Configuring Microsoft Edge and ‘Always allow to open links of this type in the associated app’ using Microsoft Endpoint Manager

Introduction

This is just a really quick post, describing how you configure Microsoft Edge to always – and without prompting the user – open certain links in their associated application.

This might seem like an odd and out of the ordinary post, but I needed this myself, and failed to find the relevant details described properly anywhere.

The mentioned prompt is something that’s generated when opening links to Teams meetings, or when trying to open Office documents in their respective desktop application.

Prompts which in most cases are irrelevant to the end-users, and by eliminating those, the user-experience is improved by a little. TL:DR down below.

Microsoft Endpoint Manager

I must admit, initially I was on my way using Process Monitor so see if I could locate where this setting was stored, but then I stumbled upon this policy: https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#autolaunchprotocolsfromorigins

This is a policy that was introduced with Edge version 85 sometime last year and is available via Administrative Templates in Microsoft Endpoint Manager (and Group Policy as well if you’re not managing Edge via Intune just yet).

Now, looking at this and reading through the description, I must admit, I too was thinking to myself; that looks overly complicated for something that seem so simple.

Have no fear though, I will give you the results of making this prompt go away for when opening links using Teams and the rest of the apps in Microsoft 365 Apps for Enterprise (also known as Office).

For good measures, some screenshots of the policy in question below:

AutoLaunchProtocolsFromOrigins

Looking at the given example, and then at the input field, made me wonder: How does this even work? What do I type in this field?

The documentation of the policy does wonders in confusing the regular admin, and sends you to this page in the docs: Filter format for Microsoft Edge URL policies | Microsoft Docs

This page is supposed to tell you, how to format the list of protocols allowed to open in Edge without prompting the user. Everything while assuming you know the protocols to use already.

TL:DR

Take this:

[{"allowed_origins": ["*"], "protocol": "onenote"}, {"allowed_origins": ["*"], "protocol": "msteams"} , {"allowed_origins": ["*"], "protocol": "ms-word"} , {"allowed_origins": ["*"], "protocol": "ms-powerpoint"} , {"allowed_origins": ["*"], "protocol": "ms-excel"}]

Input here:

This will allow every origin (coming from any web page), to open links in the associated application, which in this case is: Teams, OneNote, Word, Powerpoint and Excel, without prompting the user.

OBS: If this is a security concern to you, due to whatever reason, you can limit this to only work when coming from specific origins (say your own M365 tenant). Replace the wildcard (*) with URL’s which you consider safe.

The policy, once applied to your device, will result in below registry entry:

As well as this entry when browsing edge://policy:

ENJOY 🙂

15 thoughts on “Configuring Microsoft Edge and ‘Always allow to open links of this type in the associated app’ using Microsoft Endpoint Manager”

  1. Great post saved me a ton of time and our staff will be happier using Teams and Zoom.
    For anyone wondering, the protocol for Zoom is zoommtg.

    Thanks,
    Samuel

    Reply
  2. Great post, had a lot of questions regarding this from customers and never had any clue about this policy 🙁
    When you say “your M365 tenant” can you clarify the syntax or point to the docs ?
    My guess would be to use [{“allowed_origins”: [“*.tenant.onmicrosoft.com”] or [{“allowed_origins”: [“verified_domain_fqdn”]

    thanks

    Reply
  3. Hey Martin – I dont’ suppose you have found a way of applying this for softwarecenter: protocol?

    Our company has been using application catalog for a while now and we use the url in our helpdesk portal so users can easily access it. As I’m about to upgrade to 2107 application catalog must now be fully uninstalled however i am noticing edge continues to prompt when trying to open softwarecenter: protocol.

    disabling the prompt all together is not something i want to do as there is a significant security risk there – but as softwarecenter: doesn’t have an origin like microsoft.com im not sure how to actually make this work.

    any ideas would be appreciated 🙂

    Reply
  4. Amazing! Finally someone explained something about that policy.
    How about other websites? How do I know which protocol is being used?

    Reply
  5. Is there a “how to” when looking for protocols or a powershell script that would help? I am looking for GlobalProtect, but can’t find at all.

    Reply
    • Did you ever find the settings needed for GlobalProtect? I see the protocol for globalprotectcallback but I still get the popups when I use that one.

      Reply
    • I know i’m years late – however for people looking for the answer as I was, this is answer.

      [{“allowed_origins”: [“*”], “protocol”: “GlobalProtectCallback”}]

      Reply
      • Thank you very much shredwerd!

        But we had to write the text in small letters to make it work!

        [{“allowed_origins”: [“*”], “protocol”: “globalprotectcallback”}]

        Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.