This guide covers the installation and set up of Microsoft Edge group policy settings. We recommend that you deploy it first into a test environment, as you'll be required to add administrative template files to your Active Directory, and alter your Group Policy configuration.
Note: Multiple steps in this guide overlap with the instructions in the Google Chrome KB article. If you are following the guides to deploy settings for both browsers in your environment, please be sure to follow the steps closely to avoid missing settings that need to be applied in each instance.
Installing the administrative templates
Microsoft Edge requires additional administrative templates be added to Active Directory to deploy configurations via group policy. The required files can be downloaded from the following link.
In the extracted policy files folder, locate the admx folder and copy msedge.admx to the following location:
In the same extracted policy files location, open the language folder appropriate to your location. (eg. en-US) and copy the msedge.adml file to the matching folder under PolicyDefinitions:
Your folder structure should resemble the following:
You can confirm that the administrative templates have been installed correctly by opening Group Policy Management Editor and expanding Computer Configuration > Policies > Administrative Templates
You should be able to see nodes labeled Microsoft Edge:
Generate the extension config
Before configuring Group Policy, we need to generate a config file within the Push app. Skip to the next step if you've already done so.
In the Push app, head to the Browsers section, and click on Enrollment options.
On the popup frame, click on the Managed button.
Next, click on the Group Policy button, make sure Edge is the selected browser, and click Generate config. This will provide you with a button to download a config specific to your team.
Once you’ve downloaded and extracted the zip file, proceed to the next step.
Configuring Group Policy to automatically deploy and configure the Push Security extension
Expanding the Microsoft Edge node provides a few additional items, including Extensions. Clicking on this item shows a handful of configuration options. The one we are interested in is Control which extensions are installed silently.
Open the configuration setting and set the policy to Enabled. This will allow you to click the Show… button and to enter the extension ID value. Paste the following Push Security extension ID value into the Value field:
Note: You may have noticed the URL following the extension is one associated with Google Chrome. This is intentional and should be configured as defined in this guide for the extension to be successfully rolled out to Microsoft Edge browsers.
Once done, click OK, and close the configuration item by clicking OK again. The Configure the list of force-installed apps and extensions setting should display enabled.
Next, under Computer Configuration, expand Preferences > Windows Settings, and click on the Registry node.
Right click in the window pane on the right and select New > Registry Item.
Leave all the options at their defaults, and paste the following into the Key Path field, and click OK:
To create the next registry key, right click in the window pane again and select New > Registry Item. Leave all the options at their defaults, and paste the following into the Key Path field. Do not click OK yet:
Next, enter token into the Value name field. Change the Value type to REG_SZ and set the Value Data field to the value provided in the token.txt file generated in the Push app eg. cd3ab3c1-g1y4-44d3-adq7-h2yc5e13gc1c, and click OK.
Note: Extension policies are case sensitive. When configuring the policy in this part of the guide, please make sure that the value "token" is all lowercase.
The Group Policy Management Editor Window should now resemble the following, showing the two registry entries created in the previous steps:
The registry keys should now start propagating to client machines affected by this group policy. You can verify that the keys are created as intended by launching gpupdate.exe from a Run prompt, followed by opening regedit.exe and browsing to the following location:
If the configured registry settings were applied successfully, the policy and token registry items configured in the previous steps should be visible.
The configuration steps for deploying the Push Security browser extension into Microsoft Edge browsers in your Active Directory environment is now complete.
If you have any questions or you need help setting up, contact us and the Push team can help.