Extensions

Currently, Microsoft Edge allows users to add or personalize, and uninstall extensions. You can prevent users from uninstalling extensions or sideloading of extensions, which does not prevent sideloading using Add-AppxPackage via PowerShell. Allowing sideloading of extensions installs and runs unverified extensions.

You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:

      Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\

Allow Extensions

Supported versions: Microsoft Edge on Windows 10, version 1607 or later
Default setting: Enabled or not configured (Allowed)

Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.

Supported values

Group Policy MDM Registry Description
Disabled 0 0 Prevented
Enabled or not configured
(default)
1 1 Allowed

ADMX info and settings

ADMX info

  • GP English name: Allow Extensions
  • GP name: AllowExtensions
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowExtensions
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
  • Value name: ExtensionsEnabled
  • Value type: REG_DWORD

Microsoft browser extension policy: This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer or the content displayed by these browsers. Any technique not explicitly listed in this document is considered unsupported.


Allow sideloading of extensions

Supported versions: Microsoft Edge on Windows 10, version 1809
Default setting: Enabled (Allowed)

By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured 0 0 Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the Allows development of Windows Store apps and installing them from an integrated development environment (IDE) group policy, which you can find:

Computer Configuration\Administrative Templates\Windows Components\App Package Deployment\

For the MDM setting, set the ApplicationManagement/AllowDeveloperUnlock policy to 1 (enabled).

Most restricted value
Enabled
(default)
1 1 Allowed.

ADMX info and settings

ADMX info

  • GP English name: Allow sideloading of Extensions
  • GP name: AllowSideloadingOfExtensions
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowSideloadingExtensions
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowSideloadingExtensions
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
  • Value name: AllowSideloadingOfExtensions
  • Value type: REG_DWORD

Enable your device for development: Access development features, along with other developer-focused settings to make it possible for you to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode.


Prevent turning off required extensions

Supported versions: Microsoft Edge on Windows 10, version 1809
Default setting: Disabled or not configured (Allowed)

Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy.

Supported values

Group Policy Description
Disabled or not configured
(default)
Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored.
Enabled Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office extension prevents users from turning it off:

Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe

After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.

Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.


ADMX info and settings

ADMX info

  • GP English name: Prevent turning off required extensions
  • GP name: PreventTurningOffRequiredExtensions
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
  • Value name: PreventTurningOffRequiredExtensions
  • Value type: REG_SZ

Allow Developer Tools: Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools.