How to deploy the Push browser extension in Microsoft Edge using Group Policy

This guide covers the installation and set up of Microsoft Edge group policy settings. We recommend that you deploy it first into a test environment, as you'll be required to add administrative template files to your Active Directory, and alter your Group Policy configuration.

Note: Multiple steps in this guide overlap with the instructions in the Google Chrome KB article. If you are following the guides to deploy settings for both browsers in your environment, please be sure to follow the steps closely to avoid missing settings that need to be applied in each instance.

Installing the administrative templates

Microsoft Edge requires additional administrative templates be added to Active Directory to deploy configurations via group policy. The required files can be downloaded from the following link.

MS Edge ADMX Templates download: KB 10053 — Download the Microsoft Edge policy files.

In the extracted policy files folder, locate the admx folder and copy msedge.admx to the following location: %systemroot%\sysvol\domain\policies\PolicyDefinitions

In the same extracted policy files location, open the language folder appropriate to your location. (eg. en-US) and copy the msedge.adml file to the matching folder under PolicyDefinitions: %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-US

Your folder structure should resemble the following:

Policy definitions folder: KB 10053 — Group policy definitions folder with ADMX templates.

You can confirm that the administrative templates have been installed correctly by opening Group Policy Management Editor and expanding Computer Configuration > Policies > Administrative Templates

You should be able to see nodes labeled Microsoft Edge:

Group policy management editor showing installed ADMX templates: KB 10053 — Group policy management editor with installed templates.

Generate the extension config

Before configuring Group Policy, we need to generate a config file within the Push app. Skip to the next step if you've already done so.

In the Push app, head to the Browsers section, and click on Enrollment options.

Push app browser enrollment options: KB 10052/3/4/5/6/8 — Access browser enrollment options via the Browsers section.

On the popup frame, click on the Managed button.

Push app - managed browser option: KB 10052/3/4/5/6/8 — You'll see all the Push browser extension enrollment options here.

Next, click on the Group Policy button, make sure Edge is the selected browser, and click Generate config. This will provide you with a button to download a config specific to your team.

Push app - Managed Edge GPO — Generate and download the configuration for Group Policy.

Once you’ve downloaded and extracted the zip file, proceed to the next step.

Configuring Group Policy to automatically deploy and configure the Push Security extension

Expanding the Microsoft Edge node provides a few additional items, including Extensions. Clicking on this item shows a handful of configuration options. The one we are interested in is Control which extensions are installed silently.

MS Edge control which extensions are installed silently: KB 10053 — Microsoft Edge extension group policy settings.

Open the configuration setting and set the policy to Enabled. This will allow you to click the Show… button and to enter the extension ID value. Paste the following Push Security extension ID value into the Value field:

dljjddkmmcminffjbcmeccgfbjlhmhlm;https://clients2.google.com/service/update2/crx

Edge silently install extension group policy settings: KB 10053 — Set the extension ID and update URL for Microsoft Edge.

Note: You may have noticed the URL following the extension is one associated with Google Chrome. This is intentional and should be configured as defined in this guide for the extension to be successfully rolled out to Microsoft Edge browsers.

Once done, click OK, and close the configuration item by clicking OK again. The Configure the list of force-installed apps and extensions setting should display enabled.

Next, under Computer Configuration, expand Preferences > Windows Settings, and click on the Registry node.

Right click in the window pane on the right and select New > Registry Item.

Group Policy New Registry Item: KB 10052/3/8 — Create a new registry item in group policy editor.

Leave all the options at their defaults, and paste the following into the Key Path field, and click OK:

Software\Policies\Microsoft\Edge\3rdparty\Extensions\dljjddkmmcminffjbcmeccgfbjlhmhlm\policy

New Registry Item - step 1: KB 10052 — Create the extension policy registry key.

To create the next registry key, right click in the window pane again and select New > Registry Item. Leave all the options at their defaults, and paste the following into the Key Path field. Do not click OK yet:

Software\Policies\Microsoft\Edge\3rdparty\Extensions\dljjddkmmcminffjbcmeccgfbjlhmhlm\policy

Next, enter token into the Value name field. Change the Value type to REG_SZ and set the Value Data field to the value provided in the token.txt file generated in the Push app eg. cd3ab3c1-g1y4-44d3-adq7-h2yc5e13gc1c, and click OK.

Note: Extension policies are case sensitive. When configuring the policy in this part of the guide, please make sure that the value "token" is all lowercase.

New Registry Item - 2nd step: KB 10052 — Configure the policy token value.

The Group Policy Management Editor Window should now resemble the following, showing the two registry entries created in the previous steps:

Group Policy editor - MS Edge registry settings final: KB 10053 — The final configuration of the Microsoft Edge policy registry settings.

The registry keys should now start propagating to client machines affected by this group policy. You can verify that the keys are created as intended by launching gpupdate.exe from a Run prompt, followed by opening regedit.exe and browsing to the following location:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\ 3rdparty\Extensions\dljjddkmmcminffjbcmeccgfbjlhmhlm\policy

If the configured registry settings were applied successfully, the policy and token registry items configured in the previous steps should be visible.

The configuration steps for deploying the Push Security browser extension into Microsoft Edge browsers in your Active Directory environment is now complete.

If you have any questions or you need help setting up, contact us and the Push team can help.