New Microsoft Edge Group Policies and MDM settings (Preview)

Applies to: Microsoft Edge on Windows 10
Preview build 17713+

The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17713+. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.

We are discontinuing the Configure Favorites group policy. Use the Provision Favorites instead.

You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:

      Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\

Group Policy New/update? MDM Setting New/update?
Allow fullscreen mode New AllowFullscreen New
Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed New AllowPrelaunch New
Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed New AllowTabPreloading New
Allow printing New AllowPrinting New
Allow Saving History New AllowSavingHistory New
Allow sideloading of Extensions New AllowSideloadingExtensions New
Allow web content on new tab page -- AllowWebContentOnNewTabPage New
Configure collection of browsing data for Microsoft 365 Analytics New ConfigureTelemetryForMicrosoft365Analytics New
Configure Favorites Bar New ConfigureFavoritesBar New
Configure Home button New ConfigureHomeButton New
Configure kiosk mode New ConfigureKioskMode New
Configure kiosk reset after idle timeout New ConfigureKioskResetAfterIdleTimeout New
Configure Open Microsoft Edge With New ConfigureOpenEdgeWith New
Do not sync browser settings -- Experience/DoNotSyncBrowserSettings New
Prevent certificate error overrides New PreventCertErrorOverrides New
Prevent users from turning on browser syncing New Experience/PreventUsersFromTurningOnBrowserSyncing New
Prevent turning off required extensions New PreventTurningOffRequiredExtensions New
Set Home button URL New SetHomeButtonURL New
Set New Tab page URL New SetNewTabPageURL New
Show message when opening sites in Internet Explorer Updated ShowMessageWhenOpeningSitesInInternetExplorer Updated
Unlock Home button New UnlockHomeButton New

Allow fullscreen mode

Supported versions: Microsoft Edge on Windows 10, next major update to Windows
Default setting: Enabled or not configured (Allowed)

Microsoft Edge allows full-screen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing full-screen mode, users and extensions must have the proper permissions. Disabling this policy prevents full-screen mode in Microsoft Edge.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed Most restricted value
Enabled
(default)
1 1 Allowed

ADMX info and settings

ADMX info

  • GP English name: Allow fullscreen mode
  • GP name: AllowFullScreenMode
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowFullscreen
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowFullscreen
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: AllowFullScreenMode
  • Value type: REG_DWORD

Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed

Supported versions: Microsoft Edge on Windows 10, next major update to Windows

Default setting: Enabled or not configured (Allowed)

Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed Most restrictive value
Enabled or not configured
(default)
1 1 Allowed

Configuration options

For more details about configuring the prelaunch and preload options, see Prelaunch Microsoft Edge and preload tabs in the background.

ADMX info and settings

ADMX info

  • GP English name: Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
  • GP name: AllowPreLaunch
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowPrelaunch
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowPrelaunch
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\
  • Value name: AllowPrelaunch
  • Value type: REG_DWORD

Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed

Supported versions: Microsoft Edge on Windows 10, version 1802
Default setting: Enabled or not configured (Allowed)

Microsoft Edge allows preloading of the Start and New tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed. Most restricted value
Enabled or not configured
(default)
1 1 Allowed. Preload Start and New tab pages.

Configuration options

For more details about configuring the prelaunch and preload options, see Prelaunch Microsoft Edge and preload tabs in the background.

ADMX info and settings

ADMX info

  • GP English name: Allow Microsoft Edge to load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed
  • GP name: AllowTabPreloading
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowTabPreloading
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowTabPreloading
  • Data type: Integer

Registry settings

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\TabPreloader
  • Value name: AllowTabPreloading
  • Value type: REG_DWORD

Allow printing

Supported versions: Microsoft Edge on Windows 10, next major update to Windows

Default setting: Enabled or not configured (Allowed)

Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed Most restrictive value
Enabled or not configured
(default)
1 1 Allowed

ADMX info and settings

ADMX info

  • GP English name: Allow printing
  • GP name: AllowPrinting
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowPrinting
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowPrinting
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: AllowPrinting
  • Value type: REG_DWORD

Allow Saving History

Supported versions: Microsoft Edge on Windows 10, next major update to Windows
Default setting: Enabled or not configured (Allowed)

Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane. Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled 0 0 Prevented/not allowed Most restricted value
Enabled or not configured
(default)
1 1 Allowed

ADMX info and settings

ADMX info

  • GP English name: Allow saving history
  • GP name: AllowSavingHistory
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowSavingHistory
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowSavingHistory
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: AllowSavingHistory
  • Value type: REG_DWORD

Allow sideloading of Extensions

Supported versions: Microsoft Edge on Windows 10, next major update to Windows

Default setting: Enabled (Allowed)

By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured 0 0 Prevented/not allowed. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, enable Allows development of Windows Store apps and installing them from an integrated development environment (IDE) policy, located at Windows Components > App Package Deployment.

For the MDM setting, set the ApplicationManagement/AllowDeveloperUnlock policy to 1 (enabled).

Most restricted value
Enabled
(default)
1 1 Allowed.

ADMX info and settings

ADMX info

  • GP English name: Allow sideloading of Extensions
  • GP name: AllowSideloadingOfExtensions
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/AllowSideloadingExtensions
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowSideloadingExtensions
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
  • Value name: AllowSideloadingOfExtensions
  • Value type: REG_DWORD

Enable your device for development: Access development features, along with other developer-focused settings to make it possible for you to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode.


Configure collection of browsing data for Microsoft 365 Analytics

Supported versions: Microsoft Edge on Windows 10, next major update to Windows
Default setting: Disabled or not configured (No data collected or sent)

Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default. With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.

Important

For this policy to work, enable the Allow Telemetry policy with the Enhanced option and enable the Configure the Commercial ID policy by providing the Commercial ID.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 No data collected or sent Most restricted value
Enabled 1 1 Send intranet history only
Enabled 2 2 Send Internet history only
Enabled 3 3 Send both intranet and Internet history

You can find this policy and the related policies in the following location of the Group Policy Editor:

Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\

  • Allow Telemetry = Enabled, Enhanced
  • Configure the Commercial ID = String of the Commercial ID
  • Configure collection of browsing data for Microsoft 365 Analytics

ADMX info and settings

ADMX info

  • GP English name: Configure collection of browsing data for Microsoft 365 Analytics
  • GP name: ConfigureTelemetryForMicrosoft365Analytics
  • GP element: ZonesListBox
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

Registry settings

  • Path: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection
  • Value name: MicrosoftEdgeDataOptIn
  • Value type: REG_DWORD
  • Allow Telemetry: Allows Microsoft to run diagnostics on the device and troubleshoot. The default setting for Allow Telemetry is set to Enhanced (2 for MDM).

  • Configure the Commercial ID: Define the Commercial ID used to associate the device's telemetry data as belonging to a given organization.


Configure Favorites Bar

Supported versions: Microsoft Edge on Windows 10, new major release
Default setting: Not configured (Hidden)

Microsoft Edge hides the favorites bar by default but shows the favorites bar on the Start and New tab pages. Also, by default, the favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes. With this policy, you can configure Microsoft Edge to either show or hide the favorites bar on all pages.

Supported values

Group Policy MDM Registry Description
Not configured (default) Blank Blank Hide the favorites bar but show it on the Start and New tab pages. The favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes.
Disabled 0 0 Hide the favorites bar on all pages. Also, the favorites bar toggle, in Settings, is set to Off and disabled preventing users from making changes. Microsoft Edge also hides the “show bar/hide bar” option in the context menu.
Enabled 1 1 Show the favorites bar on all pages. Also, the favorites bar toggle, in Settings, is set to On and disabled preventing users from making changes. Microsoft Edge also hides the “show bar/hide bar” option in the context menu.

ADMX info and settings

ADMX info

  • GP English name: Configure Favorites Bar
  • GP name: ConfigureFavoritesBar
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/ConfigureFavoritesBar
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureFavoritesBar
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: ConfigureFavoritesBar
  • Value type: REG_DWORD

Configure Home button

Supported versions: Microsoft Edge on Windows 10

Default setting: Disabled or not configured (Show home button and load the Start page)

Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the Home button to load the New tab page or a URL defined in the Set Home button URL policy. You can also configure Microsoft Edge to hide the home button.

Supported values

Group Policy MDM Registry Description
Disabled or not configured
(default)
0 0 Show home button and load the Start page.
Enabled 1 1 Show home button and load the New tab page.
Enabled 2 2 Show home button and load the custom URL defined in the Set Home button URL policy.
Enabled 3 3 Hide home button.

Configuration options

For more details about configuring the different Home button options, see Home button configuration options.

Tip

If you want to make changes to this policy:

  1. Enable the Unlock Home Button policy.
  2. Make changes to the Configure Home button policy or Set Home button URL policy.
  3. Disable the Unlock Home Button policy.

ADMX info and settings

ADMX info

  • GP English name: Configure Home button
  • GP name: ConfigureHomeButton
  • GP element: ConfigureHomeButtonDropdown
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/ConfigureHomeButton
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
  • Value name: ConfigureHomeButton
  • Value type: REG_DWORD
  • Set Home button URL: By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home button policy with the Show home button & set a specific page option selected, a custom URL loads when the user clicks the home button.

  • Unlock Home button: By default, when you enable the Configure Home button policy or provide a URL in the Set Home button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home button or Set Home button URL policies.


Configure kiosk mode

Supported versions: Microsoft Edge on Windows 10, next major update to Windows
Default setting: Not configured

Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.

For this policy to work, you must configure Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy. To learn more about assigned access and kiosk configuration, see Configure kiosk and shared devices running Windows desktop editions.

Supported values

(0) Default or not configured
  • If it’s a single app, Microsoft Edge runs InPrivate full screen for digital signage or interactive displays.
  • If it’s one of many apps, Microsoft Edge runs as normal.
(1) Enabled
  • If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.

    For single-app public browsing: If you do not configure the Configure kiosk reset after idle timeout policy and you enable this policy, Microsoft Edge kiosk resets after 5 minutes of idle time.

  • If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.

Microsoft Edge kiosk experience

ADMX info and settings

ADMX info

  • GP English name: Configure kiosk mode
  • GP name: ConfigureKioskMode
  • GP element: ConfigureKioskMode_TextBox
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/ConfigureKioskMode
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode
  • Value name: ConfigureKioskMode
  • Value type: REG_SZ

Configure kiosk reset after idle timeout: You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.

Deploy Microsoft Edge kiosk mode: Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to setup your Microsoft Edge kiosk mode experience.


Configure kiosk reset after idle timeout

Supported versions: Microsoft Edge on Windows 10, next major update to Windows

Default setting: 5 minutes

You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.

You must set the Configure kiosk mode policy to enabled (1 - InPrivate public browsing) and configure Microsoft Edge as a single-app in assigned access for this policy to take effect; otherwise, Microsoft Edge ignores this setting. To learn more about assigned access and kiosk configuration, see Configure kiosk and shared devices running Windows desktop editions.

Supported values

  • Any integer from 1-1440 (5 minutes is the default) – The time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. A confirmation dialog displays for the user to cancel or continue and automatically continues after 30 seconds.

  • 0 – No idle timer.

ADMX info and settings

ADMX info

  • GP English name: Configure kiosk reset after idle timeout
  • GP name: ConfigureKioskResetAfterIdleTimeout
  • GP element: ConfigureKioskResetAfterIdleTimeout_TextBox
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/ConfigureKioskResetAfterIdleTimeout
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode
  • Value name:ConfigureKioskResetAfterIdleTimeout
  • Value type: REG_DWORD

Configure kiosk mode: Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.

Deploy Microsoft Edge kiosk mode: Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to setup your Microsoft Edge kiosk mode experience.


Configure Open Microsoft Edge With

Supported versions: Microsoft Edge on Windows 10, next major update to Windows
Default setting: Enabled (A specific page or pages)

By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.

Version 1703 or later:
If you don't want to send traffic to Microsoft, use the <about:blank> value, which honors both domain and non domain-joined devices when it's the only configured URL.

Version 1810:
When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.

Supported values

Group Policy MDM Registry Description
Not configured Blank Blank If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page.
Enabled 0 0 Loads the Start page.
Enabled 1 1 Load the New tab page.
Enabled 2 2 Load the previous pages.
Enabled
(default)
3 3 Load a specific page or pages.

Configuration options

For more details about configuring the Start pages, see Start pages configuration options.

Tip

If you want to make changes to this policy:

  1. Set the Disabled Lockdown of Start Pages policy to not configured.
  2. Make changes to the Configure Open Microsoft With policy.
  3. Enable the Disabled Lockdown of Start Pages policy.

ADMX info and settings

ADMX info

  • GP English name: Configure Open Microsoft Edge With
  • GP name: ConfigureOpenMicrosoftEdgeWith
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/ConfigureOpenEdgeWith
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureOpenEdgeWith
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
  • Value name: ConfigureOpenEdgeWith
  • Value type: REG_DWORD
  • Configure Start pages: By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes.

  • Disable lockdown of Start pages: By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy.


Prevent certificate error overrides

Supported versions: Microsoft Edge on Windows 10, next major update to Windows
Default setting: Disabled or not configured (Allowed/turned off)

Web security certificates are used to ensure a site that users go to is legitimate, and in some circumstances, encrypts the data. By default, Microsoft Edge allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 Allowed/turned on. Override the security warning to sites that have SSL errors.
Enabled 1 1 Prevented/turned on. Most restricted value

ADMX info and settings

ADMX info

  • GP English name: Prevent certificate error overrides
  • GP name: PreventCertErrorOverrides
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/PreventCertErrorOverrides
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/PreventCertErrorOverrides
  • Data type: Integer

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Setting
  • Value name: PreventCertErrorOverrides
  • Value type: REG_DWORD

Prevent turning off required extensions

Supported versions: Microsoft Edge on Windows 10, next major update to Windows

Default setting: Disabled or not configured (Allowed)

Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy.

Supported values

Group Policy Description
Disabled or not configured
(default)
Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored.
Enabled Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:

Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe

After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.


ADMX info and settings

ADMX info

  • GP English name: Prevent turning off required extensions
  • GP name: PreventTurningOffRequiredExtensions
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/PreventTurningOffRequiredExtensions
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/PreventTurningOffRequiredExtensions
  • Data type: String

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
  • Value name: PreventTurningOffRequiredExtensions
  • Value type: REG_SZ

Allow Developer Tools: Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools.


Prevent users from turning on browser syncing

Supported versions: Microsoft Edge on Windows 10, next major update to Windows

Default setting: Enabled or not configured (Prevented/turned off)

By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the Sync your Settings toggle in Settings. If you want syncing turned off by default but not disabled, select the Allow users to turn “browser” syncing option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.

Supported values

Group Policy MDM Registry Description
Disabled 0 0 Allowed/turned on. Users can sync the browser settings.
Enabled or not configured
(default)
1 1 Prevented/turned off.

Configuration options

For more details about configuring the browser syncing options, see Sync browser settings options.

ADMX info and settings

ADMX info

  • GP English name: Prevent users from turning on browser syncing
  • GP name: PreventUsersFromTurningOnBrowserSyncing
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Experience/PreventUsersFromTurningOnBrowserSyncing
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Experience/PreventUsersFromTurningOnBrowserSyncing
  • Data type: String

Do not sync browser settings: By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the Allow users to turn “browser” syncing option..

About sync setting on Microsoft Edge on Windows 10 devices


Set Home button URL

Supported versions: Microsoft Edge on Windows 10, next major update to Windows
Default setting: Disabled or not configured (Blank)

By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home button policy with the Show home button & set a specific page option selected, a custom URL loads when the user clicks the home button.

Supported values

Group Policy MDM Registry Description
Disabled or not configured
(default)
Blank Blank Show the home button and loads the Start page and locks down the home button to prevent users from changing what page loads.
Enabled - String String String Load a custom URL for the home button. You must also enable the Configure Home button policy and select the Show home button & set a specific page option.

Enter a URL in string format, for example, https://www.msn.com.


Configuration options

For more details about configuring the different Home button options, see Home button configuration options.

ADMX info and settings

ADMX info

  • GP English name: Set Home button URL
  • GP name: SetHomeButtonURL
  • GP element: SetHomeButtonURLPrompt
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/SetHomeButtonURL
  • Supported devices: Desktop and Mobile
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL
  • Data type: String

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
  • Value name: ConfigureHomeButtonURL
  • Value type: REG_SZ
  • Configure Home button: Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the Home button to load the New tab page or a URL defined in the Set Home button URL policy. You can also configure Microsoft Edge to hide the home button.

  • Unlock Home button: By default, when you enable the Configure Home button policy or provide a URL in the Set Home button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home button or Set Home button URL policies.


Set New Tab page URL

Supported versions: Microsoft Edge on Windows 10, next major update to Windows
Default setting: Disabled or not configured (Blank)

Microsoft Edge loads the default New tab page by default. Enabling this policy lets you set a New tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.

Supported values

Group Policy MDM Registry Description
Disabled or not configured
(default)
Blank Blank Load the default New tab page.
Enabled - String String String Prevent users from changing the New tab page.

Enter a URL in string format, for example, https://www.msn.com.


ADMX info and settings

ADMX info

  • GP English name: Set New Tab page URL
  • GP name: SetNewTabPageURL
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/SetNewTabPageURL
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL
  • Data type: String

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
  • Value name: NewTabPageUR
  • Value type: REG_SZ

Allow web content on New Tab page: By default, Microsoft Edge loads the default New tab page. Disabling this policy loads a blank page instead of the New tab page and prevents users from changing it. Not configuring this policy lets users choose what loads on the New tab page.


Show message when opening sites in Internet Explorer

Supported versions: Microsoft Edge on Windows 10, version 1607 and later
Default setting: Disabled or not configured (No additional message)

Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the “Keep going in Microsoft Edge” link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.

Supported values

Group Policy MDM Registry Description Most restricted
Disabled or not configured
(default)
0 0 No additional message displays. Most restricted value
Enabled 1 1 Show an additional message stating that a site has opened in IE11.
Enabled 2 2 Show an additional message with a "Keep going in Microsoft Edge" link to allow users to open the site in Microsoft Edge.

Configuration options

For more details about configuring the search engine, see Interoperability and enterprise guidance.

ADMX info and settings

ADMX info

  • GP English name: Show message when opening sites in Internet Explorer
  • GP name: ShowMessageWhenOpeningSitesInInternetExplorer
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

Registry settings

  • Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value name: ShowMessageWhenOpeningSitesInInternetExplorer
  • Value type: REG_DWORD
  • Configure the Enterprise Mode Site List: Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.

  • Send all intranet sites to Internet Explorer 11: By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.


Unlock Home button

Supported versions: Microsoft Edge on Windows 10, next major update to Windows
Default setting: Disabled or not configured (Home button is locked)

By default, when you enable the Configure Home button policy or provide a URL in the Set Home button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home button or Set Home button URL policies.

Supported values

Group Policy MDM Registry Description
Disabled or not configured
(default)
0 0 Lock down the home button to prevent users from making changes to the home button settings.
Enabled 1 1 Let users make changes.

Configuration options

For more details about configuring the different Home button options, see Home button configuration options.

ADMX info and settings

ADMX info

  • GP English name: Unlock Home Button
  • GP name: UnlockHomeButton
  • GP path: Windows Components/Microsoft Edge
  • GP ADMX file name: MicrosoftEdge.admx

MDM settings

  • MDM name: Browser/UnlockHomeButton
  • Supported devices: Desktop
  • URI full path: ./Vendor/MSFT/Policy/Config/Browser/UnlockHomeButton
  • Data type: Integer

Registry settings

  • Path: HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings
  • Value name: UnlockHomeButton
  • Value type: REG_DWORD
  • Configure Home button: Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the Home button to load the New tab page or a URL defined in the Set Home button URL policy. You can also configure Microsoft Edge to hide the home button.

  • Set Home button URL: By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home button policy with the Show home button & set a specific page option selected, a custom URL loads when the user clicks the home button.