Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge

Applies to: Windows 10, Windows 10 Mobile

Set up a policy setting once and then copy that setting onto many computers.

Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.

By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that is linked to a domain, and then apply all of those settings to every computer in the domain.

Note

For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, Group Policy and the Group Policy Management Console (GPMC), Group Policy and the Local Group Policy Editor, Group Policy and the Advanced Group Policy Management (AGPM), and Group Policy and Windows PowerShell.

You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:

      Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\

Allow a shared books folder

Supported versions: Microsoft Edge on Windows 10, version 1803
Default setting: Disabled or not configured (Not allowed)

Microsoft Edge does not use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the Allow a Windows app to share application data between users group policy. Also, the users must be signed in with a school or work account.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Prevented/not allowed, but Microsoft Edge downloads book files to a per-user folder for each user. Most restricted value
Enabled 1 1 Allowed. Microsoft Edge downloads book files to a shared folder. For this policy to work correctly, you must also enable the Allow a Windows app to share application data between users group policy. Also, the users must be signed in with a school or work account.

Allow a shared books folder

ADMX info and settings

ADMX info

  • GP English name: Allow a shared Books folder
  • GP name: UseSharedFolderForBooks
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/UseSharedFolderForBooks
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/UseSharedFolderForBooks
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\BooksLibrary
  • Value name: UseSharedFolderForBooks
  • Value type: REG_DWORD

Allow a Windows app to share application data between users: With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data is shared through the SharedLocal folder, which is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.


Allow Address bar drop-down list suggestions

Supported versions: Microsoft Edge on Windows 10, version 1703 or later
Default setting: Enabled or not configured (Allowed)

Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the Configure search suggestions in Address bar policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the Show search and site suggestions as I type toggle in Settings.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed. Hide the Address bar drop-down functionality and disable the Show search and site suggestions as I type toggle in Settings. Most restricted value
Enabled or not configured (default) 1 1 Allowed. Show the Address bar drop-down list and make it available.

ADMX info and settings

ADMX info

  • GP English name: Allow Address bar drop-down list suggestions
  • GP name: AllowAddressBarDropdown
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowAddressBarDropdown
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\ServiceUI
  • Value name: ShowOneBox
  • Value type: REG_DWORD

Configure search suggestions in Address bar: By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. With this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.


Allow Adobe Flash

Supported versions: Microsoft Edge on Windows 10
Default setting: Enabled or not configured (Allowed)

Adobe Flash is integrated with Microsoft Edge and runs Adobe Flash content by default. With this policy, you can configure Microsoft Edge to prevent Adobe Flash content from running.

Supported values

Group Policy MDM Registry Description
Disabled 0 0 Prevented/not allowed
Enabled (default) 1 1 Allowed

ADMX info and settings

ADMX info

  • GP English name: Allow Adobe Flash
  • GP name: AllowFlash
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowFlash
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Addons
  • Value name: FlashPlayerEnabled
  • Value type: REG_DWORD

Allow clearing browsing data on exit

Supported versions: Microsoft Edge on Windows 10, version 1703 or later
Default setting: Disabled or not configured (Prevented/not allowed)

Microsoft Edge does not clear the browsing data on exit by default, but users can configure the Clear browsing data option in Settings. Browsing data includes information you entered in forms, passwords, and even the websites visited. With this policy, you can configure Microsoft Edge to clear the browsing data automatically each time Microsoft Edge closes.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured (default) 0 0 Prevented/not allowed. Users can configure the Clear browsing data option in Settings.
Enabled 1 1 Allowed. Clear the browsing data upon exit automatically. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Allow clearing browsing data on exit
  • GP name: AllowClearingBrowsingDataOnExit
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/ClearBrowsingDataOnExit
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit
  • Data type: Integer

Registry

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Privacy
  • Value name: ClearBrowsingHistoryOnExit
  • Value type: REG_DWORD

Allow configuration updates for the Books Library

Supported versions: Microsoft Edge on Windows 10, version 1802 or later
Default setting: Enabled or not configured (Allowed)

Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed. Most restricted value
Enabled or not configured
(default)
1 1 Allowed. Microsoft Edge updates the configuration data for the Books Library automatically.

ADMX info and settings

ADMX info

  • GP English name: Allow configuration updates for the Books Library
  • GP name: AllowConfigurationUpdateForBooksLibrary
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowConfigurationUpdateForBooksLibrary
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowConfigurationUpdateForBooksLibrary
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\BooksLibrary
  • Value name: AllowConfigurationUpdateForBooksLibrary
  • Value type: REG_DWORD

Manage connections from Windows operating system components to Microsoft services


Allow Cortana

Supported versions: Microsoft Edge on Windows 10
Default setting: Enabled (Allowed)

Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed. Users can still search to find items on their device. Most restricted value
Enabled
(default)
1 1 Allowed.

ADMX info and settings

ADMX info

  • GP English name: Allow Cortana
  • GP name: AllowCortana
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Experience/AllowCortana
  • Supported devices: Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Experience/AllowCortana
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\Windows\Windows Search
  • Value name: AllowCortana
  • Value type: REG_DWORD

Allow Developer Tools

Supported versions: Microsoft Edge on Windows 10, version 1511 or later
Default setting: Enabled (Allowed)

Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed Most restricted value
Enabled 1 1 Allowed

ADMX info and settings

ADMX info

  • GP English name: Allow Developer Tools
  • GP name: AllowDeveloperTools
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowDeveloperTools
  • Supported devices: Desktop
  • URI full Path: ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\F12
  • Value name: AllowDeveloperTools
  • Value type: REG_DWORD

Allow extended telemetry for the Books tab

Supported versions: Microsoft Edge on Windows 10, version 1802 or later
Default setting: Disabled or not configured (Gather and send only basic diagnostic data)

By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Microsofot gathers only basic diagnostic data. Most restricted value
Enabled 1 1 Microsoft gathers all diagnostic data. For this policy to work correctly, you must set the diagnostic data in Settings > Diagnostics & feedback to Full.

ADMX info and settings

ADMX info

  • GP English name: Allow extended telemetry for the Books tab
  • GP name: EnableExtendedBooksTelemetry
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/EnableExtendedBooksTelemetry
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/EnableExtendedBooksTelemetry
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\BooksLibrary
  • Value name: EnableExtendedBooksTelemetry
  • Value type: REG_DWORD

Allow Extensions

Supported versions: Microsoft Edge on Windows 10, version 1607 or later
Default setting: Enabled or not configured (Allowed)

Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.

Supported values

Group Policy MDM Registry Description
Disabled 0 0 Prevented/not allowed
Enabled or not configured
(default)
1 1 Allowed

ADMX info and settings

ADMX info

  • GP English name: Allow Extensions
  • GP name: AllowExtensions
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowExtensions
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
  • Value name: ExtensionsEnabled
  • Value type: REG_DWORD

Microsoft browser extension policy: This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered unsupported.


Allow InPrivate browsing

Supported versions: Microsoft Edge on Windows 10, version 1511 or later
Default setting: Enabled or not configured (Allowed)

By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed Most restricted value
Enabled or not configured
(default)
1 1 Allowed

ADMX info and settings

ADMX info

  • GP English name: Allow InPrivate browsing
  • GP name: AllowInPrivate
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowInPrivate
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: AllowInPrivate
  • Value type: REG_DWORD

Allow Microsoft Compatibility List

Supported versions: Microsoft Edge on Windows 10, version 1607 or later
Default setting: Enabled or not configured (Allowed)

During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed Most restricted value
Enabled or not configured
(default)
1 1 Allowed

ADMX info and settings

ADMX info

  • GP English name: Allow Microsoft Compatibility List
  • GP name: AllowCVList
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowMicrosoftCompatibilityList
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\BrowserEmulation
  • Value name: MSCompatibilityMode
  • Value type: REG_DWORD

Allow search engine customization

Supported versions: Microsoft Edge on Windows 10, version 1703 or later
Default setting: Enabled or not configured (Allowed)

By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed Most restricted value
Enabled or not configured
(default)
1 1 Allowed

Configuration options

For more details about configuring the search engine, see Search engine customization.

ADMX info and settings

ADMX info
  • GP English name: Allow search engine customization
  • GP name: AllowSearchEngineCustomization
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowSearchEngineCustomization
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Protected
  • Value name: AllowSearchEngineCustomization
  • Value type: REG_DWORD
  • Set default search engine: By default, Microsoft Edge uses the default search engine specified in App settings. In this case, users can make changes to the default search engine at any time unless the Allow search engine customization policy is disabled, which restricts users from making any changes. Disabling this policy removes the policy-set search engine and uses the Microsoft Edge specified engine for the market. Enabling this policy uses the policy-set search engine specified in the OpenSearch XML file, prevent users from changing the default search engine.

  • Configure additional search engines: By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. With this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.

  • Manage connections from Windows operating system components to Microsoft services: Learn about the network connections from Windows to Microsoft services. Also, learn about the privacy settings that affect the data shared with either Microsoft or apps and how to manage them in an enterprise. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment.

  • Search provider discovery: Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.


Allow web content on New Tab page

Supported versions: Microsoft Edge on Windows 10
Default setting: Enabled (Default New tab page loads)

By default, Microsoft Edge loads the default New tab page. Disabling this policy loads a blank page instead of the New tab page and prevents users from changing it. Not configuring this policy lets users choose what loads on the New tab page.

Supported values

Group Policy MDM Registry Description
Not configured Blank Blank Users can choose what loads on the New tab page.
Disabled 0 0 Load a blank page instead of the default New tab page and prevent users from changing it.
Enabled (default) 1 1 Load the default New tab page.

ADMX info and settings

ADMX info

  • GP English name: Allow web content on New Tab page
  • GP name: AllowWebContentOnNewTabPage
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowWebContentOnNewTabPage
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowWebContentOnNewTabPage
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\ServiceUI
  • Value name: AllowWebContentOnNewTabPage
  • Value type: REG_DWORD

Always show the Books Library in Microsoft Edge

Supported versions: Microsoft Edge on Windows 10, version 1709 or later
Default setting: Disabled or not configured

Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Show the Books Library only in countries or regions where supported. Most restricted value
Enabled 1 1 Show the Books Library, regardless of the device’s country or region.

ADMX info and settings

ADMX info

  • GP English name: Always show the Books Library in Microsoft Edge
  • GP name: AlwaysEnableBooksLibrary
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AlwaysEnableBooksLibrary
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: AlwaysEnableBooksLibrary
  • Value type: REG_DWORD

Configure additional search engines

Supported versions: Microsoft Edge on Windows 10, version 1703 or later
Default setting: Disabled or not configured (Prevented/not allowed)

By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. With this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Prevented/not allowed. Microsoft Edge uses the search engine specified in App settings.

If you enabled this policy and now want to disable it, disabling removes all previously configured search engines.

Most restricted value
Enabled 1 1 Allowed. Add up to five additional search engines and set any one of them as the default.

For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see Search provider discovery.


Configuration options

For more details about configuring the search engine, see Search engine customization.

ADMX info and settings

ADMX info

  • GP English name: Configure additional search engines
  • GP name: ConfigureAdditionalSearchEngines
  • GP element: ConfigureAdditionalSearchEngines_Prompt
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/ConfigureAdditionalSearchEngines
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\OpenSearch
  • Value name: ConfigureAdditionalSearchEngines
  • Value type: REG_SZ
  • Set default search engine: By default, Microsoft Edge uses the default search engine specified in App settings. In this case, users can make changes to the default search engine at any time unless the Allow search engine customization policy is disabled, which restricts users from making any changes. Disabling this policy removes the policy-set search engine and uses the Microsoft Edge specified engine for the market. Enabling this policy uses the policy-set search engine specified in the OpenSearch XML file, prevent users from changing the default search engine.

  • Allow search engine customization: By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge.

  • Microsoft browser extension policy: This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered unsupported.

  • Search provider discovery: Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites.


Configure Autofill

Supported versions: Microsoft Edge on Windows 10
Default setting: Not configured

By default, users can choose to use the Autofill feature to automatically populate the form fields. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.

Supported values

Group Policy MDM Registry Description Most restricted
Not configured
(default)
Blank Blank Users can choose to use AutoFill.
Disabled 0 no Prevented. Most restricted value
Enabled 1 yes Allowed.

ADMX info and settings

ADMX info

  • GP English name: Configure Autofill
  • GP name: AllowAutofill
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowAutofill
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: Use FormSuggest
  • Value type: REG_SZ

Configure cookies

Supported versions: Microsoft Edge on Windows 10
Default setting: Disabled or not configured (Allow all cookies from all sites)

Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies.

Supported values

Group Policy MDM Registry Description Most restricted
Enabled 0 0 Block all cookies from all sites Most restricted value
Enabled 1 1 Block only coddies from third party websites
Disabled or not configured
(default)
2 2 Allow all cookies from all sites

ADMX info and settings

ADMX info

  • GP English name: Configure cookies
  • GP name: Cookies
  • GP element: CookiesListBox
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowCookies
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowCookies
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: Cookies
  • Value type: REG_DWORD

Configure Do Not Track

Supported versions: Microsoft Edge on Windows 10
Default setting: Not configured (Do not send tracking information)

Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.

Supported values

Group Policy MDM Registry Description Most restricted
Not configured
(default)
Blank Blank Do not send tracking information but let users choose to send tracking information to sites they visit.
Disabled 1 1 Never send tracking information.
Enabled 1 1 Send tracking information. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Configure Do Not Track
  • GP name: AllowDoNotTrack
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowDoNotTrack
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: DoNotTrack
  • Value type: REG_DWORD

Configure Favorites

Use the Provision Favorites policy in place of Configure Favorites.


Configure Password Manager

Supported versions: Microsoft Edge on Windows 10
Default setting: Enabled (Allowed/users can change the setting)

By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager.

Supported values

Group Policy MDM Registry Description Most restricted
Not configured Blank Blank Users can choose to save and manage passwords locally.
Disabled 0 no Not allowed. Most restricted value
Enabled
(default)
1 yes Allowed.

Verify not allowed/disabled settings:

  1. In the upper-right corner of Microsoft Edge or Microsoft Edge for Windows 10 Mobile, click or tap ellipses (…).
  2. Click Settings and select View Advanced settings.
  3. Verify the settings Save Password is toggled off or on and is greyed out.

ADMX info and settings

ADMX info

  • GP English name: Configure Password Manager
  • GP name: AllowPasswordManager
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowPasswordManager
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: FormSuggest Passwords
  • Value type: REG_SZ

Configure Pop-up Blocker

Supported versions: Microsoft Edge on Windows 10
Default setting: Disabled (Turned off)

Microsoft Edge turns off Pop-up Blocker allowing pop-up windows to appear. Enabling this policy turns on Pop-up Blocker stopping pop-up windows from appearing. Don’t configure this policy to let users choose to use Pop-up Blocker.

Supported values

Group Policy MDM Registry Description Most restricted
Not configured Blank Blank Users can choose to use Pop-up Blocker.
Disabled
(default)
0 0 Turn off Pop-up Blocker letting pop-up windows open.
Enabled 1 1 Turn on Pop-up Blocker stopping pop-up windows from opening. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Configure Pop-up Blocker
  • GP name: AllowPopups
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowPopups
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowPopups
  • Data type: Integer

Registry

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: AllowPopups
  • Value type: REG_SZ

Configure search suggestions in Address bar

Supported versions: Microsoft Edge on Windows 10
Default setting: Not configured

By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.

Supported values

Group Policy MDM Registry Description Most restricted
Not configured
(default)
Blank Blank Users can choose to see search suggestions.
Disabled 0 0 Prevented/not allowed. Hide the search suggestions. Most restricted value
Enabled 1 1 Allowed. Show the search suggestions.

ADMX info and settings

ADMX info

  • GP English name: Configure search suggestions in Address bar
  • GP name: AllowSearchSuggestionsinAddressBar
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowSearchSuggestionsinAddressBar
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\SearchScopes
  • Value name: ShowSearchSuggestionsGlobal
  • Value type: REG_DWORD

Configure Start pages

Supported versions: Microsoft Edge on Windows 10, version 1703 or later
Default setting: Blank or not configured (Load pages specified in App settings)

By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes.

Supported values

Group Policy MDM Registry Description
Not configured Blank Blank Load the pages specified in App settings as the default Start pages.
Enabled String String Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:

    <support.contoso.com><support.microsoft.com>

Version 1703 or later:
If you do not want to send traffic to Microsoft, use the <about:blank> value, which honors both domain and non-domain-joined devices when it's the only configured URL.

Version 1810:
When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy.


Configuration options

For more details about configuring the Start pages, see Start pages configuration options.

ADMX info and settings

ADMX info

  • GP English name: Configure Start pages
  • GP name: HomePages
  • GP element: HomePagesPrompt
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/HomePages
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/HomePages
  • Data type: String

Registry settings

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings
  • Value name: ProvisionedHomePages
  • Value type: REG_SZ
  • Disable Lockdown of Start Pages: By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy.

  • Configure Open Microsoft Edge With: By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.


Configure the Adobe Flash Click-to-Run setting

Supported versions: Microsoft Edge on Windows 10, version 1703 or later
Default setting: Enabled or not configured (Does not load content automatically)

Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the Click-to-Run button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Load and run Adobe Flash content automatically.
Enabled or not configured
(default)
1 1 Do not load or run Adobe Flash content automatically. Requires action from the user. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Configure the Adobe Flash Click-to-Run setting
  • GP name: AllowFlashClickToRun
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowFlashClickToRun
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Security
  • Value name: FlashClickToRunMode
  • Value type: REG_DWORD

Configure the Enterprise Mode Site List

Supported versions: Microsoft Edge on Windows 10
Default setting: Disabled or not configured

Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.

Supported values

Group Policy MDM Registry Description
Disabled or not configured
(default)
0 0 Turned off. Microsoft Edge does not check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps.
Enabled 1 1 Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 second, but uses the existing file. To add the location to your site list, enter it in the {URI} box.

For details on how to configure the Enterprise Mode Site List, see Interoperability and enterprise guidance.


ADMX info and settings

ADMX info

  • GP English name: Configure the Enterprise Mode Site List
  • GP name: EnterpriseModeSiteList
  • GP element: EnterSiteListPrompt
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/EnterpriseModeSiteList
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList
  • Data type: String

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode
  • Value name: SiteList
  • Value type: REG_SZ

Show message opening sites in IE: Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the Keep going in Microsoft Edge link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.

  • Use Enterprise Mode to improve compatibility. If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11. Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.

  • Use the Enterprise Mode Site List Manager. You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.

  • Enterprise Mode for Internet Explorer 11. Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.

  • Enterprise Mode and the Enterprise Mode Site List. Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool specifically targeted towards larger organizations: the Enterprise Mode Site List Portal.

  • Enterprise Mode and the Enterprise Mode Site List XML file. The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. Using Enterprise Mode Site List Manager (schema v.2), you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also be launched in a specific compat mode, so it always renders correctly. Your users can easily view this site list by typing about:compat in either Microsoft Edge or IE11.


Configure Windows Defender SmartScreen

Supported versions: Microsoft Edge on Windows 10
Default setting: Enabled (Turned on)

Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default. Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns off Windows Defender SmartScreen and prevent users from turning it on. Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off.

Supported values

Group Policy MDM Registry Description Most restricted
Not configured Blank Blank Users can choose to use Windows Defender SmartScreen or not.
Disabled 0 0 Turned off. Do not protect users from potential threats and prevent users from turning it on.
Enabled 1 1 Turned on. Protect users from potential threats and prevent users from turning it off. Most restricted value

To verify Windows Defender SmartScreen is turned off (disabled):

  1. In the upper-right corner of Microsoft Edge or Microsoft Edge for Windows 10 Mobile, click or tap the ellipses (...).
  2. Click Settings and select View Advanced Settings.
  3. At the bottom, verify that Help protect me from malicious sites and download with SmartScreen Filter is greyed out.

    Verify that Windows Defender SmartScreen is turned off (disabled)

ADMX info and settings

ADMX info

  • GP English name: Configure Windows Defender SmartScreen
  • GP name: AllowSmartScreen
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowSmartScreen
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
  • Data type: Integer

Registry settings

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
  • Value name: EnabledV9
  • Value type: REG_DWORD

Disable lockdown of Start pages

Supported versions: Microsoft Edge on Windows 10
Default setting: Enabled (Start pages are not editable)

By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy.

Supported values

Group Policy MDM Registry Description Most restricted
Not configured 0 0 Lockdown Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy. Most restricted value
Enabled 1 1 Unlocked. Users can make changes to all configured start pages.

When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy.


Configuration options

For more details about configuring the Start pages, see Start pages configuration options.

ADMX info and settings

ADMX info

  • GP English name: Disable lockdown of Start pages
  • GP name: DisableLockdownOfStartPages
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/DisableLockdownOfStartPages
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
  • Value name: DisableLockdownOfStartPages
  • Value type: REG_SZ
  • Configure Start pages: By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes.

  • Configure Open Microsoft Edge With: By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.

Microsoft browser extension policy: This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered unsupported.


Do not sync

Supported versions: Microsoft Edge on Windows 10
Default setting: Disabled or not configured (Turned on)

By default, Microsoft Edge turns on the Sync your Settings toggle in Settings and let users choose what to sync on their device. Enabling this policy turns off and disables the Sync your Settings toggle in Settings, preventing syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the Allow users to turn syncing on option in this policy.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Allowed/turned on. Users can choose what to sync to their device.
Enabled 2 2 Prevented/turned off. Disables the Sync your Settings toggle and prevents syncing. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Do not sync
  • GP name: AllowSyncMySettings
  • GP path: Windows Components/Sync your settings
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Experience/AllowSyncMySettings
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\Windows\SettingSync
  • Value name: DisableSettingSyn
  • Value type: REG_DWORD

About sync setting on Microsoft Edge on Windows 10 devices: Learn about what settings are sync'ed.


Do not sync browser settings

Supported versions: Microsoft Edge on Windows 10
Default setting: Disabled or not configured (Allowed/turned on)

By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the Allow users to turn “browser” syncing option.

Supported values

Group Policy MDM Registry Description
Disabled or not configured
(default)
0 0 Allowed/turned on. The “browser” group syncs automatically between user’s devices and lets users to make changes.
Enabled 2 2 Prevented/turned off. The “browser” group does not use the Sync your Settings option.

Configuration options

For more details about configuring the browser syncing options, see Sync browser settings options.

ADMX info and settings

ADMX info

  • GP English name: Do not sync browser settings
  • GP name: DisableWebBrowserSettingSync
  • GP path: Windows Components/Sync your settings
  • GP ADMX file name: SettingSync.admx

MDM settings

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\Windows\SettingSync
  • Value name: DisableWebBrowserSettingSyncUserOverride
  • **Value

Prevent users from turning on browser syncing: By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the Sync your Settings toggle in Settings. If you want syncing turned off by default but not disabled, select the Allow users to turn “browser” syncing option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.

About sync setting on Microsoft Edge on Windows 10 devices


Keep favorites in sync between Internet Explorer and Microsoft Edge

Supported versions: Microsoft Edge on Windows 10, version 1703 or later
Default setting: Disabled or not configured (Turned off/not syncing)

By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Turned off/not syncing.
Enabled 1 1 Turned on/syncing. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Keep favorites in sync between Internet Explorer and Microsoft Edge
  • GP name: SyncFavoritesBetweenIEAndMicrosoftEdge
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
  • Data type: Integer

Registry settings

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: SyncFavoritesBetweenIEAndMicrosoftEdge
  • Value type: REG_DWORD

Prevent access to the about:flags page

Supported versions: Microsoft Edge on Windows 10, version 1607 or later
Default setting: Disabled or not configured (Allowed)

By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Allowed.
Enabled 1 1 Prevents users from access the about:flags page. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Prevent access to the about:flags page in Microsoft Edge
  • GP name: PreventAccessToAboutFlagsInMicrosoftEdge
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/PreventAccessToAboutFlagsInMicrosoftEdge
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge
  • Data type: Integer

Registry settings

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: PreventAccessToAboutFlagsInMicrosoftEdge
  • Value type: REG_DWORD

Prevent bypassing Windows Defender SmartScreen prompts for files

Supported versions: Microsoft Edge on Windows 10, version 1511 or later
Default setting: Disabled or not configured (Allowed/turned off)

By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of unverified file(s).

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s).
Enabled 1 1 Prevented/turned on. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Prevent bypassing Windows Defender SmartScreen prompts for files
  • GP name: PreventSmartScreenPromptOverrideForFiles
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/PreventSmartScreenPromptOverrideForFiles
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
  • Data type: Integer

Registry settings

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
  • Value name: PreventOverrideAppRepUnknown
  • Value type: REG_DWORD

Prevent bypassing Windows Defender SmartScreen prompts for sites

Supported versions: Microsoft Edge on Windows 10, version 1511 or later
Default setting: Disabled or not configured (Allowed/turned off)

By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Allowed/turned off. Users can ignore the warning and continue to the site.
Enabled 1 1 Prevented/turned on. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Prevent bypassing Windows Defender SmartScreen prompts for sites
  • GP name: PreventSmartscreenPromptOverride
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/PreventSmartscreenPromptOverride
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride
  • Data type: Integer

Registry settings

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
  • Value name: PreventOverride
  • Value type: REG_DWORD

Prevent changes to Favorites on Microsoft Edge

Supported versions: Microsoft Edge on Windows 10, version 1709 or later
Default setting: Disabled or not configured (Allowed/not locked down)

By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Allowed/not locked down. Users can add, import, and make changes to the Favorites list.
Enabled 1 1 Prevented/locked down. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Prevent changes to Favorites on Microsoft Edge
  • GP name: LockdownFavorites
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/LockdownFavorites
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/LockdownFavorites
  • Data type: Integer

Registry settings

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Favorites
  • Value name: LockdownFavorites
  • Value type: REG_DWORD

Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start

Supported versions: Microsoft Edge on Windows 10, version 1703 or later
Default setting: Disabled or not configured (Collect and send)

By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a more complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users a limited experience.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Collect and send Live Tile metadata.
Enabled 1 1 Do not collect. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
  • GP name: PreventLiveTileDataCollection
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/PreventLiveTileDataCollection
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection
  • Data type: Integer

Registry settings

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: PreventLiveTileDataCollection
  • Value type: REG_DWORD

Prevent the First Run webpage from opening on Microsoft Edge

Supported versions: Microsoft Edge on Windows 10, version 1703 or later
Default setting: Disabled or not configured (Allowed)

By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via a FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Allowed. Load the First Run webpage.
Enabled 1 1 Prevented. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Prevent the First Run webpage from opening on Microsoft Edge
  • GP name: PreventFirstRunPage
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/PreventFirstRunPage
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage
  • Data type: Integer

Registry

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: PreventFirstRunPage
  • Value type: REG_DWORD

Prevent using Localhost IP address for WebRTC

Supported versions: Microsoft Edge on Windows 10, version 1511 or later
Default setting: Disabled or not configured (Allowed/show localhost IP addresses)

By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Allowed. Show localhost IP addresses.
Enabled 1 1 Prevented. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Prevent using Localhost IP address for WebRTC
  • GP name: HideLocalHostIPAddress
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/PreventUsingLocalHostIPAddressForWebRTC
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC
  • Data type: Integer

Registry settings

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: HideLocalHostIPAddress
  • Value type: REG_DWORD

Provision Favorites

Supported versions: Microsoft Edge on Windows 10, version 1511 or later
Default setting: Disabled or not configured (Customizable)

By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured.

Important

Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.

Supported values

Group Policy Description Most restricted
Disabled or not configured
(default)
Users can customize the favorites list, such as adding folders, or adding and removing favorites.
Enabled Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.

To define a default list of favorites, do the following:

  1. In the upper-right corner of Microsoft Edge, click the ellipses (...) and select Settings.
  2. Click Import from another browser, click Export to file, and save the file.
  3. In the Options section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as:
    • HTTP location: "SiteList"=http://localhost:8080/URLs.html
    • Local network: "SiteList"="\network\shares\URLs.html"
    • Local file: "SiteList"=file:///c:\Users\Documents\URLs.html
Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Provision Favorites
  • GP name: ConfiguredFavorites
  • GP element: ConfiguredFavoritesPrompt
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/ProvisionFavorites
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites
  • Data type: String

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Favorites
  • Value name: ConfiguredFavorites
  • Value type: REG_SZ

Keep favorites in sync between Internet Explorer and Microsoft Edge: By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites.


Send all intranet sites to Internet Explorer 11

Supported versions: Microsoft Edge on Windows 10
Default setting: Disabled or not configured

By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.

Tip

Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 All sites, including intranet sites, open in Microsoft Edge automatically. Most restricted value
Enabled 1 1 Only intranet sites open in Internet Explorer 11 automatically.

Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.

  1. In Group Policy Editor, navigate to:

    Computer Configuration\Administrative Templates\Windows Components\File Explorer\Set a default associations configuration file and click Enable.

  2. Refresh the policy and then view the affected sites in Microsoft Edge.

    A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.


ADMX info and settings

ADMX info

  • GP English name: Send all intranet sites to Internet Explorer 11
  • GP name: SendIntranetTraffictoInternetExplorer
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/SendIntranetTraffictoInternetExplorer
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: SendIntranetTraffictoInternetExplorer
  • Value type: REG_DWORD
  • Configure the Enterprise Mode Site List: Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.

  • Show message when opening sites in Internet Explorer: Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the Keep going in Microsoft Edge link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.

  • Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise. Many customers depend on legacy features only available in older versions of Internet Explorer and are familiar with our Enterprise Mode tools for IE11. The Enterprise Mode has been extended to support to Microsoft Edge by opening any site specified on the Enterprise Mode Site List in IE11. IT Pros can use their existing IE11 Enterprise Mode Site List or they can create a new one specifically for Microsoft Edge. By keeping Microsoft Edge as the default browser in Windows 10 and only opening legacy line of business sites in IE11 when necessary, you can help keep newer development projects on track, using the latest web standards on Microsoft Edge.

  • Enterprise Mode for Internet Explorer 11 (IE11). Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.

  • Use the Enterprise Mode Site List Manager. You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.


Set default search engine

Supported versions: Microsoft Edge on Windows 10, version 1703 or later
Default setting: Not configured (Defined in App settings)

By default, Microsoft Edge uses the default search engine specified in App settings. In this case, users can make changes to the default search engine at any time unless the Allow search engine customization policy is disabled, which restricts users from making any changes. Disabling this policy removes the policy-set search engine and uses the Microsoft Edge specified engine for the market. Enabling this policy uses the policy-set search engine specified in the OpenSearch XML file, prevent users from changing the default search engine.

Supported values

Group Policy MDM Registry Description Most restricted
Not configured
(default)
Blank Blank Microsoft Edge uses the default search engine specified in App settings. If you don't configure this policy and disable the Allow search engine customization policy, users cannot make changes.
Disabled 0 0 Microsoft Edge removes the policy-set search engine and uses the Microsoft Edge specified engine for the market.
Enabled 1 1 Microsoft Edge uses the policy-set search engine specified in the OpenSearch XML file. Users cannot change the default search engine.

Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see Search provider discovery. Use this format to specify the link you want to add.

If you want users to use the default Microsoft Edge settings for each market set the string to EDGEDEFAULT.

If you would like users to use Microsoft Bing as the default search engine set the string to EDGEBING.

Most restricted value

Configuration options

For more details about configuring the search engine, see Search engine customization.

ADMX info and settings

ADMX info

  • GP English name: Set default search engine
  • GP name: SetDefaultSearchEngine
  • GP element: SetDefaultSearchEngine_Prompt
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: SetDefaultSearchEngine
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\OpenSearch
  • Value name: SetDefaultSearchEngine
  • Value type: REG_SZ
  • Configure additional search engines: By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. With this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.

  • Allow search engine customization: By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge.

  • Microsoft browser extension policy: This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered unsupported.

  • Search provider discovery: Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites.


Show message when opening sites in Internet Explorer

Supported versions: Microsoft Edge on Windows 10, version 1607 and later
Default setting: Disabled or not configured (No additional message)

Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the Keep going in Microsoft Edge link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 No additional message displays. Most restricted value
Enabled 1 1 Show an additional message stating that a site has opened in IE11.
Enabled 2 2 Show an additional message with a Keep going in Microsoft Edge link to allow users to open the site in Microsoft Edge.

Configuration options

For more details about configuring the search engine, see Interoperability and enterprise guidance.

ADMX info and settings

ADMX info

  • GP English name: Show message when opening sites in Internet Explorer
  • GP name: ShowMessageWhenOpeningSitesInInternetExplorer
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: ShowMessageWhenOpeningSitesInInternetExplorer
  • Value type: REG_DWORD
  • Configure the Enterprise Mode Site List: Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.

  • Send all intranet sites to Internet Explorer 11: By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.