On January 15th 2020, Microsoft released the first stable release of Microsoft Edge (version 79). Right now, a lot of IT and technology people are talking about Microsoft Edge. In a good way, which might be surprising to you if you haven’t kept across the more recent developments of Microsoft Edge. We’ll give a quick overview, then look at deploying the new Microsoft Edge.
This new version of Microsoft Edge is completely different to the version that’s been around for a while – and generally ignored. As that old version of Edge slowly rides off into the sunset, we instead get a product that so far in it’s beta and preview versions, has been generally regarded as a good browser.
It’s built on the same framework as Google Chrome – Chromium, has it’s own app store for addins but also supports Chrome addins, has proper enterprise support and features; it’s really a best mix of Internet Explorer, Edge and Chrome rolled into one solution. I’ve personally been using it for several months, and have ended up completely abandoning the Google Chrome browser in favour of it.
Deploying
If you’re looking to try this out yourself, then you can simply manually install it from Microsoft with versions for Windows 7 > 10, macOS, iOS and Android. This will replace the old Edge, and there’s options on installing to import data from other browsers such as IE, Edge and Chrome.
If you’re not in a rush, then it will eventually come out via Windows update in a staggered approach – worth being aware of for the home user that might be using the old Edge, as this won’t happen for Enterprise, Education, and Workstation Pro (not just Pro) editions of Windows.
For Enterprise, there’s a few more options available. Microsoft have a great set of documents called Plan your deployment of Microsoft Edge which is worth reading through, but the deployment options are:
- Deploy using System Center Configuration Manager by creating an application package
- Deploy via Intune by configuring the app, it’s information, settings, and adding the app you’ve configured
- Install via MSI like you would any other MSI
- Wait for it to eventually turn up as a Windows Update and approve (this hasn’t been confirmed if/when this will happen)
If you’re worried about the new Microsoft Edge getting out there before you’re ready, you can block it using the Blocker Toolkit, but again this will only be needed for Home or Pro editions of Windows, since Microsoft has no plans of automatically deploying it beyond this scope.
How to Configure
The other major factor of deploying Edge, is getting your policies set up. The ADM and ADMX policy files can be downloaded from Microsoft’s Edge Business page and added into your Group Policy or Intune setup.
Once in, you should definitely review Microsoft’s Security Baseline for Microsoft Edge version 79 which can be downloaded as part of the Microsoft Security Compliance Toolkit. In here you can either just import what Microsoft recommends, or review it line by line and make decisions for yourself. There’s only 11 settings recommended to configure, so it’s worth going through them 1 by 1 and setting them up. For reference, here’s the list, but please check on the official source as Microsoft could change these at any time:
Microsoft Edge\Extensions | Control which extensions cannot be installed | 1 = * |
Microsoft Edge\Content settings | Default Adobe Flash setting | Block the Adobe Flash plugin |
Microsoft Edge | Allow users to proceed from the HTTPS warning page | Disabled |
Microsoft Edge\Native Messaging | Allow user-level native messaging hosts (installed without admin permissions) | Disabled |
Microsoft Edge\Password manager and protection | Enable saving passwords to the password manager | Disabled |
Microsoft Edge | Enable site isolation for every site | Enabled |
Microsoft Edge\SmartScreen settings | Configure Microsoft Defender SmartScreen | Enabled |
Microsoft Edge\SmartScreen settings | Prevent bypassing Microsoft Defender SmartScreen prompts for sites | Enabled |
Microsoft Edge\SmartScreen settings | Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | Enabled |
Microsoft Edge\HTTP authentication | Supported authentication schemes | ntlm,negotiate |
Microsoft Edge | Minimum TLS version enabled | TLS 1.2 |
It’s worth noting that add-ins should be blocked by default, and whiteliste only the ones needed/requested after reviewing, and that user passwords won’t be saved in forms.
Lastly, if you do have sites that require Internet Explorer 11, you can achieve this with a few extra settings and an XML site list. I’ve previously blogged this separately, and the official Microsoft Documentation on how to set this up is here.
Final Thoughts
Now that the new Microsoft Edge has been properly released, you should spend some time checking it out – including on your mobile phone & tablet – as this release is looking like a great one.