question

Fulforce avatar image
0 Votes"
Fulforce asked YuZhou-MSFT commented

Microsoft Edge for Business ADMX template issue - ForceSync

Hi Microsoft,

The latest ADMX templates for Microsoft Edge for Business have an issue. Particularly the setting "ForceSync" that has the display name of "Force synchronization of browser data and do not show the sync consent prompt".

When checking the msedge.ADMX file in Notepad++ I can see that this setting should have two options available to configure. 0=Disabled and 1=Enabled. Extract from the file below:

 <policy class="Both" displayName="$(string.ForceSync)" explainText="$(string.ForceSync_Explain)" key="Software\Policies\Microsoft\Edge" name="ForceSync" presentation="$(presentation.ForceSync)" valueName="ForceSync"> 
   <parentCategory ref="microsoft_edge"/> 
   <supportedOn ref="SUPPORTED_WIN7_V86"/> 
   <enabledValue> 
     <decimal value="1"/> 
   </enabledValue> 
   <disabledValue> 
     <decimal value="0"/>

However, when you come to configure this policy in Group Policy Management Editor on a DC after uploading the latest ADMX templates, this pane is empty. The two options I'd expect to appear as radio buttons or a drop down menu. Neither of these appear so the policy is not actually configurable. Therefore, by default it disables this setting.

Screenshot below:
125087-image.png

I've waited for 2-3 ADMX template releases now hoping it'll get noticed and be fixed, but it has not. So I'd like to raise it here. Can this please be passed to the relevant team and resolved in the next ADMX template release for Edge? We would like to utilise this in our organisation.

The setting should be able to be Enabled and then configure 0 or 1 as to whether you'd like to enforce this setting or not.

Thanks.

Kind regards,

Joe


windows-serverwindows-group-policyms-edge
image.png (138.2 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Firedog avatar image
1 Vote"
Firedog answered YuZhou-MSFT commented


The setting should be able to be Enabled and then configure 0 or 1 as to whether you'd like to enforce this setting or not.

Apparently not. Not all GPOs are configured in the same way. It looks as if this one is 'self-configuring' - if the policy is enabled, the reg key value ForceSync acquires data 1, but if it's disabled, the data will be 0:

125030-image.png



image.png (22.7 KiB)
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Fulforce avatar image Fulforce ·

hat's interesting, not sure why I hadn't looked at it that way. I was used to others having the options. I had enabled the setting and it didn't enable it for me last I tried. It was definitely the winning GPO as I checked gpresult, in fact we don't set it with the usual GPO for everyone anyway.

I'll test this tomorrow when I'm logged back on my work laptop and check the result. Previously I had Sync enabled in my Edge, then applied the policy to me with the status Enabled and it actually disabled the setting. It remains set that way still now.

I'll make sure the latest ADMX are loaded up on the DC and try it out. Thanks for checking this, I appreciate your help and time.

0 Votes 0 ·
YuZhou-MSFT avatar image YuZhou-MSFT Fulforce ·

Hi @Fulforce

I agree with Firedog's answer. This group policy doesn't have options. If you don't configure this policy, users will be able to turn sync on or off. If you enable this policy, users will not be able to turn sync off.

Besides, from this doc:

For this policy to work as intended, BrowserSignin policy must not be configured, or must be set to enabled. If BrowserSignin is set to disabled, then ForceSync will not take affect.

SyncDisabled must not be configured or must be set to False. If this is set to True, ForceSync will not take affect.

You need to pay attention to see if you have configured the above policies which makes ForceSync not working.

Best Regards,
Yu Zhou

0 Votes 0 ·