GPOs into your AD or local PC. The screenshot below is an example of a few settings available to you.

If you have a legacy site that still relies on Internet Explorer, the new Edge browser comes with IE Mode. In Group Policy editor, go to the Computer Configuration > Administrative Templates > Microsoft Edge and find the setting Configure Internet Explorer integration. Configure the setting to Enabled and choose between Internet Explorer mode and Internet Explorer 11. The Internet Explorer mode will open the site in Edge in IE mode where Internet Explorer 11 option will open in the standalone Internet Explorer 11 window. We recommend Internet Explorer mode for the best user experience.

Now Configure the Enterprise Site list as described here to add the policy file that includes which sites need IE mode.

Uninstall Edge Chromium Sccm

You also have the option to Send all intranet sites to Internet Explorer by enabling that setting in the same location as the Configure Internet Explorer integration. Please don’t do this, the legal vertical needs to stop using Internet Explorer.

If you have embraced Intune for the MDM as well as managing Windows 10 through Intune only or with Co-Management with Configuration Management, you can configure Edge settings via Intune.

Edge chromium sccm software

Sign on to your Azure portal, select Intune and from the Intune blade, select Device Configuration, and then Profiles. Create a new Profile and choose Windows 10 as the Platform and Administrative Templates for Profile type.

Once it is created, filter the Edge settings by dropping down the All Products list box and changing it to Edge version 77 or later.

Configure the settings for your environment you would like, such as a home page URL, security settings, etc. Once done with the profile, apply to test devices and users for testing before deploying organization-wide.

The Edge baseline policies are also available in Intune. In the top-level Microsoft Intune page, select Device Security.

Select the Microsoft Edge Baseline option, and from the baseline page, you will have the option to create a new profile based on that baseline.

If you do not have Microsoft Intune, you can follow this link to configure with other MDM providers, if you are managing Windows 10 with that MDM provider.

Jay Parekh