Edge Chromium Settings with SCCM (MECM)

Microsoft has been release Edge browser when Windows 10 published (at 2015). But MS needs fast, secure and private browser more than another browsers. At this point MS released new Edge Chromium browser at 15 January 2020. You won’t be able to find how to deploy Edge Chromium using SCCM but you will be able to find how to manage Edge Chromium using SCCM in this article. So you should find a lot of articles when you search in Google.

Hint: Old Edge browser will be uninstall automatically when you install Edge Chromium.

We can manage Edge Chromium with registry settings. So I will give descriptions for all settings and registry values. at finally I will share how to manage and apply Edge Chromium setting using SCCM (MEM).

Let’s start!

Policy Name: Password manager enabled

You can see this setting is active by default. But I don’t want save password for clients. So we will make disable this setting.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	PasswordManagerEnabled	REG_DWORD	0

Policy Name: Set the system default printer as the default printer

This setting defines default printer for Edge browser.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	PrintPreviewUseSystemDefaultPrinter	REG_DWORD	1

Policy Name: Action to take on startup

This setting determines Edge browser behaviour at startup. We have 3 options for this setting:

• Start with a new tab.
• Start with old open tabs.
• Start with defined specific urls.

We will apply start with a new tab setting.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	RestoreOnStartup	REG_DWORD	5

Policy Name: Configure the home page URL

Set homepage with this setting.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	HomepageLocation	REG_SZ	https://google.com

Policy Name: Sites to open when the browser starts

This setting determines first page when open start the Edge browser.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLS	1	REG_SZ	https://www.microsoft.com

Policy Name: Configure the new tab page URL

This setting determines browser behaviour when click new tab. We will set blank page for new tab.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	NewTabPageLocation	REG_SZ	about:blank

Policy Name: Show Home button on toolbar

If we want visible the homepage button we must apply this setting. If we don’t apply this setting our client will be decide visible or invisible the homepage button. We will make registy value data to 1 for visible homepage button.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	ShowHomeButton	REG_DWORD	1

Policy Name: Allow download restrictions

This setting determines browser behaviour when user download a file. If we set registry value data to 2, we can block potential dangerous download process.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	DownloadRestrictions	REG_DWORD	2

Policy Name: Block third party cookies

When we visit the website this site interacts with other sites. (For example advertisment or news sites). Those sites leaves cookies to our clients computers. If we set registry value data to 1 we may not allow third part sites cookies.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	BlockThirdPartyCookies	REG_DWORD	1

Policy Name: Enable AutoFill for credit cards

Nowadays, we often experience theft of credit card information. So we have to deny save credit card informations to browsers. We will set value data to 0 (zero) for this setting.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	AutofillCreditCardEnabled	REG_DWORD	0

Before apply this policy:

After apply this policy:

Policy Name: Set download directory

We can set download directory with this setting. If you want download directory as user’ download folders you should apply this registry setting.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	DownloadDirectory	REG_SZ	Windows: C:\Users\${user_name}\Downloads

Policy Name: Suggest similar pages when a webpage can’t be found

When we visit a website and if that site doesn’t work, Edge Chromium offers similiar web sites.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	AlternateErrorPagesEnabled	REG_DWORD	1

Policy Name: Default geolocation setting

Some sites needs location info when we visit. We will set value data to 3 and than website asks location info to user.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	DefaultGeolocationSetting	REG_DWORD	3

Policy Name: Block extensions

Some extensions could be dangerous for enterprise companies. So we need block all extensions and we can deploy necessary extensions to client computers. (I will share how to deploy extension using SCCM in this article).

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist	Block extensions	REG_SZ	*

Important Note: Users could be installed some extensions. But those extensions can’t be use in that computers when we apply this setting.

Policy Name: Allow media autoplay for websites

Some websites uses auto-play option. We will set value data to 0 (zero) and we will disable this option.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	AutoplayAllowed	REG_DWORD	0

Policy Name: Update policy override default

Does your Edge Chromium browser running with another application? (For example proxy application). If your answer is yes you should turn off automatic update.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate	UpdateDefault	REG_DWORD	0

Policy Name: Set Microsoft Edge as default browser

When open the Edge browser, Edge asks “would you like to set Microsoft Edge as your default browser? ” If you use another browser as default you can apply this setting for deny question pop-up.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	DefaultBrowserSettingEnabled	REG_DWORD	0

Policy Name: Control where developer tools can be used

Developer mode is active by default. We can set value data to 2 and we will disable this option.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge	DeveloperToolsAvailability	REG_DWORD	2

Before apply this policy:

After apply this policy:

Policy Name: Allow specific extensions to be installed

We talked about for block extensions. Now I share how to deploy extension using SCCM. You should see sample registry value at below.

Registry Path	Registry Value	Registry Type	Value Data
HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist	1	REG_SZ	jlhmfgmfgeifomenelglieieghnjghma;https://clients2.google.com/service/update2/crx

Important Note 1: My suggestion you should apply these settings in test machine registry. When prepare these settings as SCCM configuration baseline you should connect that machine and take settings easily from test machine to configuration item.

Important Note 2: Edge Chromium extensions like that Google Chrome extensions. When we need an extension we can use this page. When open an extension page that page seems like this:

https://chrome.google.com/webstore/detail/test-feedback/gnldpbnocfnlkkicnaplmkaphfdnlplb?hl=en-US

At the same time this link gives extension id to us: gnldpbnocfnlkkicnaplmkaphfdnlplb

If you ready we can start make configuration item and configuration baseline for extension deployment.

Open Assets and Compliance Settings.

Click Configuration Item button and than click Create Configuration Item button.

Fill name box and select the platforms for apply this setting.

Leave blank Specify settings page. We will set later.

Leave blank Specify compliance page. We will set later.

You should read summary page and if it’s correct your configuration press Next button.

Progress will be completed and close this wizard with close button.

Go to properties Edge Chromium Settings. And than click settings tab and press New button.

We talked about test machine for Edge settings. And now we will connect to the test machine and take registry settings from this machine to SCCM.

Click Browse button for connection.

Enter the test machine mane and click connect button.

Go to registry path in test machine.

HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist

Select registry value and click OK button.

When select registry setting, compliance rule creates automatically. Configuration baseline will check this registry value with that rule and than will give report to you for compliant / non-compliant.

But we’re working for client machine hasn’t this extension in this scneario. So we will create a new rule and create this registry value in client machines.

Click New button in Compliance Rule tab and press Create Rule button.

Define rule name as Cisco Webex Extension and write this value in the following values tab:

jlhmfgmfgeifomenelglieieghnjghma;https://clients2.google.com/service/update2/crx

An other important point, remediate noncompliant rules when supported and Report noncompliance if this setting instance is not found options must be select. If SCCM configuration baseline doesn’t find this registry in client computers, SCCM will use remediation option and create needed registry key.

Finally create a configuration baseline for this configuration item and deploy to necessary collection.

Note: You should apply all registry settings in this configuration item. I shared important and necessary settings for me. But you can find a lot of settings for Edge Chromium at the Microsoft link.

That’s all about Edge for now 🙂