Introduction
Unless you have been hiding under a rock lately, you should be aware that the new Microsoft Edge browser happened and was released in the first stable release on January 15.
All very exciting and delicious, and we who have been testing with Dev and Beta versions across our enterprises, have been waiting eagerly to be able to offer the one browser to rule them all (hopefully).
So this is a little something on how I have chosen to deploy, configure and set the new Microsoft Edge as default browser, using a combination of both Microsoft Intune and Configuration Manager.
Deployment with ConfigMgr
Starting with Configuration Manager version 1910, you can leverage a built-in feature to create and deploy Microsoft Edge as an application.
Prior to 1910, you would simply create the application or package/program manually and deploy that.
For good measures, here’s a peek at the new feature within 1910 which doesn’t require much introduction and is self-explanatory:
However, I chose not to fully go with this new feature, as I’m not a fan of the deployment type being based on a Powershell script. I did use the feature to easily download the binaries and create the application, but I created 2 new deployment types based on the .MSI instead.
The native Powershell script disables auto updating within the registry, and I don’t want to mix management of settings with the actual deployment. Do whatever you prefer in this scenario. 🙂
Again, for your convenience, here’s a few snippets of the new deployment types as well as the new installation/uninstallation programs. Also notice I offer repairing of the installation for the available deployment:
Dependencies
I’m touching base with the details on this later on (Powershell script explained), but as an dependency to the actual installation, I’m modifying the default associations configuration file (.XML file)Â to now configure the new Microsoft Edge as the default browser.
Configuration with Intune
I have chosen to do all the configuration of the actual browser using Microsoft Intune. I do this because I try to steer away from using Group Policy and all my devices are hybrid joined and co-managed.
- Log into the Microsoft Endpoint Manager admin center
- Locate Devices and Configuration profiles as shown below:
- Simply create a new Configuration Profile similar to below:
- And find all the available settings for Microsoft Edge in the settings menu and in the category drop down as shown below:
There are currently 17 pages of settings when browsing them in Microsoft Intune. That’s quite the amount of settings, and obviously not all apply to all environments. This is a snippet of those I’m currently managing:
Internet Explorer Mode
Out of all the settings available, the most noteworthy I believe is Internet Explorer Mode.
We deploy the new Microsoft Edge with the intention of replacing the need to launch any other browser. That includes Internet Explorer, and a great beginning on that journey is to enable IE mode for those pesky legacy sites.
If going to edge://compat/iediagnostic you will be able to verify and see how IE mode currently is configured.
Update 30 January 2020: Below obstacle has since been resolved with an Windows Update, now only requiring the Edge policy in order to work. 🙂
Important: In my environment, I had to configure BOTH the IE policy and the Edge policy for the Enterprise Mode site list. If I didn’t do so, my Internet Explorer mode was listed with the number 4 and things started to not work as intended.
According to how I interpret the docs, the number should return 7 and not anything else. Also according to docs, configuring the Enterprise Mode site list for Edge should override the settings coming from the IE policy.
More info:
- https://docs.microsoft.com/en-us/deployedge/edge-ie-mode#to-configure-the-configure-the-enterprise-mode-site-list-policy
- https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode#enterprise-mode-and-the-enterprise-mode-site-list-xml-file
Default Associations File
As mentioned earlier, the default browser in my environment is managed through the default associations configuration file.
This is something that both can be managed via Intune and the Policy CSP, as well as Group Policy if domain joined.
Group Policy (which I currently use):
Setting the default browser to Microsoft Edge is done by replacing/adding the following identifiers to the .XML file:
- .htm
- .html
- http
- https
<Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier=".html"/> <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier=".htm"/> <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier="http"/> <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier="https"/>
I’m modifying my existing .XML file using following Powershell script.
The script does following in headlines:
- Loads the function to modify the xml app association file
- Get location and content of the specified xml file
- Modifies the xml based on input as parameters
- Writes to registry to use as detection methods in ConfigMgr
param ( [Parameter(Mandatory = $true)] [string] $Path, [Parameter(Mandatory = $true)] [string] $Extension, [Parameter(Mandatory = $true)] [string] $ProgId, [Parameter(Mandatory = $true)] [string] $AppName ) function ProcExt ([string]$fExtension, [string]$fProgId, [string]$fAppName) { $xmlNode = $appAssocXml.DefaultAssociations.Association | Where-Object Identifier -eq $fExtension $newNode = $appAssocXml.CreateElement("Association") $attrIdentifier = $appAssocXml.CreateAttribute("Identifier") $attrIdentifier.Value = "$($fExtension)" $attrProgId = $appAssocXml.CreateAttribute("ProgId") $attrProgId.Value = "$($fProgId)" $attrAppName = $appAssocXml.CreateAttribute("ApplicationName") $attrAppName.Value = "$($fAppName)" $newNode.Attributes.Append($attrIdentifier) $newNode.Attributes.Append($attrProgId) $newNode.Attributes.Append($attrAppName) if (-NOT([string]::IsNullOrEmpty($xmlNode))) { $currentApp = $xmlNode.ApplicationName Write-Verbose -Verbose "Extension is currently assigned to $($currentApp). Overwriting." $rootNode.ReplaceChild($newNode, $xmlNode) $appAssocXml.Save($Path) } else { Write-Verbose -Verbose "Extension is currently not assigned to an application. Adding new." $rootNode.AppendChild($newNode) $appAssocXml.Save($Path) } } $Company = "imab.dk" $Path = (Get-Item $Path).FullName $appAssocXml = [xml](Get-Content $Path) $rootNode = $appAssocXml.SelectSingleNode("DefaultAssociations") $extensions = "$($Extension)," $arrExtensions = $extensions.Split(",", [System.StringSplitOptions]::RemoveEmptyEntries) foreach ($item in $arrExtensions) { ProcExt $item.ToLower() $ProgId $AppName } if ($AppName -eq "Microsoft Edge Dev") { Write-Verbose -Verbose "$AppName SELECTED" $RegistryPath = "HKLM:\Software\$Company" if (-NOT(Test-Path -Path $RegistryPath)) { New-Item -Path $RegistryPath –Force } New-ItemProperty -Path $RegistryPath -Name DefaultBrowser -Value $AppName -PropertyType STRING -Force } if ($AppName -eq "Microsoft Edge Beta") { Write-Verbose -Verbose "$AppName SELECTED" $RegistryPath = "HKLM:\Software\$Company" if (-NOT(Test-Path -Path $RegistryPath)) { New-Item -Path $RegistryPath –Force } New-ItemProperty -Path $RegistryPath -Name DefaultBrowser -Value $AppName -PropertyType STRING -Force } if ($AppName -eq "Microsoft Edge") { Write-Verbose -Verbose "$AppName SELECTED" $RegistryPath = "HKLM:\Software\$Company" if (-NOT(Test-Path -Path $RegistryPath)) { New-Item -Path $RegistryPath –Force } New-ItemProperty -Path $RegistryPath -Name DefaultBrowser -Value $AppName -PropertyType STRING -Force }
Using the script with ConfigMgr
Using the script with Configuration Manager is straight forward. Create an application with a script deployment type and with following installation program:
- powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File .\Switch-DefaultBrowser.ps1 -Path C:\Windows\AppAssoc.xml -Extension “.htm,.html,http,https” -ProgId “MSEdgeHTM” -AppName “Microsoft Edge”
Use the registry tattooing as detection methods like so:
Software Center
Making an option to switch the default browser to all the various channels of Microsoft Edge through the Software Center can look like below illustration:
Security Baseline
Microsoft Intune also offers a preview Security Baseline for Microsoft Edge. I suggest you have a peek as this too while at it.
It currently only contains a handful of settings, but some of them is highly recommended, while others are not depending on your environment.
Legacy Edge
If you intend to keep the legacy Edge browser, you can do so by adding following registry entry PRIOR to installing the new Microsoft Edge.
More information
- https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/export-or-import-default-application-associations
- https://docs.microsoft.com/en-us/archive/blogs/windowsinternals/windows-10-how-to-configure-file-associations-for-it-pros
- https://docs.microsoft.com/en-us/deployedge/edge-ie-mode
ENJOY 🙂
Great work! Thank you very much!
Ey thanks! Looks like I’m doing for the same reasons for example avoiding gpo so I’m all intune only. One question is how to deploy without desktop icon. I read through this but didn’t see anything about it. It should be some kind of penalty to keep using the desktop as some kind of default container for icons 😉 //Claudio Torres
Right, the desktop icon. You could simply wrap the installation into your own installer and delete the icon post installation. 🙂
Hi Claudio,
I had the same issue and recently.
I did however find a solution, I hope (at least I haven’t seen the shortcut appearing since then).
If you open up the .msi-file in Orca and go to “Property” table, you should be able to find the property “DONOTCREATEDESKTOPSHORTCUT”. If you put that into a command line and set it true (do not create shortcut = true) the shortcut should not appear.
Br, Anders
Anders is correct. The Edge dev team listened and added several options in which you can prevent the desktop icon appearing. One is directly with the installer (msiexec.exe /i “MicrosoftEdgeEnterpriseX64.msi” DONOTCREATEDESKTOPSHORTCUT=true /quiet /norestart), another with GPO.
FYI, I just checked the same table in Google’s .msi-file, and no property named DONOTCREATEDESKTOPSHORTCUT.
So im trying to get New Edge to install as part of SCCM Task Sequence (OS install).
But once it complete the old Edge icon remains pins to Taskbar (it opens new edge, but old icon remains).
Any ideas how can i get the icon to update/refresh in taskbar ?
In start menu and every other place the icon got replaced on its own.
Hello, the only thing I can think of, is if the january CU’s for Windows 10 haven’t been applied. Those are required in order for the new Edge to be able to take precedence.
Hello Martin,
What I am trying to do is somewhat associated with what you have explained. Basically we are in an Active Directory domain and my company has a legacy on-prem ERP database program that depends on IE. It will not run on any other browser including Edge. We are currently in the process of converting this to a web based solution but don’t see it going live until the 1st quarter of 2023. What I need to do under Microsoft Edge Settings>Default browser is set “Let Internet Explorer open sites in Microsoft Edge” to never. And under “Allow sites to be reloaded in Internet Explorer mode” to “Don’t Allow” so that every time one of my users attempts to open the ERP database is doesn’t get diverted to Edge and fail. But I can’t find a script or program that I can use along with GPO to push this out. Do you have any suggestions or ideas? Thanks!