Business your: Chrome admx file download
| Chrome admx file download | |
| Chrome admx file download | |
| Chrome admx file download |
Microsoft Edge - Policies
- 358 minutes to read
The latest version of Microsoft Edge includes the following policies. You can use these policies to configure how Microsoft Edge runs in your organization.
For information about an additional set of policies used to control how and when Microsoft Edge is updated, check out Microsoft Edge update policy reference.
You can download the Microsoft Security Compliance Toolkit for the recommended security configuration baseline settings for Microsoft Edge. For more information see the Microsoft Security Baselines Blog.
Note
This article applies to Microsoft Edge version 77 or later.
New and deprecated policies
The following table lists the new and deprecated policies for this update.
Available policies
These tables list all of the browser-related group policies available in this release of Microsoft Edge. Use the links in the table to get more details about specific policies.
Application Guard settings
Cast
Content settings
Default search provider
Extensions
HTTP authentication
Kiosk Mode settings
Native Messaging
Password manager and protection
Performance
Printing
Proxy server
Sleeping Tabs settings
SmartScreen settings
Startup, home page and new tab page
Additional
Application Guard settings policies
Back to top
ApplicationGuardContainerProxy
Application Guard Container Proxy
Supported versions:
- On Windows since 84 or later
Description
Configures the proxy settings for Microsoft Edge Application Guard. If you enable this policy, Microsoft Edge Application Guard ignores other sources of proxy configurations.
If you don't configure this policy, Microsoft Edge Application Guard uses the proxy configuration of the host.
This policy does not affect the proxy configuration of Microsoft Edge outside of Application Guard (on the host).
The ProxyMode field lets you specify the proxy server used by Microsoft Edge Application Guard.
The ProxyPacUrl field is a URL to a proxy .pac file.
The ProxyServer field is a URL for the proxy server.
If you choose the 'direct' value as 'ProxyMode', all other fields are ignored.
If you choose the 'auto_detect' value as 'ProxyMode', all other fields are ignored.
If you choose the 'fixed_servers' value as 'ProxyMode', the 'ProxyServer' field is used.
If you choose the 'pac_script' value as 'ProxyMode', the 'ProxyPacUrl' field is used.
For more information about identifying Application Guard traffic via dual proxy, visit https://go.microsoft.com/fwlink/?linkid=2134653.
Supported features:
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: No - Requires browser restart
Data Type:
Windows information and settings
Group Policy (ADMX) info
- GP unique name: ApplicationGuardContainerProxy
- GP name: Application Guard Container Proxy
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Application Guard settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Windows Registry Settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value Name: ApplicationGuardContainerProxy
- Value Type: REG_SZ
Example value:
Compact example value:
Back to top
Cast policies
Back to top
EnableMediaRouter
Enable Google Cast
Supported versions:
- On Windows and macOS since 77 or later
Description
Enable this policy to enable Google Cast. Users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites, and (if shown) the Cast toolbar icon.
Disable this policy to disable Google Cast.
By default, Google Cast is enabled.
Supported features:
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: No - Requires browser restart
Data Type:
Windows information and settings
Group Policy (ADMX) info
- GP unique name: EnableMediaRouter
- GP name: Enable Google Cast
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Cast
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Windows Registry Settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value Name: EnableMediaRouter
- Value Type: REG_DWORD
Example value:
Mac information and settings
- Preference Key Name: EnableMediaRouter
- Example value:
Back to top
ShowCastIconInToolbar
Show the cast icon in the toolbar
Supported versions:
- On Windows and macOS since 77 or later
Description
Set this policy to true to show the Cast toolbar icon on the toolbar or the overflow menu. Users won't be able to remove it.
If you don't configure this policy or if you disable it, users can pin or remove the icon by using its contextual menu.
If you've also set the EnableMediaRouter policy to false, then this policy is ignored, and the toolbar icon isn't shown.
Supported features:
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: No - Requires browser restart
Data Type:
Windows information and settings
Group Policy (ADMX) info
- GP unique name: ShowCastIconInToolbar
- GP name: Show the cast icon in the toolbar
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Cast
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Windows Registry Settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value Name: ShowCastIconInToolbar
- Value Type: REG_DWORD
Example value:
Mac information and settings
- Preference Key Name: ShowCastIconInToolbar
- Example value:
Back to top
Content settings policies
Back to top
AutoSelectCertificateForUrls
Automatically select client certificates for these sites
Supported versions:
- On Windows and macOS since 77 or later
Description
Setting the policy lets you make a list of URL patterns that specify sites for which Microsoft Edge can automatically select a client certificate. The value is an array of stringified JSON dictionaries, each with the form { "pattern": "$URL_PATTERN", "filter" : $FILTER }, where $URL_PATTERN is a content setting pattern. $FILTER restricts the client certificates the browser automatically selects from. Independent of the filter, only certificates that match the server's certificate request are selected.
Examples for the usage of the $FILTER section:
When $FILTER is set to { "ISSUER": { "CN": "$ISSUER_CN" } }, only client certificates issued by a certificate with the CommonName $ISSUER_CN are selected.
When $FILTER contains both the "ISSUER" and the "SUBJECT" sections, only client certificates that satisfy both conditions are selected.
When $FILTER contains a "SUBJECT" section with the "O" value, a certificate needs at least one organization matching the specified value to be selected.
When $FILTER contains a "SUBJECT" section with a "OU" value, a certificate needs at least one organizational unit matching the specified value to be selected.
When $FILTER is set to {}, the selection of client certificates is not additionally restricted. Note that filters provided by the web server still apply.
If you leave the policy unset, there's no autoselection for any site.
Supported features:
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
Data Type:
Windows information and settings
Group Policy (ADMX) info
- GP unique name: AutoSelectCertificateForUrls
- GP name: Automatically select client certificates for these sites
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Windows Registry Settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\AutoSelectCertificateForUrls
- Path (Recommended): N/A
- Value Name: 1, 2, 3, ...
- Value Type: list of REG_SZ
Example value:
Mac information and settings
- Preference Key Name: AutoSelectCertificateForUrls
- Example value:
Back to top
CookiesAllowedForUrls
Allow cookies on specific sites
Supported versions:
- On Windows and macOS since 77 or later
Description
Define a list of sites, based on URL patterns, that are allowed to set cookies.
If you don't configure this policy, the global default value from the DefaultCookiesSetting policy (if set) or the user's personal configuration is used for all sites.
See the CookiesBlockedForUrls and CookiesSessionOnlyForUrls policies for more information.
Note there cannot be conflicting URL patterns set between these three policies:
To exclude cookies from being deleted on exit, configure the SaveCookiesOnExit policy.
Supported features:
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
Data Type:
Windows information and settings
Group Policy (ADMX) info
- GP unique name: CookiesAllowedForUrls
- GP name: Allow cookies on specific sites
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Windows Registry Settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\CookiesAllowedForUrls
- Path (Recommended): N/A
- Value Name: 1, 2, 3, ...
- Value Type: list of REG_SZ
Example value:
Mac information and settings
- Preference Key Name: CookiesAllowedForUrls
- Example value:
Back to top
CookiesBlockedForUrls
Block cookies on specific sites
Supported versions:
- On Windows and macOS since 77 or later
Description
Define a list of sites, based on URL patterns, that can't set cookies.
If you don't configure this policy, the global default value from the DefaultCookiesSetting policy (if set) or the user's personal configuration is used for all sites.
See the CookiesAllowedForUrls and CookiesSessionOnlyForUrls policies for more information.
Note there cannot be conflicting URL patterns set between these three policies:
CookiesBlockedForUrls
CookiesAllowedForUrls
CookiesSessionOnlyForUrls
Supported features:
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
Data Type:
Windows information and settings
Group Policy (ADMX) info
- GP unique name: CookiesBlockedForUrls
- GP name: Block cookies on specific sites
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Windows Registry Settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\CookiesBlockedForUrls
- Path (Recommended): N/A
- Value Name: 1, 2, 3, ...
- Value Type: list of REG_SZ
Example value:
Mac information and settings
- Preference Key Name: CookiesBlockedForUrls
- Example value:
Back to top
CookiesSessionOnlyForUrls
Limit cookies from specific websites to the current session
Supported versions:
- On Windows and macOS since 77 or later
Description
Cookies created by websites that match a URL pattern you define are deleted when the session ends (when the window closes).
Cookies created by websites that don't match the pattern are controlled by the DefaultCookiesSetting policy (if set) or by the user's personal configuration. This is also the default behavior if you don't configure this policy.
If Microsoft Edge is running in background mode, the session might not close when the last window is closed, meaning the cookies won't be cleared when the window closes. See the BackgroundModeEnabled policy for information about configuring what happens when Microsoft Edge runs in background mode.
You can also use the CookiesAllowedForUrls and CookiesBlockedForUrls policies to control which websites can create cookies.
Note there cannot be conflicting URL patterns set between these three policies:
If you set the RestoreOnStartup policy to restore URLs from previous sessions, this policy is ignored, and cookies are stored permanently for those sites.
Supported features:
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
Data Type:
Windows information and settings
Group Policy (ADMX) info
- GP unique name: CookiesSessionOnlyForUrls
- GP name: Limit cookies from specific websites to the current session
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Windows Registry Settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\CookiesSessionOnlyForUrls
- Path (Recommended): N/A
- Value Name: 1, 2, 3, ...
- Value Type: list of REG_SZ
Example value:
Mac information and settings
- Preference Key Name: CookiesSessionOnlyForUrls
- Example value:
Back to top
DefaultCookiesSetting
Configure cookies
Supported versions:
- On Windows and macOS since 77 or later
Description
Control whether websites can create cookies on the user's device. This policy is all or nothing - you can let all websites create cookies, or no websites create cookies. You can't use this policy to enable cookies from specific websites.
Set the policy to 'SessionOnly' to clear cookies when the session closes. If Microsoft Edge is running in background mode, the session might not close when the last window is closed, meaning the cookies won't be cleared when the window closes. See BackgroundModeEnabled policy for information about configuring what happens when Microsoft Edge runs in background mode.
If you don't configure this policy, the default 'AllowCookies' is used, and users can change this setting in Microsoft Edge Settings. (If you don't want users to be able to change this setting, set the policy.)
Policy options mapping:
AllowCookies (1) = Let all sites create cookies
BlockCookies (2) = Don't let any site create cookies
SessionOnly (4) = Keep cookies for the duration of the session, except ones listed in SaveCookiesOnExit
Use the preceding information when configuring this policy.
Supported features:
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
Data Type:
Windows information and settings
Group Policy (ADMX) info
- GP unique name: DefaultCookiesSetting
- GP name: Configure cookies
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Windows Registry Settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value Name: DefaultCookiesSetting
- Value Type: REG_DWORD
Example value:
Mac information and settings
- Preference Key Name: DefaultCookiesSetting
- Example value:
Back to top
DefaultFileSystemReadGuardSetting
Control use of the File System API for reading
Supported versions:
- On Windows and macOS since 86 or later
Description
If you set this policy to 3, websites can ask for read access to the host operating system's filesystem using the File System API. If you set this policy to 2, access is denied.
If you don't set this policy, websites can ask for access. Users can change this setting.
Policy options mapping:
BlockFileSystemRead (2) = Don't allow any site to request read access to files and directories via the File System API
AskFileSystemRead (3) = Allow sites to ask the user to grant read access to files and directories via the File System API
Use the preceding information when configuring this policy.
Supported features:
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
Data Type:
Windows information and settings
Group Policy (ADMX) info
- GP unique name: DefaultFileSystemReadGuardSetting
- GP name: Control use of the File System API for reading
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Windows Registry Settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value Name: DefaultFileSystemReadGuardSetting
- Value Type: REG_DWORD
Example value:
Mac information and settings
- Preference Key Name: DefaultFileSystemReadGuardSetting
- Example value:
Back to top
DefaultFileSystemWriteGuardSetting
Control use of the File System API for writing
Supported versions:
- On Windows and macOS since 86 or later
Description
If you set this policy to 3, websites can ask for write access to the host operating system's filesystem using the File System API. If you set this policy to 2, access is denied.
If you don't set this policy, websites can ask for access. Users can change this setting.
Policy options mapping:
BlockFileSystemWrite (2) = Don't allow any site to request write access to files and directories
AskFileSystemWrite (3) = Allow sites to ask the user to grant write access to files and directories
Use the preceding information when configuring this policy.
Supported features:
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
Data Type:
Windows information and settings
Group Policy (ADMX) info
- GP unique name: DefaultFileSystemWriteGuardSetting
- GP name: Control use of the File System API for writing
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Windows Registry Settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value Name: DefaultFileSystemWriteGuardSetting
- Value Type: REG_DWORD
Example value:
Mac information and settings
- Preference Key Name: DefaultFileSystemWriteGuardSetting
- Example value:
Back to top
DefaultGeolocationSetting
Default geolocation setting
Supported versions:
- On Windows and macOS since 77 or later
Description
Set whether websites can track users' physical locations. You can allow tracking by default ('AllowGeolocation'), deny it by default ('BlockGeolocation'), or ask the user each time a website requests their location ('AskGeolocation').
If you don't configure this policy, 'AskGeolocation' is used and the user can change it.
Policy options mapping:
AllowGeolocation (1) = Allow sites to track users' physical location
BlockGeolocation (2) = Don't allow any site to track users' physical location
AskGeolocation (3) = Ask whenever a site wants to track users' physical location
Use the preceding information when configuring this policy.
Supported features:
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
Data Type:
Windows information and settings
Group Policy (ADMX) info
- GP unique name: DefaultGeolocationSetting
- GP name: Default geolocation setting
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Windows Registry Settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value Name: DefaultGeolocationSetting
- Value Type: REG_DWORD
Example value:
Mac information and settings
- Preference Key Name: DefaultGeolocationSetting
- Example value:
Back to top
DefaultImagesSetting
Default images setting
Supported versions:
- On Windows and macOS since 77 or later
Description
Set whether websites can display images. You can allow images on all sites ('AllowImages') or block them on all sites ('BlockImages').
If you don't configure this policy, images are allowed by default, and the user can change this setting.
Policy options mapping:
AllowImages (1) = Allow all sites to show all images
BlockImages (2) = Don't allow any site to show images
-
-
-