You can configure Microsoft Edge on Windows 10/11 using MDM with your preferred Enterprise Mobility Management (EMM) or MDM provider that supports ADMX Ingestion.
Configuring Microsoft Edge with MDM is a two part process:
Ingesting the Microsoft Edge ADMX file into your EMM or MDM provider. See your provider for instructions on how to ingest an ADMX file.
The following sections describe how to create the OMA-URI path and look up and define the value in XML format for mandatory and recommended browser policies.
Before you get started, download the Microsoft Edge policy templates file (MicrosoftEdgePolicyTemplates.cab) from the Microsoft Edge Enterprise landing page and extract the contents.
Use "Edge" or what you defined when ingesting the administrative template. For example, if you used "./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/MicrosoftEdge/Policy/EdgeAdmx", then use "MicrosoftEdge".
The <ADMXIngestionName> must match what was used when you ingested the ADMX file.
<ADMXNamespace>
Either "microsoft_edge" or "microsoft_edge_recommended" depending on whether you're setting a mandatory or recommended policy.
<ADMXCategory>
The "parentCategory" of the policy is defined in the ADMX file. Omit the <ADMXCategory> if the policy isn't grouped (No "parentCategory" defined).
If the policy isn't in a group (for example, DiskCacheSize) remove "~<ADMXCategory>". Replace <PolicyName> with the name of the policy, DiskCacheSize. The URI path would be:
This section describes how to set the value, in XML format, for each data type. Go to Browser policy reference to look up the data type of the policy.
ملاحظة
For non-Boolean data types, the value always starts with <enabled/>.
Boolean data type
For policies that are Boolean types use <enabled/> or <disabled/>.
Integer data type
The value always needs to start with the <enabled/> element followed by <data id="[valueName]" value="[decimal value]"/>.
To find the value name and decimal value for a new tab page, use the following steps:
Open msedge.admx with any xml editor.
Search for the <policy> element where the name attribute matches the policy name you want to set. For "RestoreOnStartup", search for name="RestoreOnStartup".
In the <elements> node, find the value you want to set.
Use the value in the "valueName" attribute in the <elements> node. For "RestoreOnStartup" the "valueName" is "RestoreOnStartup".
Use the value in the "value" attribute in the <decimal> node. For "RestoreOnStartup" to open the new tab page the value is "5".
To open the new tab page on startup use: <enabled/> <data id="RestoreOnStartup" value="5"/>
List of strings data type
The value always needs to start with the <enabled/> element followed by <data id="[listID]" value="[string 1];[string 2];[string 3]"/>.
ملاحظة
The "id=" attribute name isn't the policy name, even though in most cases it matches the policy name. It's the <list> node id attribute value, which is found in the ADMX file.
To find the listID and define the value to block a URL, follow these steps:
Open msedge.admx with any xml editor.
Search for the <policy> element where the name attribute matches the policy name you want to set. For "URLBlocklist", search for name="URLBlocklist".
Use the value in the "id" attribute of the <list> node for [listID].
The "value" is a list of URLs separated by a semicolon (;)
For example, to block access to contoso.com and https://ssl.server.com: <enabled/> <data id=" URLBlocklistDesc" value="contoso.com;https://ssl.server.com"/>
Dictionary or String data type
The value always needs to start with the <enabled/> followed by <data id="[textID]" value="[string]"/> .
To find the textID and define the value set the locale, follow these steps:
Open msedge.admx with any xml editor.
Search for the <policy> element where the name attribute matches the policy name you want to set. For "ApplicationLocaleValue", search for name="ApplicationLocaleValue".
Use the value in the "id" attribute of the <text> node for [textID].
Set the "value" to the culture code.
To set the locale to "es-US" with the "ApplicationLocaleValue" policy: <enabled/> <data id="ApplicationLocaleValue" value="es-US"/>
Dictionary data types are treated as large strings but normally need string escaping to get the value into the correct form.
For example, to set the ManagedFavorites policy the value would be:
Defining the URI path for recommended policies depends on the policy you want to configure.
To define the URI path for a recommended policy
Use the URI path formula (./Device/Vendor/MSFT/Policy/Config/<ADMXIngestName>~Policy~<ADMXNamespace>~<ADMXCategory>/<PolicyName>) and the following steps to define the URI path:
Open msedge.admx with any xml editor.
If the policy you want to configure isn't in a group, skip to step 4 and remove ~<ADMXCategory> from the path.
If the policy you want to configure is in a group:
To look up the <ADMXCategory>, search for the policy you want to set. When searching append "_recommended" to the policy name. For example, a search for "RegisteredProtocolHandlers_recommended" has the following result:
Copy the value of the ref attribute from the <parentCategory> element. For "ContentSettings", copy "ContentSettings_recommended" from <parentCategory ref=" ContentSettings_recommended"/>.
Replace <ADMXCategory> with the ref attribute value to construct the URI path in the URI path formula.
The <PolicyName> is the name of the policy with "_recommended" appended to it.
OMA-URI path examples for recommended policies
The following table shows examples of OMA-URI paths for recommended policies.
<enabled/><data id="RestoreOnStartupURLsDesc" value="1http://www.bing.com"/> For multiple list items: <enabled/><data id="RestoreOnStartupURLsDesc" value="1http://www.bing.com2http://www.microsoft.com"/>
As a best practice, don't use a custom OMA-URI profile and an Administration templates profile to configure the same Microsoft Edge setting in Intune. If you deploy the same policy using both a custom OMA-URI and an Administrative template profile, but with different values, users will get unpredictable results. We strongly recommend removing your OMA-URI profile before using an Administration templates profile.
Ingest the Microsoft Edge ADMX file into Intune
This section describes how to ingest the Microsoft Edge administrative template (msedge.admx file) into Intune.
تحذير
Don't modify the ADMX file before ingesting the file.
To ingest the ADMX file, follow these steps:
Download the Microsoft Edge policy templates file (MicrosoftEdgePolicyTemplates.cab) from the Microsoft Edge Enterprise landing page and extract the contents. The file that you want to ingest is msedge.admx.
Select Intune from All Services, or search for Intune in the portal search box.
From Microsoft Intune - Overview, select Device configuration | Profiles.
On the top command bar, select + Create profile.
Provide the following profile information:
Name: Enter a descriptive name. For this example, "Microsoft Edge ADMX ingested configuration".
Description: Enter an optional description for the profile.
Platform: Select "Windows 10 and later"
Profile type: Select "Custom"
On Custom OMA-URI Settings, click Add to add an ADMX ingestion.
On Add Row, provide the following information:
Name: Enter a descriptive name. For this example, use "Microsoft Edge ADMX ingestion".
Description: Enter an optional description for the setting.
OMA-URI: Enter "./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Edge/Policy/EdgeAdmx"
Data type: Select "String"
Value: This input area appears after you select the Data type. Open the msedge.admx file from the Microsoft Edge policy templates file you extracted in step 1. Copy ALL the text from the msedge.admx file and paste it in the Value text area shown in the following screenshot.
Click OK.
On Custom OMA-URI Settings, click OK.
On Create profile, click Create. The next screenshot shows information about the newly created profile.
Select Intune from All Services, or search for Intune in the portal search box.
Go to Intune>Device configuration>Profiles.
Select the "Microsoft Edge ADMX ingested configuration" profile or the name you used for the profile.
To add Microsoft Edge policy settings, you have to open Custom OMA-URI Settings. Under Manage, click Properties, and then click Settings.
On Custom OMA-URI Settings, click Add.
On Add Row, provide the following information:
Name: Enter a descriptive name. We suggest using the policy name you want to configure. For this example, use "ShowHomeButton".
Description (Optional): Enter a description for the setting.
OMA-URI: Enter the OMA-URI for the policy. Using the for "ShowHomeButton" policy as an example, use this string: "./Device/Vendor/MSFT/Policy/Config/Edge~Policy~microsoft_edge~Startup/ShowHomeButton"
Data type: Select the policy settings data type. For the "ShowHomeButton" policy, use "String"
Value: Enter the setting that you want to configure for the policy. For "ShowHomeButton" example, enter "<enabled/>". The following screenshot shows the settings for configuring a policy.
Click OK.
On Custom OMA-URI Settings, click OK.
On the "Microsoft Edge ADMX ingested configuration - Properties" profile (or the name you used), click Save.
Use the following steps to confirm that the Microsoft Edge policy is using the profile you created. (Give Microsoft Intune time to propagate the policy to a device you assigned in the "Microsoft Edge ADMX ingested configuration" profile example.)
Open Microsoft Edge and go to edge://policy.
On the Policies page, see if the policy you set in the profile is listed.
If a Microsoft Edge policy isn't taking effect, try the following steps:
Open the edge://policy page on the target device (a device you assigned the profile to in Microsoft Intune) and search for the policy. If the policy isn't on the edge://policy page, try the following:
Check that the policy is in the registry and is correct. On the target device open the Windows 10 Registry Editor (Windows key + r, enter "regedit" and then press Enter.) Check that the policy is correctly defined in the \Software\Policies\ Microsoft\Edge path. If you don't find the policy in the expected path, then the policy wasn't pushed to the device correctly.
Check that the OMA-URI path is correct, and the value is a valid XML string. If either of these are incorrect the policy won't be pushed to the target device.
Edge brings enterprise-ready security, privacy, and manageability controls, making it the best browser for business across PC, Mac, and mobile devices. Explore options to deploy Microsoft Edge to hundreds or thousands of devices at scale.
