Microsoft Edge - Policies

The latest version of Microsoft Edge includes the following policies. You can use these policies to configure how Microsoft Edge runs in your organization.

For information about an additional set of policies used to control how and when Microsoft Edge is updated, check out Microsoft Edge update policy reference.

You can download the Microsoft Security Compliance Toolkit for the recommended security configuration baseline settings for Microsoft Edge. For more information see the Microsoft Security Baselines Blog.

Starting in Microsoft Edge version 116, certain policies will not be applied to a profile that is signed in with a Microsoft account. For more information, please check an individual policy for details on whether it applies to a profile that is signed in with a Microsoft account.

Note

This article applies to Microsoft Edge version 77 or later.

New policies

The following new and obsoleted policies are in this article update.

Policy Name Caption
AccessControlAllowMethodsInCORSPreflightSpecConformant Make Access-Control-Allow-Methods matching in CORS preflight spec conformant
BlockTruncatedCookies Block truncated cookies
AllowBackForwardCacheForCacheControlNoStorePageEnabled Allow pages with Cache-Control: no-store header to enter back/forward cache
AllowWebAuthnWithBrokenTlsCerts Allow Web Authentication requests on sites with broken TLS certificates.
FileOrDirectoryPickerWithoutGestureAllowedForOrigins Allow file or directory picker APIs to be called without prior user gesture
HttpAllowlist HTTP Allowlist
NewBaseUrlInheritanceBehaviorAllowed Allows enabling the feature NewBaseUrlInheritanceBehavior
CECPQ2Enabled CECPQ2 post-quantum key-agreement enabled for TLS (obsolete)
ForceMajorVersionToMinorPositionInUserAgent Enable or disable freezing the User-Agent string at major version 99 (obsolete)
SSLVersionMin Minimum TLS version enabled (obsolete)
WebSQLAccess Force WebSQL to be enabled (obsolete)

Available policies

These tables list all of the browser-related group policies available in this release of Microsoft Edge. Use the links in the table to get more details about specific policies.

Application Guard settings

Policy Name Caption
ApplicationGuardContainerProxy Application Guard Container Proxy
ApplicationGuardFavoritesSyncEnabled Application Guard Favorites Sync Enabled
ApplicationGuardPassiveModeEnabled Ignore Application Guard site list configuration and browse Edge normally
ApplicationGuardTrafficIdentificationEnabled Application Guard Traffic Identification
ApplicationGuardUploadBlockingEnabled Prevents files from being uploaded while in Application Guard

Cast

Policy Name Caption
EdgeDisableDialProtocolForCastDiscovery Disable DIAL protocol for cast device discovery
EnableMediaRouter Enable Google Cast
ShowCastIconInToolbar Show the cast icon in the toolbar

Content settings

Policy Name Caption
AutoSelectCertificateForUrls Automatically select client certificates for these sites
AutomaticDownloadsAllowedForUrls Allow multiple automatic downloads in quick succession on specific sites
AutomaticDownloadsBlockedForUrls Block multiple automatic downloads in quick succession on specific sites
CookiesAllowedForUrls Allow cookies on specific sites
CookiesBlockedForUrls Block cookies on specific sites
CookiesSessionOnlyForUrls Limit cookies from specific websites to the current session
DataUrlInSvgUseEnabled Data URL support for SVGUseElement
DefaultAutomaticDownloadsSetting Default automatic downloads setting
DefaultCookiesSetting Configure cookies
DefaultFileSystemReadGuardSetting Control use of the File System API for reading
DefaultFileSystemWriteGuardSetting Control use of the File System API for writing
DefaultGeolocationSetting Default geolocation setting
DefaultImagesSetting Default images setting
DefaultInsecureContentSetting Control use of insecure content exceptions
DefaultJavaScriptJitSetting Control use of JavaScript JIT
DefaultJavaScriptSetting Default JavaScript setting
DefaultNotificationsSetting Default notification setting
DefaultPluginsSetting Default Adobe Flash setting (obsolete)
DefaultPopupsSetting Default pop-up window setting
DefaultThirdPartyStoragePartitioningSetting Default setting for third-party storage partitioning
DefaultWebBluetoothGuardSetting Control use of the Web Bluetooth API
DefaultWebHidGuardSetting Control use of the WebHID API
DefaultWebUsbGuardSetting Control use of the WebUSB API
DefaultWindowManagementSetting Default Window Management permission setting
FileSystemReadAskForUrls Allow read access via the File System API on these sites
FileSystemReadBlockedForUrls Block read access via the File System API on these sites
FileSystemWriteAskForUrls Allow write access to files and directories on these sites
FileSystemWriteBlockedForUrls Block write access to files and directories on these sites
ImagesAllowedForUrls Allow images on these sites
ImagesBlockedForUrls Block images on specific sites
InsecureContentAllowedForUrls Allow insecure content on specified sites
InsecureContentBlockedForUrls Block insecure content on specified sites
IntranetFileLinksEnabled Allow intranet zone file URL links from Microsoft Edge to open in Windows File Explorer
JavaScriptAllowedForUrls Allow JavaScript on specific sites
JavaScriptBlockedForUrls Block JavaScript on specific sites
JavaScriptJitAllowedForSites Allow JavaScript to use JIT on these sites
JavaScriptJitBlockedForSites Block JavaScript from using JIT on these sites
LegacySameSiteCookieBehaviorEnabled Enable default legacy SameSite cookie behavior setting (obsolete)
LegacySameSiteCookieBehaviorEnabledForDomainList Revert to legacy SameSite behavior for cookies on specified sites
NotificationsAllowedForUrls Allow notifications on specific sites
NotificationsBlockedForUrls Block notifications on specific sites
PluginsAllowedForUrls Allow the Adobe Flash plug-in on specific sites (obsolete)
PluginsBlockedForUrls Block the Adobe Flash plug-in on specific sites (obsolete)
PopupsAllowedForUrls Allow pop-up windows on specific sites
PopupsBlockedForUrls Block pop-up windows on specific sites
RegisteredProtocolHandlers Register protocol handlers
SerialAllowAllPortsForUrls Automatically grant sites permission to connect all serial ports
SerialAllowUsbDevicesForUrls Automatically grant sites permission to connect to USB serial devices
ShowPDFDefaultRecommendationsEnabled Allow notifications to set Microsoft Edge as default PDF reader
SpotlightExperiencesAndRecommendationsEnabled Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft services
ThirdPartyStoragePartitioningBlockedForOrigins Block third-party storage partitioning for these origins
WebHidAllowAllDevicesForUrls Allow listed sites to connect to any HID device
WebHidAllowDevicesForUrls Allow listed sites connect to specific HID devices
WebHidAllowDevicesWithHidUsagesForUrls Automatically grant permission to these sites to connect to HID devices containing top-level collections with the given HID usage
WebHidAskForUrls Allow the WebHID API on these sites
WebHidBlockedForUrls Block the WebHID API on these sites
WebUsbAllowDevicesForUrls Grant access to specific sites to connect to specific USB devices
WebUsbAskForUrls Allow WebUSB on specific sites
WebUsbBlockedForUrls Block WebUSB on specific sites
WindowManagementAllowedForUrls Allow Window Management permission on specified sites
WindowManagementBlockedForUrls Block Window Management permission on specified sites

Default search provider

Policy Name Caption
DefaultSearchProviderEnabled Enable the default search provider
DefaultSearchProviderEncodings Default search provider encodings
DefaultSearchProviderImageURL Specifies the search-by-image feature for the default search provider
DefaultSearchProviderImageURLPostParams Parameters for an image URL that uses POST
DefaultSearchProviderKeyword Default search provider keyword
DefaultSearchProviderName Default search provider name
DefaultSearchProviderSearchURL Default search provider search URL
DefaultSearchProviderSuggestURL Default search provider URL for suggestions
NewTabPageSearchBox Configure the new tab page search box experience

Edge Website Typo Protection settings

Policy Name Caption
PreventTyposquattingPromptOverride Prevent bypassing Edge Website Typo Protection prompts for sites
TyposquattingAllowListDomains Configure the list of domains for which Edge Website Typo Protection won't trigger warnings
TyposquattingCheckerEnabled Configure Edge Website Typo Protection

Edge Workspaces settings

Policy Name Caption
EdgeWorkspacesEnabled Enable Workspaces
WorkspacesNavigationSettings Configure navigation settings per groups of URLs in Microsoft Edge Workspaces

Experimentation

Policy Name Caption
FeatureFlagOverridesControl Configure users ability to override feature flags

Extensions

Policy Name Caption
BlockExternalExtensions Blocks external extensions from being installed
ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled Configure default state of Allow extensions from other stores setting
ExtensionAllowedTypes Configure allowed extension types
ExtensionInstallAllowlist Allow specific extensions to be installed
ExtensionInstallBlocklist Control which extensions cannot be installed
ExtensionInstallForcelist Control which extensions are installed silently
ExtensionInstallSources Configure extension and user script install sources
ExtensionInstallTypeBlocklist Blocklist for extension install types
ExtensionManifestV2Availability Control Manifest v2 extension availability
ExtensionSettings Configure extension management settings

Games settings

Policy Name Caption
GamerModeEnabled Enable Gamer Mode

HTTP authentication

Policy Name Caption
AllHttpAuthSchemesAllowedForOrigins List of origins that allow all HTTP authentication
AllowCrossOriginAuthPrompt Allow cross-origin HTTP Authentication prompts
AuthNegotiateDelegateAllowlist Specifies a list of servers that Microsoft Edge can delegate user credentials to
AuthSchemes Supported authentication schemes
AuthServerAllowlist Configure list of allowed authentication servers
BasicAuthOverHttpEnabled Allow Basic authentication for HTTP
DisableAuthNegotiateCnameLookup Disable CNAME lookup when negotiating Kerberos authentication
EnableAuthNegotiatePort Include non-standard port in Kerberos SPN
NtlmV2Enabled Control whether NTLMv2 authentication is enabled
WindowsHelloForHTTPAuthEnabled Windows Hello For HTTP Auth Enabled

Identity and sign-in

Policy Name Caption
AutomaticProfileSwitchingSiteList Configure the automatic profile switching site list
EdgeDefaultProfileEnabled Default Profile Setting Enabled
GuidedSwitchEnabled Guided Switch Enabled
ImplicitSignInEnabled Enable implicit sign-in
LinkedAccountEnabled Enable the linked account feature
OneAuthAuthenticationEnforced OneAuth Authentication Flow Enforced for signin
OnlyOnPremisesImplicitSigninEnabled Only on-premises account enabled for implicit sign-in
SignInCtaOnNtpEnabled Enable sign in click to action dialog
SwitchIntranetSitesToWorkProfile Switch intranet sites to a work profile
SwitchSitesOnIEModeSiteListToWorkProfile Switch sites on the IE mode site list to a work profile
WAMAuthBelowWin10RS3Enabled WAM for authentication below Windows 10 RS3 enabled

Idle Browser Actions

Policy Name Caption

Immersive Reader settings

Policy Name Caption
ImmersiveReaderGrammarToolsEnabled Enable Grammar Tools feature within Immersive Reader in Microsoft Edge
ImmersiveReaderPictureDictionaryEnabled Enable Picture Dictionary feature within Immersive Reader in Microsoft Edge

Kiosk Mode settings

Policy Name Caption
KioskAddressBarEditingEnabled Configure address bar editing for kiosk mode public browsing experience
KioskDeleteDownloadsOnExit Delete files downloaded as part of kiosk session when Microsoft Edge closes
KioskSwipeGesturesEnabled Swipe gestures in Microsoft Edge kiosk mode enabled

Manageability

Policy Name Caption
EdgeManagementEnabled Microsoft Edge management enabled
EdgeManagementEnrollmentToken Microsoft Edge management enrollment token
EdgeManagementExtensionsFeedbackEnabled Microsoft Edge management extensions feedback enabled
EdgeManagementPolicyOverridesPlatformPolicy Microsoft Edge management service policy overrides platform policy.
EdgeManagementUserPolicyOverridesCloudMachinePolicy Allow cloud-based Microsoft Edge management service user policies to override local user policies.
MAMEnabled Mobile App Management Enabled

Native Messaging

Policy Name Caption
NativeMessagingAllowlist Control which native messaging hosts users can use
NativeMessagingBlocklist Configure native messaging block list
NativeMessagingUserLevelHosts Allow user-level native messaging hosts (installed without admin permissions)

Network settings

Policy Name Caption
AccessControlAllowMethodsInCORSPreflightSpecConformant Make Access-Control-Allow-Methods matching in CORS preflight spec conformant
BlockTruncatedCookies Block truncated cookies
CompressionDictionaryTransportEnabled Enable compression dictionary transport support

Password manager and protection

Policy Name Caption
PasswordDeleteOnBrowserCloseEnabled Prevent passwords from being deleted if any Edge settings is enabled to delete browsing data when Microsoft Edge closes
PasswordGeneratorEnabled Allow users to get a strong password suggestion whenever they are creating an account online
PasswordManagerBlocklist Configure the list of domains for which the password manager UI (Save and Fill) will be disabled
PasswordManagerEnabled Enable saving passwords to the password manager
PasswordManagerRestrictLengthEnabled Restrict the length of passwords that can be saved in the Password Manager
PasswordMonitorAllowed Allow users to be alerted if their passwords are found to be unsafe
PasswordProtectionChangePasswordURL Configure the change password URL
PasswordProtectionLoginURLs Configure the list of enterprise login URLs where the password protection service should capture salted hashes of a password
PasswordProtectionWarningTrigger Configure password protection warning trigger
PasswordRevealEnabled Enable Password reveal button
PrimaryPasswordSetting Configures a setting that asks users to enter their device password while using password autofill

Performance

Policy Name Caption
EfficiencyMode Configure when efficiency mode should become active
EfficiencyModeEnabled Efficiency mode enabled
EfficiencyModeOnPowerEnabled Enable efficiency mode when the device is connected to a power source
PerformanceDetectorEnabled Performance Detector Enabled
PinBrowserEssentialsToolbarButton Pin browser essentials toolbar button
StartupBoostEnabled Enable startup boost

Permit or deny screen capture

Policy Name Caption
SameOriginTabCaptureAllowedByOrigins Allow Same Origin Tab capture by these origins
ScreenCaptureAllowedByOrigins Allow Desktop, Window, and Tab capture by these origins
TabCaptureAllowedByOrigins Allow Tab capture by these origins
WindowCaptureAllowedByOrigins Allow Window and Tab capture by these origins

Printing

Policy Name Caption
DefaultPrinterSelection Default printer selection rules
PrintHeaderFooter Print headers and footers
PrintPdfAsImageDefault Print PDF as Image Default
PrintPostScriptMode Print PostScript Mode
PrintPreviewStickySettings Configure the sticky print preview settings
PrintPreviewUseSystemDefaultPrinter Set the system default printer as the default printer
PrintRasterizationMode Print Rasterization Mode
PrintRasterizePdfDpi Print Rasterize PDF DPI
PrintStickySettings Print preview sticky settings
PrinterTypeDenyList Disable printer types on the deny list
PrintingAllowedBackgroundGraphicsModes Restrict background graphics printing mode
PrintingBackgroundGraphicsDefault Default background graphics printing mode
PrintingEnabled Enable printing
PrintingPaperSizeDefault Default printing page size
PrintingWebpageLayout Sets layout for printing
UseSystemPrintDialog Print using system print dialog

Private Network Request Settings

Policy Name Caption
InsecurePrivateNetworkRequestsAllowed Specifies whether to allow websites to make requests to any network endpoint in an insecure manner.
InsecurePrivateNetworkRequestsAllowedForUrls Allow the listed sites to make requests to more-private network endpoints from in an insecure manner

Proxy server

Policy Name Caption
ProxyBypassList Configure proxy bypass rules (deprecated)
ProxyMode Configure proxy server settings (deprecated)
ProxyPacUrl Set the proxy .pac file URL (deprecated)
ProxyServer Configure address or URL of proxy server (deprecated)
ProxySettings Proxy settings
Policy Name Caption
RelatedWebsiteSetsEnabled Enable Related Website Sets
RelatedWebsiteSetsOverrides Override Related Website Sets.

Sleeping tabs settings

Policy Name Caption
AutoDiscardSleepingTabsEnabled Configure auto discard sleeping tabs
SleepingTabsBlockedForUrls Block sleeping tabs on specific sites
SleepingTabsEnabled Configure sleeping tabs
SleepingTabsTimeout Set the background tab inactivity timeout for sleeping tabs

SmartScreen settings

Policy Name Caption
ExemptSmartScreenDownloadWarnings Disable SmartScreen AppRep based warnings for specified file types on specified domains
NewSmartScreenLibraryEnabled Enable new SmartScreen library (obsolete)
PreventSmartScreenPromptOverride Prevent bypassing Microsoft Defender SmartScreen prompts for sites
PreventSmartScreenPromptOverrideForFiles Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads
SmartScreenAllowListDomains Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings
SmartScreenDnsRequestsEnabled Enable Microsoft Defender SmartScreen DNS requests
SmartScreenEnabled Configure Microsoft Defender SmartScreen
SmartScreenForTrustedDownloadsEnabled Force Microsoft Defender SmartScreen checks on downloads from trusted sources
SmartScreenPuaEnabled Configure Microsoft Defender SmartScreen to block potentially unwanted apps

Startup, home page and new tab page

Policy Name Caption
HomepageIsNewTabPage Set the new tab page as the home page
HomepageLocation Configure the home page URL
NewTabPageAllowedBackgroundTypes Configure the background types allowed for the new tab page layout
NewTabPageAppLauncherEnabled Hide App Launcher on Microsoft Edge new tab page
NewTabPageBingChatEnabled Disable Bing chat entry-points on Microsoft Edge Enterprise new tab page
NewTabPageCompanyLogo Set new tab page company logo (obsolete)
NewTabPageCompanyLogoEnabled Hide the company logo on the Microsoft Edge new tab page
NewTabPageContentEnabled Allow Microsoft content on the new tab page
NewTabPageHideDefaultTopSites Hide the default top sites from the new tab page
NewTabPageLocation Configure the new tab page URL
NewTabPageManagedQuickLinks Set new tab page quick links
NewTabPagePrerenderEnabled Enable preload of the new tab page for faster rendering
NewTabPageQuickLinksEnabled Allow quick links on the new tab page
NewTabPageSetFeedType Configure the Microsoft Edge new tab page experience (obsolete)
RestoreOnStartup Action to take on startup
RestoreOnStartupURLs Sites to open when the browser starts
RestoreOnStartupUserURLsEnabled Allow users to add and remove their own sites during startup when the RestoreOnStartupURLs policy is configured
ShowHomeButton Show Home button on toolbar

Additional

Policy Name Caption
AADWebSiteSSOUsingThisProfileEnabled Single sign-on for work or school sites using this profile enabled
AIGenThemesEnabled Enables DALL-E themes generation
AccessibilityImageLabelsEnabled Let screen reader users get image descriptions from Microsoft
AddressBarEditingEnabled Configure address bar editing
AddressBarMicrosoftSearchInBingProviderEnabled Enable Microsoft Search in Bing suggestions in the address bar
AdsSettingForIntrusiveAdsSites Ads setting for sites with intrusive ads
AdsTransparencyEnabled Configure if the ads transparency feature is enabled
AllowBackForwardCacheForCacheControlNoStorePageEnabled Allow pages with Cache-Control: no-store header to enter back/forward cache
AllowDeletingBrowserHistory Enable deleting browser and download history
AllowFileSelectionDialogs Allow file selection dialogs
AllowGamesMenu Allow users to access the games menu (deprecated)
AllowPopupsDuringPageUnload Allows a page to show popups during its unloading (obsolete)
AllowSurfGame Allow surf game
AllowSyncXHRInPageDismissal Allow pages to send synchronous XHR requests during page dismissal (obsolete)
AllowSystemNotifications Allows system notifications
AllowTokenBindingForUrls Configure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with
AllowTrackingForUrls Configure tracking prevention exceptions for specific sites
AllowWebAuthnWithBrokenTlsCerts Allow Web Authentication requests on sites with broken TLS certificates.
AllowedDomainsForApps Define domains allowed to access Google Workspace
AlternateErrorPagesEnabled Suggest similar pages when a webpage can't be found
AlwaysOpenPdfExternally Always open PDF files externally
AmbientAuthenticationInPrivateModesEnabled Enable Ambient Authentication for InPrivate and Guest profiles
AppCacheForceEnabled Allows the AppCache feature to be re-enabled, even if it's turned off by default (obsolete)
ApplicationLocaleValue Set application locale
AskBeforeCloseEnabled Get user confirmation before closing a browser window with multiple tabs
AudioCaptureAllowed Allow or block audio capture
AudioCaptureAllowedUrls Sites that can access audio capture devices without requesting permission
AudioProcessHighPriorityEnabled Allow the audio process to run with priority above normal on Windows
AudioSandboxEnabled Allow the audio sandbox to run
AutoImportAtFirstRun Automatically import another browser's data and settings at first run
AutoLaunchProtocolsComponentEnabled AutoLaunch Protocols Component Enabled
AutoLaunchProtocolsFromOrigins Define a list of protocols that can launch an external application from listed origins without prompting the user
AutoOpenAllowedForURLs URLs where AutoOpenFileTypes can apply
AutoOpenFileTypes List of file types that should be automatically opened on download
AutofillAddressEnabled Enable AutoFill for addresses
AutofillCreditCardEnabled Enable AutoFill for payment instruments
AutofillMembershipsEnabled Save and fill memberships
AutomaticHttpsDefault Configure Automatic HTTPS
AutoplayAllowed Allow media autoplay for websites
AutoplayAllowlist Allow media autoplay on specific sites
BackgroundModeEnabled Continue running background apps after Microsoft Edge closes
BackgroundTemplateListUpdatesEnabled Enables background updates to the list of available templates for Collections and other features that use templates (deprecated)
BeforeunloadEventCancelByPreventDefaultEnabled Control the behavior for the cancel dialog produced by the beforeunload event
BingAdsSuppression Block all ads on Bing search results
BlockThirdPartyCookies Block third party cookies
BrowserAddProfileEnabled Enable profile creation from the Identity flyout menu or the Settings page
BrowserCodeIntegritySetting Configure browser process code integrity guard setting
BrowserGuestModeEnabled Enable guest mode
BrowserLegacyExtensionPointsBlockingEnabled Enable browser legacy extension point blocking
BrowserNetworkTimeQueriesEnabled Allow queries to a Browser Network Time service
BrowserSignin Browser sign-in settings
BrowsingDataLifetime Browsing Data Lifetime Settings
BuiltInDnsClientEnabled Use built-in DNS client
BuiltinCertificateVerifierEnabled Determines whether the built-in certificate verifier will be used to verify server certificates (obsolete)
CECPQ2Enabled CECPQ2 post-quantum key-agreement enabled for TLS (obsolete)
CORSNonWildcardRequestHeadersSupport CORS non-wildcard request header support enabled
CertificateTransparencyEnforcementDisabledForCas Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
CertificateTransparencyEnforcementDisabledForLegacyCas Disable Certificate Transparency enforcement for a list of legacy certificate authorities
CertificateTransparencyEnforcementDisabledForUrls Disable Certificate Transparency enforcement for specific URLs
ClearBrowsingDataOnExit Clear browsing data when Microsoft Edge closes
ClearCachedImagesAndFilesOnExit Clear cached images and files when Microsoft Edge closes
ClickOnceEnabled Allow users to open files using the ClickOnce protocol
ClipboardAllowedForUrls Allow clipboard use on specific sites
ClipboardBlockedForUrls Block clipboard use on specific sites
CollectionsServicesAndExportsBlockList Block access to a specified list of services and export targets in Collections
CommandLineFlagSecurityWarningsEnabled Enable security warnings for command-line flags
ComponentUpdatesEnabled Enable component updates in Microsoft Edge
ComposeInlineEnabled Compose is enabled for writing on the web
ConfigureDoNotTrack Configure Do Not Track
ConfigureFriendlyURLFormat Configure the default paste format of URLs copied from Microsoft Edge, and determine if additional formats will be available to users
ConfigureKeyboardShortcuts Configure the list of commands for which to disable keyboard shortcuts
ConfigureOnPremisesAccountAutoSignIn Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account
ConfigureOnlineTextToSpeech Configure Online Text To Speech
ConfigureShare Configure the Share experience
ConfigureViewInFileExplorer Configure the View in File Explorer feature for SharePoint pages in Microsoft Edge
CrossOriginWebAssemblyModuleSharingEnabled Specifies whether WebAssembly modules can be sent cross-origin (obsolete)
CryptoWalletEnabled Enable CryptoWallet feature
CustomHelpLink Specify custom help link
DNSInterceptionChecksEnabled DNS interception checks enabled
DefaultBrowserSettingEnabled Set Microsoft Edge as default browser
DefaultBrowserSettingsCampaignEnabled Enables default browser settings campaigns
DefaultClipboardSetting Default clipboard site permission
DefaultSearchProviderContextMenuAccessAllowed Allow default search provider context menu search access
DefaultSensorsSetting Default sensors setting
DefaultSerialGuardSetting Control use of the Serial API
DefaultShareAdditionalOSRegionSetting Set the default "share additional operating system region" setting
DefinePreferredLanguages Define an ordered list of preferred languages that websites should display in if the site supports the language
DelayNavigationsForInitialSiteListDownload Require that the Enterprise Mode Site List is available before tab navigation
DeleteDataOnMigration Delete old browser data on migration
DeveloperToolsAvailability Control where developer tools can be used
DiagnosticData Send required and optional diagnostic data about browser usage
DirectInvokeEnabled Allow users to open files using the DirectInvoke protocol
Disable3DAPIs Disable support for 3D graphics APIs
DisableScreenshots Disable taking screenshots
DiscoverPageContextEnabled Enable Discover access to page contents for AAD profiles
DiskCacheDir Set disk cache directory
DiskCacheSize Set disk cache size, in bytes
DisplayCapturePermissionsPolicyEnabled Specifies whether the display-capture permissions-policy is checked or skipped (obsolete)
DnsOverHttpsMode Control the mode of DNS-over-HTTPS
DnsOverHttpsTemplates Specify URI template of desired DNS-over-HTTPS resolver
DoNotSilentlyBlockProtocolsFromOrigins Define a list of protocols that can not be silently blocked by anti-flood protection
DoubleClickCloseTabEnabled Double Click feature in Microsoft Edge enabled (only available in China)
DownloadDirectory Set download directory
DownloadRestrictions Allow download restrictions
Edge3PSerpTelemetryEnabled Edge 3P SERP Telemetry Enabled
EdgeAssetDeliveryServiceEnabled Allow features to download assets from the Asset Delivery Service
EdgeCollectionsEnabled Enable the Collections feature
EdgeDiscoverEnabled Discover feature In Microsoft Edge (obsolete)
EdgeEDropEnabled Enable Drop feature in Microsoft Edge
EdgeEnhanceImagesEnabled Enhance images enabled (obsolete)
EdgeFollowEnabled Enable Follow service in Microsoft Edge
EdgeOpenInSidebarEnabled Enable open in sidebar
EdgeShoppingAssistantEnabled Shopping in Microsoft Edge Enabled
EdgeSidebarCustomizeEnabled Enable sidebar customize
EdgeWalletCheckoutEnabled Enable Wallet Checkout feature
EdgeWalletEtreeEnabled Edge Wallet E-Tree Enabled
EditFavoritesEnabled Allows users to edit favorites
EnableDeprecatedWebPlatformFeatures Re-enable deprecated web platform features for a limited time (obsolete)
EnableDomainActionsDownload Enable Domain Actions Download from Microsoft (obsolete)
EnableOnlineRevocationChecks Enable online OCSP/CRL checks
EnableSha1ForLocalAnchors Allow certificates signed using SHA-1 when issued by local trust anchors (obsolete)
EncryptedClientHelloEnabled TLS Encrypted ClientHello Enabled
EnforceLocalAnchorConstraintsEnabled Determines whether the built-in certificate verifier will enforce constraints encoded into trust anchors loaded from the platform trust store (deprecated)
EnhanceSecurityMode Enhance the security state in Microsoft Edge
EnhanceSecurityModeAllowUserBypass Allow users to bypass Enhanced Security Mode
EnhanceSecurityModeBypassIntranet Enhanced Security Mode configuration for Intranet zone sites
EnhanceSecurityModeBypassListDomains Configure the list of domains for which enhance security mode will not be enforced
EnhanceSecurityModeEnforceListDomains Configure the list of domains for which enhance security mode will always be enforced
EnhanceSecurityModeIndicatorUIEnabled Manage the indicator UI of the Enhanced Security Mode (ESM) feature in Microsoft Edge
EnhanceSecurityModeOptOutUXEnabled Manage opt-out user experience for Enhanced Security Mode (ESM) in Microsoft Edge
EnterpriseHardwarePlatformAPIEnabled Allow managed extensions to use the Enterprise Hardware Platform API
EnterpriseModeSiteListManagerAllowed Allow access to the Enterprise Mode Site List Manager tool
EventPathEnabled Re-enable the Event.path API until Microsoft Edge version 115 (obsolete)
ExemptDomainFileTypePairsFromFileTypeDownloadWarnings Disable download file type extension-based warnings for specified file types on domains (obsolete)
ExemptFileTypeDownloadWarnings Disable download file type extension-based warnings for specified file types on domains
ExperimentationAndConfigurationServiceControl Control communication with the Experimentation and Configuration Service
ExplicitlyAllowedNetworkPorts Explicitly allowed network ports
ExternalProtocolDialogShowAlwaysOpenCheckbox Show an "Always open" checkbox in external protocol dialog
FamilySafetySettingsEnabled Allow users to configure Family safety and Kids Mode
FavoritesBarEnabled Enable favorites bar
FetchKeepaliveDurationSecondsOnShutdown Fetch keepalive duration on shutdown
FileOrDirectoryPickerWithoutGestureAllowedForOrigins Allow file or directory picker APIs to be called without prior user gesture
ForceBingSafeSearch Enforce Bing SafeSearch
ForceBuiltInPushMessagingClient Forces Microsoft Edge to use its built-in WNS push client to connect to the Windows Push Notification Service.
ForceCertificatePromptsOnMultipleMatches Configure whether Microsoft Edge should automatically select a certificate when there are multiple certificate matches for a site configured with "AutoSelectCertificateForUrls" (deprecated)
ForceEphemeralProfiles Enable use of ephemeral profiles
ForceGoogleSafeSearch Enforce Google SafeSearch
ForceLegacyDefaultReferrerPolicy Use a default referrer policy of no-referrer-when-downgrade (obsolete)
ForceMajorVersionToMinorPositionInUserAgent Enable or disable freezing the User-Agent string at major version 99 (obsolete)
ForceNetworkInProcess Force networking code to run in the browser process (obsolete)
ForcePermissionPolicyUnloadDefaultEnabled Controls whether unload event handlers can be disabled.
ForceSync Force synchronization of browser data and do not show the sync consent prompt
ForceSyncTypes Configure the list of types that are included for synchronization
ForceYouTubeRestrict Force minimum YouTube Restricted Mode
FullscreenAllowed Allow full screen mode
GloballyScopeHTTPAuthCacheEnabled Enable globally scoped HTTP auth cache
GoToIntranetSiteForSingleWordEntryInAddressBar Force direct intranet site navigation instead of searching on single word entries in the Address Bar
HSTSPolicyBypassList Configure the list of names that will bypass the HSTS policy check
HardwareAccelerationModeEnabled Use hardware acceleration when available
HeadlessModeEnabled Control use of the Headless Mode
HideFirstRunExperience Hide the First-run experience and splash screen
HideInternetExplorerRedirectUXForIncompatibleSitesEnabled Hide the one-time redirection dialog and the banner on Microsoft Edge
HideRestoreDialogEnabled Hide restore pages dialog after browser crash
HttpAllowlist HTTP Allowlist
HubsSidebarEnabled Show Hubs Sidebar
ImportAutofillFormData Allow importing of autofill form data
ImportBrowserSettings Allow importing of browser settings
ImportCookies Allow importing of Cookies
ImportExtensions Allow importing of extensions
ImportFavorites Allow importing of favorites
ImportHistory Allow importing of browsing history
ImportHomepage Allow importing of home page settings
ImportOnEachLaunch Allow import of data from other browsers on each Microsoft Edge launch
ImportOpenTabs Allow importing of open tabs
ImportPaymentInfo Allow importing of payment info
ImportSavedPasswords Allow importing of saved passwords
ImportSearchEngine Allow importing of search engine settings
ImportShortcuts Allow importing of shortcuts
ImportStartupPageSettings Allow importing of startup page settings
InAppSupportEnabled In-app support Enabled
InPrivateModeAvailability Configure InPrivate mode availability
InsecureFormsWarningsEnabled Enable warnings for insecure forms
IntensiveWakeUpThrottlingEnabled Control the IntensiveWakeUpThrottling feature
InternetExplorerIntegrationAlwaysUseOSCapture Always use the OS capture engine to avoid issues with capturing Internet Explorer mode tabs
InternetExplorerIntegrationAlwaysWaitForUnload Wait for Internet Explorer mode tabs to completely unload before ending the browser session
InternetExplorerIntegrationCloudNeutralSitesReporting Configure reporting of potentially misconfigured neutral site URLs to the M365 Admin Center Site Lists app
InternetExplorerIntegrationCloudSiteList Configure the Enterprise Mode Cloud Site List
InternetExplorerIntegrationCloudUserSitesReporting Configure reporting of IE Mode user list entries to the M365 Admin Center Site Lists app
InternetExplorerIntegrationComplexNavDataTypes Configure whether form data and HTTP headers will be sent when entering or exiting Internet Explorer mode
InternetExplorerIntegrationEnhancedHangDetection Configure enhanced hang detection for Internet Explorer mode
InternetExplorerIntegrationLevel Configure Internet Explorer integration
InternetExplorerIntegrationLocalFileAllowed Allow launching of local files in Internet Explorer mode
InternetExplorerIntegrationLocalFileExtensionAllowList Open local files in Internet Explorer mode file extension allow list
InternetExplorerIntegrationLocalFileShowContextMenu Show context menu to open a file:// link in Internet Explorer mode
InternetExplorerIntegrationLocalMhtFileAllowed Allow local MHTML files to open automatically in Internet Explorer mode
InternetExplorerIntegrationLocalSiteListExpirationDays Specify the number of days that a site remains on the local IE mode site list
InternetExplorerIntegrationReloadInIEModeAllowed Allow unconfigured sites to be reloaded in Internet Explorer mode
InternetExplorerIntegrationSiteList Configure the Enterprise Mode Site List
InternetExplorerIntegrationSiteListRefreshInterval Configure how frequently the Enterprise Mode Site List is refreshed
InternetExplorerIntegrationSiteRedirect Specify how "in-page" navigations to unconfigured sites behave when started from Internet Explorer mode pages
InternetExplorerIntegrationTestingAllowed Allow Internet Explorer mode testing (obsolete)
InternetExplorerIntegrationWindowOpenHeightAdjustment Configure the pixel adjustment between window.open heights sourced from IE mode pages vs. Edge mode pages
InternetExplorerIntegrationWindowOpenWidthAdjustment Configure the pixel adjustment between window.open widths sourced from IE mode pages vs. Edge mode pages
InternetExplorerIntegrationZoneIdentifierMhtFileAllowed Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode
InternetExplorerModeClearDataOnExitEnabled Clear history for IE and IE mode every time you exit
InternetExplorerModeEnableSavePageAs Allow Save page as in Internet Explorer mode
InternetExplorerModeTabInEdgeModeAllowed Allow sites configured for Internet Explorer mode to open in Microsoft Edge
InternetExplorerModeToolbarButtonEnabled Show the Reload in Internet Explorer mode button in the toolbar
InternetExplorerZoomDisplay Display zoom in IE Mode tabs with DPI Scale included like it is in Internet Explorer
IntranetRedirectBehavior Intranet Redirection Behavior
IsolateOrigins Enable site isolation for specific origins
LiveCaptionsAllowed Live captions allowed
LocalBrowserDataShareEnabled Enable Windows to search local Microsoft Edge browsing data
LocalProvidersEnabled Allow suggestions from local providers
MAUEnabled Always use Microsoft AutoUpdate as the updater for Microsoft Edge
MSAWebSiteSSOUsingThisProfileAllowed Allow single sign-on for Microsoft personal sites using this profile
ManagedConfigurationPerOrigin Sets managed configuration values for websites to specific origins
ManagedFavorites Configure favorites
ManagedSearchEngines Manage Search Engines
MathSolverEnabled Let users snip a Math problem and get the solution with a step-by-step explanation in Microsoft Edge
MaxConnectionsPerProxy Maximum number of concurrent connections to the proxy server
MediaRouterCastAllowAllIPs Allow Google Cast to connect to Cast devices on all IP addresses
MetricsReportingEnabled Enable usage and crash-related data reporting (obsolete)
MicrosoftEdgeInsiderPromotionEnabled Microsoft Edge Insider Promotion Enabled
MicrosoftEditorProofingEnabled Spell checking provided by Microsoft Editor
MicrosoftEditorSynonymsEnabled Synonyms are provided when using Microsoft Editor spell checker
MicrosoftOfficeMenuEnabled Allow users to access the Microsoft Office menu (deprecated)
MicrosoftRootStoreEnabled Determines whether the Microsoft Root Store and built-in certificate verifier will be used to verify server certificates (deprecated)
MouseGestureEnabled Mouse Gesture Enabled
NativeHostsExecutablesLaunchDirectly Force Windows executable Native Messaging hosts to launch directly
NativeWindowOcclusionEnabled Enable Native Window Occlusion (deprecated)
NavigationDelayForInitialSiteListDownloadTimeout Set a timeout for delay of tab navigation for the Enterprise Mode Site List
NetworkPredictionOptions Enable network prediction
NetworkServiceSandboxEnabled Enable the network service sandbox
NewBaseUrlInheritanceBehaviorAllowed Allows enabling the feature NewBaseUrlInheritanceBehavior
NewPDFReaderEnabled Microsoft Edge built-in PDF reader powered by Adobe Acrobat enabled
NonRemovableProfileEnabled Configure whether a user always has a default profile automatically signed in with their work or school account
OrganizationLogoOverlayOnAppIconEnabled Allow your organization's logo from Microsoft Entra to be overlaid on the Microsoft Edge app icon of a work profile
OrganizationalBrandingOnWorkProfileUIEnabled Allow the use of your organization's branding assets from Microsoft Entra on the profile-related UI of a work profile
OriginAgentClusterDefaultEnabled Origin-keyed agent clustering enabled by default
OutlookHubMenuEnabled Allow users to access the Outlook menu (obsolete)
OverrideSecurityRestrictionsOnInsecureOrigin Control where security restrictions on insecure origins apply
PDFSecureMode Secure mode and Certificate-based Digital Signature validation in native PDF reader
PDFXFAEnabled XFA support in native PDF reader enabled
PaymentMethodQueryEnabled Allow websites to query for available payment methods
PersonalizationReportingEnabled Allow personalization of ads, Microsoft Edge, search, news and other Microsoft services by sending browsing history, favorites and collections, usage and other browsing data to Microsoft
PictureInPictureOverlayEnabled Enable Picture in Picture overlay feature on supported webpages in Microsoft Edge
PinningWizardAllowed Allow Pin to taskbar wizard
PostQuantumKeyAgreementEnabled Enable post-quantum key agreement for TLS
ProactiveAuthEnabled Enable Proactive Authentication (obsolete)
PromotionalTabsEnabled Enable full-tab promotional content
PromptForDownloadLocation Ask where to save downloaded files
PromptOnMultipleMatchingCertificates Prompt the user to select a certificate when multiple certificates match
QuicAllowed Allow QUIC protocol
QuickSearchShowMiniMenu Enables Microsoft Edge mini menu
QuickViewOfficeFilesEnabled Manage QuickView Office files capability in Microsoft Edge
RSAKeyUsageForLocalAnchorsEnabled Check RSA key usage for server certificates issued by local trust anchors
ReadAloudEnabled Enable Read Aloud feature in Microsoft Edge
RedirectSitesFromInternetExplorerPreventBHOInstall Prevent install of the BHO to redirect incompatible sites from Internet Explorer to Microsoft Edge
RedirectSitesFromInternetExplorerRedirectMode Redirect incompatible sites from Internet Explorer to Microsoft Edge
RelatedMatchesCloudServiceEnabled Configure Related Matches in Find on Page
RelaunchNotification Notify a user that a browser restart is recommended or required for pending updates
RelaunchNotificationPeriod Set the time period for update notifications
RelaunchWindow Set the time interval for relaunch
RemoteDebuggingAllowed Allow remote debugging
RendererAppContainerEnabled Enable renderer in app container
RendererCodeIntegrityEnabled Enable renderer code integrity (deprecated)
RequireOnlineRevocationChecksForLocalAnchors Specify if online OCSP/CRL checks are required for local trust anchors
ResolveNavigationErrorsUseWebService Enable resolution of navigation errors using a web service
RestorePdfView Restore PDF view
RestrictSigninToPattern Restrict which accounts can be used to sign in to Microsoft Edge
RoamingProfileLocation Set the roaming profile directory
RoamingProfileSupportEnabled Enable using roaming copies for Microsoft Edge profile data
RunAllFlashInAllowMode Extend Adobe Flash content setting to all content (obsolete)
SSLErrorOverrideAllowed Allow users to proceed from the HTTPS warning page
SSLErrorOverrideAllowedForOrigins Allow users to proceed from the HTTPS warning page for specific origins
SSLVersionMin Minimum TLS version enabled (obsolete)
SandboxExternalProtocolBlocked Allow Microsoft Edge to block navigations to external protocols in a sandboxed iframe
SaveCookiesOnExit Save cookies when Microsoft Edge closes
SavingBrowserHistoryDisabled Disable saving browser history
ScreenCaptureAllowed Allow or deny screen capture
ScreenCaptureWithoutGestureAllowedForOrigins Allow screen capture without prior user gesture
ScrollToTextFragmentEnabled Enable scrolling to text specified in URL fragments
SearchFiltersEnabled Search Filters Enabled
SearchForImageEnabled Search for image enabled
SearchInSidebarEnabled Search in Sidebar enabled
SearchSuggestEnabled Enable search suggestions
SearchbarAllowed Enable the Search bar
SearchbarIsEnabledOnStartup Allow the Search bar at Windows startup
SecurityKeyPermitAttestation Websites or domains that don't need permission to use direct Security Key attestation
SendIntranetToInternetExplorer Send all intranet sites to Internet Explorer
SendMouseEventsDisabledFormControlsEnabled Control the new behavior for event dispatching on disabled form controls (obsolete)
SendSiteInfoToImproveServices Send site information to improve Microsoft services (obsolete)
SensorsAllowedForUrls Allow access to sensors on specific sites
SensorsBlockedForUrls Block access to sensors on specific sites
SerialAskForUrls Allow the Serial API on specific sites
SerialBlockedForUrls Block the Serial API on specific sites
SetTimeoutWithout1MsClampEnabled Control Javascript setTimeout() function minimum timeout (deprecated)
ShadowStackCrashRollbackBehavior Configure ShadowStack crash rollback behavior (obsolete)
SharedArrayBufferUnrestrictedAccessAllowed Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context
SharedLinksEnabled Show links shared from Microsoft 365 apps in History
ShowAcrobatSubscriptionButton Shows button on native PDF viewer in Microsoft Edge that allows users to sign up for Adobe Acrobat subscription
ShowDownloadsToolbarButton Show Downloads button on the toolbar
ShowHistoryThumbnails Show thumbnail images for browsing history
ShowMicrosoftRewards Show Microsoft Rewards experiences
ShowOfficeShortcutInFavoritesBar Show Microsoft Office shortcut in favorites bar (deprecated)
ShowRecommendationsEnabled Allow feature recommendations and browser assistance notifications from Microsoft Edge
SignedHTTPExchangeEnabled Enable Signed HTTP Exchange (SXG) support
SitePerProcess Enable site isolation for every site
SiteSafetyServicesEnabled Allow users to configure Site safety services
SmartActionsBlockList Block smart actions for a list of services
SpeechRecognitionEnabled Configure Speech Recognition
SpellcheckEnabled Enable spellcheck
SpellcheckLanguage Enable specific spellcheck languages
SpellcheckLanguageBlocklist Force disable spellcheck languages
SplitScreenEnabled Enable split screen feature in Microsoft Edge
StandaloneHubsSidebarEnabled Standalone Sidebar Enabled
StricterMixedContentTreatmentEnabled Enable stricter treatment for mixed content (obsolete)
SuperDragDropEnabled Super Drag Drop Enabled
SuppressUnsupportedOSWarning Suppress the unsupported OS warning
SyncDisabled Disable synchronization of data using Microsoft sync services
SyncTypesListDisabled Configure the list of types that are excluded from synchronization
TLS13HardeningForLocalAnchorsEnabled Enable a TLS 1.3 security feature for local trust anchors (obsolete)
TLSCipherSuiteDenyList Specify the TLS cipher suites to disable
TabFreezingEnabled Allow freezing of background tabs (obsolete)
TabServicesEnabled Enable tab organization suggestions
TargetBlankImpliesNoOpener Do not set window.opener for links targeting _blank (obsolete)
TaskManagerEndProcessEnabled Enable ending processes in the Browser task manager
TextPredictionEnabled Text prediction enabled by default
ThrottleNonVisibleCrossOriginIframesAllowed Allows enabling throttling of non-visible, cross-origin iframes
TotalMemoryLimitMb Set limit on megabytes of memory a single Microsoft Edge instance can use
TrackingPrevention Block tracking of users' web-browsing activity
TranslateEnabled Enable Translate
TravelAssistanceEnabled Enable travel assistance (obsolete)
TripleDESEnabled Enable 3DES cipher suites in TLS (obsolete)
U2fSecurityKeyApiEnabled Allow using the deprecated U2F Security Key API (obsolete)
URLAllowlist Define a list of allowed URLs
URLBlocklist Block access to a list of URLs
UnthrottledNestedTimeoutEnabled JavaScript setTimeout will not be clamped until a higher nesting threshold is set (deprecated)
UpdatePolicyOverride Specifies how Microsoft Edge Update handles available updates from Microsoft Edge
UploadFromPhoneEnabled Enable upload files from mobile in Microsoft Edge desktop
UrlDiagnosticDataEnabled URL reporting in Edge diagnostic data enabled
UserAgentClientHintsEnabled Enable the User-Agent Client Hints feature (obsolete)
UserAgentClientHintsGREASEUpdateEnabled Control the User-Agent Client Hints GREASE Update feature
UserAgentReduction Enable or disable the User-Agent Reduction
UserDataDir Set the user data directory
UserDataSnapshotRetentionLimit Limits the number of user data snapshots retained for use in case of emergency rollback
UserFeedbackAllowed Allow user feedback
VerticalTabsAllowed Configures availability of a vertical layout for tabs on the side of the browser
VideoCaptureAllowed Allow or block video capture
VideoCaptureAllowedUrls Sites that can access video capture devices without requesting permission
VisualSearchEnabled Visual search enabled
WPADQuickCheckEnabled Set WPAD optimization
WalletDonationEnabled Wallet Donation Enabled
WebAppInstallForceList Configure list of force-installed Web Apps
WebAppSettings Web App management settings
WebCaptureEnabled Enable the Screenshot (previously named Web Capture) feature in Microsoft Edge
WebComponentsV0Enabled Re-enable Web Components v0 API until M84 (obsolete)
WebDriverOverridesIncompatiblePolicies Allow WebDriver to Override Incompatible Policies (obsolete)
WebRtcAllowLegacyTLSProtocols Allow legacy TLS/DTLS downgrade in WebRTC (obsolete)
WebRtcLocalIpsAllowedUrls Manage exposure of local IP addressess by WebRTC
WebRtcLocalhostIpHandling Restrict exposure of local IP address by WebRTC
WebRtcRespectOsRoutingTableEnabled Enable support for Windows OS routing table rules when making peer to peer connections via WebRTC
WebRtcUdpPortRange Restrict the range of local UDP ports used by WebRTC
WebSQLAccess Force WebSQL to be enabled (obsolete)
WebSQLInThirdPartyContextEnabled Force WebSQL in third-party contexts to be re-enabled (obsolete)
WebSQLNonSecureContextEnabled Force WebSQL in non-secure contexts to be enabled (obsolete)
WebSelectEnabled Web Select Enabled (obsolete)
WebWidgetAllowed Enable the Search bar (deprecated)
WebWidgetIsEnabledOnStartup Allow the Search bar at Windows startup (deprecated)
WinHttpProxyResolverEnabled Use Windows proxy resolver
WindowOcclusionEnabled Enable Window Occlusion

Application Guard settings policies

Back to top

ApplicationGuardContainerProxy

Application Guard Container Proxy

Supported versions:

  • On Windows since 84 or later

Description

Configures the proxy settings for Microsoft Edge Application Guard. If you enable this policy, Microsoft Edge Application Guard ignores other sources of proxy configurations.

If you don't configure this policy, Microsoft Edge Application Guard uses the proxy configuration of the host.

This policy does not affect the proxy configuration of Microsoft Edge outside of Application Guard (on the host).

The ProxyMode field lets you specify the proxy server used by Microsoft Edge Application Guard.

The ProxyPacUrl field is a URL to a proxy .pac file.

The ProxyServer field is a URL for the proxy server.

If you choose the 'direct' value as 'ProxyMode', all other fields are ignored.

If you choose the 'auto_detect' value as 'ProxyMode', all other fields are ignored.

If you choose the 'fixed_servers' value as 'ProxyMode', the 'ProxyServer' field is used.

If you choose the 'pac_script' value as 'ProxyMode', the 'ProxyPacUrl' field is used.

For more information about identifying Application Guard traffic via dual proxy, visit https://go.microsoft.com/fwlink/?linkid=2134653.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ApplicationGuardContainerProxy
  • GP name: Application Guard Container Proxy
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Application Guard settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ApplicationGuardContainerProxy
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ApplicationGuardContainerProxy = {
  "ProxyMode": "direct",
  "ProxyPacUrl": "https://internal.site/example.pac",
  "ProxyServer": "123.123.123.123:8080"
}
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\ApplicationGuardContainerProxy = {"ProxyMode": "direct", "ProxyPacUrl": "https://internal.site/example.pac", "ProxyServer": "123.123.123.123:8080"}

Back to top

ApplicationGuardFavoritesSyncEnabled

Application Guard Favorites Sync Enabled

Supported versions:

  • On Windows since 90 or later

Description

This policy allows Microsoft Edge computers/devices that have application guard enabled to sync favorites from the host to the container so the favorites match.

If ManagedFavorites are configured, those favorites will also be synced to the container.

If you enable this policy, editing favorites in the container is disabled. So, the add favorites and add favorites folder buttons will be blurred out in the UI of the container browser.

If you disable or don't configure this policy, favorites on the host will not be shared to the container.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ApplicationGuardFavoritesSyncEnabled
  • GP name: Application Guard Favorites Sync Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Application Guard settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ApplicationGuardFavoritesSyncEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

ApplicationGuardPassiveModeEnabled

Ignore Application Guard site list configuration and browse Edge normally

Supported versions:

  • On Windows since 94 or later

Description

Set whether Edge should ignore the Application Guard site list configuration for trusted and untrusted sites.

If you enable this policy, all navigations from Edge, including navigations to untrusted sites, will be accessed normally within Edge without redirecting to the Application Guard container. Note: this policy ONLY impacts Edge, so navigations from other browsers might get redirected to the Application Guard Container if you have the corresponding extensions enabled.

If you disable or don't configure this policy, Edge does not ignore the Application Guard site list. If users try to navigate to an untrusted site in the host, the site will open in the container.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ApplicationGuardPassiveModeEnabled
  • GP name: Ignore Application Guard site list configuration and browse Edge normally
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Application Guard settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ApplicationGuardPassiveModeEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

ApplicationGuardTrafficIdentificationEnabled

Application Guard Traffic Identification

Supported versions:

  • On Windows since 91 or later

Description

If you enable or don't configure this policy, Application Guard will add an extra HTTP header (X-MS-ApplicationGuard-Initiated) to all outbound HTTP requests made from the Application Guard container.

If you disable this policy, the extra header is not added to the traffic.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ApplicationGuardTrafficIdentificationEnabled
  • GP name: Application Guard Traffic Identification
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Application Guard settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ApplicationGuardTrafficIdentificationEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

ApplicationGuardUploadBlockingEnabled

Prevents files from being uploaded while in Application Guard

Supported versions:

  • On Windows since 96 or later

Description

Sets whether files can be uploaded while in Application Guard.

If you enable this policy, users will not be able to upload files in Application Guard.

If you disable or don't configure this policy, users will be able to upload files while in Application Guard.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ApplicationGuardUploadBlockingEnabled
  • GP name: Prevents files from being uploaded while in Application Guard
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Application Guard settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ApplicationGuardUploadBlockingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

Cast policies

Back to top

EdgeDisableDialProtocolForCastDiscovery

Disable DIAL protocol for cast device discovery

Supported versions:

  • On Windows and macOS since 121 or later

Description

Enable this policy to disable the DIAL (Discovery And Launch) protocol for cast device discovery. (If EnableMediaRouter is disabled, this policy will have no effect).

Enable this policy to disable DIAL protocol.

By default, Cast device discovery will use DIAL protocol.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeDisableDialProtocolForCastDiscovery
  • GP name: Disable DIAL protocol for cast device discovery
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Cast
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeDisableDialProtocolForCastDiscovery
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeDisableDialProtocolForCastDiscovery
  • Example value:
<true/>

Back to top

EnableMediaRouter

Enable Google Cast

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enable this policy to enable Google Cast. Users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites, and (if shown) the Cast toolbar icon.

Disable this policy to disable Google Cast.

By default, Google Cast is enabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnableMediaRouter
  • GP name: Enable Google Cast
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Cast
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnableMediaRouter
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EnableMediaRouter
  • Example value:
<true/>

Back to top

ShowCastIconInToolbar

Show the cast icon in the toolbar

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set this policy to true to show the Cast toolbar icon on the toolbar or the overflow menu. Users won't be able to remove it.

If you don't configure this policy or if you disable it, users can pin or remove the icon by using its contextual menu.

If you've also set the EnableMediaRouter policy to false, then this policy is ignored, and the toolbar icon isn't shown.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ShowCastIconInToolbar
  • GP name: Show the cast icon in the toolbar
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Cast
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ShowCastIconInToolbar
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ShowCastIconInToolbar
  • Example value:
<false/>

Back to top

Content settings policies

Back to top

AutoSelectCertificateForUrls

Automatically select client certificates for these sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Setting the policy lets you make a list of URL patterns that specify sites for which Microsoft Edge can automatically select a client certificate. The value is an array of stringified JSON dictionaries, each with the form { "pattern": "$URL_PATTERN", "filter" : $FILTER }, where $URL_PATTERN is a content setting pattern. $FILTER restricts the client certificates the browser automatically selects from. Independent of the filter, only certificates that match the server's certificate request are selected.

Examples for the usage of the $FILTER section:

  • When $FILTER is set to { "ISSUER": { "CN": "$ISSUER_CN" } }, only client certificates issued by a certificate with the CommonName $ISSUER_CN are selected.

  • When $FILTER contains both the "ISSUER" and the "SUBJECT" sections, only client certificates that satisfy both conditions are selected.

  • When $FILTER contains a "SUBJECT" section with the "O" value, a certificate needs at least one organization matching the specified value to be selected.

  • When $FILTER contains a "SUBJECT" section with a "OU" value, a certificate needs at least one organizational unit matching the specified value to be selected.

  • When $FILTER is set to {}, the selection of client certificates is not additionally restricted. Note that filters provided by the web server still apply.

If you leave the policy unset, there's no autoselection for any site.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutoSelectCertificateForUrls
  • GP name: Automatically select client certificates for these sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\AutoSelectCertificateForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\AutoSelectCertificateForUrls\1 = "{\"pattern\":\"https://www.contoso.com\",\"filter\":{\"ISSUER\":{\"CN\":\"certificate issuer name\", \"L\": \"certificate issuer location\", \"O\": \"certificate issuer org\", \"OU\": \"certificate issuer org unit\"}, \"SUBJECT\":{\"CN\":\"certificate subject name\", \"L\": \"certificate subject location\", \"O\": \"certificate subject org\", \"OU\": \"certificate subject org unit\"}}}"

Mac information and settings

  • Preference Key Name: AutoSelectCertificateForUrls
  • Example value:
<array>
  <string>{"pattern":"https://www.contoso.com","filter":{"ISSUER":{"CN":"certificate issuer name", "L": "certificate issuer location", "O": "certificate issuer org", "OU": "certificate issuer org unit"}, "SUBJECT":{"CN":"certificate subject name", "L": "certificate subject location", "O": "certificate subject org", "OU": "certificate subject org unit"}}}</string>
</array>

Back to top

AutomaticDownloadsAllowedForUrls

Allow multiple automatic downloads in quick succession on specific sites

Supported versions:

  • On Windows and macOS since 110 or later

Description

Define a list of sites, based on URL patterns, that are allowed to perform multiple successive automatic downloads. If you don't configure this policy, DefaultAutomaticDownloadsSetting applies for all sites, if it's set. If it isn't set, then the user's personal setting applies. For more detailed information about valid URL patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutomaticDownloadsAllowedForUrls
  • GP name: Allow multiple automatic downloads in quick succession on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\AutomaticDownloadsAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\AutomaticDownloadsAllowedForUrls\1 = "https://contoso.com"
SOFTWARE\Policies\Microsoft\Edge\AutomaticDownloadsAllowedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: AutomaticDownloadsAllowedForUrls
  • Example value:
<array>
  <string>https://contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

AutomaticDownloadsBlockedForUrls

Block multiple automatic downloads in quick succession on specific sites

Supported versions:

  • On Windows and macOS since 110 or later

Description

Define a list of sites, based on URL patterns, where multiple successive automatic downloads aren't allowed. If you don't configure this policy, DefaultAutomaticDownloadsSetting applies for all sites, if it's set. If it isn't set, then the user's personal setting applies. For more detailed information about valid URL patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutomaticDownloadsBlockedForUrls
  • GP name: Block multiple automatic downloads in quick succession on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\AutomaticDownloadsBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\AutomaticDownloadsBlockedForUrls\1 = "https://contoso.com"
SOFTWARE\Policies\Microsoft\Edge\AutomaticDownloadsBlockedForUrls\2 = "[*.]contoso.com"

Mac information and settings

  • Preference Key Name: AutomaticDownloadsBlockedForUrls
  • Example value:
<array>
  <string>https://contoso.com</string>
  <string>[*.]contoso.com</string>
</array>

Back to top

CookiesAllowedForUrls

Allow cookies on specific sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define a list of sites, based on URL patterns, that are allowed to set cookies.

If you don't configure this policy, the global default value from the DefaultCookiesSetting policy (if set) or the user's personal configuration is used for all sites.

See the CookiesBlockedForUrls and CookiesSessionOnlyForUrls policies for more information.

Note there cannot be conflicting URL patterns set between these three policies:

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

To allow third-party cookies to be set, specify a pair of URL patterns delimited by a comma. The first value in the pair specifies the third-party site that should be allowed to use cookies. The second value in the pair specifies the top-level site that the first value should be applied on. The first value in the pair supports * but the second value does not.

To exclude cookies from being deleted on exit, configure the SaveCookiesOnExit policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CookiesAllowedForUrls
  • GP name: Allow cookies on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\CookiesAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\CookiesAllowedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\CookiesAllowedForUrls\2 = "[*.]contoso.edu"
SOFTWARE\Policies\Microsoft\Edge\CookiesAllowedForUrls\3 = "https://loaded-as-third-party.fabrikam.com,https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\CookiesAllowedForUrls\4 = "*,https://www.contoso.com"

Mac information and settings

  • Preference Key Name: CookiesAllowedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
  <string>https://loaded-as-third-party.fabrikam.com,https://www.contoso.com</string>
  <string>*,https://www.contoso.com</string>
</array>

Back to top

CookiesBlockedForUrls

Block cookies on specific sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define a list of sites, based on URL patterns, that can't set cookies.

If you don't configure this policy, the global default value from the DefaultCookiesSetting policy (if set) or the user's personal configuration is used for all sites.

See the CookiesAllowedForUrls and CookiesSessionOnlyForUrls policies for more information.

Note there cannot be conflicting URL patterns set between these three policies:

For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CookiesBlockedForUrls
  • GP name: Block cookies on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\CookiesBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\CookiesBlockedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\CookiesBlockedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: CookiesBlockedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

CookiesSessionOnlyForUrls

Limit cookies from specific websites to the current session

Supported versions:

  • On Windows and macOS since 77 or later

Description

Cookies created by websites that match a URL pattern you define are deleted when the session ends (when the window closes).

Cookies created by websites that don't match the pattern are controlled by the DefaultCookiesSetting policy (if set) or by the user's personal configuration. This is also the default behavior if you don't configure this policy.

You can also use the CookiesAllowedForUrls and CookiesBlockedForUrls policies to control which websites can create cookies.

Note there cannot be conflicting URL patterns set between these three policies:

For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

If you set the RestoreOnStartup policy to restore URLs from previous sessions, this policy is ignored, and cookies are stored permanently for those sites.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CookiesSessionOnlyForUrls
  • GP name: Limit cookies from specific websites to the current session
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\CookiesSessionOnlyForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\CookiesSessionOnlyForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\CookiesSessionOnlyForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: CookiesSessionOnlyForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

DataUrlInSvgUseEnabled

Data URL support for SVGUseElement

Supported versions:

  • On Windows and macOS since 118 or later

Description

This policy enables Data URL support for SVGUseElement, which will be disabled by default starting in Edge stable version 119. If this policy is Enabled, Data URLs will keep working in SVGUseElement. If this policy is Disabled or left not set, Data URLs won't work in SVGUseElement.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DataUrlInSvgUseEnabled
  • GP name: Data URL support for SVGUseElement
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DataUrlInSvgUseEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: DataUrlInSvgUseEnabled
  • Example value:
<false/>

Back to top

DefaultAutomaticDownloadsSetting

Default automatic downloads setting

Supported versions:

  • On Windows and macOS since 110 or later

Description

Set whether websites can perform multiple downloads successively without user interaction. You can enable it for all sites (AllowAutomaticDownloads) or block it for all sites (BlockAutomaticDownloads). If you don't configure this policy, multiple automatic downloads can be performed in all sites, and the user can change this setting.

Policy options mapping:

  • AllowAutomaticDownloads (1) = Allow all websites to perform automatic downloads

  • BlockAutomaticDownloads (2) = Don't allow any website to perform automatic downloads

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultAutomaticDownloadsSetting
  • GP name: Default automatic downloads setting
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultAutomaticDownloadsSetting
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DefaultAutomaticDownloadsSetting
  • Example value:
<integer>1</integer>

Back to top

DefaultCookiesSetting

Configure cookies

Supported versions:

  • On Windows and macOS since 77 or later

Description

Control whether websites can create cookies on the user's device. This policy is all or nothing - you can let all websites create cookies, or no websites create cookies. You can't use this policy to enable cookies from specific websites.

Set the policy to 'SessionOnly' to clear cookies when the session closes.

If you don't configure this policy, the default 'AllowCookies' is used, and users can change this setting in Microsoft Edge Settings. (If you don't want users to be able to change this setting, set the policy.)

Policy options mapping:

  • AllowCookies (1) = Let all sites create cookies

  • BlockCookies (2) = Don't let any site create cookies

  • SessionOnly (4) = Keep cookies for the duration of the session, except ones listed in SaveCookiesOnExit

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultCookiesSetting
  • GP name: Configure cookies
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultCookiesSetting
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DefaultCookiesSetting
  • Example value:
<integer>1</integer>

Back to top

DefaultFileSystemReadGuardSetting

Control use of the File System API for reading

Supported versions:

  • On Windows and macOS since 86 or later

Description

If you set this policy to 3, websites can ask for read access to the host operating system's filesystem using the File System API. If you set this policy to 2, access is denied.

If you don't set this policy, websites can ask for access. Users can change this setting.

Policy options mapping:

  • BlockFileSystemRead (2) = Don't allow any site to request read access to files and directories via the File System API

  • AskFileSystemRead (3) = Allow sites to ask the user to grant read access to files and directories via the File System API

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultFileSystemReadGuardSetting
  • GP name: Control use of the File System API for reading
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultFileSystemReadGuardSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultFileSystemReadGuardSetting
  • Example value:
<integer>2</integer>

Back to top

DefaultFileSystemWriteGuardSetting

Control use of the File System API for writing

Supported versions:

  • On Windows and macOS since 86 or later

Description

If you set this policy to 3, websites can ask for write access to the host operating system's filesystem using the File System API. If you set this policy to 2, access is denied.

If you don't set this policy, websites can ask for access. Users can change this setting.

Policy options mapping:

  • BlockFileSystemWrite (2) = Don't allow any site to request write access to files and directories

  • AskFileSystemWrite (3) = Allow sites to ask the user to grant write access to files and directories

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultFileSystemWriteGuardSetting
  • GP name: Control use of the File System API for writing
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultFileSystemWriteGuardSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultFileSystemWriteGuardSetting
  • Example value:
<integer>2</integer>

Back to top

DefaultGeolocationSetting

Default geolocation setting

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set whether websites can track users' physical locations. You can allow tracking by default ('AllowGeolocation'), deny it by default ('BlockGeolocation'), or ask the user each time a website requests their location ('AskGeolocation').

If you don't configure this policy, 'AskGeolocation' is used and the user can change it.

Policy options mapping:

  • AllowGeolocation (1) = Allow sites to track users' physical location

  • BlockGeolocation (2) = Don't allow any site to track users' physical location

  • AskGeolocation (3) = Ask whenever a site wants to track users' physical location

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultGeolocationSetting
  • GP name: Default geolocation setting
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultGeolocationSetting
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DefaultGeolocationSetting
  • Example value:
<integer>1</integer>

Back to top

DefaultImagesSetting

Default images setting

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set whether websites can display images. You can allow images on all sites ('AllowImages') or block them on all sites ('BlockImages').

If you don't configure this policy, images are allowed by default, and the user can change this setting.

Policy options mapping:

  • AllowImages (1) = Allow all sites to show all images

  • BlockImages (2) = Don't allow any site to show images

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultImagesSetting
  • GP name: Default images setting
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultImagesSetting
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DefaultImagesSetting
  • Example value:
<integer>1</integer>

Back to top

DefaultInsecureContentSetting

Control use of insecure content exceptions

Supported versions:

  • On Windows and macOS since 80 or later

Description

Allows you to set whether users can add exceptions to allow mixed content for specific sites.

This policy can be overridden for specific URL patterns using the InsecureContentAllowedForUrls and InsecureContentBlockedForUrls policies.

If this policy isn't set, users will be allowed to add exceptions to allow blockable mixed content and disable autoupgrades for optionally blockable mixed content.

Policy options mapping:

  • BlockInsecureContent (2) = Do not allow any site to load mixed content

  • AllowExceptionsInsecureContent (3) = Allow users to add exceptions to allow mixed content

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultInsecureContentSetting
  • GP name: Control use of insecure content exceptions
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultInsecureContentSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultInsecureContentSetting
  • Example value:
<integer>2</integer>

Back to top

DefaultJavaScriptJitSetting

Control use of JavaScript JIT

Supported versions:

  • On Windows and macOS since 93 or later

Description

Allows you to set whether Microsoft Edge will run the v8 JavaScript engine with JIT (Just In Time) compiler enabled or not.

Disabling the JavaScript JIT will mean that Microsoft Edge may render web content more slowly, and may also disable parts of JavaScript including WebAssembly. Disabling the JavaScript JIT may allow Microsoft Edge to render web content in a more secure configuration.

This policy can be overridden for specific URL patterns using the JavaScriptJitAllowedForSites and JavaScriptJitBlockedForSites policies.

If you don't configure this policy, JavaScript JIT is enabled.

Policy options mapping:

  • AllowJavaScriptJit (1) = Allow any site to run JavaScript JIT

  • BlockJavaScriptJit (2) = Do not allow any site to run JavaScript JIT

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultJavaScriptJitSetting
  • GP name: Control use of JavaScript JIT
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultJavaScriptJitSetting
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DefaultJavaScriptJitSetting
  • Example value:
<integer>1</integer>

Back to top

DefaultJavaScriptSetting

Default JavaScript setting

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set whether websites can run JavaScript. You can allow it for all sites ('AllowJavaScript') or block it for all sites ('BlockJavaScript').

If you don't configure this policy, all sites can run JavaScript by default, and the user can change this setting.

Policy options mapping:

  • AllowJavaScript (1) = Allow all sites to run JavaScript

  • BlockJavaScript (2) = Don't allow any site to run JavaScript

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultJavaScriptSetting
  • GP name: Default JavaScript setting
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultJavaScriptSetting
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DefaultJavaScriptSetting
  • Example value:
<integer>1</integer>

Back to top

DefaultNotificationsSetting

Default notification setting

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set whether websites can display desktop notifications. You can allow them by default ('AllowNotifications'), deny them by default ('BlockNotifications'), or have the user be asked each time a website wants to show a notification ('AskNotifications').

If you don't configure this policy, notifications are allowed by default, and the user can change this setting.

Policy options mapping:

  • AllowNotifications (1) = Allow sites to show desktop notifications

  • BlockNotifications (2) = Don't allow any site to show desktop notifications

  • AskNotifications (3) = Ask every time a site wants to show desktop notifications

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultNotificationsSetting
  • GP name: Default notification setting
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultNotificationsSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultNotificationsSetting
  • Example value:
<integer>2</integer>

Back to top

DefaultPluginsSetting

Default Adobe Flash setting (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 87.

Supported versions:

  • On Windows and macOS since 77, until 87

Description

This policy doesn't work because Flash is no longer supported by Microsoft Edge.

PluginsAllowedForUrls and PluginsBlockedForUrls are checked first, then this policy. The options are 'ClickToPlay' and 'BlockPlugins'. If you set this policy to 'BlockPlugins', this plugin is denied for all websites. 'ClickToPlay' lets the Flash plugin run, but users click the placeholder to start it.

If you don't configure this policy, the user can change this setting manually.

Note: Automatic playback is only for domains explicitly listed in the PluginsAllowedForUrls policy. To turn automatic playback on for all sites, add http://* and https://* to the allowed list of URLs.

Policy options mapping:

  • BlockPlugins (2) = Block the Adobe Flash plugin

  • ClickToPlay (3) = Click to play

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultPluginsSetting
  • GP name: Default Adobe Flash setting (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultPluginsSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultPluginsSetting
  • Example value:
<integer>2</integer>

Back to top

DefaultPopupsSetting

Default pop-up window setting

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set whether websites can show pop-up windows. You can allow them on all websites ('AllowPopups') or block them on all sites ('BlockPopups').

If you don't configure this policy, pop-up windows are blocked by default, and users can change this setting.

Policy options mapping:

  • AllowPopups (1) = Allow all sites to show pop-ups

  • BlockPopups (2) = Do not allow any site to show popups

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultPopupsSetting
  • GP name: Default pop-up window setting
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultPopupsSetting
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DefaultPopupsSetting
  • Example value:
<integer>1</integer>

Back to top

DefaultThirdPartyStoragePartitioningSetting

Default setting for third-party storage partitioning

Supported versions:

  • On Windows and macOS since 115 or later

Description

Third-party storage partitioning is on by default for some users starting with Microsoft Edge version 115, but it can be disabled with edge://flags.

If this policy is configured to "AllowPartitioning" or not configured, third-party storage partitioning can be enabled.

If this policy is set to "BlockPartitioning", third-party storage partitioning can't be enabled.

Policy options mapping:

  • AllowPartitioning (1) = Let third-party storage partitioning to be enabled.

  • BlockPartitioning (2) = Block third-party storage partitioning from being enabled.

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultThirdPartyStoragePartitioningSetting
  • GP name: Default setting for third-party storage partitioning
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultThirdPartyStoragePartitioningSetting
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DefaultThirdPartyStoragePartitioningSetting
  • Example value:
<integer>1</integer>

Back to top

DefaultWebBluetoothGuardSetting

Control use of the Web Bluetooth API

Supported versions:

  • On Windows and macOS since 77 or later

Description

Control whether websites can access nearby Bluetooth devices. You can completely block access or require the site to ask the user each time it wants to access a Bluetooth device.

If you don't configure this policy, the default value ('AskWebBluetooth', meaning users are asked each time) is used and users can change it.

Policy options mapping:

  • BlockWebBluetooth (2) = Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API

  • AskWebBluetooth (3) = Allow sites to ask the user to grant access to a nearby Bluetooth device

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultWebBluetoothGuardSetting
  • GP name: Control use of the Web Bluetooth API
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultWebBluetoothGuardSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultWebBluetoothGuardSetting
  • Example value:
<integer>2</integer>

Back to top

DefaultWebHidGuardSetting

Control use of the WebHID API

Supported versions:

  • On Windows and macOS since 100 or later

Description

Setting the policy to 3 lets websites ask for access to HID devices. Setting the policy to 2 denies access to HID devices.

Leaving it unset lets websites ask for access, but users can change this setting.

This policy can be overridden for specific url patterns using the WebHidAskForUrls and WebHidBlockedForUrls policies.

Policy options mapping:

  • BlockWebHid (2) = Do not allow any site to request access to HID devices via the WebHID API

  • AskWebHid (3) = Allow sites to ask the user to grant access to a HID device

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultWebHidGuardSetting
  • GP name: Control use of the WebHID API
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultWebHidGuardSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultWebHidGuardSetting
  • Example value:
<integer>2</integer>

Back to top

DefaultWebUsbGuardSetting

Control use of the WebUSB API

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set whether websites can access connected USB devices. You can completely block access or ask the user each time a website wants to get access to connected USB devices.

You can override this policy for specific URL patterns by using the WebUsbAskForUrls and WebUsbBlockedForUrls policies.

If you don't configure this policy, sites can ask users whether they can access the connected USB devices ('AskWebUsb') by default, and users can change this setting.

Policy options mapping:

  • BlockWebUsb (2) = Do not allow any site to request access to USB devices via the WebUSB API

  • AskWebUsb (3) = Allow sites to ask the user to grant access to a connected USB device

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultWebUsbGuardSetting
  • GP name: Control use of the WebUSB API
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultWebUsbGuardSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultWebUsbGuardSetting
  • Example value:
<integer>2</integer>

Back to top

DefaultWindowManagementSetting

Default Window Management permission setting

Supported versions:

  • On Windows and macOS since 123 or later

Description

Setting the policy to "BlockWindowManagement" (value 2) automatically denies the window management permission to sites by default. This limits the ability of sites to see information about the device's screens and use that information to open and place windows or request fullscreen on specific screens.

Setting the policy to "AskWindowManagement" (value 3) by default prompts the user when the window management permission is requested. If users allow the permission, it extends the ability of sites to see information about the device's screens and use that information to open and place windows or request fullscreen on specific screens.

Not configuring the policy means the "AskWindowManagement" policy applies, but users can change this setting.

Policy options mapping:

  • BlockWindowManagement (2) = Denies the Window Management permission on all sites by default

  • AskWindowManagement (3) = Ask every time a site wants obtain the Window Management permission

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultWindowManagementSetting
  • GP name: Default Window Management permission setting
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultWindowManagementSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultWindowManagementSetting
  • Example value:
<integer>2</integer>

Back to top

FileSystemReadAskForUrls

Allow read access via the File System API on these sites

Supported versions:

  • On Windows and macOS since 86 or later

Description

Setting the policy lets you list the URL patterns that specify which sites can ask users to grant them read access to files or directories in the host operating system's file system via the File System API.

Leaving the policy unset means DefaultFileSystemReadGuardSetting applies for all sites, if it's set. If not, users' personal settings apply.

URL patterns can't conflict with FileSystemReadBlockedForUrls. Neither policy takes precedence if a URL matches with both.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: FileSystemReadAskForUrls
  • GP name: Allow read access via the File System API on these sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\FileSystemReadAskForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\FileSystemReadAskForUrls\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\FileSystemReadAskForUrls\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: FileSystemReadAskForUrls
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

FileSystemReadBlockedForUrls

Block read access via the File System API on these sites

Supported versions:

  • On Windows and macOS since 86 or later

Description

If you set this policy, you can list the URL patterns that specify which sites can't ask users to grant them read access to files or directories in the host operating system's file system via the File System API.

If you don't set this policy, DefaultFileSystemReadGuardSetting applies for all sites, if it's set. If not, users' personal settings apply.

URL patterns can't conflict with FileSystemReadAskForUrls. Neither policy takes precedence if a URL matches with both.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: FileSystemReadBlockedForUrls
  • GP name: Block read access via the File System API on these sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\FileSystemReadBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\FileSystemReadBlockedForUrls\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\FileSystemReadBlockedForUrls\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: FileSystemReadBlockedForUrls
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

FileSystemWriteAskForUrls

Allow write access to files and directories on these sites

Supported versions:

  • On Windows and macOS since 86 or later

Description

If you set this policy, you can list the URL patterns that specify which sites can ask users to grant them write access to files or directories in the host operating system's file system.

If you don't set this policy, DefaultFileSystemWriteGuardSetting applies for all sites, if it's set. If not, users' personal settings apply.

URL patterns can't conflict with FileSystemWriteBlockedForUrls. Neither policy takes precedence if a URL matches with both.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: FileSystemWriteAskForUrls
  • GP name: Allow write access to files and directories on these sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\FileSystemWriteAskForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\FileSystemWriteAskForUrls\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\FileSystemWriteAskForUrls\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: FileSystemWriteAskForUrls
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

FileSystemWriteBlockedForUrls

Block write access to files and directories on these sites

Supported versions:

  • On Windows and macOS since 86 or later

Description

If you set this policy, you can list the URL patterns that specify which sites can't ask users to grant them write access to files or directories in the host operating system's file system.

If you don't set this policy, DefaultFileSystemWriteGuardSetting applies for all sites, if it's set. If not, users' personal settings apply.

URL patterns can't conflict with FileSystemWriteAskForUrls. Neither policy takes precedence if a URL matches with both.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: FileSystemWriteBlockedForUrls
  • GP name: Block write access to files and directories on these sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\FileSystemWriteBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\FileSystemWriteBlockedForUrls\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\FileSystemWriteBlockedForUrls\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: FileSystemWriteBlockedForUrls
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

ImagesAllowedForUrls

Allow images on these sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define a list of sites, based on URL patterns, that can display images.

If you don't configure this policy, the global default value is used for all sites either from the DefaultImagesSetting policy (if set) or the user's personal configuration.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImagesAllowedForUrls
  • GP name: Allow images on these sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ImagesAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ImagesAllowedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\ImagesAllowedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: ImagesAllowedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

ImagesBlockedForUrls

Block images on specific sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define a list of sites, based on URL patterns, that aren't allowed to display images.

If you don't configure this policy, the global default value from the DefaultImagesSetting policy (if set) or the user's personal configuration is used for all sites.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImagesBlockedForUrls
  • GP name: Block images on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ImagesBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ImagesBlockedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\ImagesBlockedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: ImagesBlockedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

InsecureContentAllowedForUrls

Allow insecure content on specified sites

Supported versions:

  • On Windows and macOS since 80 or later

Description

Create a list of URL patterns to specify sites that can display or, as of version 94, download insecure mixed content (that is, HTTP content on HTTPS sites).

If you don't configure this policy, blockable mixed content will be blocked and optionally blockable mixed content will be upgraded. However, users will be allowed to set exceptions to allow insecure mixed content for specific sites.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InsecureContentAllowedForUrls
  • GP name: Allow insecure content on specified sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\InsecureContentAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\InsecureContentAllowedForUrls\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\InsecureContentAllowedForUrls\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: InsecureContentAllowedForUrls
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

InsecureContentBlockedForUrls

Block insecure content on specified sites

Supported versions:

  • On Windows and macOS since 80 or later

Description

Create a list of URL patterns to specify sites that aren't allowed to display blockable (i.e. active) mixed content (that is, HTTP content on HTTPS sites) and for which optionally blockable mixed content upgrades will be disabled.

If you don't configure this policy, blockable mixed content will be blocked and optionally blockable mixed content will be upgraded. However, users will be allowed to set exceptions to allow insecure mixed content for specific sites.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InsecureContentBlockedForUrls
  • GP name: Block insecure content on specified sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\InsecureContentBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\InsecureContentBlockedForUrls\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\InsecureContentBlockedForUrls\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: InsecureContentBlockedForUrls
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

IntranetFileLinksEnabled

Supported versions:

  • On Windows since 95 or later

Description

This setting allows file URL links to intranet zone files from intranet zone HTTPS websites to open Windows File Explorer for that file or directory.

If you enable this policy, intranet zone file URL links originating from intranet zone HTTPS pages will open Windows File Explorer to the parent directory of the file and select the file. Intranet zone directory URL links originating from intranet zone HTTPS pages will open Windows File Explorer to the directory with no items in the directory selected.

If you disable or don't configure this policy, file URL links will not open.

Microsoft Edge uses the definition of intranet zone as configured for Internet Explorer. Note that https://localhost/ is specifically blocked as an exception of allowed intranet zone host, while loopback addresses (127.0.0.*, [::1]) are considered internet zone by default.

Users may opt out of prompts on a per-protocol/per-site basis unless the ExternalProtocolDialogShowAlwaysOpenCheckbox policy is disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: IntranetFileLinksEnabled
  • GP name: Allow intranet zone file URL links from Microsoft Edge to open in Windows File Explorer
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: IntranetFileLinksEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

JavaScriptAllowedForUrls

Allow JavaScript on specific sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define a list of sites, based on URL patterns, that are allowed to run JavaScript.

If you don't configure this policy, DefaultJavaScriptSetting applies for all sites, if it's set. If not, the user's personal setting applies.

For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: JavaScriptAllowedForUrls
  • GP name: Allow JavaScript on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: JavaScriptAllowedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

JavaScriptBlockedForUrls

Block JavaScript on specific sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define a list of sites, based on URL patterns, that aren't allowed to run JavaScript.

If you don't configure this policy, DefaultJavaScriptSetting applies for all sites, if it's set. If not, the user's personal setting applies.

For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: JavaScriptBlockedForUrls
  • GP name: Block JavaScript on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\JavaScriptBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\JavaScriptBlockedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\JavaScriptBlockedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: JavaScriptBlockedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

JavaScriptJitAllowedForSites

Allow JavaScript to use JIT on these sites

Supported versions:

  • On Windows and macOS since 93 or later

Description

Allows you to set a list of site url patterns that specify sites which are allowed to run JavaScript with JIT (Just In Time) compiler enabled.

For detailed information on valid site url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

JavaScript JIT policy exceptions will only be enforced at a site granularity (eTLD+1). A policy set for only subdomain.contoso.com will not correctly apply to contoso.com or subdomain.contoso.com since they both resolve to the same eTLD+1 (contoso.com) for which there is no policy. In this case, policy must be set on contoso.com to apply correctly for both contoso.com and subdomain.contoso.com.

This policy applies on a frame-by-frame basis and not based on top level origin url alone, so e.g. if contoso.com is listed in the JavaScriptJitAllowedForSites policy but contoso.com loads a frame containing fabrikam.com then contoso.com will have JavaScript JIT enabled, but fabrikam.com will use the policy from DefaultJavaScriptJitSetting, if set, or default to JavaScript JIT enabled.

If you don't configure this policy for a site then the policy from DefaultJavaScriptJitSetting applies to the site, if set, otherwise Javascript JIT is enabled for the site.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: JavaScriptJitAllowedForSites
  • GP name: Allow JavaScript to use JIT on these sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\JavaScriptJitAllowedForSites
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\JavaScriptJitAllowedForSites\1 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: JavaScriptJitAllowedForSites
  • Example value:
<array>
  <string>[*.]example.edu</string>
</array>

Back to top

JavaScriptJitBlockedForSites

Block JavaScript from using JIT on these sites

Supported versions:

  • On Windows and macOS since 93 or later

Description

Allows you to set a list of site url patterns that specify sites which are not allowed to run JavaScript JIT (Just In Time) compiler enabled.

Disabling the JavaScript JIT will mean that Microsoft Edge may render web content more slowly, and may also disable parts of JavaScript including WebAssembly. Disabling the JavaScript JIT may allow Microsoft Edge to render web content in a more secure configuration.

For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

JavaScript JIT policy exceptions will only be enforced at a site granularity (eTLD+1). A policy set for only subdomain.contoso.com will not correctly apply to contoso.com or subdomain.contoso.com since they both resolve to the same eTLD+1 (contoso.com) for which there is no policy. In this case, policy must be set on contoso.com to apply correctly for both contoso.com and subdomain.contoso.com.

This policy applies on a frame-by-frame basis and not based on top level origin url alone, so e.g. if contoso.com is listed in the JavaScriptJitBlockedForSites policy but contoso.com loads a frame containing fabrikam.com then contoso.com will have JavaScript JIT disabled, but fabrikam.com will use the policy from DefaultJavaScriptJitSetting, if set, or default to JavaScript JIT enabled.

If you don't configure this policy for a site then the policy from DefaultJavaScriptJitSetting applies to the site, if set, otherwise JavaScript JIT is enabled for the site.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: JavaScriptJitBlockedForSites
  • GP name: Block JavaScript from using JIT on these sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\JavaScriptJitBlockedForSites
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\JavaScriptJitBlockedForSites\1 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: JavaScriptJitBlockedForSites
  • Example value:
<array>
  <string>[*.]example.edu</string>
</array>

Back to top

LegacySameSiteCookieBehaviorEnabled

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 94.

Supported versions:

  • On Windows and macOS since 80, until 94

Description

This policy doesn't work because it was only intended to serve only as a short-term mechanism to give enterprises more time to update their environments if they were found to be incompatible with the SameSite behavior change.

If you still require legacy cookie behavior, please use LegacySameSiteCookieBehaviorEnabledForDomainList to configure behavior on a per-domain basis.

Lets you revert all cookies to legacy SameSite behavior. Reverting to legacy behavior causes cookies that don't specify a SameSite attribute to be treated as if they were "SameSite=None", removes the requirement for "SameSite=None" cookies to carry the "Secure" attribute, and skips the scheme comparison when evaluating if two sites are same-site.

If you don't set this policy, the default SameSite behavior for cookies will depend on other configuration sources for the SameSite-by-default feature, the Cookies-without-SameSite-must-be-secure feature, and the Schemeful Same-Site feature. These features can also be configured by a field trial or the same-site-by-default-cookies flag, the cookies-without-same-site-must-be-secure flag, or the schemeful-same-site flag in edge://flags.

Policy options mapping:

  • DefaultToLegacySameSiteCookieBehavior (1) = Revert to legacy SameSite behavior for cookies on all sites

  • DefaultToSameSiteByDefaultCookieBehavior (2) = Use SameSite-by-default behavior for cookies on all sites

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: LegacySameSiteCookieBehaviorEnabled
  • GP name: Enable default legacy SameSite cookie behavior setting (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: LegacySameSiteCookieBehaviorEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: LegacySameSiteCookieBehaviorEnabled
  • Example value:
<integer>1</integer>

Back to top

LegacySameSiteCookieBehaviorEnabledForDomainList

Revert to legacy SameSite behavior for cookies on specified sites

Supported versions:

  • On Windows and macOS since 80 or later

Description

Cookies set for domains match specified patterns will revert to legacy SameSite behavior.

Reverting to legacy behavior causes cookies that don't specify a SameSite attribute to be treated as if they were "SameSite=None", removes the requirement for "SameSite=None" cookies to carry the "Secure" attribute, and skips the scheme comparison when evaluating if two sites are same-site.

If you don't set this policy, the global default value will be used. The global default will also be used for cookies on domains not covered by the patterns you specify.

The global default value can be configured using the LegacySameSiteCookieBehaviorEnabled policy. If LegacySameSiteCookieBehaviorEnabled is unset, the global default value falls back to other configuration sources.

For detailed information about valid URL patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.

Note that patterns you list in this policy are treated as domains, not URLs, so you should not specify a scheme or port.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: LegacySameSiteCookieBehaviorEnabledForDomainList
  • GP name: Revert to legacy SameSite behavior for cookies on specified sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\LegacySameSiteCookieBehaviorEnabledForDomainList
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "www.example.com"
SOFTWARE\Policies\Microsoft\Edge\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: LegacySameSiteCookieBehaviorEnabledForDomainList
  • Example value:
<array>
  <string>www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

NotificationsAllowedForUrls

Allow notifications on specific sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows you to create a list of url patterns to specify sites that are allowed to display notifications.

If you don't set this policy, the global default value will be used for all sites. This default value will be from the DefaultNotificationsSetting policy if it's set, or from the user's personal configuration. For detailed information on valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NotificationsAllowedForUrls
  • GP name: Allow notifications on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\NotificationsAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\NotificationsAllowedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\NotificationsAllowedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: NotificationsAllowedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

NotificationsBlockedForUrls

Block notifications on specific sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows you to create a list of url patterns to specify sites that are not allowed to display notifications.

If you don't set this policy, the global default value will be used for all sites. This default value will be from the DefaultNotificationsSetting policy if it's set, or from the user's personal configuration. For detailed information on valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NotificationsBlockedForUrls
  • GP name: Block notifications on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\NotificationsBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\NotificationsBlockedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\NotificationsBlockedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: NotificationsBlockedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

PluginsAllowedForUrls

Allow the Adobe Flash plug-in on specific sites (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 87.

Supported versions:

  • On Windows and macOS since 77, until 87

Description

This policy doesn't work because Flash is no longer supported by Microsoft Edge.

Define a list of sites, based on URL patterns, that can run the Adobe Flash plug-in.

If you don't configure this policy, the global default value from the DefaultPluginsSetting policy (if set) or the user's personal configuration is used for all sites.

For detailed information on valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. However, starting in M85, patterns with '*' and '[*.]' wildcards in the host are no longer supported for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PluginsAllowedForUrls
  • GP name: Allow the Adobe Flash plug-in on specific sites (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\PluginsAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\PluginsAllowedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\PluginsAllowedForUrls\2 = "http://contoso.edu:8080"

Mac information and settings

  • Preference Key Name: PluginsAllowedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>http://contoso.edu:8080</string>
</array>

Back to top

PluginsBlockedForUrls

Block the Adobe Flash plug-in on specific sites (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 87.

Supported versions:

  • On Windows and macOS since 77, until 87

Description

This policy doesn't work because Flash is no longer supported by Microsoft Edge.

Define a list of sites, based on URL patterns, that are blocked from running Adobe Flash.

If you don't configure this policy, the global default value from the DefaultPluginsSetting policy (if set) or the user's personal configuration is used for all sites.

For detailed information on valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. However, starting in M85, patterns with '*' and '[*.]' wildcards in the host are no longer supported for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PluginsBlockedForUrls
  • GP name: Block the Adobe Flash plug-in on specific sites (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\PluginsBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\PluginsBlockedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\PluginsBlockedForUrls\2 = "http://contoso.edu:8080"

Mac information and settings

  • Preference Key Name: PluginsBlockedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>http://contoso.edu:8080</string>
</array>

Back to top

PopupsAllowedForUrls

Allow pop-up windows on specific sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define a list of sites, based on URL patterns, that can open pop-up windows. * is not an accepted value for this policy.

If you don't configure this policy, the global default value from the DefaultPopupsSetting policy (if set) or the user's personal configuration is used for all sites.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PopupsAllowedForUrls
  • GP name: Allow pop-up windows on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: PopupsAllowedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

PopupsBlockedForUrls

Block pop-up windows on specific sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define a list of sites, based on URL patterns, that are blocked from opening pop-up windows. * is not an accepted value for this policy.

If you don't configure this policy, the global default value from the DefaultPopupsSetting policy (if set) or the user's personal configuration is used for all sites.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PopupsBlockedForUrls
  • GP name: Block pop-up windows on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\PopupsBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\PopupsBlockedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\PopupsBlockedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: PopupsBlockedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

RegisteredProtocolHandlers

Register protocol handlers

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set this policy (recommended only) to register a list of protocol handlers. This list is merged with ones registered by the user and both are available to use.

To register a protocol handler:

  • Set the protocol property to the scheme (for example, "mailto")
  • Set the URL property to the URL property of the application that handlers the scheme specified in the "protocol" field. The pattern can include a "%s" placeholder, which the handled URL replaces.

Users can't remove a protocol handler registered by this policy. However, they can install a new default protocol handler to override the existing protocol handlers.

Supported features:

  • Can be mandatory: No
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RegisteredProtocolHandlers
  • GP name: Register protocol handlers
  • GP path (Mandatory): N/A
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Content settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): N/A
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: RegisteredProtocolHandlers
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\RegisteredProtocolHandlers = [
  {
    "default": true,
    "protocol": "mailto",
    "url": "https://mail.contoso.com/mail/?extsrc=mailto&url=%s"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\RegisteredProtocolHandlers = [{"default": true, "protocol": "mailto", "url": "https://mail.contoso.com/mail/?extsrc=mailto&url=%s"}]

Mac information and settings

  • Preference Key Name: RegisteredProtocolHandlers
  • Example value:
<key>RegisteredProtocolHandlers</key>
<array>
  <dict>
    <key>default</key>
    <true/>
    <key>protocol</key>
    <string>mailto</string>
    <key>url</key>
    <string>https://mail.contoso.com/mail/?extsrc=mailto&url=%s</string>
  </dict>
</array>

Back to top

SerialAllowAllPortsForUrls

Automatically grant sites permission to connect all serial ports

Supported versions:

  • On Windows and macOS since 97 or later

Description

Setting the policy allows you to list sites which are automatically granted permission to access all available serial ports.

The URLs must be valid, or the policy is ignored. Only the origin (scheme, host, and port) of the URL is considered.

This policy overrides DefaultSerialGuardSetting, SerialAskForUrls, SerialBlockedForUrls and the user's preferences.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SerialAllowAllPortsForUrls
  • GP name: Automatically grant sites permission to connect all serial ports
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SerialAllowAllPortsForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SerialAllowAllPortsForUrls\1 = "https://www.example.com"

Mac information and settings

  • Preference Key Name: SerialAllowAllPortsForUrls
  • Example value:
<array>
  <string>https://www.example.com</string>
</array>

Back to top

SerialAllowUsbDevicesForUrls

Automatically grant sites permission to connect to USB serial devices

Supported versions:

  • On Windows and macOS since 97 or later

Description

Setting the policy lets you list sites that are automatically granted permission to access USB serial devices with vendor and product IDs that match the vendor_id and product_id fields.

Optionally you can omit the product_id field. This enables site access to all the vendor's devices. When you provide a product ID, then you give the site access to a specific device from the vendor but not all devices.

The URLs must be valid, or the policy is ignored. Only the origin (scheme, host, and port) of the URL is considered.

This policy overrides DefaultSerialGuardSetting, SerialAskForUrls, SerialBlockedForUrls and the user's preferences.

This policy only affects access to USB devices through the Web Serial API. To grant access to USB devices through the WebUSB API see the WebUsbAllowDevicesForUrls policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SerialAllowUsbDevicesForUrls
  • GP name: Automatically grant sites permission to connect to USB serial devices
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SerialAllowUsbDevicesForUrls
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SerialAllowUsbDevicesForUrls = [
  {
    "devices": [
      {
        "product_id": 5678,
        "vendor_id": 1234
      }
    ],
    "urls": [
      "https://specific-device.example.com"
    ]
  },
  {
    "devices": [
      {
        "vendor_id": 1234
      }
    ],
    "urls": [
      "https://all-vendor-devices.example.com"
    ]
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\SerialAllowUsbDevicesForUrls = [{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://specific-device.example.com"]}, {"devices": [{"vendor_id": 1234}], "urls": ["https://all-vendor-devices.example.com"]}]

Mac information and settings

  • Preference Key Name: SerialAllowUsbDevicesForUrls
  • Example value:
<key>SerialAllowUsbDevicesForUrls</key>
<array>
  <dict>
    <key>devices</key>
    <array>
      <dict>
        <key>product_id</key>
        <integer>5678</integer>
        <key>vendor_id</key>
        <integer>1234</integer>
      </dict>
    </array>
    <key>urls</key>
    <array>
      <string>https://specific-device.example.com</string>
    </array>
  </dict>
  <dict>
    <key>devices</key>
    <array>
      <dict>
        <key>vendor_id</key>
        <integer>1234</integer>
      </dict>
    </array>
    <key>urls</key>
    <array>
      <string>https://all-vendor-devices.example.com</string>
    </array>
  </dict>
</array>

Back to top

ShowPDFDefaultRecommendationsEnabled

Allow notifications to set Microsoft Edge as default PDF reader

Supported versions:

  • On Windows and macOS since 93 or later

Description

This policy setting lets you decide whether employees should receive recommendations to set Microsoft Edge as PDF handler.

If you enable or don't configure this setting, employees receive recommendations from Microsoft Edge to set itself as the default PDF handler.

If you disable this setting, employees will not receive any notifications from Microsoft Edge to set itself as the default PDF handler.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ShowPDFDefaultRecommendationsEnabled
  • GP name: Allow notifications to set Microsoft Edge as default PDF reader
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ShowPDFDefaultRecommendationsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ShowPDFDefaultRecommendationsEnabled
  • Example value:
<true/>

Back to top

SpotlightExperiencesAndRecommendationsEnabled

Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft services

Supported versions:

  • On Windows since 86 or later

Description

Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft services.

If you enable or don't configure this setting, spotlight experiences and recommendations are turned on.

If you disable this setting, spotlight experiences and recommendations are turned off.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SpotlightExperiencesAndRecommendationsEnabled
  • GP name: Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft services
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SpotlightExperiencesAndRecommendationsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

ThirdPartyStoragePartitioningBlockedForOrigins

Block third-party storage partitioning for these origins

Supported versions:

  • On Windows and macOS since 115 or later

Description

Lets you set a list of url patterns that specify top-level origins (the url in the tab's address bar) that block third-party (cross-origin iframe) storage partitioning.

If this policy isn't set or a top-level origin doesn't match, then the value from DefaultThirdPartyStoragePartitioningSetting will be used.

Note that the patterns you list are treated as origins, not URLs, so you shouldn't specify a path.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ThirdPartyStoragePartitioningBlockedForOrigins
  • GP name: Block third-party storage partitioning for these origins
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ThirdPartyStoragePartitioningBlockedForOrigins
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ThirdPartyStoragePartitioningBlockedForOrigins\1 = "www.example.com"
SOFTWARE\Policies\Microsoft\Edge\ThirdPartyStoragePartitioningBlockedForOrigins\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: ThirdPartyStoragePartitioningBlockedForOrigins
  • Example value:
<array>
  <string>www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

WebHidAllowAllDevicesForUrls

Allow listed sites to connect to any HID device

Supported versions:

  • On Windows and macOS since 109 or later

Description

This setting allows you to list sites which are automatically granted permission to access all available devices.

The URLs must be valid or the policy is ignored. Only the origin (scheme, host and port) of the URL is evaluated.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

This policy overrides DefaultWebHidGuardSetting, WebHidAskForUrls, WebHidBlockedForUrls and the user's preferences.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebHidAllowAllDevicesForUrls
  • GP name: Allow listed sites to connect to any HID device
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\WebHidAllowAllDevicesForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WebHidAllowAllDevicesForUrls\1 = "https://microsoft.com"
SOFTWARE\Policies\Microsoft\Edge\WebHidAllowAllDevicesForUrls\2 = "https://chromium.org"

Mac information and settings

  • Preference Key Name: WebHidAllowAllDevicesForUrls
  • Example value:
<array>
  <string>https://microsoft.com</string>
  <string>https://chromium.org</string>
</array>

Back to top

WebHidAllowDevicesForUrls

Allow listed sites connect to specific HID devices

Supported versions:

  • On Windows and macOS since 109 or later

Description

This setting lets you list the URLs that specify which sites are automatically granted permission to access a HID device with the given vendor and product IDs.

Setting the policy Each item in the list requires both devices and urls fields for the item to be valid, otherwise the item is ignored.

  • Each item in the devices field must have a vendor_id and may have a product_id field.

  • Omitting the product_id field will create a policy matching any device with the specified vendor ID.

  • An item which has a product_id field without a vendor_id field is invalid and is ignored.

If you don't set this policy, that means DefaultWebHidGuardSetting applies, if it's set. If not, the user's personal setting applies.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

URLs in this policy shouldn't conflict with those configured through WebHidBlockedForUrls. If they do, this policy takes precedence over WebHidBlockedForUrls.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebHidAllowDevicesForUrls
  • GP name: Allow listed sites connect to specific HID devices
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebHidAllowDevicesForUrls
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WebHidAllowDevicesForUrls = [
  {
    "devices": [
      {
        "product_id": 5678,
        "vendor_id": 1234
      }
    ],
    "urls": [
      "https://microsoft.com",
      "https://chromium.org"
    ]
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\WebHidAllowDevicesForUrls = [{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://microsoft.com", "https://chromium.org"]}]

Mac information and settings

  • Preference Key Name: WebHidAllowDevicesForUrls
  • Example value:
<key>WebHidAllowDevicesForUrls</key>
<array>
  <dict>
    <key>devices</key>
    <array>
      <dict>
        <key>product_id</key>
        <integer>5678</integer>
        <key>vendor_id</key>
        <integer>1234</integer>
      </dict>
    </array>
    <key>urls</key>
    <array>
      <string>https://microsoft.com</string>
      <string>https://chromium.org</string>
    </array>
  </dict>
</array>

Back to top

WebHidAllowDevicesWithHidUsagesForUrls

Automatically grant permission to these sites to connect to HID devices containing top-level collections with the given HID usage

Supported versions:

  • On Windows and macOS since 109 or later

Description

This setting allows you to list the URLs that specify which sites are automatically granted permission to access a HID device containing a top-level collection with the given HID usage.

Each item in the list requires both usages and urls fields for the policy to be valid.

  • Each item in the usages field must have a usage_page and may have a usage field.

  • Omitting the usage field will create a policy matching any device containing a top-level collection with a usage from the specified usage page.

  • An item which has a usage field without a usage_page field is invalid and is ignored.

If you don't set this policy, that means DefaultWebHidGuardSetting applies, if it's set. If not, the user's personal setting applies.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

URLs in this policy shouldn't conflict with those configured through WebHidBlockedForUrls. If they do, this policy takes precedence over WebHidBlockedForUrls.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebHidAllowDevicesWithHidUsagesForUrls
  • GP name: Automatically grant permission to these sites to connect to HID devices containing top-level collections with the given HID usage
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebHidAllowDevicesWithHidUsagesForUrls
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WebHidAllowDevicesWithHidUsagesForUrls = [
  {
    "urls": [
      "https://microsoft.com",
      "https://chromium.org"
    ],
    "usages": [
      {
        "usage": 5678,
        "usage_page": 1234
      }
    ]
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\WebHidAllowDevicesWithHidUsagesForUrls = [{"urls": ["https://microsoft.com", "https://chromium.org"], "usages": [{"usage": 5678, "usage_page": 1234}]}]

Mac information and settings

  • Preference Key Name: WebHidAllowDevicesWithHidUsagesForUrls
  • Example value:
<key>WebHidAllowDevicesWithHidUsagesForUrls</key>
<array>
  <dict>
    <key>urls</key>
    <array>
      <string>https://microsoft.com</string>
      <string>https://chromium.org</string>
    </array>
    <key>usages</key>
    <array>
      <dict>
        <key>usage</key>
        <integer>5678</integer>
        <key>usage_page</key>
        <integer>1234</integer>
      </dict>
    </array>
  </dict>
</array>

Back to top

WebHidAskForUrls

Allow the WebHID API on these sites

Supported versions:

  • On Windows and macOS since 100 or later

Description

Setting the policy lets you list the URL patterns that specify which sites can ask users to grant them access to a HID device.

Leaving the policy unset means DefaultWebHidGuardSetting applies for all sites, if it's set. If not, users' personal settings apply.

For URL patterns that don't match the policy, the following values are applied in order of precedence:

URL patterns must not conflict with WebHidBlockedForUrls. Neither policy takes precedence if a URL matches both patterns.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebHidAskForUrls
  • GP name: Allow the WebHID API on these sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\WebHidAskForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WebHidAskForUrls\1 = "https://microsoft.com"
SOFTWARE\Policies\Microsoft\Edge\WebHidAskForUrls\2 = "https://chromium.org"

Mac information and settings

  • Preference Key Name: WebHidAskForUrls
  • Example value:
<array>
  <string>https://microsoft.com</string>
  <string>https://chromium.org</string>
</array>

Back to top

WebHidBlockedForUrls

Block the WebHID API on these sites

Supported versions:

  • On Windows and macOS since 100 or later

Description

Setting the policy lets you list the URL patterns that specify which sites can't ask users to grant them access to a HID device.

Leaving the policy unset means DefaultWebHidGuardSetting applies for all sites, if it's set. If not, users' personal settings apply.

For URL patterns that don't match the policy, the following values are applied in order of precedence:

URL patterns can't conflict with WebHidAskForUrls. Neither policy takes precedence if a URL matches both patterns.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebHidBlockedForUrls
  • GP name: Block the WebHID API on these sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\WebHidBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WebHidBlockedForUrls\1 = "https://microsoft.com"
SOFTWARE\Policies\Microsoft\Edge\WebHidBlockedForUrls\2 = "https://chromium.org"

Mac information and settings

  • Preference Key Name: WebHidBlockedForUrls
  • Example value:
<array>
  <string>https://microsoft.com</string>
  <string>https://chromium.org</string>
</array>

Back to top

WebUsbAllowDevicesForUrls

Grant access to specific sites to connect to specific USB devices

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows you to set a list of urls that specify which sites will automatically be granted permission to access a USB device with the given vendor and product IDs. Each item in the list must contain both devices and urls in order for the policy to be valid. Each item in devices can contain a vendor ID and product ID field. Any ID that is omitted is treated as a wildcard with one exception, and that exception is that a product ID cannot be specified without a vendor ID also being specified. Otherwise, the policy will not be valid and will be ignored.

The USB permission model uses the URL of the requesting site ("requesting URL") and the URL of the top-level frame site ("embedding URL") to grant permission to the requesting URL to access the USB device. The requesting URL may be different than the embedding URL when the requesting site is loaded in an iframe. Therefore, the "urls" field can contain up to two URL strings delimited by a comma to specify the requesting and embedding URL respectively. If only one URL is specified, then access to the corresponding USB devices will be granted when the requesting site's URL matches this URL regardless of embedding status. The URLs in "urls" must be valid URLs, otherwise the policy will be ignored.

This is deprecated and only supported for backwards compatibility in the following manner. If both a requesting and embedding URL is specified, then the embedding URL will be granted the permission as top-level origin and the requesting URL will be ignored entirely.

If this policy is left not set, the global default value will be used for all sites either from the DefaultWebUsbGuardSetting policy if it is set, or the user's personal configuration otherwise.

URL patterns in this policy should not clash with the ones configured via WebUsbBlockedForUrls. If there is a clash, this policy will take precedence over WebUsbBlockedForUrls and WebUsbAskForUrls.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebUsbAllowDevicesForUrls
  • GP name: Grant access to specific sites to connect to specific USB devices
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebUsbAllowDevicesForUrls
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WebUsbAllowDevicesForUrls = [
  {
    "devices": [
      {
        "product_id": 5678,
        "vendor_id": 1234
      }
    ],
    "urls": [
      "https://contoso.com",
      "https://fabrikam.com"
    ]
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\WebUsbAllowDevicesForUrls = [{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://contoso.com", "https://fabrikam.com"]}]

Mac information and settings

  • Preference Key Name: WebUsbAllowDevicesForUrls
  • Example value:
<key>WebUsbAllowDevicesForUrls</key>
<array>
  <dict>
    <key>devices</key>
    <array>
      <dict>
        <key>product_id</key>
        <integer>5678</integer>
        <key>vendor_id</key>
        <integer>1234</integer>
      </dict>
    </array>
    <key>urls</key>
    <array>
      <string>https://contoso.com</string>
      <string>https://fabrikam.com</string>
    </array>
  </dict>
</array>

Back to top

WebUsbAskForUrls

Allow WebUSB on specific sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define a list of sites, based on URL patterns, that can ask the user for access to a USB device.

If you don't configure this policy, the global default value from the DefaultWebUsbGuardSetting policy (if set) or the user's personal configuration is used for all sites.

The URL patterns defined in this policy can't conflict with those configured in the WebUsbBlockedForUrls policy - you can't both allow and block a URL. For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebUsbAskForUrls
  • GP name: Allow WebUSB on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\WebUsbAskForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WebUsbAskForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\WebUsbAskForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: WebUsbAskForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

WebUsbBlockedForUrls

Block WebUSB on specific sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define a list of sites, based on URL patterns, that can't ask the user to grant them access to a USB device.

If you don't configure this policy, the global default value from the DefaultWebUsbGuardSetting policy (if set) or the user's personal configuration is used for all sites.

URL patterns in this policy can't conflict with those configured in the WebUsbAskForUrls policy. You can't both allow and block a URL. For detailed information on valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebUsbBlockedForUrls
  • GP name: Block WebUSB on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\WebUsbBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WebUsbBlockedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\WebUsbBlockedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: WebUsbBlockedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

WindowManagementAllowedForUrls

Allow Window Management permission on specified sites

Supported versions:

  • On Windows and macOS since 123 or later

Description

Lets you configure a list of site url patterns that specify sites which will automatically grant the window management permission. This extends the ability of sites to see information about the device's screens. This information can be used to open and place windows or request fullscreen on specific screens.

For detailed information on valid site url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards, *, are allowed. This policy only matches based on site origin, so any path in the URL pattern is ignored.

If this policy isn't configured for a site, then the policy from DefaultWindowManagementSetting applies to the site, if configured. Otherwise the permission will follow the browser's defaults and let users choose this permission per site.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WindowManagementAllowedForUrls
  • GP name: Allow Window Management permission on specified sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\WindowManagementAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WindowManagementAllowedForUrls\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\WindowManagementAllowedForUrls\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: WindowManagementAllowedForUrls
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

WindowManagementBlockedForUrls

Block Window Management permission on specified sites

Supported versions:

  • On Windows and macOS since 123 or later

Description

Lets you configure a list of site url patterns that specify sites which will automatically deny the window management permission. This limits the ability of sites to see information about the device's screens. This information can be used to open and place windows or request fullscreen on specific screens.

For detailed information on valid site url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards, *, are allowed. This policy only matches based on site origin, so any path in the URL pattern is ignored.

If this policy isn't configured for a site, then the policy from DefaultWindowManagementSetting applies to the site, if configured. Otherwise the permission will follow the browser's defaults and let users choose this permission per site.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WindowManagementBlockedForUrls
  • GP name: Block Window Management permission on specified sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\WindowManagementBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WindowManagementBlockedForUrls\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\WindowManagementBlockedForUrls\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: WindowManagementBlockedForUrls
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

Default search provider policies

Back to top

DefaultSearchProviderEnabled

Enable the default search provider

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enables the ability to use a default search provider.

If you enable this policy, a user can search for a term by typing in the address bar (as long as what they type isn't a URL).

You can specify the default search provider to use by enabling the rest of the default search policies. If these are left empty (not configured) or configured incorrectly, the user can choose the default provider.

If you disable this policy, the user can't search from the address bar.

If you enable or disable this policy, users can't change or override it.

If you don't configure this policy, the default search provider is enabled, and the user can choose the default search provider and set the search provider list.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.

Starting in Microsoft Edge 84, you can set this policy as a recommended policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultSearchProviderEnabled
  • GP name: Enable the default search provider
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Default search provider
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Default search provider
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: DefaultSearchProviderEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DefaultSearchProviderEnabled
  • Example value:
<true/>

Back to top

DefaultSearchProviderEncodings

Default search provider encodings

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specify the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the order provided.

This policy is optional. If not configured, the default, UTF-8, is used.

This policy is applied only if you enable the DefaultSearchProviderEnabled and DefaultSearchProviderSearchURL policies.

Starting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the ManagedSearchEngines policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultSearchProviderEncodings
  • GP name: Default search provider encodings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Default search provider
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Default search provider
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\DefaultSearchProviderEncodings
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended\DefaultSearchProviderEncodings
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\DefaultSearchProviderEncodings\1 = "UTF-8"
SOFTWARE\Policies\Microsoft\Edge\DefaultSearchProviderEncodings\2 = "UTF-16"
SOFTWARE\Policies\Microsoft\Edge\DefaultSearchProviderEncodings\3 = "GB2312"
SOFTWARE\Policies\Microsoft\Edge\DefaultSearchProviderEncodings\4 = "ISO-8859-1"

Mac information and settings

  • Preference Key Name: DefaultSearchProviderEncodings
  • Example value:
<array>
  <string>UTF-8</string>
  <string>UTF-16</string>
  <string>GB2312</string>
  <string>ISO-8859-1</string>
</array>

Back to top

DefaultSearchProviderImageURL

Specifies the search-by-image feature for the default search provider

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies the URL to the search engine used for image search. Search requests are sent using the GET method.

This policy is optional. If you don't configure it, image search isn't available.

Specify Bing's Image Search URL as: '{bing:baseURL}images/detail/search?iss=sbiupload&FORM=ANCMS1#enterInsights'.

Specify Google's Image Search URL as: '{google:baseURL}searchbyimage/upload'.

See DefaultSearchProviderImageURLPostParams policy to finish configuring image search.

This policy is applied only if you enable the DefaultSearchProviderEnabled and DefaultSearchProviderSearchURL policies.

Starting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the ManagedSearchEngines policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultSearchProviderImageURL
  • GP name: Specifies the search-by-image feature for the default search provider
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Default search provider
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Default search provider
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: DefaultSearchProviderImageURL
  • Value Type: REG_SZ
Example value:
"https://search.contoso.com/searchbyimage/upload"

Mac information and settings

  • Preference Key Name: DefaultSearchProviderImageURL
  • Example value:
<string>https://search.contoso.com/searchbyimage/upload</string>

Back to top

DefaultSearchProviderImageURLPostParams

Parameters for an image URL that uses POST

Supported versions:

  • On Windows and macOS since 77 or later

Description

If you enable this policy, it specifies the parameters used when an image search that uses POST is performed. The policy consists of comma-separated name/value pairs. If a value is a template parameter, like {imageThumbnail} in the preceding example, it's replaced with real image thumbnail data. This policy is applied only if you enable the DefaultSearchProviderEnabled and DefaultSearchProviderSearchURL policies.

Specify Bing's Image Search URL Post Params as: 'imageBin={google:imageThumbnailBase64}'.

Specify Google's Image Search URL Post Params as: 'encoded_image={google:imageThumbnail},image_url={google:imageURL},sbisrc={google:imageSearchSource},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight}'.

If you don't set this policy, image search requests are sent using the GET method.

Starting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the ManagedSearchEngines policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultSearchProviderImageURLPostParams
  • GP name: Parameters for an image URL that uses POST
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Default search provider
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Default search provider
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: DefaultSearchProviderImageURLPostParams
  • Value Type: REG_SZ
Example value:
"content={imageThumbnail},url={imageURL},sbisrc={SearchSource}"

Mac information and settings

  • Preference Key Name: DefaultSearchProviderImageURLPostParams
  • Example value:
<string>content={imageThumbnail},url={imageURL},sbisrc={SearchSource}</string>

Back to top

DefaultSearchProviderKeyword

Default search provider keyword

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies the keyword, which is the shortcut used in the Address Bar to trigger the search for this provider.

This policy is optional. If you don't configure it, no keyword activates the search provider.

This policy is applied only if you enable the DefaultSearchProviderEnabled and DefaultSearchProviderSearchURL policies.

Starting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the ManagedSearchEngines policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultSearchProviderKeyword
  • GP name: Default search provider keyword
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Default search provider
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Default search provider
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: DefaultSearchProviderKeyword
  • Value Type: REG_SZ
Example value:
"mis"

Mac information and settings

  • Preference Key Name: DefaultSearchProviderKeyword
  • Example value:
<string>mis</string>

Back to top

DefaultSearchProviderName

Default search provider name

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies the name of the default search provider.

If you enable this policy, you set the name of the default search provider.

If you don't enable this policy or if you leave it empty, the host name specified by the search URL is used.

'DefaultSearchProviderName' should be set to an organization-approved encrypted search provider that corresponds to the encrypted search provider set in DTBC-0008. This policy is applied only if you enable the DefaultSearchProviderEnabled and DefaultSearchProviderSearchURL policies.

Starting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the ManagedSearchEngines policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultSearchProviderName
  • GP name: Default search provider name
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Default search provider
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Default search provider
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: DefaultSearchProviderName
  • Value Type: REG_SZ
Example value:
"My Intranet Search"

Mac information and settings

  • Preference Key Name: DefaultSearchProviderName
  • Example value:
<string>My Intranet Search</string>

Back to top

DefaultSearchProviderSearchURL

Default search provider search URL

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies the URL of the search engine used for a default search. The URL contains the string '{searchTerms}', which is replaced at query time by the terms the user is searching for.

Specify Bing's search URL as:

'{bing:baseURL}search?q={searchTerms}'.

Specify Google's search URL as: '{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}ie={inputEncoding}'.

This policy is required when you enable the DefaultSearchProviderEnabled policy; if you don't enable the latter policy, this policy is ignored.

Starting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the ManagedSearchEngines policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultSearchProviderSearchURL
  • GP name: Default search provider search URL
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Default search provider
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Default search provider
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: DefaultSearchProviderSearchURL
  • Value Type: REG_SZ
Example value:
"https://search.contoso.com/search?q={searchTerms}"

Mac information and settings

  • Preference Key Name: DefaultSearchProviderSearchURL
  • Example value:
<string>https://search.contoso.com/search?q={searchTerms}</string>

Back to top

DefaultSearchProviderSuggestURL

Default search provider URL for suggestions

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies the URL for the search engine used to provide search suggestions. The URL contains the string '{searchTerms}', which is replaced at query time by the text the user has entered so far.

This policy is optional. If you don't configure it, users won't see search suggestions; they will see suggestions from their browsing history and favorites.

Bing's suggest URL can be specified as:

'{bing:baseURL}qbox?query={searchTerms}'.

Google's suggest URL can be specified as: '{google:baseURL}complete/search?output=chrome&q={searchTerms}'.

This policy is applied only if you enable the DefaultSearchProviderEnabled and DefaultSearchProviderSearchURL policies.

Starting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the ManagedSearchEngines policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultSearchProviderSuggestURL
  • GP name: Default search provider URL for suggestions
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Default search provider
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Default search provider
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: DefaultSearchProviderSuggestURL
  • Value Type: REG_SZ
Example value:
"https://search.contoso.com/suggest?q={searchTerms}"

Mac information and settings

  • Preference Key Name: DefaultSearchProviderSuggestURL
  • Example value:
<string>https://search.contoso.com/suggest?q={searchTerms}</string>

Back to top

NewTabPageSearchBox

Configure the new tab page search box experience

Supported versions:

  • On Windows and macOS since 85 or later

Description

You can configure the new tab page search box to use "Search box (Recommended)" or "Address bar" to search on new tabs. This policy only works if you set the search engine to a value other than Bing by setting the following two policies: DefaultSearchProviderEnabled and DefaultSearchProviderSearchURL.

If you disable or don't configure this policy and:

  • If the address bar default search engine is Bing, the new tab page uses the search box to search on new tabs.
  • If the address bar default search engine is not Bing, users are offered an additional choice (use "Address bar") when searching on new tabs.

If you enable this policy and set it to:

  • "Search box (Recommended)" ('bing'), the new tab page uses the search box to search on new tabs.
  • "Address bar" ('redirect'), the new tab page search box uses the address bar to search on new tabs.

Policy options mapping:

  • bing (bing) = Search box (Recommended)

  • redirect (redirect) = Address bar

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageSearchBox
  • GP name: Configure the new tab page search box experience
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Default search provider
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Default search provider
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: NewTabPageSearchBox
  • Value Type: REG_SZ
Example value:
"bing"

Mac information and settings

  • Preference Key Name: NewTabPageSearchBox
  • Example value:
<string>bing</string>

Back to top

Edge Website Typo Protection settings policies

Back to top

PreventTyposquattingPromptOverride

Prevent bypassing Edge Website Typo Protection prompts for sites

Supported versions:

  • On Windows and macOS since 121 or later

Description

This policy setting lets you decide whether users can override the Edge Website Typo Protection warnings about potential typosquatting websites.

If you enable this setting, users can't ignore Edge Website Typo Protection warnings and they are blocked from continuing to the site.

If you disable or don't configure this setting, users can ignore Edge Website Typo Protection warnings and continue to the site.

This will only take effect when TyposquattingCheckerEnabled policy is not set or set to enabled.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PreventTyposquattingPromptOverride
  • GP name: Prevent bypassing Edge Website Typo Protection prompts for sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Edge Website Typo Protection settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PreventTyposquattingPromptOverride
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PreventTyposquattingPromptOverride
  • Example value:
<true/>

Back to top

TyposquattingAllowListDomains

Configure the list of domains for which Edge Website Typo Protection won't trigger warnings

Supported versions:

  • On Windows and macOS since 121 or later

Description

Configure the list of Edge Website Typo Protection trusted domains. This means: Edge Website Typo Protection won't check for potentially malicious typosquatting websites.

If you enable this policy, Edge Website Typo Protection trusts these domains. If you disable or don't set this policy, default Edge Website Typo Protection protection is applied to all resources.

This will only take effect when TyposquattingCheckerEnabled policy is not set or set to enabled.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10/11 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX. Also note that this policy does not apply if your organization has enabled Microsoft Defender for Endpoint. You must configure your allow and block lists in Microsoft 365 Defender portal using Indicators (Settings > Endpoints > Indicators).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TyposquattingAllowListDomains
  • GP name: Configure the list of domains for which Edge Website Typo Protection won't trigger warnings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Edge Website Typo Protection settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\TyposquattingAllowListDomains
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\TyposquattingAllowListDomains\1 = "mydomain.com"
SOFTWARE\Policies\Microsoft\Edge\TyposquattingAllowListDomains\2 = "myuniversity.edu"

Mac information and settings

  • Preference Key Name: TyposquattingAllowListDomains
  • Example value:
<array>
  <string>mydomain.com</string>
  <string>myuniversity.edu</string>
</array>

Back to top

TyposquattingCheckerEnabled

Configure Edge Website Typo Protection

Supported versions:

  • On Windows and macOS since 96 or later

Description

This policy setting lets you configure whether to turn on Edge Website Typo Protection. Edge Website Typo Protection provides warning messages to help protect your users from potential typosquatting sites. By default, Edge Website Typo Protection is turned on.

If you enable this policy, Edge Website Typo Protection is turned on.

If you disable this policy, Edge Website Typo Protection is turned off.

If you don't configure this policy, Edge Website Typo Protection is turned on but users can choose whether to use Edge Website Typo Protection.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TyposquattingCheckerEnabled
  • GP name: Configure Edge Website Typo Protection
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Edge Website Typo Protection settings
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Edge Website Typo Protection settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: TyposquattingCheckerEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: TyposquattingCheckerEnabled
  • Example value:
<true/>

Back to top

Edge Workspaces settings policies

Back to top

EdgeWorkspacesEnabled

Enable Workspaces

Supported versions:

  • On Windows and macOS since 106 or later

Description

Microsoft Edge Workspaces helps improve productivity for users in your organization.

If you enable or don't configure this policy, users will be able to access the Microsoft Edge Workspaces feature. If you disable this policy, users will not be able to access the Microsoft Edge Workspaces feature.

To learn more about the feature, see https://go.microsoft.com/fwlink/?linkid=2209950

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeWorkspacesEnabled
  • GP name: Enable Workspaces
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Edge Workspaces settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeWorkspacesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeWorkspacesEnabled
  • Example value:
<true/>

Back to top

WorkspacesNavigationSettings

Configure navigation settings per groups of URLs in Microsoft Edge Workspaces

Supported versions:

  • On Windows and macOS since 110 or later

Description

This setting lets you to define groups of URLs, and apply specific Microsoft Edge Workspaces navigation settings to each group.

If this policy is configured, Microsoft Edge Workspaces will use the configured settings when deciding whether and how to share navigations among collaborators in a Microsoft Edge Workspace.

If this policy is not configured, Microsoft Edge Workspaces will use only default and internally configured navigation settings.

For more information about configuration options, see https://go.microsoft.com/fwlink/?linkid=2218655

Note, format url_patterns according to https://go.microsoft.com/fwlink/?linkid=2095322. You can configure the url_regex_patterns in this policy to match multiple URLs using a Perl style regular expression for the pattern. Note that pattern matches are case sensitive. For more information about the regular expression rules that are used, refer to https://go.microsoft.com/fwlink/p/?linkid=2133903.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WorkspacesNavigationSettings
  • GP name: Configure navigation settings per groups of URLs in Microsoft Edge Workspaces
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Edge Workspaces settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WorkspacesNavigationSettings
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WorkspacesNavigationSettings = [
  {
    "navigation_options": {
      "do_not_send_to": true,
      "remove_all_query_parameters": true
    },
    "url_patterns": [
      "https://contoso.com",
      "https://www.fabrikam.com",
      ".exact.hostname.com"
    ]
  },
  {
    "navigation_options": {
      "query_parameters_to_remove": [
        "username",
        "login_hint"
      ]
    },
    "url_patterns": [
      "https://adatum.com"
    ]
  },
  {
    "navigation_options": {
      "do_not_send_from": true,
      "prefer_initial_url": true
    },
    "url_regex_patterns": [
      "\\Ahttps://.*?tafe\\..*?trs.*?\\.fabrikam.com/Sts"
    ]
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\WorkspacesNavigationSettings = [{"navigation_options": {"do_not_send_to": true, "remove_all_query_parameters": true}, "url_patterns": ["https://contoso.com", "https://www.fabrikam.com", ".exact.hostname.com"]}, {"navigation_options": {"query_parameters_to_remove": ["username", "login_hint"]}, "url_patterns": ["https://adatum.com"]}, {"navigation_options": {"do_not_send_from": true, "prefer_initial_url": true}, "url_regex_patterns": ["\\Ahttps://.*?tafe\\..*?trs.*?\\.fabrikam.com/Sts"]}]

Mac information and settings

  • Preference Key Name: WorkspacesNavigationSettings
  • Example value:
<key>WorkspacesNavigationSettings</key>
<array>
  <dict>
    <key>navigation_options</key>
    <dict>
      <key>do_not_send_to</key>
      <true/>
      <key>remove_all_query_parameters</key>
      <true/>
    </dict>
    <key>url_patterns</key>
    <array>
      <string>https://contoso.com</string>
      <string>https://www.fabrikam.com</string>
      <string>.exact.hostname.com</string>
    </array>
  </dict>
  <dict>
    <key>navigation_options</key>
    <dict>
      <key>query_parameters_to_remove</key>
      <array>
        <string>username</string>
        <string>login_hint</string>
      </array>
    </dict>
    <key>url_patterns</key>
    <array>
      <string>https://adatum.com</string>
    </array>
  </dict>
  <dict>
    <key>navigation_options</key>
    <dict>
      <key>do_not_send_from</key>
      <true/>
      <key>prefer_initial_url</key>
      <true/>
    </dict>
    <key>url_regex_patterns</key>
    <array>
      <string>\Ahttps://.*?tafe\..*?trs.*?\.fabrikam.com/Sts</string>
    </array>
  </dict>
</array>

Back to top

Experimentation policies

Back to top

FeatureFlagOverridesControl

Configure users ability to override feature flags

Supported versions:

  • On Windows and macOS since 93 or later

Description

Configures users ability to override state of feature flags. If you set this policy to 'CommandLineOverridesEnabled', users can override state of feature flags using command line arguments but not edge://flags page.

If you set this policy to 'OverridesEnabled', users can override state of feature flags using command line arguments or edge://flags page.

If you set this policy to 'OverridesDisabled', users can't override state of feature flags using command line arguments or edge://flags page.

If you don't configure this policy, the behavior is the same as the 'OverridesEnabled'.

Policy options mapping:

  • CommandLineOverridesEnabled (2) = Allow users to override feature flags using command line arguments only

  • OverridesEnabled (1) = Allow users to override feature flags

  • OverridesDisabled (0) = Prevent users from overriding feature flags

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: FeatureFlagOverridesControl
  • GP name: Configure users ability to override feature flags
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Experimentation
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: FeatureFlagOverridesControl
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: FeatureFlagOverridesControl
  • Example value:
<integer>1</integer>

Back to top

Extensions policies

Back to top

BlockExternalExtensions

Blocks external extensions from being installed

Supported versions:

  • On Windows and macOS since 88 or later

Description

Control the installation of external extensions.

If you enable this setting, external extensions are blocked from being installed.

If you disable this setting or leave it unset, external extensions are allowed to be installed.

External extensions and their installation are documented at Alternate extension distribution methods.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BlockExternalExtensions
  • GP name: Blocks external extensions from being installed
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Extensions
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BlockExternalExtensions
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: BlockExternalExtensions
  • Example value:
<true/>

Back to top

ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled

Configure default state of Allow extensions from other stores setting

Supported versions:

  • On Windows and macOS since 101 or later

Description

This policy allows you to control the default state of the Allow extensions from other stores setting. This policy can't be used to stop installation of extensions from other stores such as Chrome Web Store. To stop installation of extensions from other stores, use the Extension Settings policy: https://go.microsoft.com/fwlink/?linkid=2187098.

When enabled, Allow extensions from other stores will be turned on. So, users won't have to turn on the flag manually while installing extensions from other supported stores such as Chrome Web Store. However a user can override this setting. If the user has already turned on the setting and then turned it off, this setting may not work. If the Admin first sets the policy as Enabled, but then changes it to not configured or disabled, it will have no impact on user settings and the setting will remain as it is.

When disabled or not configured, the user can manage the Allow extensions from other store setting.

Supported features:

  • Can be mandatory: No
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled
  • GP name: Configure default state of Allow extensions from other stores setting
  • GP path (Mandatory): N/A
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Extensions
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): N/A
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled
  • Example value:
<true/>

Back to top

ExtensionAllowedTypes

Configure allowed extension types

Supported versions:

  • On Windows and macOS since 77 or later

Description

Setting the policy controls which apps and extensions may be installed in Microsoft Edge, which hosts they can interact with, and limits runtime access.

If you don't set this policy, there aren't any restrictions on acceptable extension and app types.

Extensions and apps which have a type that's not on the list won't be installed. Each value should be one of these strings:

  • "extension"

  • "theme"

  • "user_script"

  • "hosted_app"

See the Microsoft Edge extensions documentation for more information about these types.

Note: This policy also affects extensions and apps to be force-installed using ExtensionInstallForcelist.

Policy options mapping:

  • extension (extension) = Extension

  • theme (theme) = Theme

  • user_script (user_script) = User script

  • hosted_app (hosted_app) = Hosted app

  • legacy_packaged_app (legacy_packaged_app) = Legacy packaged app

  • platform_app (platform_app) = Platform app

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExtensionAllowedTypes
  • GP name: Configure allowed extension types
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Extensions
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ExtensionAllowedTypes
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ExtensionAllowedTypes\1 = "hosted_app"

Mac information and settings

  • Preference Key Name: ExtensionAllowedTypes
  • Example value:
<array>
  <string>hosted_app</string>
</array>

Back to top

ExtensionInstallAllowlist

Allow specific extensions to be installed

Supported versions:

  • On Windows and macOS since 77 or later

Description

Setting this policy specifies which extensions are not subject to the blocklist.

A blocklist value of * means all extensions are blocked and users can only install extensions listed in the allow list.

By default, all extensions are allowed. However, if you prohibited extensions by policy, you can use the list of allowed extensions to change that policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExtensionInstallAllowlist
  • GP name: Allow specific extensions to be installed
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Extensions
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist\1 = "extension_id1"
SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist\2 = "extension_id2"

Mac information and settings

  • Preference Key Name: ExtensionInstallAllowlist
  • Example value:
<array>
  <string>extension_id1</string>
  <string>extension_id2</string>
</array>

Back to top

ExtensionInstallBlocklist

Control which extensions cannot be installed

Supported versions:

  • On Windows and macOS since 77 or later

Description

Lets you specify which extensions the users CANNOT install. Extensions already installed will be disabled if blocked, without a way for the user to enable them. After a disabled extension is removed from the blocklist it will automatically get re-enabled.

A blocklist value of '*' means all extensions are blocked unless they are explicitly listed in the allowlist.

If this policy isn't set, the user can install any extension in Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExtensionInstallBlocklist
  • GP name: Control which extensions cannot be installed
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Extensions
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist\1 = "extension_id1"
SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist\2 = "extension_id2"

Mac information and settings

  • Preference Key Name: ExtensionInstallBlocklist
  • Example value:
<array>
  <string>extension_id1</string>
  <string>extension_id2</string>
</array>

Back to top

ExtensionInstallForcelist

Control which extensions are installed silently

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set this policy to specify a list of apps and extensions that install silently, without user interaction. Users can't uninstall or turn off this setting. Permissions are granted implicitly, including the enterprise.deviceAttributes and enterprise.platformKeys extension APIs. Note: These 2 APIs aren't available to apps and extensions that aren't force-installed.

If you don't set this policy, no apps or extensions are autoinstalled and users can uninstall any app in Microsoft Edge.

This policy supercedes ExtensionInstallBlocklist policy. If a previously force-installed app or extension is removed from this list, Microsoft Edge automatically uninstalls it.

For Windows instances not joined to a Microsoft Active Directory domain, forced installation is limited to apps and extensions listed in the Microsoft Edge Add-ons website.

On macOS instances, apps and extensions from outside the Microsoft Edge Add-ons website can only be force installed if the instance is managed via MDM, or joined to a domain via MCX.

The source code of any extension can be altered by users with developer tools, potentially rendering the extension unfunctional. If this is a concern, configure the DeveloperToolsAvailability policy.

Each list item of the policy is a string that contains an extension ID and, optionally, an "update" URL separated by a semicolon (;). The extension ID is the 32-letter string found, for example, on edge://extensions when in Developer mode. If specified, the "update" URL should point to an Update Manifest XML document ( https://go.microsoft.com/fwlink/?linkid=2095043 ). By default, the Microsoft Edge Add-ons website's update URL is used. The "update" URL set in this policy is only used for the initial installation; subsequent updates of the extension use the update URL in the extension's manifest.

Note: This policy doesn't apply to InPrivate mode. Read about hosting extensions at Publish and update extensions in the Microsoft Edge Add-ons website.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExtensionInstallForcelist
  • GP name: Control which extensions are installed silently
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Extensions
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist\1 = "gbchcmhmhahfdphkhkmpfmihenigjmpp;https://edge.microsoft.com/extensionwebstorebase/v1/crx"
SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist\2 = "abcdefghijklmnopabcdefghijklmnop"

Mac information and settings

  • Preference Key Name: ExtensionInstallForcelist
  • Example value:
<array>
  <string>gbchcmhmhahfdphkhkmpfmihenigjmpp;https://edge.microsoft.com/extensionwebstorebase/v1/crx</string>
  <string>abcdefghijklmnopabcdefghijklmnop</string>
</array>

Back to top

ExtensionInstallSources

Configure extension and user script install sources

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define URLs that can install extensions and themes.

Define URLs that can install extensions and themes directly without having to drag and drop the packages to the edge://extensions page.

Each item in this list is an extension-style match pattern (see https://go.microsoft.com/fwlink/?linkid=2095039). Users can easily install items from any URL that matches an item in this list. Both the location of the *.crx file and the page where the download is started from (in other words, the referrer) must be allowed by these patterns. Do not host the files at a location that requires authentication.

The ExtensionInstallBlocklist policy takes precedence over this policy. Any extensions that's on the block list won't be installed, even if it comes from a site on this list.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExtensionInstallSources
  • GP name: Configure extension and user script install sources
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Extensions
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallSources
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallSources\1 = "https://corp.contoso.com/*"

Mac information and settings

  • Preference Key Name: ExtensionInstallSources
  • Example value:
<array>
  <string>https://corp.contoso.com/*</string>
</array>

Back to top

ExtensionInstallTypeBlocklist

Blocklist for extension install types

Supported versions:

  • On Windows and macOS since 123 or later

Description

The blocklist controls which extension install types are disallowed.

Setting the "command_line" will block an extension from being loaded from command line.

Policy options mapping:

  • command_line (command_line) = Blocks extensions from being loaded from command line

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExtensionInstallTypeBlocklist
  • GP name: Blocklist for extension install types
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Extensions
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallTypeBlocklist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallTypeBlocklist\1 = "command_line"

Mac information and settings

  • Preference Key Name: ExtensionInstallTypeBlocklist
  • Example value:
<array>
  <string>command_line</string>
</array>

Back to top

ExtensionManifestV2Availability

Control Manifest v2 extension availability

Supported versions:

  • On Windows and macOS since 123 or later

Description

Control if Manifest v2 extensions can be used by browser.

Manifest v2 extensions support will be deprecated and all extensions need to be migrated to v3 in the future. More information about, and the timeline of the migration has not been established.

If the policy is set to Default or not set, v2 extension loading is decided by browser. This will follow the preceding timeline when it's established.

If the policy is set to Disable, v2 extensions installation are blocked, and existing ones are disabled. This option is going to be treated the same as if the policy is unset after v2 support is turned off by default.

If the policy is set to Enable, v2 extensions are allowed. The option is going to be treated the same as if the policy isn't set before v2 support is turned off by default.

If the policy is set to EnableForForcedExtensions, force installed v2 extensions are allowed. This includes extensions that are listed by ExtensionInstallForcelist or ExtensionSettings with installation_mode "force_installed" or "normal_installed". All other v2 extensions are disabled. The option is always available regardless of the manifest migration state.

Extensions availabilities are still controlled by other policies.

Policy options mapping:

  • Default (0) = Default browser behavior

  • Disable (1) = Manifest v2 is disabled

  • Enable (2) = Manifest v2 is enabled

  • EnableForForcedExtensions (3) = Manifest v2 is enabled for forced extensions only

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExtensionManifestV2Availability
  • GP name: Control Manifest v2 extension availability
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Extensions
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ExtensionManifestV2Availability
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: ExtensionManifestV2Availability
  • Example value:
<integer>2</integer>

Back to top

ExtensionSettings

Configure extension management settings

Supported versions:

  • On Windows and macOS since 77 or later

Description

Setting this policy controls extension management settings for Microsoft Edge, including any controlled by existing extension-related policies. This policy supersedes any legacy policies that might be set.

This policy maps an extension ID or an update URL to its specific setting only. A default configuration can be set for the special ID "*", which applies to all extensions without a custom configuration in this policy. With an update URL, configuration applies to extensions with the exact update URL stated in the extension manifest. If the 'override_update_url' flag is set to true, the extension is installed and updated using the update URL specified in the ExtensionInstallForcelist policy or in 'update_url' field in this policy. The flag 'override_update_url' is ignored if the 'update_url' is the Edge Add-ons website update URL. For more details, check out the detailed guide to ExtensionSettings policy available at https://go.microsoft.com/fwlink/?linkid=2161555.

To block extensions from a particular third party store, you only need to block the update_url for that store. For example, if you want to block extensions from Chrome Web Store, you can use the following JSON.

{"update_url:https://clients2.google.com/service/update2/crx":{"installation_mode":"blocked"}}

Note that you can still use ExtensionInstallForcelist and ExtensionInstallAllowlist to allow / force install specific extensions even if the store is blocked using the JSON in the previous example.

If the 'sidebar_auto_open_blocked' flag is set to true in an extension's configuration, the hub-app (sidebar app) corresponding to the specified extension will be prevented from automatically opening.

On Windows instances, apps and extensions from outside the Microsoft Edge Add-ons website can only be forced installed if the instance is joined to a Microsoft Active Directory domain or joined to Microsoft Azure Active Directory®`.

On macOS instances, apps and extensions from outside the Microsoft Edge Add-ons website can only be force installed if the instance is managed via MDM, joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExtensionSettings
  • GP name: Configure extension management settings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Extensions
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ExtensionSettings
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings = {
  "*": {
    "allowed_types": [
      "hosted_app"
    ],
    "blocked_install_message": "Custom error message.",
    "blocked_permissions": [
      "downloads",
      "bookmarks"
    ],
    "install_sources": [
      "https://company-intranet/apps"
    ],
    "installation_mode": "blocked",
    "runtime_allowed_hosts": [
      "*://good.contoso.com"
    ],
    "runtime_blocked_hosts": [
      "*://*.contoso.com"
    ]
  },
  "abcdefghijklmnopabcdefghijklmnop": {
    "blocked_permissions": [
      "history"
    ],
    "file_url_navigation_allowed": true,
    "installation_mode": "allowed",
    "minimum_version_required": "1.0.1"
  },
  "bcdefghijklmnopabcdefghijklmnopa": {
    "allowed_permissions": [
      "downloads"
    ],
    "installation_mode": "force_installed",
    "override_update_url": true,
    "runtime_allowed_hosts": [
      "*://good.contoso.com"
    ],
    "runtime_blocked_hosts": [
      "*://*.contoso.com"
    ],
    "sidebar_auto_open_blocked": true,
    "toolbar_state": "force_shown",
    "update_url": "https://contoso.com/update_url"
  },
  "cdefghijklmnopabcdefghijklmnopab": {
    "blocked_install_message": "Custom error message.",
    "installation_mode": "blocked"
  },
  "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {
    "blocked_install_message": "Custom error message.",
    "installation_mode": "blocked"
  },
  "fghijklmnopabcdefghijklmnopabcde": {
    "blocked_install_message": "Custom removal message.",
    "installation_mode": "removed"
  },
  "update_url:https://www.contoso.com/update.xml": {
    "allowed_permissions": [
      "downloads"
    ],
    "blocked_permissions": [
      "wallpaper"
    ],
    "installation_mode": "allowed"
  }
}
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings = {"*": {"allowed_types": ["hosted_app"], "blocked_install_message": "Custom error message.", "blocked_permissions": ["downloads", "bookmarks"], "install_sources": ["https://company-intranet/apps"], "installation_mode": "blocked", "runtime_allowed_hosts": ["*://good.contoso.com"], "runtime_blocked_hosts": ["*://*.contoso.com"]}, "abcdefghijklmnopabcdefghijklmnop": {"blocked_permissions": ["history"], "file_url_navigation_allowed": true, "installation_mode": "allowed", "minimum_version_required": "1.0.1"}, "bcdefghijklmnopabcdefghijklmnopa": {"allowed_permissions": ["downloads"], "installation_mode": "force_installed", "override_update_url": true, "runtime_allowed_hosts": ["*://good.contoso.com"], "runtime_blocked_hosts": ["*://*.contoso.com"], "sidebar_auto_open_blocked": true, "toolbar_state": "force_shown", "update_url": "https://contoso.com/update_url"}, "cdefghijklmnopabcdefghijklmnopab": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "fghijklmnopabcdefghijklmnopabcde": {"blocked_install_message": "Custom removal message.", "installation_mode": "removed"}, "update_url:https://www.contoso.com/update.xml": {"allowed_permissions": ["downloads"], "blocked_permissions": ["wallpaper"], "installation_mode": "allowed"}}

Mac information and settings

  • Preference Key Name: ExtensionSettings
  • Example value:
<key>ExtensionSettings</key>
<dict>
  <key>*</key>
  <dict>
    <key>allowed_types</key>
    <array>
      <string>hosted_app</string>
    </array>
    <key>blocked_install_message</key>
    <string>Custom error message.</string>
    <key>blocked_permissions</key>
    <array>
      <string>downloads</string>
      <string>bookmarks</string>
    </array>
    <key>install_sources</key>
    <array>
      <string>https://company-intranet/apps</string>
    </array>
    <key>installation_mode</key>
    <string>blocked</string>
    <key>runtime_allowed_hosts</key>
    <array>
      <string>*://good.contoso.com</string>
    </array>
    <key>runtime_blocked_hosts</key>
    <array>
      <string>*://*.contoso.com</string>
    </array>
  </dict>
  <key>abcdefghijklmnopabcdefghijklmnop</key>
  <dict>
    <key>blocked_permissions</key>
    <array>
      <string>history</string>
    </array>
    <key>file_url_navigation_allowed</key>
    <true/>
    <key>installation_mode</key>
    <string>allowed</string>
    <key>minimum_version_required</key>
    <string>1.0.1</string>
  </dict>
  <key>bcdefghijklmnopabcdefghijklmnopa</key>
  <dict>
    <key>allowed_permissions</key>
    <array>
      <string>downloads</string>
    </array>
    <key>installation_mode</key>
    <string>force_installed</string>
    <key>override_update_url</key>
    <true/>
    <key>runtime_allowed_hosts</key>
    <array>
      <string>*://good.contoso.com</string>
    </array>
    <key>runtime_blocked_hosts</key>
    <array>
      <string>*://*.contoso.com</string>
    </array>
    <key>sidebar_auto_open_blocked</key>
    <true/>
    <key>toolbar_state</key>
    <string>force_shown</string>
    <key>update_url</key>
    <string>https://contoso.com/update_url</string>
  </dict>
  <key>cdefghijklmnopabcdefghijklmnopab</key>
  <dict>
    <key>blocked_install_message</key>
    <string>Custom error message.</string>
    <key>installation_mode</key>
    <string>blocked</string>
  </dict>
  <key>defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd</key>
  <dict>
    <key>blocked_install_message</key>
    <string>Custom error message.</string>
    <key>installation_mode</key>
    <string>blocked</string>
  </dict>
  <key>fghijklmnopabcdefghijklmnopabcde</key>
  <dict>
    <key>blocked_install_message</key>
    <string>Custom removal message.</string>
    <key>installation_mode</key>
    <string>removed</string>
  </dict>
  <key>update_url:https://www.contoso.com/update.xml</key>
  <dict>
    <key>allowed_permissions</key>
    <array>
      <string>downloads</string>
    </array>
    <key>blocked_permissions</key>
    <array>
      <string>wallpaper</string>
    </array>
    <key>installation_mode</key>
    <string>allowed</string>
  </dict>
</dict>

Back to top

Games settings policies

Back to top

GamerModeEnabled

Enable Gamer Mode

Supported versions:

  • On Windows since 117 or later

Description

Microsoft Edge Gamer Mode allows gamers to personalize their browser with gaming themes and gives them the option of enabling Efficiency Mode for PC gaming, the Gaming feed on new tabs, sidebar apps for gamers, and more.

If you enable or don't configure this policy, users can opt into Gamer Mode. If you disable this policy, Gamer Mode will be disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: GamerModeEnabled
  • GP name: Enable Gamer Mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Games settings
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Games settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: GamerModeEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

HTTP authentication policies

Back to top

AllHttpAuthSchemesAllowedForOrigins

List of origins that allow all HTTP authentication

Supported versions:

  • On Windows and macOS since 102 or later

Description

Set this policy to specify which origins allow all the HTTP authentication schemes Microsoft Edge supports regardless of the AuthSchemes policy.

Format the origin pattern according to this format (https://www.chromium.org/administrators/url-blocklist-filter-format). Up to 1,000 exceptions can be defined in AllHttpAuthSchemesAllowedForOrigins. Wildcards are allowed for the whole origin or parts of the origin. Parts include the scheme, host, or port.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllHttpAuthSchemesAllowedForOrigins
  • GP name: List of origins that allow all HTTP authentication
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/HTTP authentication
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\AllHttpAuthSchemesAllowedForOrigins
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\AllHttpAuthSchemesAllowedForOrigins\1 = "*.example.com"

Mac information and settings

  • Preference Key Name: AllHttpAuthSchemesAllowedForOrigins
  • Example value:
<array>
  <string>*.example.com</string>
</array>

Back to top

AllowCrossOriginAuthPrompt

Allow cross-origin HTTP Authentication prompts

Supported versions:

  • On Windows and macOS since 77 or later

Description

Controls whether third-party images on a page can show an authentication prompt.

Typically, this is disabled as a phishing defense. If you don't configure this policy, it's disabled and third-party images can't show an authentication prompt.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowCrossOriginAuthPrompt
  • GP name: Allow cross-origin HTTP Authentication prompts
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/HTTP authentication
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AllowCrossOriginAuthPrompt
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AllowCrossOriginAuthPrompt
  • Example value:
<false/>

Back to top

AuthNegotiateDelegateAllowlist

Specifies a list of servers that Microsoft Edge can delegate user credentials to

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configure the list of servers that Microsoft Edge can delegate to.

Separate multiple server names with commas. Wildcards (*) are allowed.

If you don't configure this policy Microsoft Edge won't delegate user credentials even if a server is detected as Intranet.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AuthNegotiateDelegateAllowlist
  • GP name: Specifies a list of servers that Microsoft Edge can delegate user credentials to
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/HTTP authentication
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AuthNegotiateDelegateAllowlist
  • Value Type: REG_SZ
Example value:
"contoso.com"

Mac information and settings

  • Preference Key Name: AuthNegotiateDelegateAllowlist
  • Example value:
<string>contoso.com</string>

Back to top

AuthSchemes

Supported authentication schemes

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies which HTTP authentication schemes are supported.

You can configure the policy by using these values: 'basic', 'digest', 'ntlm', and 'negotiate'. Separate multiple values with commas.

Note: All values for this policy are case sensitive.

If you don't configure this policy, all four schemes are used.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AuthSchemes
  • GP name: Supported authentication schemes
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/HTTP authentication
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AuthSchemes
  • Value Type: REG_SZ
Example value:
"basic,digest,ntlm,negotiate"

Mac information and settings

  • Preference Key Name: AuthSchemes
  • Example value:
<string>basic,digest,ntlm,negotiate</string>

Back to top

AuthServerAllowlist

Configure list of allowed authentication servers

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies which servers to enable for integrated authentication. Integrated authentication is only enabled when Microsoft Edge receives an authentication challenge from a proxy or from a server in this list.

Separate multiple server names with commas. Wildcards (*) are allowed.

If you don't configure this policy, Microsoft Edge tries to detect if a server is on the intranet - only then will it respond to IWA requests. If the server is on the internet, IWA requests from it are ignored by Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AuthServerAllowlist
  • GP name: Configure list of allowed authentication servers
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/HTTP authentication
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AuthServerAllowlist
  • Value Type: REG_SZ
Example value:
"*contoso.com,contoso.com"

Mac information and settings

  • Preference Key Name: AuthServerAllowlist
  • Example value:
<string>*contoso.com,contoso.com</string>

Back to top

BasicAuthOverHttpEnabled

Allow Basic authentication for HTTP

Supported versions:

  • On Windows and macOS since 88 or later

Description

If you enable this policy or leave it unset, Basic authentication challenges received over non-secure HTTP will be allowed.

If you disable this policy, non-secure HTTP requests from the Basic authentication scheme are blocked, and only secure HTTPS is allowed.

This policy setting is ignored (and Basic is always forbidden) if the AuthSchemes policy is set and does not include Basic.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BasicAuthOverHttpEnabled
  • GP name: Allow Basic authentication for HTTP
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/HTTP authentication
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BasicAuthOverHttpEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: BasicAuthOverHttpEnabled
  • Example value:
<false/>

Back to top

DisableAuthNegotiateCnameLookup

Disable CNAME lookup when negotiating Kerberos authentication

Supported versions:

  • On Windows and macOS since 77 or later

Description

Determines whether the generated Kerberos SPN is based on the canonical DNS name (CNAME) or on the original name entered.

If you enable this policy, CNAME lookup is skipped and the server name (as entered) is used.

If you disable this policy or don't configure it, the canonical name of the server is used. This is determined through CNAME lookup.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DisableAuthNegotiateCnameLookup
  • GP name: Disable CNAME lookup when negotiating Kerberos authentication
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/HTTP authentication
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DisableAuthNegotiateCnameLookup
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: DisableAuthNegotiateCnameLookup
  • Example value:
<false/>

Back to top

EnableAuthNegotiatePort

Include non-standard port in Kerberos SPN

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies whether the generated Kerberos SPN should include a non-standard port.

If you enable this policy, and a user includes a non-standard port (a port other than 80 or 443) in a URL, that port is included in the generated Kerberos SPN.

If you don't configure or disable this policy, the generated Kerberos SPN won't include a port in any case.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnableAuthNegotiatePort
  • GP name: Include non-standard port in Kerberos SPN
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/HTTP authentication
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnableAuthNegotiatePort
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: EnableAuthNegotiatePort
  • Example value:
<false/>

Back to top

NtlmV2Enabled

Control whether NTLMv2 authentication is enabled

Supported versions:

  • On macOS since 77 or later

Description

Controls whether NTLMv2 is enabled.

All recent versions of Samba and Windows servers support NTLMv2. You should only disable NTLMv2 to address issues with backwards compatibility as it reduces the security of authentication.

If you don't configure this policy, NTLMv2 is enabled by default.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Mac information and settings

  • Preference Key Name: NtlmV2Enabled
  • Example value:
<true/>

Back to top

WindowsHelloForHTTPAuthEnabled

Windows Hello For HTTP Auth Enabled

Supported versions:

  • On Windows since 90 or later

Description

Indicates if Windows Credential UI should be used to respond to NTLM and Negotiate authentication challenges.

If you disable this policy, a basic username and password prompt will be used to respond to NTLM and Negotiate challenges. If you enable or don't configure this policy, Windows Credential UI will be used.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WindowsHelloForHTTPAuthEnabled
  • GP name: Windows Hello For HTTP Auth Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/HTTP authentication
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/HTTP authentication
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: WindowsHelloForHTTPAuthEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

Identity and sign-in policies

Back to top

AutomaticProfileSwitchingSiteList

Configure the automatic profile switching site list

Supported versions:

  • On Windows and macOS since 120 or later

Description

Set this policy to control which profiles Microsoft Edge will use to open sites in. Switching configurations for sites listed in this policy take precedence over other heuristics Microsoft Edge uses for switching sites but note that sites not listed on this policy are still subject to switching by those heuristics. If this policy is not configured, Microsoft Edge will continue using its heuristics to automatically switch sites.

This policy maps a URL hostname to a profile that it should be opened in.

The 'site' field should take the form of a URL hostname.

The 'profile' field can take one of the following values:

  • 'Work': The most recently used Microsoft Entra signed-in profile will be used to open 'site'.

  • 'Personal': The most recently used MSA signed-in profile will be used to open 'site'.

  • 'No preference': The currently used profile will be used to open 'site'.

  • Wildcard email address: This takes the form of '*@contoso.com'. A profile whose username ends with the contents following the '*' will be used to open 'site'.

    Supported features:

    • Can be mandatory: Yes
    • Can be recommended: Yes
    • Dynamic Policy Refresh: Yes
    • Per Profile: No
    • Applies to a profile that is signed in with a Microsoft account: Yes

    Data Type:

    • Dictionary

    Windows information and settings

    Group Policy (ADMX) info
    • GP unique name: AutomaticProfileSwitchingSiteList
    • GP name: Configure the automatic profile switching site list
    • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
    • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Identity and sign-in
    • GP ADMX file name: MSEdge.admx
    Windows Registry Settings
    • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
    • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
    • Value Name: AutomaticProfileSwitchingSiteList
    • Value Type: REG_SZ
    Example value:
SOFTWARE\Policies\Microsoft\Edge\AutomaticProfileSwitchingSiteList = [
  {
    "profile": "Work",
    "site": "work.com"
  },
  {
    "profile": "Personal",
    "site": "personal.com"
  },
  {
    "profile": "No preference",
    "site": "nopreference.com"
  },
  {
    "profile": "*@contoso.com",
    "site": "contoso.com"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\AutomaticProfileSwitchingSiteList = [{"profile": "Work", "site": "work.com"}, {"profile": "Personal", "site": "personal.com"}, {"profile": "No preference", "site": "nopreference.com"}, {"profile": "*@contoso.com", "site": "contoso.com"}]

Mac information and settings

  • Preference Key Name: AutomaticProfileSwitchingSiteList
  • Example value:
<key>AutomaticProfileSwitchingSiteList</key>
<array>
  <dict>
    <key>profile</key>
    <string>Work</string>
    <key>site</key>
    <string>work.com</string>
  </dict>
  <dict>
    <key>profile</key>
    <string>Personal</string>
    <key>site</key>
    <string>personal.com</string>
  </dict>
  <dict>
    <key>profile</key>
    <string>No preference</string>
    <key>site</key>
    <string>nopreference.com</string>
  </dict>
  <dict>
    <key>profile</key>
    <string>*@contoso.com</string>
    <key>site</key>
    <string>contoso.com</string>
  </dict>
</array>

Back to top

EdgeDefaultProfileEnabled

Default Profile Setting Enabled

Supported versions:

  • On Windows since 101 or later

Description

Configuring this policy will let you set a default profile in Microsoft Edge to be used when opening the browser rather than the last profile used. This policy won't affect when "--profile-directory" parameter has been specified. Set the value to "Default" to refer to the default profile. The value is case sensitive. The value of the policy is the name of the profile (case sensitive) and can be configured with string that is the name of a specific profile. The value "Edge Kids Mode" and "Guest Profile" are considered not useful values because they not supposed to be a default profile. This policy won't impact the following scenarios:

  1. Settings specified in "Profile preferences for sites" in "Profile preferences"
  2. Links opening from Outlook and Teams.

The following statements are under the condition of not specify the "--profile-directory" and configured value is not "Edge Kids Mode" or "Guest Profile": If you enable this policy and configure it with a specific profile name and the specified profile can be found, Microsoft Edge will use the specified profile when launching and the setting of "Default profile for external link" is changed to the specified profile name and greyed out. If you enable this policy and configure it with a specific profile name but it can't be found, the policy will behave like it's never been set before. If you enable this policy, but don't configure or disable it, the policy will behave like it's never been set before.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeDefaultProfileEnabled
  • GP name: Default Profile Setting Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeDefaultProfileEnabled
  • Value Type: REG_SZ
Example value:
"Default"

Back to top

GuidedSwitchEnabled

Guided Switch Enabled

Supported versions:

  • On Windows and macOS since 103 or later

Description

Allows Microsoft Edge to prompt the user to switch to the appropriate profile when Microsoft Edge detects that a link is a personal or work link.

If you enable this policy, you'll be prompted to switch to another account if the current profile doesn't work for the requesting link.

If you disable this policy, you won't be prompted to switch to another account when there's a profile and link mismatch.

If this policy isn't configured, guided switch is turned on by default. A user can override this value in the browser settings.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: GuidedSwitchEnabled
  • GP name: Guided Switch Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: GuidedSwitchEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: GuidedSwitchEnabled
  • Example value:
<false/>

Back to top

ImplicitSignInEnabled

Enable implicit sign-in

Supported versions:

  • On Windows since 93 or later

Description

Configure this policy to allow/disallow implicit sign-in.

If you have configured the BrowserSignin policy to 'Disable browser sign-in', this policy will not take any effect.

If you enable or don't configure this setting, implicit sign-in will be enabled, Edge will attempt to sign the user into their profile based on what and how they sign in to their OS.

If you disable this setting, implicit sign-in will be disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImplicitSignInEnabled
  • GP name: Enable implicit sign-in
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ImplicitSignInEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

LinkedAccountEnabled

Enable the linked account feature

Supported versions:

  • On Windows and macOS since 107 or later

Description

Microsoft Edge guides a user to the account management page where they can link a Microsoft Account (MSA) to an Azure Active Directory (Azure AD) account.

If you enable or don't configure this policy, linked account information will be shown on a flyout. When the Azure AD profile doesn't have a linked account it will show "Add account".

If you disable this policy, linked accounts will be turned off and no extra information will be shown.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: LinkedAccountEnabled
  • GP name: Enable the linked account feature
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: LinkedAccountEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: LinkedAccountEnabled
  • Example value:
<false/>

Back to top

OneAuthAuthenticationEnforced

OneAuth Authentication Flow Enforced for signin

Supported versions:

  • On Windows since 93 or later

Description

This policy allows users to decide whether to use the OneAuth library for sign-in and token fetch in Microsoft Edge on Windows 10 RS3 and above.

If you disable or don't configure this policy, signin process will use Windows Account Manager. Microsoft Edge would be able to use accounts you logged in to Windows, Microsoft Office, or other Microsoft applications for login, without the needing of password. Or you can provide valid account and password to sign in, which will be stored in Windows Account Manager for future usage. You will be able to investigate all accounts stored in Windows Account Manager through Windows Settings -> Accounts -> Email and accounts page.

If you enable this policy, OneAuth authentication flow will be used for account signin. The OneAuth authentication flow has fewer dependencies and can work without Windows shell. The account you use would not be stored in the Email and accounts page.

This policy will only take effect on Windows 10 RS3 and above. On Windows 10 below RS3, OneAuth is used for authentication in Microsoft Edge by default.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: OneAuthAuthenticationEnforced
  • GP name: OneAuth Authentication Flow Enforced for signin
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: OneAuthAuthenticationEnforced
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

OnlyOnPremisesImplicitSigninEnabled

Only on-premises account enabled for implicit sign-in

Supported versions:

  • On Windows since 94 or later

Description

Configure this policy to decide whether only on-premises accounts are enabled for implicit sign-in.

If you enable this policy, only on-premises accounts will be enabled for implicit sign-in. Microsoft Edge won't attempt to implicitly sign in to MSA or AAD accounts. Upgrade from on-premises accounts to AAD accounts will be stopped as well.

If you disable or don't configure this policy, all accounts will be enabled for implicit sign-in.

This policy will only take effect when policy ConfigureOnPremisesAccountAutoSignIn is enabled and set to 'SignInAndMakeDomainAccountNonRemovable'.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: OnlyOnPremisesImplicitSigninEnabled
  • GP name: Only on-premises account enabled for implicit sign-in
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: OnlyOnPremisesImplicitSigninEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

SignInCtaOnNtpEnabled

Enable sign in click to action dialog

Supported versions:

  • On Windows and macOS since 99 or later

Description

Configure this policy to show sign in click to action dialog on New tab page.

If you enable or don't configure this policy, sign in click to action dialog is shown on New tab page.

If you disable this policy, sign in click to action dialog isn't shown on the New tab page.

Supported features:

  • Can be mandatory: No
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SignInCtaOnNtpEnabled
  • GP name: Enable sign in click to action dialog
  • GP path (Mandatory): N/A
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Identity and sign-in
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): N/A
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: SignInCtaOnNtpEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SignInCtaOnNtpEnabled
  • Example value:
<true/>

Back to top

SwitchIntranetSitesToWorkProfile

Switch intranet sites to a work profile

Supported versions:

  • On Windows and macOS since 119 or later

Description

Allows Microsoft Edge to switch to the appropriate profile when Microsoft Edge detects that a URL is the intranet.

If you enable or don't configure this policy, navigations to intranet URLs will switch to the most recently used work profile if one exists.

If you disable this policy, navigations to intranet URLs will remain in the current browser profile.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SwitchIntranetSitesToWorkProfile
  • GP name: Switch intranet sites to a work profile
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SwitchIntranetSitesToWorkProfile
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: SwitchIntranetSitesToWorkProfile
  • Example value:
<false/>

Back to top

SwitchSitesOnIEModeSiteListToWorkProfile

Switch sites on the IE mode site list to a work profile

Supported versions:

  • On Windows since 119 or later

Description

Allows Microsoft Edge to switch to the appropriate profile when navigating to a site that matches an entry on the IE mode site list. Only sites that specify IE mode or Edge mode will be switched to the work profile.

If you enable or don't configure this policy, navigations to URLs matching a site on the IE mode site list will switch to the most recently used work profile if one exists.

If you disable this policy, navigations to URLs matching a site on the IE mode site list will remain in the current browser profile.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SwitchSitesOnIEModeSiteListToWorkProfile
  • GP name: Switch sites on the IE mode site list to a work profile
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SwitchSitesOnIEModeSiteListToWorkProfile
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

WAMAuthBelowWin10RS3Enabled

WAM for authentication below Windows 10 RS3 enabled

Supported versions:

  • On Windows since 93 or later

Description

Configure this policy to decide whether WAM is used for authentication in Microsoft Edge on Windows 10 RS1 and RS2.

If you enable this setting, WAM will be used in the authentication flow on Windows 10 RS1 and RS2.

If you disable or don't configure this setting, OneAuth libraries will be used instead of WAM on Windows 10 RS1 and RS2.

Note that if this policy is enabled, then previous sign-in sessions (which used OneAuth by default) cannot be used. Please sign out of those profiles.

This policy will only take effect on Windows 10 RS1 and RS2. On Windows 10 RS3 and above, WAM is used for authentication in Microsoft Edge by default.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WAMAuthBelowWin10RS3Enabled
  • GP name: WAM for authentication below Windows 10 RS3 enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WAMAuthBelowWin10RS3Enabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

Idle Browser Actions policies

Back to top

Immersive Reader settings policies

Back to top

ImmersiveReaderGrammarToolsEnabled

Enable Grammar Tools feature within Immersive Reader in Microsoft Edge

Supported versions:

  • On Windows and macOS since 110 or later

Description

Enables the Grammar Tools feature within Immersive Reader in Microsoft Edge. This helps improve reading comprehension by splitting words into syllables and highlighting nouns, verbs, adverbs, and adjectives.

If you enable this policy or don't configure it, the Grammar Tools option shows up within Immersive Reader. If you disable this policy, users can't access the Grammar Tools feature within Immersive Reader.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImmersiveReaderGrammarToolsEnabled
  • GP name: Enable Grammar Tools feature within Immersive Reader in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Immersive Reader settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ImmersiveReaderGrammarToolsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImmersiveReaderGrammarToolsEnabled
  • Example value:
<true/>

Back to top

ImmersiveReaderPictureDictionaryEnabled

Enable Picture Dictionary feature within Immersive Reader in Microsoft Edge

Supported versions:

  • On Windows and macOS since 110 or later

Description

Enables the Picture Dictionary feature within Immersive Reader in Microsoft Edge. This feature helps in reading comprehension by letting a user to click on any single word and see an illustration related to the meaning.

If you enable this policy or don't configure it, the Picture Dictionary option shows up within Immersive Reader. If you disable this policy, users can't access the Picture Dictionary feature within Immersive Reader.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImmersiveReaderPictureDictionaryEnabled
  • GP name: Enable Picture Dictionary feature within Immersive Reader in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Immersive Reader settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ImmersiveReaderPictureDictionaryEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImmersiveReaderPictureDictionaryEnabled
  • Example value:
<true/>

Back to top

Kiosk Mode settings policies

Back to top

KioskAddressBarEditingEnabled

Configure address bar editing for kiosk mode public browsing experience

Supported versions:

  • On Windows since 87 or later

Description

This policy only applies to Microsoft Edge kiosk mode while using the public browsing experience.

If you enable or don't configure this policy, users can change the URL in the address bar.

If you disable this policy, it prevents users from changing the URL in the address bar.

For detailed information on configuring kiosk Mode, see https://go.microsoft.com/fwlink/?linkid=2137578.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: KioskAddressBarEditingEnabled
  • GP name: Configure address bar editing for kiosk mode public browsing experience
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Kiosk Mode settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: KioskAddressBarEditingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

KioskDeleteDownloadsOnExit

Delete files downloaded as part of kiosk session when Microsoft Edge closes

Supported versions:

  • On Windows since 87 or later

Description

This policy only applies to Microsoft Edge kiosk mode.

If you enable this policy, files downloaded as part of the kiosk session are deleted each time Microsoft Edge closes.

If you disable this policy or don't configure it, files downloaded as part of the kiosk session are not deleted when Microsoft Edge closes.

For detailed information on configuring kiosk Mode, see https://go.microsoft.com/fwlink/?linkid=2137578.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: KioskDeleteDownloadsOnExit
  • GP name: Delete files downloaded as part of kiosk session when Microsoft Edge closes
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Kiosk Mode settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: KioskDeleteDownloadsOnExit
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

KioskSwipeGesturesEnabled

Swipe gestures in Microsoft Edge kiosk mode enabled

Supported versions:

  • On Windows since 101 or later

Description

This policy only applies to Microsoft Edge kiosk mode.

If you enable this policy or don't configure it, swipe gestures will behave as expected.

If you disable this policy, the user will not be able to use swipe gestures (for example navigate forwards and backwards, refresh page).

For detailed information on configuring kiosk mode, see https://go.microsoft.com/fwlink/?linkid=2137578.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: KioskSwipeGesturesEnabled
  • GP name: Swipe gestures in Microsoft Edge kiosk mode enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Kiosk Mode settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: KioskSwipeGesturesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

Manageability policies

Back to top

EdgeManagementEnabled

Microsoft Edge management enabled

Supported versions:

  • On Windows since 115 or later

Description

Microsoft Edge management service in Microsoft 365 Admin Center lets you set policy and manage users through a Microsoft Edge focused cloud-based management experience. This policy lets you control whether Microsoft Edge management is enabled.

If you enable or don't configure this policy, Microsoft Edge will attempt to connect to the Microsoft Edge management service to download and apply policy assigned to the Azure AD account of the user.

If you disable this policy, Microsoft Edge will not attempt to connect to the Microsoft Edge management service.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeManagementEnabled
  • GP name: Microsoft Edge management enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Manageability
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeManagementEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

EdgeManagementEnrollmentToken

Microsoft Edge management enrollment token

Supported versions:

  • On Windows since 115 or later

Description

Microsoft Edge management service in Microsoft 365 Admin Center lets you set policy and manage users through a Microsoft Edge focused cloud-based management experience. This policy lets you specify an enrollment token that's used to register with Microsoft Edge management service and deploy the associated policies. The user must be signed into Microsoft Edge with a valid work or school account otherwise Microsoft Edge will not download the policy.

If you enable this policy, Microsoft Edge will attempt to use the specified enrollment token to register with the Microsoft Edge management service and download the published policy.

If you disable or don't configure this policy, Microsoft Edge will not attempt to connect to the Microsoft Edge management service.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeManagementEnrollmentToken
  • GP name: Microsoft Edge management enrollment token
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Manageability
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeManagementEnrollmentToken
  • Value Type: REG_SZ
Example value:
"RgAAAACBbzoQDmUrRfq3WeKUoFeEBwBOqK2QPYsBT5V3lQFoKND-AAAAAAEVAAAOqK2QPYvBT5V4lQFoKMD-AAADTXvzAAAA0"

Back to top

EdgeManagementExtensionsFeedbackEnabled

Microsoft Edge management extensions feedback enabled

Supported versions:

  • On Windows and macOS since 115 or later

Description

This setting controls whether Microsoft Edge sends data about blocked extensions to the Microsoft Edge management service.

The 'EdgeManagementEnabled' policy must also be enabled for this setting to take effect.

If you enable this policy, Microsoft Edge will send data to the Microsoft Edge service when a user tries to install a blocked extension.

If you disable or don't configure this policy, Microsoft Edge won't send any data to the Microsoft Edge service about blocked extensions.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeManagementExtensionsFeedbackEnabled
  • GP name: Microsoft Edge management extensions feedback enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Manageability
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeManagementExtensionsFeedbackEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeManagementExtensionsFeedbackEnabled
  • Example value:
<true/>

Back to top

EdgeManagementPolicyOverridesPlatformPolicy

Microsoft Edge management service policy overrides platform policy.

Supported versions:

  • On Windows and macOS since 119 or later

Description

If you enable this policy, the cloud-based Microsoft Edge management service policy takes precedence if it conflicts with platform policy.

If you disable or don't configure this policy, platform policy takes precedence if it conflicts with the cloud-based Microsoft Edge management service policy.

This mandatory policy affects machine scope cloud-based Microsoft Edge management policies.

Machine policies apply to all edge browser instances regardless of the user who is logged in.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeManagementPolicyOverridesPlatformPolicy
  • GP name: Microsoft Edge management service policy overrides platform policy.
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Manageability
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeManagementPolicyOverridesPlatformPolicy
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: EdgeManagementPolicyOverridesPlatformPolicy
  • Example value:
<false/>

Back to top

EdgeManagementUserPolicyOverridesCloudMachinePolicy

Allow cloud-based Microsoft Edge management service user policies to override local user policies.

Supported versions:

  • On Windows and macOS since 119 or later

Description

If you enable this policy, cloud-based Microsoft Edge management service user policies takes precedence if it conflicts with local user policy.

If you disable or don't configure this policy, Microsoft Edge management service user policies will take precedence.

The policy can be combined with EdgeManagementPolicyOverridesPlatformPolicy. If both policies are enabled, all cloud-based Microsoft Edge management service policies will take precedence over conflicting local service policies.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeManagementUserPolicyOverridesCloudMachinePolicy
  • GP name: Allow cloud-based Microsoft Edge management service user policies to override local user policies.
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Manageability
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeManagementUserPolicyOverridesCloudMachinePolicy
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: EdgeManagementUserPolicyOverridesCloudMachinePolicy
  • Example value:
<false/>

Back to top

MAMEnabled

Mobile App Management Enabled

Supported versions:

  • On Windows and macOS since 89 or later

Description

Allows the Microsoft Edge browser to retrieve policies from the Intune application management services and apply them to users' profiles.

If you enable this policy or don't configure it, Mobile App Management (MAM) Policies can be applied.

If you disable this policy, Microsoft Edge will not communicate with Intune to request MAM Policies.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MAMEnabled
  • GP name: Mobile App Management Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Manageability
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: MAMEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: MAMEnabled
  • Example value:
<false/>

Back to top

Native Messaging policies

Back to top

NativeMessagingAllowlist

Control which native messaging hosts users can use

Supported versions:

  • On Windows and macOS since 77 or later

Description

Setting the policy specifies which native messaging hosts aren't subject to the deny list. A deny list value of * means all native messaging hosts are denied unless they're explicitly allowed.

All native messaging hosts are allowed by default. However, if a native messaging host is denied by policy, the admin can use the allow list to change that policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NativeMessagingAllowlist
  • GP name: Control which native messaging hosts users can use
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Native Messaging
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\NativeMessagingAllowlist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\NativeMessagingAllowlist\1 = "com.native.messaging.host.name1"
SOFTWARE\Policies\Microsoft\Edge\NativeMessagingAllowlist\2 = "com.native.messaging.host.name2"

Mac information and settings

  • Preference Key Name: NativeMessagingAllowlist
  • Example value:
<array>
  <string>com.native.messaging.host.name1</string>
  <string>com.native.messaging.host.name2</string>
</array>

Back to top

NativeMessagingBlocklist

Configure native messaging block list

Supported versions:

  • On Windows and macOS since 77 or later

Description

Setting this policy specifies which native messaging hosts shouldn't be loaded. A deny list value of * means all native messaging hosts are denied unless they're explicitly allowed.

If you leave this policy unset , Microsoft Edge loads all installed native messaging hosts.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NativeMessagingBlocklist
  • GP name: Configure native messaging block list
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Native Messaging
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\NativeMessagingBlocklist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\NativeMessagingBlocklist\1 = "com.native.messaging.host.name1"
SOFTWARE\Policies\Microsoft\Edge\NativeMessagingBlocklist\2 = "com.native.messaging.host.name2"

Mac information and settings

  • Preference Key Name: NativeMessagingBlocklist
  • Example value:
<array>
  <string>com.native.messaging.host.name1</string>
  <string>com.native.messaging.host.name2</string>
</array>

Back to top

NativeMessagingUserLevelHosts

Allow user-level native messaging hosts (installed without admin permissions)

Supported versions:

  • On Windows and macOS since 77 or later

Description

If you set this policy to Enabled or leave it unset, Microsoft Edge can use native messaging hosts installed at the user level.

If you set this policy to Disabled, Microsoft Edge can only use these hosts if they're installed at the system level.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NativeMessagingUserLevelHosts
  • GP name: Allow user-level native messaging hosts (installed without admin permissions)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Native Messaging
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NativeMessagingUserLevelHosts
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: NativeMessagingUserLevelHosts
  • Example value:
<false/>

Back to top

Network settings policies

Back to top

AccessControlAllowMethodsInCORSPreflightSpecConformant

Make Access-Control-Allow-Methods matching in CORS preflight spec conformant

Supported versions:

  • On Windows and macOS since 123 or later

Description

This policy controls whether request methods are uppercased when matching with Access-Control-Allow-Methods response headers in CORS preflight.

If you disable this policy, request methods are uppercased. This is the behavior on or before Microsoft Edge 108.

If you enable or don't configure this policy, request methods are not uppercased, unless matching case-insensitively with DELETE, GET, HEAD, OPTIONS, POST, or PUT.

This would reject fetch(url, {method: 'Foo'}) + "Access-Control-Allow-Methods: FOO" response header, and would accept fetch(url, {method: 'Foo'}) + "Access-Control-Allow-Methods: Foo" response header.

Note: request methods "post" and "put" are not affected, while "patch" is affected.

This policy is intended to be temporary and will be removed in the future.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AccessControlAllowMethodsInCORSPreflightSpecConformant
  • GP name: Make Access-Control-Allow-Methods matching in CORS preflight spec conformant
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Network settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AccessControlAllowMethodsInCORSPreflightSpecConformant
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AccessControlAllowMethodsInCORSPreflightSpecConformant
  • Example value:
<true/>

Back to top

BlockTruncatedCookies

Block truncated cookies

Supported versions:

  • On Windows and macOS since 123 or later

Description

This policy provides a temporary opt-out for changes to how Microsoft Edge handles cookies set via JavaScript that contain certain control characters (NULL, carriage return, and line feed). Previously, the presence of any of these characters in a cookie string would cause it to be truncated but still set. Now, the presence of these characters will cause the whole cookie string to be ignored.

If you enable or don't configure this policy, the new behavior is enabled.

If you disable this policy, the old behavior is enabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BlockTruncatedCookies
  • GP name: Block truncated cookies
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Network settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BlockTruncatedCookies
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: BlockTruncatedCookies
  • Example value:
<false/>

Back to top

CompressionDictionaryTransportEnabled

Enable compression dictionary transport support

Supported versions:

  • On Windows and macOS since 118 or later

Description

This feature enables the use of dictionary-specific content encodings in the Accept-Encoding request header ("sbr" and "zst-d") when dictionaries are available for use.

If you enable this policy or don't configure it, Microsoft Edge will accept web contents using the compression dictionary transport feature.

If you disable this policy, Microsoft Edge will turn off the compression dictionary transport feature.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CompressionDictionaryTransportEnabled
  • GP name: Enable compression dictionary transport support
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Network settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: CompressionDictionaryTransportEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: CompressionDictionaryTransportEnabled
  • Example value:
<true/>

Back to top

Password manager and protection policies

Back to top

PasswordDeleteOnBrowserCloseEnabled

Prevent passwords from being deleted if any Edge settings is enabled to delete browsing data when Microsoft Edge closes

Supported versions:

  • On Windows and macOS since 117 or later

Description

When this policy is enabled, the passwords saved with Edge Password Manager are exempted from deletion when the browser closes. This policy is only effective when:

  • The 'Passwords' toggle is configured in Settings/Privacy and services/Clear browsing data on close or
  • The policy ClearBrowsingDataOnExit is enabled

If you enable this policy, passwords won't be cleared when the browser closes. If you disable or don't configure this policy, the user's personal configuration is used.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PasswordDeleteOnBrowserCloseEnabled
  • GP name: Prevent passwords from being deleted if any Edge settings is enabled to delete browsing data when Microsoft Edge closes
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Password manager and protection
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Password manager and protection
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: PasswordDeleteOnBrowserCloseEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PasswordDeleteOnBrowserCloseEnabled
  • Example value:
<true/>

Back to top

PasswordGeneratorEnabled

Allow users to get a strong password suggestion whenever they are creating an account online

Supported versions:

  • On Windows and macOS since 93 or later

Description

Configures the Password Generator Settings toggle that enables/disables the feature for users.

If you enable or don't configure this policy, then Password Generator will offer users a strong and unique password suggestion (via a dropdown) on Signup and Change Password pages.

If you disable this policy, users will no longer see strong password suggestions on Signup or Change Password pages.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PasswordGeneratorEnabled
  • GP name: Allow users to get a strong password suggestion whenever they are creating an account online
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Password manager and protection
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PasswordGeneratorEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: PasswordGeneratorEnabled
  • Example value:
<false/>

Back to top

PasswordManagerBlocklist

Configure the list of domains for which the password manager UI (Save and Fill) will be disabled

Supported versions:

  • On Windows and macOS since 99 or later

Description

Configure the list of domains where Microsoft Edge should disable the password manager. This means that Save and Fill workflows will be disabled, ensuring that passwords for those websites can't be saved or auto filled into web forms.

If you enable this policy, the password manager will be disabled for the specified set of domains.

If you disable or don't configure this policy, password manager will work as usual for all domains.

If you configure this policy, that is, add domains for which password manager is blocked, users can't change or override the behavior in Microsoft Edge. In addition, users can't use password manager for those URLs.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PasswordManagerBlocklist
  • GP name: Configure the list of domains for which the password manager UI (Save and Fill) will be disabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Password manager and protection
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\PasswordManagerBlocklist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\PasswordManagerBlocklist\1 = "https://contoso.com/"
SOFTWARE\Policies\Microsoft\Edge\PasswordManagerBlocklist\2 = "https://login.contoso.com"

Mac information and settings

  • Preference Key Name: PasswordManagerBlocklist
  • Example value:
<array>
  <string>https://contoso.com/</string>
  <string>https://login.contoso.com</string>
</array>

Back to top

PasswordManagerEnabled

Enable saving passwords to the password manager

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enable Microsoft Edge to save user passwords. The next time a user visits a site with a saved password, Microsoft Edge will enter the password automatically.

If you enable or don't configure this policy, users can save and add their passwords in Microsoft Edge.

If you disable this policy, users can't save and add new passwords, but they can still use previously saved passwords.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PasswordManagerEnabled
  • GP name: Enable saving passwords to the password manager
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Password manager and protection
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Password manager and protection
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: PasswordManagerEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PasswordManagerEnabled
  • Example value:
<true/>

Back to top

PasswordManagerRestrictLengthEnabled

Restrict the length of passwords that can be saved in the Password Manager

Supported versions:

  • On Windows and macOS since 104 or later

Description

Make Microsoft Edge restrict the length of usernames and/or passwords that can be saved in the Password Manager.

If you enable this policy, Microsoft Edge will not let the user save credentials with usernames and/or passwords longer than 256 characters.

If you disable or don't configure this policy, Microsoft Edge will let the user save credentials with arbitrarily long usernames and/or passwords.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PasswordManagerRestrictLengthEnabled
  • GP name: Restrict the length of passwords that can be saved in the Password Manager
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Password manager and protection
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PasswordManagerRestrictLengthEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PasswordManagerRestrictLengthEnabled
  • Example value:
<true/>

Back to top

PasswordMonitorAllowed

Allow users to be alerted if their passwords are found to be unsafe

Supported versions:

  • On Windows since 85 or later
  • On macOS since 93 or later

Description

Allow Microsoft Edge to monitor user passwords.

If you enable this policy and a user consents to enabling the policy, the user will get alerted if any of their passwords stored in Microsoft Edge are found to be unsafe. Microsoft Edge will show an alert and this information will also be available in Settings > Passwords > Password Monitor.

If you disable this policy, users will not be asked for permission to enable this feature. Their passwords will not be scanned and they will not be alerted either.

If you enable or don't configure the policy, users can turn this feature on or off.

To learn more about how Microsoft Edge finds unsafe passwords see https://go.microsoft.com/fwlink/?linkid=2133833

Additional guidance:

This policy can be set as both Recommended as well as Mandatory, however with an important callout.

Mandatory enabled: Given that individual user consent is a pre-condition to enabling this feature for a given user, this policy does not have a Mandatory enabled setting. If the policy is set to Mandatory enabled, the UI in Settings will not change and the following error message will be displayed in edge://policy

Example Error state message: "This policy value is ignored because Password Monitor requires the consent of the individual user for it to be turned on. You can ask users in your Organization to go to Settings > Profile > Password and turn on the feature."

Recommended enabled: If the policy is set to Recommended enabled, the UI in Settings will remain in 'Off' state, but a briefcase icon will be made visible next to it with this description displayed on hover - "Your organization recommends a specific value for this setting and you have chosen a different value"

Mandatory and Recommended disabled: Both these states will work the normal way, with the usual captions being shown to users.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PasswordMonitorAllowed
  • GP name: Allow users to be alerted if their passwords are found to be unsafe
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Password manager and protection
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Password manager and protection
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: PasswordMonitorAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PasswordMonitorAllowed
  • Example value:
<true/>

Back to top

PasswordProtectionChangePasswordURL

Configure the change password URL

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configures the change password URL (HTTP and HTTPS schemes only).

Password protection service will send users to this URL to change their password after seeing a warning in the browser.

If you enable this policy, then password protection service sends users to this URL to change their password.

If you disable this policy or don't configure it, then password protection service will not redirect users to a change password URL.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PasswordProtectionChangePasswordURL
  • GP name: Configure the change password URL
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Password manager and protection
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PasswordProtectionChangePasswordURL
  • Value Type: REG_SZ
Example value:
"https://contoso.com/change_password.html"

Mac information and settings

  • Preference Key Name: PasswordProtectionChangePasswordURL
  • Example value:
<string>https://contoso.com/change_password.html</string>

Back to top

PasswordProtectionLoginURLs

Configure the list of enterprise login URLs where the password protection service should capture salted hashes of a password

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configure the list of enterprise login URLs (HTTP and HTTPS schemes only) where Microsoft Edge should capture the salted hashes of passwords and use it for password reuse detection.

If you enable this policy, the password protection service captures fingerprints of passwords on the defined URLs.

If you disable this policy or don't configure it, no password fingerprints are captured.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PasswordProtectionLoginURLs
  • GP name: Configure the list of enterprise login URLs where the password protection service should capture salted hashes of a password
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Password manager and protection
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\PasswordProtectionLoginURLs
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\PasswordProtectionLoginURLs\1 = "https://contoso.com/login.html"
SOFTWARE\Policies\Microsoft\Edge\PasswordProtectionLoginURLs\2 = "https://login.contoso.com"

Mac information and settings

  • Preference Key Name: PasswordProtectionLoginURLs
  • Example value:
<array>
  <string>https://contoso.com/login.html</string>
  <string>https://login.contoso.com</string>
</array>

Back to top

PasswordProtectionWarningTrigger

Configure password protection warning trigger

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows you to control when to trigger password protection warning. Password protection alerts users when they reuse their protected password on potentially suspicious sites.

You can use the PasswordProtectionLoginURLs and PasswordProtectionChangePasswordURL policies to configure which passwords to protect.

Exemptions: Passwords for the sites listed in PasswordProtectionLoginURLs and PasswordProtectionChangePasswordURL, as well as for the sites listed in SmartScreenAllowListDomains, will not trigger a password-protection warning.

Set to 'PasswordProtectionWarningOff' to not show password protection warningss.

Set to 'PasswordProtectionWarningOnPasswordReuse' to show password protection warnings when the user reuses their protected password on a non-allowlisted site.

If you disable or don't configure this policy, then the warning trigger is not shown.

Policy options mapping:

  • PasswordProtectionWarningOff (0) = Password protection warning is off

  • PasswordProtectionWarningOnPasswordReuse (1) = Password protection warning is triggered by password reuse

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PasswordProtectionWarningTrigger
  • GP name: Configure password protection warning trigger
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Password manager and protection
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PasswordProtectionWarningTrigger
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PasswordProtectionWarningTrigger
  • Example value:
<integer>1</integer>

Back to top

PasswordRevealEnabled

Enable Password reveal button

Supported versions:

  • On Windows and macOS since 87 or later

Description

Lets you configure the default display of the browser password reveal button for password input fields on websites.

If you enable or don't configure this policy, the browser user setting defaults to displaying the password reveal button.

If you disable this policy, the browser user setting won't display the password reveal button.

For accessibility, users can change the browser setting from the default policy.

This policy only affects the browser password reveal button, it doesn't affect websites' custom reveal buttons.

Supported features:

  • Can be mandatory: No
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PasswordRevealEnabled
  • GP name: Enable Password reveal button
  • GP path (Mandatory): N/A
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Password manager and protection
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): N/A
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: PasswordRevealEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PasswordRevealEnabled
  • Example value:
<true/>

Back to top

PrimaryPasswordSetting

Configures a setting that asks users to enter their device password while using password autofill

Supported versions:

  • On Windows and macOS since 93 or later

Description

The feature helps users add an additional layer of privacy to their online accounts by requiring device authentication (as a way of confirming the user's identity) before the saved password is auto-filled into a web form. This ensures that non-authorized persons can't use saved passwords for autofill.

This group policy configures the radio button selector that enables this feature for users. It also has a frequency control where users can specify how often they would like to be prompted for authentication.

If you set this policy to 'Automatically', disable this policy, or don't configure this policy, autofill will not have any authentication flow.

If you set this policy to 'WithDevicePassword', users will have to enter their device password (or preferred mode of authentication under Windows) to prove their identity before their password is auto filled. Authentication modes include Windows Hello, PIN, face recognition, or fingerprint. The frequency for authentication prompt will be set to 'Ask permission once per browsing session' by default. However, users can change it to the other option, which is 'Always ask permission'.

If you set this policy to 'WithCustomPrimaryPassword', users will be asked to create their custom password and then to be redirected to Settings. After the custom password is set, users can authenticate themselves using the custom password and their passwords will get auto-filled after successful authentication. The frequency for authentication prompt will be set to 'Ask permission once per browsing session' by default. However, users can change it to the other option, which is 'Always ask permission'.

If you set this policy to 'AutofillOff', saved passwords will no longer be suggested for autofill.

Policy options mapping:

  • Automatically (0) = Automatically

  • WithDevicePassword (1) = With device password

  • WithCustomPrimaryPassword (2) = With custom primary password

  • AutofillOff (3) = Autofill off

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrimaryPasswordSetting
  • GP name: Configures a setting that asks users to enter their device password while using password autofill
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Password manager and protection
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PrimaryPasswordSetting
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: PrimaryPasswordSetting
  • Example value:
<integer>0</integer>

Back to top

Performance policies

Back to top

EfficiencyMode

Configure when efficiency mode should become active

Supported versions:

  • On Windows and macOS since 96 or later

Description

This policy setting lets you configure when efficiency mode will become active. By default, efficiency mode is set to 'BalancedSavings'. On devices with no battery, the default is for efficiency mode to never become active.

Individual sites may be blocked from participating in efficiency mode by configuring the policy SleepingTabsBlockedForUrls.

Set this policy to 'AlwaysActive' and efficiency mode will always be active.

Set this policy to 'NeverActive' and efficiency mode will never become active.

Set this policy to 'ActiveWhenUnplugged' and efficiency mode will become active when the device is unplugged.

Set this policy to 'ActiveWhenUnpluggedBatteryLow' and efficiency mode will become active when the device is unplugged and the battery is low.

Set this policy to 'BalancedSavings' and when the device is unplugged, efficiency mode will take moderate steps to save battery. When the device is unplugged and the battery is low, efficiency mode will take additional steps to save battery.

Set this policy to 'MaximumSavings' and when the device is unplugged or unplugged and the battery is low, efficiency mode takes additional steps to save battery.

If the device does not have a battery, efficiency mode will never become active in any mode other than 'AlwaysActive' unless the setting or EfficiencyModeEnabled policy is enabled.

This policy has no effect if the EfficiencyModeEnabled policy is disabled.

Learn more about efficiency mode: https://go.microsoft.com/fwlink/?linkid=2173921

Policy options mapping:

  • AlwaysActive (0) = Efficiency mode is always active

  • NeverActive (1) = Efficiency mode is never active

  • ActiveWhenUnplugged (2) = Efficiency mode is active when the device is unplugged

  • ActiveWhenUnpluggedBatteryLow (3) = Efficiency mode is active when the device is unplugged and the battery is low

  • BalancedSavings (4) = When the device is unplugged, efficiency mode takes moderate steps to save battery. When the device is unplugged and the battery is low, efficiency mode takes additional steps to save battery.

  • MaximumSavings (5) = When the device is unplugged or unplugged and the battery is low, efficiency mode takes additional steps to save battery.

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EfficiencyMode
  • GP name: Configure when efficiency mode should become active
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Performance
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Performance
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: EfficiencyMode
  • Value Type: REG_DWORD
Example value:
0x00000003

Mac information and settings

  • Preference Key Name: EfficiencyMode
  • Example value:
<integer>3</integer>

Back to top

EfficiencyModeEnabled

Efficiency mode enabled

Supported versions:

  • On Windows and macOS since 106 or later

Description

Enables efficiency mode which helps extend battery life by saving computer resources. By default, efficiency mode is enabled for devices with a battery and disabled otherwise.

If you enable this policy, efficiency mode will become active according to the setting chosen by the user. You can configure the efficiency mode setting using the EfficiencyMode policy. If the device does not have a battery, efficiency mode will always be active.

If you disable this policy, efficiency mode will never become active. The EfficiencyMode and EfficiencyModeOnPowerEnabled policies will have no effect.

If you don't configure this policy, efficiency mode will be enabled for devices with a battery and disabled otherwise. Users can choose the efficiency mode option they want in edge://settings/system.

Learn more about efficiency mode: https://go.microsoft.com/fwlink/?linkid=2173921

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EfficiencyModeEnabled
  • GP name: Efficiency mode enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Performance
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Performance
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: EfficiencyModeEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EfficiencyModeEnabled
  • Example value:
<true/>

Back to top

EfficiencyModeOnPowerEnabled

Enable efficiency mode when the device is connected to a power source

Supported versions:

  • On Windows and macOS since 106 or later

Description

Allows efficiency mode to become active when the device is connected to a power source. On devices with no battery, this policy has no effect.

If you enable this policy, efficiency mode will become active when the device is connected to a power source.

If you disable or don't configure this policy, efficiency mode will never become active when the device is connected to a power source.

This policy has no effect if the EfficiencyModeEnabled policy is disabled.

Learn more about efficiency mode: https://go.microsoft.com/fwlink/?linkid=2173921

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EfficiencyModeOnPowerEnabled
  • GP name: Enable efficiency mode when the device is connected to a power source
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Performance
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Performance
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: EfficiencyModeOnPowerEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EfficiencyModeOnPowerEnabled
  • Example value:
<true/>

Back to top

PerformanceDetectorEnabled

Performance Detector Enabled

Supported versions:

  • On Windows and macOS since 107 or later

Description

The performance detector detects tab performance issues and recommends actions to fix the performance issues.

If you enable or don't configure this policy, performance detector is turned on.

If you disable this policy, performance detector is turned off.

The user can configure its behavior in edge://settings/system.

Learn more about performance detector: https://aka.ms/EdgePerformanceDetector

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PerformanceDetectorEnabled
  • GP name: Performance Detector Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Performance
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Performance
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: PerformanceDetectorEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PerformanceDetectorEnabled
  • Example value:
<true/>

Back to top

PinBrowserEssentialsToolbarButton

Pin browser essentials toolbar button

Supported versions:

  • On Windows and macOS since 114 or later

Description

This policy lets you configure whether to pin the Browser essentials button on the toolbar.

When the button is pinned, it will always appear on the toolbar.

When the button isn't pinned, it will only appear when there's an alert. An example of this kind of alert is the performance detector alert that indicates the browser is using high CPU or memory.

If you enable or don't configure this policy, the Browser essentials button will be pinned on the toolbar.

If you disable this policy, the Browser essentials button won't be pinned on the toolbar.

Learn more about browser essentials: https://go.microsoft.com/fwlink/?linkid=2240439

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PinBrowserEssentialsToolbarButton
  • GP name: Pin browser essentials toolbar button
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Performance
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Performance
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: PinBrowserEssentialsToolbarButton
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PinBrowserEssentialsToolbarButton
  • Example value:
<true/>

Back to top

StartupBoostEnabled

Enable startup boost

Supported versions:

  • On Windows since 88 or later

Description

Allows Microsoft Edge processes to start at OS sign-in and restart in background after the last browser window is closed.

If Microsoft Edge is running in background mode, the browser might not close when the last window is closed and the browser won't be restarted in background when the window closes. See the BackgroundModeEnabled policy for information about what happens after configuring Microsoft Edge background mode behavior.

If you enable this policy, startup boost is turned on.

If you disable this policy, startup boost is turned off.

If you don't configure this policy, startup boost may initially be off or on. The user can configure its behavior in edge://settings/system.

Learn more about startup boost: https://go.microsoft.com/fwlink/?linkid=2147018

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: StartupBoostEnabled
  • GP name: Enable startup boost
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Performance
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Performance
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: StartupBoostEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

Permit or deny screen capture policies

Back to top

SameOriginTabCaptureAllowedByOrigins

Allow Same Origin Tab capture by these origins

Supported versions:

  • On Windows and macOS since 97 or later

Description

Setting the policy lets you set a list of URL patterns that can capture tabs with their same Origin.

Leaving the policy unset means that sites will not be considered for an override at this scope of capture.

If a site matches a URL pattern in this policy, the following policies will not be considered: TabCaptureAllowedByOrigins, WindowCaptureAllowedByOrigins, ScreenCaptureAllowedByOrigins, ScreenCaptureAllowed.

For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. This policy only matches based on origin, so any path in the URL pattern is ignored.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SameOriginTabCaptureAllowedByOrigins
  • GP name: Allow Same Origin Tab capture by these origins
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Permit or deny screen capture
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SameOriginTabCaptureAllowedByOrigins
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SameOriginTabCaptureAllowedByOrigins\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\SameOriginTabCaptureAllowedByOrigins\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: SameOriginTabCaptureAllowedByOrigins
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

ScreenCaptureAllowedByOrigins

Allow Desktop, Window, and Tab capture by these origins

Supported versions:

  • On Windows and macOS since 97 or later

Description

Setting the policy lets you set a list of URL patterns that can use Desktop, Window, and Tab Capture.

Leaving the policy unset means that sites will not be considered for an override at this scope of Capture.

This policy is not considered if a site matches a URL pattern in any of the following policies: WindowCaptureAllowedByOrigins, TabCaptureAllowedByOrigins, SameOriginTabCaptureAllowedByOrigins.

If a site matches a URL pattern in this policy, the ScreenCaptureAllowed will not be considered.

For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. This policy only matches based on origin, so any path in the URL pattern is ignored.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ScreenCaptureAllowedByOrigins
  • GP name: Allow Desktop, Window, and Tab capture by these origins
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Permit or deny screen capture
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ScreenCaptureAllowedByOrigins
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ScreenCaptureAllowedByOrigins\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\ScreenCaptureAllowedByOrigins\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: ScreenCaptureAllowedByOrigins
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

TabCaptureAllowedByOrigins

Allow Tab capture by these origins

Supported versions:

  • On Windows and macOS since 97 or later

Description

Setting the policy lets you set a list of URL patterns that can use Tab Capture.

Leaving the policy unset means that sites will not be considered for an override at this scope of capture.

This policy is not considered if a site matches a URL pattern in the SameOriginTabCaptureAllowedByOrigins policy.

If a site matches a URL pattern in this policy, the following policies will not be considered: WindowCaptureAllowedByOrigins, ScreenCaptureAllowedByOrigins, ScreenCaptureAllowed.

For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. This policy only matches based on origin, so any path in the URL pattern is ignored.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TabCaptureAllowedByOrigins
  • GP name: Allow Tab capture by these origins
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Permit or deny screen capture
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\TabCaptureAllowedByOrigins
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\TabCaptureAllowedByOrigins\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\TabCaptureAllowedByOrigins\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: TabCaptureAllowedByOrigins
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

WindowCaptureAllowedByOrigins

Allow Window and Tab capture by these origins

Supported versions:

  • On Windows and macOS since 97 or later

Description

Setting the policy lets you set a list of URL patterns that can use Window and Tab Capture.

Leaving the policy unset means that sites will not be considered for an override at this scope of Capture.

This policy is not considered if a site matches a URL pattern in any of the following policies: TabCaptureAllowedByOrigins, SameOriginTabCaptureAllowedByOrigins.

If a site matches a URL pattern in this policy, the following policies will not be considered: ScreenCaptureAllowedByOrigins, ScreenCaptureAllowed.

For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. This policy only matches based on origin, so any path in the URL pattern is ignored.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WindowCaptureAllowedByOrigins
  • GP name: Allow Window and Tab capture by these origins
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Permit or deny screen capture
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\WindowCaptureAllowedByOrigins
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WindowCaptureAllowedByOrigins\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\WindowCaptureAllowedByOrigins\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: WindowCaptureAllowedByOrigins
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

Printing policies

Back to top

DefaultPrinterSelection

Default printer selection rules

Supported versions:

  • On Windows and macOS since 77 or later

Description

Overrides Microsoft Edge default printer selection rules. This policy determines the rules for selecting the default printer in Microsoft Edge, which happens the first time a user tries to print a page.

When this policy is set, Microsoft Edge tries to find a printer that matches all of the specified attributes and uses it as default printer. If there are multiple printers that meet the criteria, the first printer that matches is used.

If you don't configure this policy or no matching printers are found within the timeout, the printer defaults to the built-in PDF printer or no printer, if the PDF printer isn't available.

The value is parsed as a JSON object, conforming to the following schema: { "type": "object", "properties": { "idPattern": { "description": "Regular expression to match printer id.", "type": "string" }, "namePattern": { "description": "Regular expression to match printer display name.", "type": "string" } } }

Omitting a field means all values match; for example, if you don't specify connectivity Print Preview starts discovering all kinds of local printers. Regular expression patterns must follow the JavaScript RegExp syntax and matches are case sensitive.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultPrinterSelection
  • GP name: Default printer selection rules
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultPrinterSelection
  • Value Type: REG_SZ
Example value:
"{ \"idPattern\": \".*public\", \"namePattern\": \".*Color\" }"

Mac information and settings

  • Preference Key Name: DefaultPrinterSelection
  • Example value:
<string>{ "idPattern": ".*public", "namePattern": ".*Color" }</string>

Back to top

PrintHeaderFooter

Supported versions:

  • On Windows and macOS since 77 or later

Description

Force 'headers and footers' to be on or off in the printing dialog.

If you don't configure this policy, users can decide whether to print headers and footers.

If you disable this policy, users can't print headers and footers.

If you enable this policy, users always print headers and footers.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintHeaderFooter
  • GP name: Print headers and footers
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Printing
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: PrintHeaderFooter
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: PrintHeaderFooter
  • Example value:
<false/>

Back to top

PrintPdfAsImageDefault

Supported versions:

  • On Windows and macOS since 106 or later

Description

Controls if Microsoft Edge makes the Print as image option the default when printing PDFs.

If you enable this policy, Microsoft Edge will default to setting the Print as image option in the Print Preview when printing a PDF.

If you disable or don't configure this policy, Microsoft Edge will not default to setting the Print as image option in the Print Preview when printing a PDF.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintPdfAsImageDefault
  • GP name: Print PDF as Image Default
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PrintPdfAsImageDefault
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PrintPdfAsImageDefault
  • Example value:
<true/>

Back to top

PrintPostScriptMode

Supported versions:

  • On Windows since 96 or later

Description

Controls how Microsoft Edge prints on Microsoft Windows.

Printing to a PostScript printer on Microsoft Windows different PostScript generation methods can affect printing performance.

If you set this policy to Default, Microsoft Edge will use a set of default options when generating PostScript. For text in particular, text will always be rendered using Type 3 fonts.

If you set this policy to Type42, Microsoft Edge will render text using Type 42 fonts if possible. This should increase printing speed for some PostScript printers.

If you don't configure this policy, Microsoft Edge will be in Default mode.

Policy options mapping:

  • Default (0) = Default

  • Type42 (1) = Type42

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintPostScriptMode
  • GP name: Print PostScript Mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PrintPostScriptMode
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

PrintPreviewStickySettings

Configure the sticky print preview settings

Supported versions:

  • On Windows and macOS since 110 or later

Description

Configuring this policy sets the print preview settings as the most recent choice in Print Preview instead of the default print preview settings.

Each item of this policy expects a boolean:

Layout specifies if the webpage layout should be kept sticky or not in print preview settings. If we set this to True the webpage layout uses the recent choice otherwise it will set to default value.

Size specifies if the page size should be kept sticky or not in print preview settings. If we set this to True the page size uses the recent choice otherwise it will set to default value.

Scale Type specifies if the scaling percentage and scale type should be kept sticky or not in print preview settings. If we set this to True the scale percentage and scale type both uses the recent choice oherwise it will set to default value.

Margins specifies if the page margin should be kept sticky or not in print preview settings. If we set this to True the page margins uses the recent choice otherwise it will set to default value.

If you enable this policy, the selected values will use the most recent choice in Print Preview.

If you disable or don't configure this policy, print preview settings will not be impacted.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintPreviewStickySettings
  • GP name: Configure the sticky print preview settings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Printing
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: PrintPreviewStickySettings
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\PrintPreviewStickySettings = {
  "layout": false,
  "margins": true,
  "scaleType": false,
  "size": true
}
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\PrintPreviewStickySettings = {"layout": false, "margins": true, "scaleType": false, "size": true}

Mac information and settings

  • Preference Key Name: PrintPreviewStickySettings
  • Example value:
<key>PrintPreviewStickySettings</key>
<dict>
  <key>layout</key>
  <false/>
  <key>margins</key>
  <true/>
  <key>scaleType</key>
  <false/>
  <key>size</key>
  <true/>
</dict>

Back to top

PrintPreviewUseSystemDefaultPrinter

Set the system default printer as the default printer

Supported versions:

  • On Windows and macOS since 77 or later

Description

Tells Microsoft Edge to use the system default printer as the default choice in Print Preview instead of the most recently used printer.

If you disable this policy or don't configure it, Print Preview uses the most recently used printer as the default destination choice.

If you enable this policy, Print Preview uses the OS system default printer as the default destination choice.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintPreviewUseSystemDefaultPrinter
  • GP name: Set the system default printer as the default printer
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Printing
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: PrintPreviewUseSystemDefaultPrinter
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: PrintPreviewUseSystemDefaultPrinter
  • Example value:
<false/>

Back to top

PrintRasterizationMode

Supported versions:

  • On Windows since 90 or later

Description

Controls how Microsoft Edge prints on Windows.

When printing to a non-PostScript printer on Windows, sometimes print jobs need to be rasterized to print correctly.

If you set this policy to 'Full' or don't configure it, Microsoft Edge will do full page rasterization if necessary.

If you set this policy to 'Fast', Microsoft Edge will reduce the amount of rasterization which can help reduce print job sizes and increase printing speed.

Policy options mapping:

  • Full (0) = Full page rasterization

  • Fast (1) = Avoid rasterization if possible

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintRasterizationMode
  • GP name: Print Rasterization Mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PrintRasterizationMode
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

PrintRasterizePdfDpi

Supported versions:

  • On Windows and macOS since 96 or later

Description

Controls print image resolution when Microsoft Edge prints PDFs with rasterization.

When printing a PDF using the Print to image option, it can be beneficial to specify a print resolution other than a device's printer setting or the PDF default. A high resolution will significantly increase the processing and printing time while a low resolution can lead to poor imaging quality.

If you set this policy, it allows a particular resolution to be specified for use when rasterizing PDFs for printing.

If you set this policy to zero or don't configure it, the system default resolution will be used during rasterization of page images.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintRasterizePdfDpi
  • GP name: Print Rasterize PDF DPI
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PrintRasterizePdfDpi
  • Value Type: REG_DWORD
Example value:
0x0000012c

Mac information and settings

  • Preference Key Name: PrintRasterizePdfDpi
  • Example value:
<integer>300</integer>

Back to top

PrintStickySettings

Supported versions:

  • On Windows and macOS since 98 or later

Description

Specifies whether print preview should apply last used settings for Microsoft Edge PDF and webpages.

If you set this policy to 'EnableAll' or don't configure it, Microsoft Edge applies the last used print preview settings for both PDF and webpages.

If you set this policy to 'DisableAll', Microsoft Edge doesn't apply the last used print preview settings for both PDF and webpages.

If you set this policy to 'DisablePdf', Microsoft Edge doesn't apply the last used print preview settings for PDF printing and retains it for webpages.

If you set this policy to 'DisableWebpage', Microsoft Edge doesn't apply the last used print preview settings for webpage printing and retain it for PDF.

This policy is only available if you enable or don't configure the PrintingEnabled policy.

Policy options mapping:

  • EnableAll (0) = Enable sticky settings for PDF and Webpages

  • DisableAll (1) = Disable sticky settings for PDF and Webpages

  • DisablePdf (2) = Disable sticky settings for PDF

  • DisableWebpage (3) = Disable sticky settings for Webpages

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintStickySettings
  • GP name: Print preview sticky settings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PrintStickySettings
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PrintStickySettings
  • Example value:
<integer>1</integer>

Back to top

PrinterTypeDenyList

Disable printer types on the deny list

Supported versions:

  • On Windows and macOS since 88 or later

Description

The printer types on the deny list won't be discovered or have their capabilities fetched.

Placing all printer types on the deny list effectively disables printing, because there's no print destination for documents.

If you don't configure this policy, or the printer list is empty, all printer types are discoverable.

Printer destinations include extension printers and local printers. Extension printers are also known as print provider destinations, and include any destination that belongs to a Microsoft Edge extension. Local printers are also known as native printing destinations, and include destinations available to the local machine and shared network printers.

In Microsoft version 93 or later, if you set this policy to 'pdf' it also disables the 'save as Pdf' option from the right click context menu.

In Microsoft version 103 or later, if you set this policy to 'onedrive' it also disables the 'save as Pdf (OneDrive)' option from print preview.

Policy options mapping:

  • privet (privet) = Zeroconf-based (mDNS + DNS-SD) protocol destinations

  • extension (extension) = Extension-based destinations

  • pdf (pdf) = The 'Save as PDF' destination. (93 or later, also disables from context menu)

  • local (local) = Local printer destinations

  • onedrive (onedrive) = Save as PDF (OneDrive) printer destinations. (103 or later)

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrinterTypeDenyList
  • GP name: Disable printer types on the deny list
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\PrinterTypeDenyList
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\PrinterTypeDenyList\1 = "local"
SOFTWARE\Policies\Microsoft\Edge\PrinterTypeDenyList\2 = "privet"

Mac information and settings

  • Preference Key Name: PrinterTypeDenyList
  • Example value:
<array>
  <string>local</string>
  <string>privet</string>
</array>

Back to top

PrintingAllowedBackgroundGraphicsModes

Restrict background graphics printing mode

Supported versions:

  • On Windows and macOS since 89 or later

Description

Restricts background graphics printing mode. If this policy isn't set there's no restriction on printing background graphics.

Policy options mapping:

  • any (any) = Allow printing with and without background graphics

  • enabled (enabled) = Allow printing only with background graphics

  • disabled (disabled) = Allow printing only without background graphics

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintingAllowedBackgroundGraphicsModes
  • GP name: Restrict background graphics printing mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PrintingAllowedBackgroundGraphicsModes
  • Value Type: REG_SZ
Example value:
"enabled"

Mac information and settings

  • Preference Key Name: PrintingAllowedBackgroundGraphicsModes
  • Example value:
<string>enabled</string>

Back to top

PrintingBackgroundGraphicsDefault

Default background graphics printing mode

Supported versions:

  • On Windows and macOS since 89 or later

Description

Overrides the last used setting for printing background graphics. If you enable this setting, background graphics printing is enabled. If you disable this setting, background graphics printing is disabled.

Policy options mapping:

  • enabled (enabled) = Enable background graphics printing mode by default

  • disabled (disabled) = Disable background graphics printing mode by default

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintingBackgroundGraphicsDefault
  • GP name: Default background graphics printing mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PrintingBackgroundGraphicsDefault
  • Value Type: REG_SZ
Example value:
"enabled"

Mac information and settings

  • Preference Key Name: PrintingBackgroundGraphicsDefault
  • Example value:
<string>enabled</string>

Back to top

PrintingEnabled

Enable printing

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enables printing in Microsoft Edge and prevents users from changing this setting.

If you enable this policy or don't configure it, users can print.

If you disable this policy, users can't print from Microsoft Edge. Printing is disabled in the wrench menu, extensions, JavaScript applications, and so on. Users can still print from plug-ins that bypass Microsoft Edge while printing. For example, certain Adobe Flash applications have the print option in their context menu, which isn't covered by this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintingEnabled
  • GP name: Enable printing
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PrintingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PrintingEnabled
  • Example value:
<true/>

Back to top

PrintingPaperSizeDefault

Default printing page size

Supported versions:

  • On Windows and macOS since 86 or later

Description

Overrides default printing page size.

name should contain one of the listed formats or 'custom' if required paper size is not in the list. If 'custom' value is provided custom_size property should be specified. It describes the desired height and width in micrometers. Otherwise custom_size property shouldn't be specified. Policy that violates these rules is ignored.

If the page size is unavailable on the printer chosen by the user this policy is ignored.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintingPaperSizeDefault
  • GP name: Default printing page size
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PrintingPaperSizeDefault
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\PrintingPaperSizeDefault = {
  "custom_size": {
    "height": 297000,
    "width": 210000
  },
  "name": "custom"
}
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\PrintingPaperSizeDefault = {"custom_size": {"height": 297000, "width": 210000}, "name": "custom"}

Mac information and settings

  • Preference Key Name: PrintingPaperSizeDefault
  • Example value:
<key>PrintingPaperSizeDefault</key>
<dict>
  <key>custom_size</key>
  <dict>
    <key>height</key>
    <integer>297000</integer>
    <key>width</key>
    <integer>210000</integer>
  </dict>
  <key>name</key>
  <string>custom</string>
</dict>

Back to top

PrintingWebpageLayout

Sets layout for printing

Supported versions:

  • On Windows and macOS since 93 or later

Description

Configuring this policy sets the layout for printing webpages.

If you disable or don't configure this policy, users can decide whether to print webpages in Portrait or Landscape layout.

If you enable this policy, the selected option is set as the layout option.

Policy options mapping:

  • portrait (0) = Sets layout option as portrait

  • landscape (1) = Sets layout option as landscape

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PrintingWebpageLayout
  • GP name: Sets layout for printing
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Printing
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: PrintingWebpageLayout
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: PrintingWebpageLayout
  • Example value:
<integer>0</integer>

Back to top

UseSystemPrintDialog

Supported versions:

  • On Windows and macOS since 77 or later

Description

Shows the system print dialog instead of print preview.

If you enable this policy, Microsoft Edge opens the system print dialog instead of the built-in print preview when a user prints a page.

If you don't configure or disable this policy, print commands trigger the Microsoft Edge print preview screen.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: UseSystemPrintDialog
  • GP name: Print using system print dialog
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Printing
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: UseSystemPrintDialog
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: UseSystemPrintDialog
  • Example value:
<false/>

Back to top

Private Network Request Settings policies

Back to top

InsecurePrivateNetworkRequestsAllowed

Specifies whether to allow websites to make requests to any network endpoint in an insecure manner.

Supported versions:

  • On Windows and macOS since 92 or later

Description

Controls whether websites are allowed to make requests to more-private network endpoints.

When this policy is enabled, all Private Network Access checks are disabled for all origins. This may allow attackers to perform cross-site request forgery (CSRF) attacks on private network servers.

When this policy is disabled or not configured, the default behavior for requests to more-private network endpoints will depend on the user's personal configuration for the BlockInsecurePrivateNetworkRequests, PrivateNetworkAccessSendPreflights, and PrivateNetworkAccessRespectPreflightResults feature flags. These flags may be controlled by experimentation or set via the command line.

This policy relates to the Private Network Access specification. See https://wicg.github.io/private-network-access/ for more details.

A network endpoint is more private than another if:

  1. Its IP address is localhost and the other is not.
  2. Its IP address is private and the other is public. In the future, depending on spec evolution, this policy might apply to all cross-origin requests directed at private IPs or localhost.

When this policy enabled, websites are allowed to make requests to any network endpoint, subject to other cross-origin checks.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InsecurePrivateNetworkRequestsAllowed
  • GP name: Specifies whether to allow websites to make requests to any network endpoint in an insecure manner.
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Private Network Request Settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InsecurePrivateNetworkRequestsAllowed
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: InsecurePrivateNetworkRequestsAllowed
  • Example value:
<false/>

Back to top

InsecurePrivateNetworkRequestsAllowedForUrls

Allow the listed sites to make requests to more-private network endpoints from in an insecure manner

Supported versions:

  • On Windows and macOS since 92 or later

Description

List of URL patterns. Requests initiated from websites served by matching origins are not subject to Private Network Access checks.

If this policy is not set, this policy behaves as if set to the empty list.

For origins not covered by the patterns specified here, the global default value will be used either from the InsecurePrivateNetworkRequestsAllowed policy, if it is set, or the user's personal configuration otherwise.

For detailed information on valid URL patterns, see Filter format for URL list-based policies.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InsecurePrivateNetworkRequestsAllowedForUrls
  • GP name: Allow the listed sites to make requests to more-private network endpoints from in an insecure manner
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Private Network Request Settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\InsecurePrivateNetworkRequestsAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\InsecurePrivateNetworkRequestsAllowedForUrls\1 = "http://www.example.com:8080"
SOFTWARE\Policies\Microsoft\Edge\InsecurePrivateNetworkRequestsAllowedForUrls\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: InsecurePrivateNetworkRequestsAllowedForUrls
  • Example value:
<array>
  <string>http://www.example.com:8080</string>
  <string>[*.]example.edu</string>
</array>

Back to top

Proxy server policies

Back to top

ProxyBypassList

Configure proxy bypass rules (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 77 or later

Description

This policy is deprecated, use ProxySettings instead. It won't work in Microsoft Edge version 91.

Defines a list of hosts for which Microsoft Edge bypasses any proxy.

This policy is applied only if the ProxySettings policy isn't specified and you have selected either fixed_servers or pac_script in the ProxyMode policy. If you selected any other mode for configuring proxy policies, don't enable or configure this policy.

If you enable this policy, you can create a list of hosts for which Microsoft Edge doesn't use a proxy.

If you don't configure this policy, no list of hosts is created for which Microsoft Edge bypasses a proxy. Leave this policy unconfigured if you've specified any other method for setting proxy policies.

For more detailed examples go to https://go.microsoft.com/fwlink/?linkid=2094936.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ProxyBypassList
  • GP name: Configure proxy bypass rules (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Proxy server
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ProxyBypassList
  • Value Type: REG_SZ
Example value:
"https://www.contoso.com, https://www.fabrikam.com"

Mac information and settings

  • Preference Key Name: ProxyBypassList
  • Example value:
<string>https://www.contoso.com, https://www.fabrikam.com</string>

Back to top

ProxyMode

Configure proxy server settings (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 77 or later

Description

This policy is deprecated, use ProxySettings instead. It won't work in Microsoft Edge version 91.

If you set this policy to Enabled you can specify the proxy server Microsoft Edge uses and prevents users from changing proxy settings. Microsoft Edge ignores all proxy-related options specified from the command line. The policy is only applied if the ProxySettings policy isn't specified.

Other options are ignored if you choose one of the following options:

  • direct = Never use a proxy server and always connect directly
  • system = Use system proxy settings
  • auto_detect = Auto detect the proxy server

If you choose to use:

  • fixed_servers = Fixed proxy servers. You can specify further options with ProxyServer and ProxyBypassList.
  • pac_script = A .pac proxy script. Use ProxyPacUrl to set the URL to a proxy .pac file.

For detailed examples, go to https://go.microsoft.com/fwlink/?linkid=2094936.

If you don't configure this policy, users can choose their own proxy settings.

Policy options mapping:

  • ProxyDisabled (direct) = Never use a proxy

  • ProxyAutoDetect (auto_detect) = Auto detect proxy settings

  • ProxyPacScript (pac_script) = Use a .pac proxy script

  • ProxyFixedServers (fixed_servers) = Use fixed proxy servers

  • ProxyUseSystem (system) = Use system proxy settings

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ProxyMode
  • GP name: Configure proxy server settings (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Proxy server
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ProxyMode
  • Value Type: REG_SZ
Example value:
"direct"

Mac information and settings

  • Preference Key Name: ProxyMode
  • Example value:
<string>direct</string>

Back to top

ProxyPacUrl

Set the proxy .pac file URL (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 77 or later

Description

This policy is deprecated, use ProxySettings instead. It won't work in Microsoft Edge version 91.

Specifies the URL for a proxy auto-config (PAC) file.

This policy is applied only if the ProxySettings policy isn't specified and you have selected pac_script in the ProxyMode policy. If you selected any other mode for configuring proxy policies, don't enable or configure this policy.

If you enable this policy, you can specify the URL for a PAC file, which defines how the browser automatically chooses the appropriate proxy server for fetching a particular website.

If you disable or don't configure this policy, no PAC file is specified. Leave this policy unconfigured if you've specified any other method for setting proxy policies.

For detailed examples, see https://go.microsoft.com/fwlink/?linkid=2094936.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ProxyPacUrl
  • GP name: Set the proxy .pac file URL (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Proxy server
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ProxyPacUrl
  • Value Type: REG_SZ
Example value:
"https://internal.contoso.com/example.pac"

Mac information and settings

  • Preference Key Name: ProxyPacUrl
  • Example value:
<string>https://internal.contoso.com/example.pac</string>

Back to top

ProxyServer

Configure address or URL of proxy server (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 77 or later

Description

This policy is deprecated, use ProxySettings instead. It won't work in Microsoft Edge version 91.

Specifies the URL of the proxy server.

This policy is applied only if the ProxySettings policy isn't specified and you have selected fixed_servers in the ProxyMode policy. If you selected any other mode for configuring proxy policies, don't enable or configure this policy.

If you enable this policy, the proxy server configured by this policy will be used for all URLs.

If you disable or don't configure this policy, users can choose their own proxy settings while in this proxy mode. Leave this policy unconfigured if you've specified any other method for setting proxy policies.

For more options and detailed examples, see https://go.microsoft.com/fwlink/?linkid=2094936.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ProxyServer
  • GP name: Configure address or URL of proxy server (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Proxy server
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ProxyServer
  • Value Type: REG_SZ
Example value:
"123.123.123.123:8080"

Mac information and settings

  • Preference Key Name: ProxyServer
  • Example value:
<string>123.123.123.123:8080</string>

Back to top

ProxySettings

Proxy settings

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configures the proxy settings for Microsoft Edge.

If you enable this policy, Microsoft Edge ignores all proxy-related options specified from the command line.

If you don't configure this policy, users can choose their own proxy settings.

This policy overrides the following individual policies:

ProxyMode ProxyPacUrl ProxyServer ProxyBypassList

Setting the ProxySettings policy accepts the following fields:

  • ProxyMode, which lets you specify the proxy server used by Microsoft Edge and prevents users from changing proxy settings
  • ProxyPacUrl, a URL to a proxy .pac file
  • ProxyPacMandatory, a boolean flag which prevents the network stack from falling back to direct connections with invalid or unavailable PAC script
  • ProxyServer, a URL for the proxy server
  • ProxyBypassList, a list of proxy hosts that Microsoft Edge bypasses

For ProxyMode, if you choose the value:

  • direct, a proxy is never used and all other fields are ignored.
  • system, the systems's proxy is used and all other fields are ignored.
  • auto_detect, all other fields are ignored.
  • fixed_servers, the ProxyServer and ProxyBypassList fields are used.
  • pac_script, the ProxyPacUrl, ProxyPacMandatory and ProxyBypassList fields are used.

For more detailed examples go to https://go.microsoft.com/fwlink/?linkid=2094936.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ProxySettings
  • GP name: Proxy settings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Proxy server
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ProxySettings
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ProxySettings = {
  "ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/",
  "ProxyMode": "pac_script",
  "ProxyPacMandatory": false,
  "ProxyPacUrl": "https://internal.site/example.pac",
  "ProxyServer": "123.123.123.123:8080"
}
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\ProxySettings = {"ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/", "ProxyMode": "pac_script", "ProxyPacMandatory": false, "ProxyPacUrl": "https://internal.site/example.pac", "ProxyServer": "123.123.123.123:8080"}

Mac information and settings

  • Preference Key Name: ProxySettings
  • Example value:
<key>ProxySettings</key>
<dict>
  <key>ProxyBypassList</key>
  <string>https://www.example1.com,https://www.example2.com,https://internalsite/</string>
  <key>ProxyMode</key>
  <string>pac_script</string>
  <key>ProxyPacMandatory</key>
  <false/>
  <key>ProxyPacUrl</key>
  <string>https://internal.site/example.pac</string>
  <key>ProxyServer</key>
  <string>123.123.123.123:8080</string>
</dict>

Back to top

Back to top

RelatedWebsiteSetsEnabled

Supported versions:

  • On Windows and macOS since 121 or later

Description

This policy lets you control the enablement of the Related Website Sets feature. Related Website Sets (RWS) is a way for an organisation to declare relationships among sites, so that Microsoft Edge allows limited third-party cookie access for specific purposes across those sites.

If this policy set to True or unset, the Related Website Sets feature is enabled.

If this policy is set to False, the Related Website Sets feature is disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RelatedWebsiteSetsEnabled
  • GP name: Enable Related Website Sets
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Related Website Sets Settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RelatedWebsiteSetsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: RelatedWebsiteSetsEnabled
  • Example value:
<false/>

Back to top

RelatedWebsiteSetsOverrides

Supported versions:

  • On Windows and macOS since 121 or later

Description

This policy provides a way to override the list of sets Microsoft Edge uses for Related Website Sets

Each set in the browser's list of Related Website Sets must meet the requirements of a Related Website Set. A Related Website Set must contain a primary site and one or more member sites. A set can also contain a list of service sites that it owns, as well as a map from a site to all its ccTLD variants. See https://github.com/WICG/first-party-sets for more information on how Microsoft Edge uses Related Website Sets.

All sites in a Related Website Set must be a registrable domain served over HTTPS. Each site in a Related Website Set must also be unique, which means a site can't be listed more than once in a Related Website Set.

When this policy is given an empty dictionary, Microsoft Edge uses the public list of Related Website Sets.

For all sites in a Related Website Set from the replacements list, if a site is also present on a Related Website Set in the browser's list, then that site will be removed from the browser's Related Website Set. After this, the policy's Related Website Set will be added to the Microsoft Edge's list of Related Website Sets.

For all sites in a Related Website Set from the additions list, if a site is also present on a Related Website Set in Microsoft Edge's list, then the browser's Related Website Set will be updated so that the new Related Website Set can be added to the browser's list. After the browser's list has been updated, the policy's Related Website Set will be added to the browser's list of Related Website Sets.

The browser's list of Related Website Sets requires that for all sites in its list, no site is in more than one set. This is also required for both the replacements list and the additions list. Similarly, a site can't be in both the replacements list and the additions list.

Wildcards (*) aren't supported as a policy value, or as a value within any Related Website Set in these lists.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RelatedWebsiteSetsOverrides
  • GP name: Override Related Website Sets.
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Related Website Sets Settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RelatedWebsiteSetsOverrides
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\RelatedWebsiteSetsOverrides = {
  "additions": [
    {
      "associatedSites": [
        "https://associate2.test"
      ],
      "ccTLDs": {
        "https://associate2.test": [
          "https://associate2.com"
        ]
      },
      "primary": "https://primary2.test",
      "serviceSites": [
        "https://associate2-content.test"
      ]
    }
  ],
  "replacements": [
    {
      "associatedSites": [
        "https://associate1.test"
      ],
      "ccTLDs": {
        "https://associate1.test": [
          "https://associate1.co.uk"
        ]
      },
      "primary": "https://primary1.test",
      "serviceSites": [
        "https://associate1-content.test"
      ]
    }
  ]
}
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\RelatedWebsiteSetsOverrides = {"additions": [{"associatedSites": ["https://associate2.test"], "ccTLDs": {"https://associate2.test": ["https://associate2.com"]}, "primary": "https://primary2.test", "serviceSites": ["https://associate2-content.test"]}], "replacements": [{"associatedSites": ["https://associate1.test"], "ccTLDs": {"https://associate1.test": ["https://associate1.co.uk"]}, "primary": "https://primary1.test", "serviceSites": ["https://associate1-content.test"]}]}

Mac information and settings

  • Preference Key Name: RelatedWebsiteSetsOverrides
  • Example value:
<key>RelatedWebsiteSetsOverrides</key>
<dict>
  <key>additions</key>
  <array>
    <dict>
      <key>associatedSites</key>
      <array>
        <string>https://associate2.test</string>
      </array>
      <key>ccTLDs</key>
      <dict>
        <key>https://associate2.test</key>
        <array>
          <string>https://associate2.com</string>
        </array>
      </dict>
      <key>primary</key>
      <string>https://primary2.test</string>
      <key>serviceSites</key>
      <array>
        <string>https://associate2-content.test</string>
      </array>
    </dict>
  </array>
  <key>replacements</key>
  <array>
    <dict>
      <key>associatedSites</key>
      <array>
        <string>https://associate1.test</string>
      </array>
      <key>ccTLDs</key>
      <dict>
        <key>https://associate1.test</key>
        <array>
          <string>https://associate1.co.uk</string>
        </array>
      </dict>
      <key>primary</key>
      <string>https://primary1.test</string>
      <key>serviceSites</key>
      <array>
        <string>https://associate1-content.test</string>
      </array>
    </dict>
  </array>
</dict>

Back to top

Sleeping tabs settings policies

Back to top

AutoDiscardSleepingTabsEnabled

Configure auto discard sleeping tabs

Supported versions:

  • On Windows and macOS since 120 or later

Description

Setting this policy enables inactive (sleeping) tabs to be automatically discarded after 1.5 days of inactivity. This is done to save memory. When the user switches back to a discarded tab, the tab will need to be reloaded.

If the SleepingTabsEnabled policy is enabled, then this feature will be enabled by default.

If the SleepingTabsEnabled is disabled, then this feature will be disabled by default and cannot be enabled.

If enabled, idle background tabs will be discarded after 1.5 days.

If disabled, idle background tab will not be discarded after 1.5 days. Tabs can still be discarded for other reasons if this policy is disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutoDiscardSleepingTabsEnabled
  • GP name: Configure auto discard sleeping tabs
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Sleeping tabs settings
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Sleeping tabs settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: AutoDiscardSleepingTabsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AutoDiscardSleepingTabsEnabled
  • Example value:
<true/>

Back to top

SleepingTabsBlockedForUrls

Block sleeping tabs on specific sites

Supported versions:

  • On Windows and macOS since 88 or later

Description

Define a list of sites, based on URL patterns, that are not allowed to be put to sleep by sleeping tabs. Sites in this list are also excluded from other performance optimizations like efficiency mode and tab discard.

If the policy SleepingTabsEnabled is disabled, this list is not used and no sites will be put to sleep automatically.

If you don't configure this policy, all sites will be eligible to be put to sleep unless the user's personal configuration blocks them.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SleepingTabsBlockedForUrls
  • GP name: Block sleeping tabs on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Sleeping tabs settings
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Sleeping tabs settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SleepingTabsBlockedForUrls
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended\SleepingTabsBlockedForUrls
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SleepingTabsBlockedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\SleepingTabsBlockedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: SleepingTabsBlockedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

SleepingTabsEnabled

Configure sleeping tabs

Supported versions:

  • On Windows and macOS since 88 or later

Description

This policy setting lets you configure whether to turn on sleeping tabs. Sleeping tabs reduces CPU, battery, and memory usage by putting idle background tabs to sleep. Microsoft Edge uses heuristics to avoid putting tabs to sleep that do useful work in the background, such as display notifications, play sound, and stream video. By default, sleeping tabs is turned on.

Individual sites may be blocked from being put to sleep by configuring the policy SleepingTabsBlockedForUrls.

If you enable this setting, sleeping tabs is turned on.

If you disable this setting, sleeping tabs is turned off.

If you don't configure this setting, users can choose whether to use sleeping tabs.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SleepingTabsEnabled
  • GP name: Configure sleeping tabs
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Sleeping tabs settings
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Sleeping tabs settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: SleepingTabsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SleepingTabsEnabled
  • Example value:
<true/>

Back to top

SleepingTabsTimeout

Set the background tab inactivity timeout for sleeping tabs

Supported versions:

  • On Windows and macOS since 88 or later

Description

This policy setting lets you configure the timeout, in seconds, after which inactive background tabs will be automatically put to sleep if sleeping tabs is enabled. By default, this timeout is 7,200 seconds (2 hours).

Tabs are only put to sleep automatically when the policy SleepingTabsEnabled is enabled or is not configured and the user has enabled the sleeping tabs setting.

If you don't configure this policy, users can choose the timeout value.

Policy options mapping:

  • 30Seconds (30) = 30 seconds of inactivity

  • 5Minutes (300) = 5 minutes of inactivity

  • 15Minutes (900) = 15 minutes of inactivity

  • 30Minutes (1800) = 30 minutes of inactivity

  • 1Hour (3600) = 1 hour of inactivity

  • 2Hours (7200) = 2 hours of inactivity

  • 3Hours (10800) = 3 hours of inactivity

  • 6Hours (21600) = 6 hours of inactivity

  • 12Hours (43200) = 12 hours of inactivity

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SleepingTabsTimeout
  • GP name: Set the background tab inactivity timeout for sleeping tabs
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Sleeping tabs settings
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Sleeping tabs settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: SleepingTabsTimeout
  • Value Type: REG_DWORD
Example value:
0x00000384

Mac information and settings

  • Preference Key Name: SleepingTabsTimeout
  • Example value:
<integer>900</integer>

Back to top

SmartScreen settings policies

Back to top

ExemptSmartScreenDownloadWarnings

Disable SmartScreen AppRep based warnings for specified file types on specified domains

Supported versions:

  • On Windows since 118 or later

Description

You can enable this policy to create a dictionary of file type extensions with a corresponding list of domains that will be exempted from SmartScreen AppRep warnings. For example, if the "vbe" extension is associated with "website1.com", users would not see a SmartScreen AppRep warning when downloading "vbe" files from "website1.com", but may see a download warning when downloading "vbe" files from "website2.com".

Files with file type extensions specified for domains identified by this policy will still be subject to file type extension-based security warnings and mixed-content download warnings.

If you disable this policy or don't configure it, files that trigger SmartScreen AppRep download warnings will show warnings to the user.

If you enable this policy:

  • The URL pattern should be formatted according to https://go.microsoft.com/fwlink/?linkid=2095322.
  • The file type extension entered must be in lower-cased ASCII. The leading separator should not be included when listing the file type extension, so "vbe" should be used instead of ".vbe".

Example:

The following example value would prevent SmartScreen AppRep warnings on msi, exe, and vbe extensions for *.contoso.com domains. It may show the user a SmartScreen AppRep warning on any other domain for exe and msi files, but not for vbe files.

[ { "file_extension": "msi", "domains": ["contoso.com"] }, { "file_extension": "exe", "domains": ["contoso.com"] }, { "file_extension": "vbe", "domains": ["*"] } ]

Note that while the preceding example shows the suppression of SmartScreen AppRep download warnings for "vbe" files for all domains, applying suppression of such warnings for all domains is not recommended due to security concerns. It is shown in the example merely to demonstrate the ability to do so.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExemptSmartScreenDownloadWarnings
  • GP name: Disable SmartScreen AppRep based warnings for specified file types on specified domains
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/SmartScreen settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ExemptSmartScreenDownloadWarnings
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ExemptSmartScreenDownloadWarnings = [
  {
    "domains": [
      "https://contoso.com",
      "contoso2.com"
    ],
    "file_extension": "msi"
  },
  {
    "domains": [
      "*"
    ],
    "file_extension": "vbe"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\ExemptSmartScreenDownloadWarnings = [{"domains": ["https://contoso.com", "contoso2.com"], "file_extension": "msi"}, {"domains": ["*"], "file_extension": "vbe"}]

Back to top

NewSmartScreenLibraryEnabled

Enable new SmartScreen library (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 107.

Supported versions:

  • On Windows and macOS since 95, until 107

Description

This policy doesn't work because it was only intended to be a short-term mechanism to support the update to a new SmartScreen client.

Allows the Microsoft Edge browser to load the new SmartScreen library (libSmartScreenN) for any SmartScreen checks on site URLs or application downloads.

If you enable or don't configure this policy, Microsoft Edge will use the new SmartScreen library (libSmartScreenN).

If you disable this policy, Microsoft Edge will use the old SmartScreen library (libSmartScreen).

Before Microsoft Edge version 103, if you don't configure this policy, Microsoft Edge will use the old SmartScreen library (libSmartScreen).

This policy is only available on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management. This also includes macOS instances that are that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewSmartScreenLibraryEnabled
  • GP name: Enable new SmartScreen library (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/SmartScreen settings
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/SmartScreen settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: NewSmartScreenLibraryEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: NewSmartScreenLibraryEnabled
  • Example value:
<true/>

Back to top

PreventSmartScreenPromptOverride

Prevent bypassing Microsoft Defender SmartScreen prompts for sites

Supported versions:

  • On Windows and macOS since 77 or later

Description

This policy setting lets you decide whether users can override the Microsoft Defender SmartScreen warnings about potentially malicious websites.

If you enable this setting, users can't ignore Microsoft Defender SmartScreen warnings and they are blocked from continuing to the site.

If you disable or don't configure this setting, users can ignore Microsoft Defender SmartScreen warnings and continue to the site.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PreventSmartScreenPromptOverride
  • GP name: Prevent bypassing Microsoft Defender SmartScreen prompts for sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/SmartScreen settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PreventSmartScreenPromptOverride
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PreventSmartScreenPromptOverride
  • Example value:
<true/>

Back to top

PreventSmartScreenPromptOverrideForFiles

Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads

Supported versions:

  • On Windows since 77 or later
  • On macOS since 79 or later

Description

This policy lets you determine whether users can override Microsoft Defender SmartScreen warnings about unverified downloads.

If you enable this policy, users in your organization can't ignore Microsoft Defender SmartScreen warnings, and they're prevented from completing the unverified downloads.

If you disable or don't configure this policy, users can ignore Microsoft Defender SmartScreen warnings and complete unverified downloads.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PreventSmartScreenPromptOverrideForFiles
  • GP name: Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/SmartScreen settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PreventSmartScreenPromptOverrideForFiles
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PreventSmartScreenPromptOverrideForFiles
  • Example value:
<true/>

Back to top

SmartScreenAllowListDomains

Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configure the list of Microsoft Defender SmartScreen trusted domains. This means: Microsoft Defender SmartScreen won't check for potentially malicious resources like phishing software and other malware if the source URLs match these domains. The Microsoft Defender SmartScreen download protection service won't check downloads hosted on these domains.

If you enable this policy, Microsoft Defender SmartScreen trusts these domains. If you disable or don't set this policy, default Microsoft Defender SmartScreen protection is applied to all resources.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10/11 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX. Also note that this policy does not apply if your organization has enabled Microsoft Defender for Endpoint. You must configure your allow and block lists in Microsoft 365 Defender portal using Indicators (Settings > Endpoints > Indicators).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SmartScreenAllowListDomains
  • GP name: Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/SmartScreen settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SmartScreenAllowListDomains
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SmartScreenAllowListDomains\1 = "mydomain.com"
SOFTWARE\Policies\Microsoft\Edge\SmartScreenAllowListDomains\2 = "myuniversity.edu"

Mac information and settings

  • Preference Key Name: SmartScreenAllowListDomains
  • Example value:
<array>
  <string>mydomain.com</string>
  <string>myuniversity.edu</string>
</array>

Back to top

SmartScreenDnsRequestsEnabled

Enable Microsoft Defender SmartScreen DNS requests

Supported versions:

  • On Windows and macOS since 97 or later

Description

This policy lets you configure whether to enable DNS requests made by Microsoft Defender SmartScreen. Note: Disabling DNS requests will prevent Microsoft Defender SmartScreen from getting IP addresses, and potentially impact the IP-based protections provided.

If you enable or don't configure this setting, Microsoft Defender SmartScreen will make DNS requests.

If you disable this setting, Microsoft Defender SmartScreen will not make any DNS requests.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SmartScreenDnsRequestsEnabled
  • GP name: Enable Microsoft Defender SmartScreen DNS requests
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/SmartScreen settings
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/SmartScreen settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: SmartScreenDnsRequestsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SmartScreenDnsRequestsEnabled
  • Example value:
<true/>

Back to top

SmartScreenEnabled

Configure Microsoft Defender SmartScreen

Supported versions:

  • On Windows and macOS since 77 or later

Description

This policy setting lets you configure whether to turn on Microsoft Defender SmartScreen. Microsoft Defender SmartScreen provides warning messages to help protect your users from potential phishing scams and malicious software. By default, Microsoft Defender SmartScreen is turned on.

If you enable this setting, Microsoft Defender SmartScreen is turned on.

If you disable this setting, Microsoft Defender SmartScreen is turned off.

If you don't configure this setting, users can choose whether to use Microsoft Defender SmartScreen.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SmartScreenEnabled
  • GP name: Configure Microsoft Defender SmartScreen
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/SmartScreen settings
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/SmartScreen settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: SmartScreenEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SmartScreenEnabled
  • Example value:
<true/>

Back to top

SmartScreenForTrustedDownloadsEnabled

Force Microsoft Defender SmartScreen checks on downloads from trusted sources

Supported versions:

  • On Windows since 78 or later

Description

This policy setting lets you configure whether Microsoft Defender SmartScreen checks download reputation from a trusted source.

In Windows, the policy determines a trusted source by checking its Internet zone. If the source comes from the local system, intranet, or trusted sites zone, then the download is considered trusted and safe.

If you enable or don't configure this setting, Microsoft Defender SmartScreen checks the download's reputation regardless of source.

If you disable this setting, Microsoft Defender SmartScreen doesn't check the download's reputation when downloading from a trusted source.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SmartScreenForTrustedDownloadsEnabled
  • GP name: Force Microsoft Defender SmartScreen checks on downloads from trusted sources
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/SmartScreen settings
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/SmartScreen settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: SmartScreenForTrustedDownloadsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

SmartScreenPuaEnabled

Configure Microsoft Defender SmartScreen to block potentially unwanted apps

Supported versions:

  • On Windows and macOS since 80 or later

Description

This policy setting lets you configure whether to turn on blocking for potentially unwanted apps with Microsoft Defender SmartScreen. Potentially unwanted app blocking with Microsoft Defender SmartScreen provides warning messages to help protect users from adware, coin miners, bundleware, and other low-reputation apps that are hosted by websites. Potentially unwanted app blocking with Microsoft Defender SmartScreen is turned off by default.

If you enable this setting, potentially unwanted app blocking with Microsoft Defender SmartScreen is turned on.

If you disable this setting, potentially unwanted app blocking with Microsoft Defender SmartScreen is turned off.

If you don't configure this setting, users can choose whether to use potentially unwanted app blocking with Microsoft Defender SmartScreen.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SmartScreenPuaEnabled
  • GP name: Configure Microsoft Defender SmartScreen to block potentially unwanted apps
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/SmartScreen settings
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/SmartScreen settings
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: SmartScreenPuaEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SmartScreenPuaEnabled
  • Example value:
<true/>

Back to top

Startup, home page and new tab page policies

Back to top

HomepageIsNewTabPage

Set the new tab page as the home page

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configures the default home page in Microsoft Edge. You can set the home page to a URL you specify or to the new tab page.

If you enable this policy, the Home button is set to the new tab page as configured by the user or with the policy NewTabPageLocation and the URL set with the policy HomepageLocation is not taken into consideration.

If you disable this policy, the Home button is the set URL as configured by the user or as configured in the policy HomepageLocation.

If you don't configure this policy, users can choose whether the set URL or the new tab page is their home page.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: HomepageIsNewTabPage
  • GP name: Set the new tab page as the home page
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Startup, home page and new tab page
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: HomepageIsNewTabPage
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: HomepageIsNewTabPage
  • Example value:
<true/>

Back to top

HomepageLocation

Configure the home page URL

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configures the default home page URL in Microsoft Edge.

The home page is the page opened by the Home button. The pages that open on startup are controlled by the RestoreOnStartup policies.

You can either set a URL here or set the home page to open the new tab page 'edge://newtab'. By default, the Home button will open the new tab page (as configured by the user or with the policy NewTabPageLocation), and the user will be able to choose between the URL configured by this policy and the new tab page.

If you enable this policy, users can't change their home page URL, but they can choose the behavior for the Home button to open either the set URL or the new tab page. If you wish to enforce the usage of the set URL you must also configure HomepageIsNewTabPage=Disabled.

If you disable or don't configure this policy, users can choose their own home page, as long as the HomepageIsNewTabPage policy isn't enabled.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: HomepageLocation
  • GP name: Configure the home page URL
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Startup, home page and new tab page
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: HomepageLocation
  • Value Type: REG_SZ
Example value:
"https://www.contoso.com"

Mac information and settings

  • Preference Key Name: HomepageLocation
  • Example value:
<string>https://www.contoso.com</string>

Back to top

NewTabPageAllowedBackgroundTypes

Configure the background types allowed for the new tab page layout

Supported versions:

  • On Windows and macOS since 86 or later

Description

You can configure which types of background image that are allowed on the new tab page layout in Microsoft Edge.

If you don't configure this policy, all background image types on the new tab page are enabled.

Policy options mapping:

  • DisableImageOfTheDay (1) = Disable daily background image type

  • DisableCustomImage (2) = Disable custom background image type

  • DisableAll (3) = Disable all background image types

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageAllowedBackgroundTypes
  • GP name: Configure the background types allowed for the new tab page layout
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NewTabPageAllowedBackgroundTypes
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: NewTabPageAllowedBackgroundTypes
  • Example value:
<integer>2</integer>

Back to top

NewTabPageAppLauncherEnabled

Hide App Launcher on Microsoft Edge new tab page

Supported versions:

  • On Windows and macOS since 108 or later

Description

By default, the App Launcher is shown every time a user opens a new tab page.

If you enable or don't configure this policy, there is no change on the Microsoft Edge new tab page and App Launcher is there for users.

If you disable this policy, App Launcher doesn't appear and users won't be able to launch M365 apps from Microsoft Edge new tab page via the App Launcher.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageAppLauncherEnabled
  • GP name: Hide App Launcher on Microsoft Edge new tab page
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NewTabPageAppLauncherEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: NewTabPageAppLauncherEnabled
  • Example value:
<false/>

Back to top

NewTabPageBingChatEnabled

Disable Bing chat entry-points on Microsoft Edge Enterprise new tab page

Supported versions:

  • On Windows and macOS since 117 or later

Description

By default, there are two Bing chat entry-points on new tab page. One is inside the new tab page search box, and one is in the Bing Autosuggest drawer on-click.

If you enable or don't configure this policy, there is no change on the Microsoft Edge Enterprise new tab page and the Bing chat entry-points are there for users.

If you disable this policy, Bing chat entry-points don't appear on the new tab page.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageBingChatEnabled
  • GP name: Disable Bing chat entry-points on Microsoft Edge Enterprise new tab page
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NewTabPageBingChatEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: NewTabPageBingChatEnabled
  • Example value:
<false/>

Back to top

Set new tab page company logo (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 85.

Supported versions:

  • On Windows and macOS since 79, until 85

Description

This policy didn't work as expected due to changes in operational requirements. Therefore it's obsolete and should not be used.

Specifies the company logo to use on the new tab page in Microsoft Edge.

The policy should be configured as a string that expresses the logo(s) in JSON format. For example: { "default_logo": { "url": "https://www.contoso.com/logo.png", "hash": "cd0aa9856147b6c5b4ff2b7dfee5da20aa38253099ef1b4a64aced233c9afe29" }, "light_logo": { "url": "https://www.contoso.com/light_logo.png", "hash": "517d286edb416bb2625ccfcba9de78296e90da8e32330d4c9c8275c4c1c33737" } }

You configure this policy by specifying the URL from which Microsoft Edge can download the logo and its cryptographic hash (SHA-256), which is used to verify the integrity of the download. The logo must be in PNG or SVG format, and its file size must not exceed 16 MB. The logo is downloaded and cached, and it will be redownloaded whenever the URL or the hash changes. The URL must be accessible without any authentication.

The 'default_logo' is required and will be used when there's no background image. If 'light_logo' is provided, it will be used when the user's new tab page has a background image. We recommend a horizontal logo with a transparent background that is left-aligned and vertically centered. The logo should have a minimum height of 32 pixels and an aspect ratio from 1:1 to 4:1. The 'default_logo' should have proper contrast against a white/black background while the 'light_logo' should have proper contrast against a background image.

If you enable this policy, Microsoft Edge downloads and shows the specified logo(s) on the new tab page. Users can't override or hide the logo(s).

If you disable or don't configure this policy, Microsoft Edge will show no company logo or a Microsoft logo on the new tab page.

For help with determining the SHA-256 hash, see Get-FileHash.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageCompanyLogo
  • GP name: Set new tab page company logo (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NewTabPageCompanyLogo
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\NewTabPageCompanyLogo = {
  "default_logo": {
    "hash": "cd0aa9856147b6c5b4ff2b7dfee5da20aa38253099ef1b4a64aced233c9afe29",
    "url": "https://www.contoso.com/logo.png"
  },
  "light_logo": {
    "hash": "517d286edb416bb2625ccfcba9de78296e90da8e32330d4c9c8275c4c1c33737",
    "url": "https://www.contoso.com/light_logo.png"
  }
}
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\NewTabPageCompanyLogo = {"default_logo": {"hash": "cd0aa9856147b6c5b4ff2b7dfee5da20aa38253099ef1b4a64aced233c9afe29", "url": "https://www.contoso.com/logo.png"}, "light_logo": {"hash": "517d286edb416bb2625ccfcba9de78296e90da8e32330d4c9c8275c4c1c33737", "url": "https://www.contoso.com/light_logo.png"}}

Mac information and settings

  • Preference Key Name: NewTabPageCompanyLogo
  • Example value:
<key>NewTabPageCompanyLogo</key>
<dict>
  <key>default_logo</key>
  <dict>
    <key>hash</key>
    <string>cd0aa9856147b6c5b4ff2b7dfee5da20aa38253099ef1b4a64aced233c9afe29</string>
    <key>url</key>
    <string>https://www.contoso.com/logo.png</string>
  </dict>
  <key>light_logo</key>
  <dict>
    <key>hash</key>
    <string>517d286edb416bb2625ccfcba9de78296e90da8e32330d4c9c8275c4c1c33737</string>
    <key>url</key>
    <string>https://www.contoso.com/light_logo.png</string>
  </dict>
</dict>

Back to top

NewTabPageCompanyLogoEnabled

Hide the company logo on the Microsoft Edge new tab page

Supported versions:

  • On Windows and macOS since 117 or later

Description

By default, the company logo is shown on the new tab page if the company logo is configured in Admin Portal.

If you enable or don't configure this policy, there is no change on the Microsoft Edge new tab page and the company logo is there for users.

If you disable this policy, the company logo doesn't appear on Microsoft Edge new tab page.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageCompanyLogoEnabled
  • GP name: Hide the company logo on the Microsoft Edge new tab page
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NewTabPageCompanyLogoEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: NewTabPageCompanyLogoEnabled
  • Example value:
<false/>

Back to top

NewTabPageContentEnabled

Allow Microsoft content on the new tab page

Supported versions:

  • On Windows and macOS since 91 or later

Description

This policy applies for Microsoft Edge to all profile types, namely unsigned local user profiles, profiles signed in using a Microsoft Account, profiles signed in using Active Directory and profiles signed in using Microsoft Entra ID. The Enterprise new tab page for profiles signed in using Microsoft Entra ID can be configured in the M365 admin portal, but this policy setting takes precedence, so any M365 admin portal configurations will be ignored.

If you enable or don't configure this policy, Microsoft Edge displays Microsoft content on the new tab page. The user can choose different display options for the content. These options include, but aren't limited to: Content off, Content visible on scroll, Headings only, and Content visible. Enabling this policy doesn't force content to be visible - the user can keep setting their own preferred content position.

If you disable this policy, Microsoft Edge doesn't display Microsoft content on the new tab page, the Content control in the NTP settings flyout is disabled and set to "Content off", and the Layout control in the NTP settings flyout is disabled and set to "Custom".

Related policies: NewTabPageAllowedBackgroundTypes, NewTabPageQuickLinksEnabled

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageContentEnabled
  • GP name: Allow Microsoft content on the new tab page
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NewTabPageContentEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: NewTabPageContentEnabled
  • Example value:
<false/>

Back to top

NewTabPageHideDefaultTopSites

Hide the default top sites from the new tab page

Supported versions:

  • On Windows and macOS since 77 or later

Description

Hides the default top sites from the new tab page in Microsoft Edge.

If you set this policy to true, the default top site tiles are hidden.

If you set this policy to false or don't configure it, the default top site tiles remain visible.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageHideDefaultTopSites
  • GP name: Hide the default top sites from the new tab page
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NewTabPageHideDefaultTopSites
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: NewTabPageHideDefaultTopSites
  • Example value:
<true/>

Back to top

NewTabPageLocation

Configure the new tab page URL

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configures the default URL for the new tab page.

The recommended version of this policy does not currently work and functions exactly like the mandatory version.

This policy determines the page that's opened when new tabs are created (including when new windows are opened). It also affects the startup page if that's set to open to the new tab page.

This policy doesn't determine which page opens on startup; that's controlled by the RestoreOnStartup policy. It also doesn't affect the home page if that's set to open to the new tab page.

If you don't configure this policy, the default new tab page is used.

If you configure this policy and the NewTabPageSetFeedType policy, this policy has precedence.

If a blank tab is preferred, "about:blank" is the correct URL to use, not "about://blank".

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageLocation
  • GP name: Configure the new tab page URL
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Startup, home page and new tab page
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: NewTabPageLocation
  • Value Type: REG_SZ
Example value:
"https://www.fabrikam.com"

Mac information and settings

  • Preference Key Name: NewTabPageLocation
  • Example value:
<string>https://www.fabrikam.com</string>

Back to top

Supported versions:

  • On Windows and macOS since 79 or later

Description

By default, Microsoft Edge displays quick links on the new tab page from user-added shortcuts and top sites based on browsing history. With this policy, you can configure up to three quick link tiles on the new tab page, expressed as a JSON object:

[ { "url": "https://www.contoso.com", "title": "Contoso Portal", "pinned": true/false }, ... ]

The 'url' field is required; 'title' and 'pinned' are optional. If 'title' is not provided, the URL is used as the default title. If 'pinned' is not provided, the default value is false.

Microsoft Edge presents these in the order listed, from left to right, with all pinned tiles displayed ahead of non-pinned tiles.

If the policy is set as mandatory, the 'pinned' field will be ignored and all tiles will be pinned. The tiles can't be deleted by the user and will always appear at the front of the quick links list.

If the policy is set as recommended, pinned tiles will remain in the list but the user has the ability to edit and delete them. Quick link tiles that aren't pinned behave like default top sites and are pushed off the list if other websites are visited more frequently. When applying non-pinned links via this policy to an existing browser profile, the links may not appear at all, depending on how they rank compared to the user's browsing history.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageManagedQuickLinks
  • GP name: Set new tab page quick links
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Startup, home page and new tab page
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: NewTabPageManagedQuickLinks
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\NewTabPageManagedQuickLinks = [
  {
    "pinned": true,
    "title": "Contoso Portal",
    "url": "https://contoso.com"
  },
  {
    "title": "Fabrikam",
    "url": "https://fabrikam.com"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\NewTabPageManagedQuickLinks = [{"pinned": true, "title": "Contoso Portal", "url": "https://contoso.com"}, {"title": "Fabrikam", "url": "https://fabrikam.com"}]

Mac information and settings

  • Preference Key Name: NewTabPageManagedQuickLinks
  • Example value:
<key>NewTabPageManagedQuickLinks</key>
<array>
  <dict>
    <key>pinned</key>
    <true/>
    <key>title</key>
    <string>Contoso Portal</string>
    <key>url</key>
    <string>https://contoso.com</string>
  </dict>
  <dict>
    <key>title</key>
    <string>Fabrikam</string>
    <key>url</key>
    <string>https://fabrikam.com</string>
  </dict>
</array>

Back to top

NewTabPagePrerenderEnabled

Enable preload of the new tab page for faster rendering

Supported versions:

  • On Windows and macOS since 85 or later

Description

If you configure this policy, preloading the New tab page is enabled, and users can't change this setting. If you don't configure this policy, preloading is enabled and a user can change this setting.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPagePrerenderEnabled
  • GP name: Enable preload of the new tab page for faster rendering
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Startup, home page and new tab page
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: NewTabPagePrerenderEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: NewTabPagePrerenderEnabled
  • Example value:
<true/>

Back to top

NewTabPageQuickLinksEnabled

Supported versions:

  • On Windows and macOS since 91 or later

Description

If you enable or don't configure this policy, Microsoft Edge displays quick links on the new tab page, and the user can interact with the control, turning quick links on and off. Enabling this policy does not force quick links to be visible - the user can continue to turn quick links on and off.

If you disable this policy, Microsoft Edge hides quick links on the new tab page and disables the quick links control in the NTP settings flyout.

This policy only applies for Microsoft Edge local user profiles, profiles signed in using a Microsoft Account, and profiles signed in using Active Directory. To configure the Enterprise new tab page for profiles signed in using Azure Active Directory, use the M365 admin portal.

Related policies: NewTabPageAllowedBackgroundTypes, NewTabPageContentEnabled

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageQuickLinksEnabled
  • GP name: Allow quick links on the new tab page
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NewTabPageQuickLinksEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: NewTabPageQuickLinksEnabled
  • Example value:
<true/>

Back to top

NewTabPageSetFeedType

Configure the Microsoft Edge new tab page experience (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 92.

Supported versions:

  • On Windows and macOS since 79, until 92

Description

This policy is obsolete because the new version of the enterprise new tab page no longer requires choosing between different content types. Instead, the content that is presented to the user can be controlled via the Microsoft 365 admin center. To get to the Microsoft 365 admin center, sign in at https://admin.microsoft.com with your admin account.

Lets you choose either the Microsoft News or Office 365 feed experience for the new tab page.

When you set this policy to 'News', users will see the Microsoft News feed experience on the new tab page.

When you set this policy to 'Office', users with an Azure Active Directory browser sign-in will see the Office 365 feed experience on the new tab page.

If you disable or don't configure this policy:

  • Users with an Azure Active Directory browser sign-in are offered the Office 365 new tab page feed experience, as well as the standard new tab page feed experience.

  • Users without an Azure Active Directory browser sign-in will see the standard new tab page experience.

If you configure this policy and the NewTabPageLocation policy, NewTabPageLocation has precedence.

Default setting: Disabled or not configured.

Policy options mapping:

  • News (0) = Microsoft News feed experience

  • Office (1) = Office 365 feed experience

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewTabPageSetFeedType
  • GP name: Configure the Microsoft Edge new tab page experience (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Startup, home page and new tab page
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: NewTabPageSetFeedType
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: NewTabPageSetFeedType
  • Example value:
<integer>0</integer>

Back to top

RestoreOnStartup

Action to take on startup

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specify how Microsoft Edge behaves when it starts.

If you want a new tab to always open on startup, choose 'RestoreOnStartupIsNewTabPage'.

If you want to reopen URLs that were open the last time Microsoft Edge closed, choose 'RestoreOnStartupIsLastSession'. The browsing session will be restored as it was. Note that this option disables some settings that rely on sessions or that perform actions on exit (such as Clear browsing data on exit or session-only cookies).

If you want to open a specific set of URLs, choose 'RestoreOnStartupIsURLs'.

Disabling this setting is equivalent to leaving it not configured. Users will be able to change it in Microsoft Edge.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.

Policy options mapping:

  • RestoreOnStartupIsNewTabPage (5) = Open a new tab

  • RestoreOnStartupIsLastSession (1) = Restore the last session

  • RestoreOnStartupIsURLs (4) = Open a list of URLs

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RestoreOnStartup
  • GP name: Action to take on startup
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Startup, home page and new tab page
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: RestoreOnStartup
  • Value Type: REG_DWORD
Example value:
0x00000004

Mac information and settings

  • Preference Key Name: RestoreOnStartup
  • Example value:
<integer>4</integer>

Back to top

RestoreOnStartupURLs

Sites to open when the browser starts

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specify a list of websites to open automatically when the browser starts. If you don't configure this policy, no site is opened on startup.

This policy only works if you also set the RestoreOnStartup policy to 'Open a list of URLs' (4).

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory` or instances that enrolled for device management.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RestoreOnStartupURLs
  • GP name: Sites to open when the browser starts
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Startup, home page and new tab page
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLs
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended\RestoreOnStartupURLs
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLs\1 = "https://contoso.com"
SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLs\2 = "https://www.fabrikam.com"

Mac information and settings

  • Preference Key Name: RestoreOnStartupURLs
  • Example value:
<array>
  <string>https://contoso.com</string>
  <string>https://www.fabrikam.com</string>
</array>

Back to top

RestoreOnStartupUserURLsEnabled

Allow users to add and remove their own sites during startup when the RestoreOnStartupURLs policy is configured

Supported versions:

  • On Windows since 107 or later
  • On macOS since 111 or later

Description

This policy only works if you set the RestoreOnStartup policy to 'Open a list of URLs' (4) and the RestoreOnStartupURLs policy as mandatory. If you enable this policy, users are allowed to add and remove their own URLs to open when starting Edge while maintaining the admin specified mandatory list of sites specified by setting RestoreOnStartup policy to open a list of URLS and providing the list of sites in the RestoreOnStartupURLs policy.

If you disable or don't configure this policy, there is no change to how the RestoreOnStartup and RestoreOnStartupURLs policies work.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RestoreOnStartupUserURLsEnabled
  • GP name: Allow users to add and remove their own sites during startup when the RestoreOnStartupURLs policy is configured
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RestoreOnStartupUserURLsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: RestoreOnStartupUserURLsEnabled
  • Example value:
<true/>

Back to top

ShowHomeButton

Show Home button on toolbar

Supported versions:

  • On Windows and macOS since 77 or later

Description

Shows the Home button on Microsoft Edge's toolbar.

Enable this policy to always show the Home button. Disable it to never show the button.

If you don't configure the policy, users can choose whether to show the home button.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ShowHomeButton
  • GP name: Show Home button on toolbar
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Startup, home page and new tab page
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/Startup, home page and new tab page
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ShowHomeButton
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ShowHomeButton
  • Example value:
<true/>

Back to top

Additional policies

Back to top

AADWebSiteSSOUsingThisProfileEnabled

Single sign-on for work or school sites using this profile enabled

Supported versions:

  • On Windows and macOS since 92 or later

Description

'Allow single sign-on for work or school sites using this profile' option allows non-AAD profiles to be able to use single sign-on for work or school sites using work or school credentials present on the machine. This option shows up for end-users as a toggle in Settings -> Profiles -> Profile Preferences for non-AAD profiles only.

If you enable or disable this policy, 'Intelligent enablement of Single sign-on (SSO) for all Windows Azure Active Directory (Azure AD) accounts for users with a single non-Azure AD Microsoft Edge profile' will be turned off.

If you don't configure this policy, users can control whether to use SSO using other credentials present on the machine in edge://settings/profiles/multiProfileSettings.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AADWebSiteSSOUsingThisProfileEnabled
  • GP name: Single sign-on for work or school sites using this profile enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: AADWebSiteSSOUsingThisProfileEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AADWebSiteSSOUsingThisProfileEnabled
  • Example value:
<false/>

Back to top

AIGenThemesEnabled

Enables DALL-E themes generation

Supported versions:

  • On Windows and macOS since 122 or later

Description

This policy lets you generate browser themes using DALL-E and apply them to Microsoft Edge.

If you enable or don't configure this policy, the AI generated themes will be enabled.

If you disable this policy, the AI generated themes will be disabled for your organization.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AIGenThemesEnabled
  • GP name: Enables DALL-E themes generation
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AIGenThemesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AIGenThemesEnabled
  • Example value:
<true/>

Back to top

AccessibilityImageLabelsEnabled

Let screen reader users get image descriptions from Microsoft

Supported versions:

  • On Windows and macOS since 97 or later

Description

Lets screen reader users get descriptions of unlabeled images on the web.

If you enable or don't configure this policy, users have the option of using an anonymous Microsoft service. This service provides automatic descriptions for unlabeled images users encounter on the web when they're using a screen reader.

If you disable this policy, users can't enable the Get Image Descriptions from Microsoft feature.

When this feature is enabled, the content of images that need a generated description is sent to Microsoft servers to generate a description.

No cookies or other user data is sent to Microsoft, and Microsoft doesn't save or log any image content.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AccessibilityImageLabelsEnabled
  • GP name: Let screen reader users get image descriptions from Microsoft
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AccessibilityImageLabelsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AccessibilityImageLabelsEnabled
  • Example value:
<false/>

Back to top

AddressBarEditingEnabled

Configure address bar editing

Supported versions:

  • On Windows and macOS since 98 or later

Description

If you enable or don't configure this policy, users can change the URL in the address bar.

If you disable this policy, it prevents users from changing the URL in the address bar.

Note: This policy doesn't prevent the browser from navigating to any URL. Users can still navigate to any URL by using the search option in the default New Tab Page, or using any link that leads to a web search engine. To ensure that users can only go to sites you expect, consider configuring the following policies in addition to this policy:

  • NewTabPageLocation

  • HomepageLocation

  • HomepageIsNewTabPage

  • URLBlocklist and URLAllowlist to scope the pages that browser can navigate to.

    Supported features:

    • Can be mandatory: Yes
    • Can be recommended: No
    • Dynamic Policy Refresh: No - Requires browser restart
    • Per Profile: Yes
    • Applies to a profile that is signed in with a Microsoft account: Yes

    Data Type:

    • Boolean

    Windows information and settings

    Group Policy (ADMX) info
    • GP unique name: AddressBarEditingEnabled
    • GP name: Configure address bar editing
    • GP path (Mandatory): Administrative Templates/Microsoft Edge/
    • GP path (Recommended): N/A
    • GP ADMX file name: MSEdge.admx
    Windows Registry Settings
    • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
    • Path (Recommended): N/A
    • Value Name: AddressBarEditingEnabled
    • Value Type: REG_DWORD
    Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AddressBarEditingEnabled
  • Example value:
<true/>

Back to top

AddressBarMicrosoftSearchInBingProviderEnabled

Enable Microsoft Search in Bing suggestions in the address bar

Supported versions:

  • On Windows and macOS since 81 or later

Description

Enables the display of relevant Microsoft Search in Bing suggestions in the address bar's suggestion list when the user types a search string in the address bar. If you enable or don't configure this policy, users can see internal results powered by Microsoft Search in Bing in the Microsoft Edge address bar suggestion list. To see the Microsoft Search in Bing results, the user must be signed into Microsoft Edge with their Azure AD account for that organization. If you disable this policy, users can't see internal results in the Microsoft Edge address bar suggestion list. Starting with Microsoft Edge version 89, Microsoft Search in Bing suggestions will be available even if Bing isn't the user's default search provider.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AddressBarMicrosoftSearchInBingProviderEnabled
  • GP name: Enable Microsoft Search in Bing suggestions in the address bar
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AddressBarMicrosoftSearchInBingProviderEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AddressBarMicrosoftSearchInBingProviderEnabled
  • Example value:
<true/>

Back to top

AdsSettingForIntrusiveAdsSites

Ads setting for sites with intrusive ads

Supported versions:

  • On Windows and macOS since 78 or later

Description

Controls whether ads are blocked on sites with intrusive ads.

Policy options mapping:

  • AllowAds (1) = Allow ads on all sites

  • BlockAds (2) = Block ads on sites with intrusive ads. (Default value)

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AdsSettingForIntrusiveAdsSites
  • GP name: Ads setting for sites with intrusive ads
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AdsSettingForIntrusiveAdsSites
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AdsSettingForIntrusiveAdsSites
  • Example value:
<integer>1</integer>

Back to top

AdsTransparencyEnabled

Configure if the ads transparency feature is enabled

Supported versions:

  • On Windows and macOS since 100 or later

Description

Lets you decide whether the ads transparency feature is enabled. This behavior only applies to the "balanced" mode of tracking prevention, and does not impact "basic" or "strict" modes. Your users' tracking prevention level can be configured using the TrackingPrevention policy. AdsTransparencyEnabled will only have an effect if TrackingPrevention is set to TrackingPreventionBalanced or is not configured.

If you enable or don't configure this policy, transparency metadata provided by ads will be available to the user when the feature is active.

When the feature is enabled, Tracking Prevention will enable exceptions for the associated ad providers that have met Microsoft's privacy standards.

If you disable this policy, Tracking Prevention will not adjust its behavior even when transparency metadata is provided by ads.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AdsTransparencyEnabled
  • GP name: Configure if the ads transparency feature is enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AdsTransparencyEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AdsTransparencyEnabled
  • Example value:
<true/>

Back to top

AllowBackForwardCacheForCacheControlNoStorePageEnabled

Allow pages with Cache-Control: no-store header to enter back/forward cache

Supported versions:

  • On Windows and macOS since 123 or later

Description

This policy controls if a page with Cache-Control: no-store header can be stored in back/forward cache. The website setting this header may not expect the page to be restored from back/forward cache since some sensitive information could still be displayed after the restoration even if it is no longer accessible.

If you enable or don't configure this policy, the page with Cache-Control: no-store header might be restored from back/forward cache unless the cache eviction is triggered (e.g. when there is HTTP-only cookie change to the site).

If you disable this policy, the page with Cache-Control: no-store header will not be stored in back/forward cache.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowBackForwardCacheForCacheControlNoStorePageEnabled
  • GP name: Allow pages with Cache-Control: no-store header to enter back/forward cache
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AllowBackForwardCacheForCacheControlNoStorePageEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AllowBackForwardCacheForCacheControlNoStorePageEnabled
  • Example value:
<true/>

Back to top

AllowDeletingBrowserHistory

Enable deleting browser and download history

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enables deleting browser history and download history and prevents users from changing this setting.

Note that even with this policy is disabled, the browsing and download history aren't guaranteed to be retained: users can edit or delete the history database files directly, and the browser itself may remove (based on expiration period) or archive any or all history items at any time.

If you enable this policy or don't configure it, users can delete the browsing and download history.

If you disable this policy, users can't delete browsing and download history. Disabling this policy will disable history sync and open tab sync.

If you enable this policy, don't enable the ClearBrowsingDataOnExit policy, because they both deal with deleting data. If you enable both, the ClearBrowsingDataOnExit policy takes precedence and deletes all data when Microsoft Edge closes, regardless of how this policy is configured.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowDeletingBrowserHistory
  • GP name: Enable deleting browser and download history
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AllowDeletingBrowserHistory
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AllowDeletingBrowserHistory
  • Example value:
<true/>

Back to top

AllowFileSelectionDialogs

Allow file selection dialogs

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allow access to local files by letting Microsoft Edge display file selection dialogs.

If you enable or don't configure this policy, users can open file selection dialogs as normal.

If you disable this policy, whenever the user performs an action that triggers a file selection dialog (like importing favorites, uploading files, or saving links), a message is displayed instead, and the user is assumed to have clicked Cancel on the file selection dialog.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowFileSelectionDialogs
  • GP name: Allow file selection dialogs
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AllowFileSelectionDialogs
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AllowFileSelectionDialogs
  • Example value:
<true/>

Back to top

AllowGamesMenu

Allow users to access the games menu (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 99 or later

Description

This policy is deprecated because it can be managed using the HubsSidebarEnabled policy.

If you enable or don't configure this policy, users can access the games menu.

If you disable this policy, users won't be able to access the games menu.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowGamesMenu
  • GP name: Allow users to access the games menu (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AllowGamesMenu
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AllowGamesMenu
  • Example value:
<false/>

Back to top

AllowPopupsDuringPageUnload

Allows a page to show popups during its unloading (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 87.

Supported versions:

  • On Windows and macOS since 78, until 87

Description

This policy allows an admin to specify that a page can show popups during its unloading.

When the policy is set to enabled, pages are allowed to show popups while they're being unloaded.

When the policy is set to disabled or unset, pages aren't allowed to show popups while they're being unloaded. This is as per the spec: (https://html.spec.whatwg.org/#apis-for-creating-and-navigating-browsing-contexts-by-name).

This policy was removed in Microsoft Edge 88 and is ignored if set.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowPopupsDuringPageUnload
  • GP name: Allows a page to show popups during its unloading (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AllowPopupsDuringPageUnload
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AllowPopupsDuringPageUnload
  • Example value:
<false/>

Back to top

AllowSurfGame

Allow surf game

Supported versions:

  • On Windows and macOS since 83 or later

Description

If you disable this policy, users won't be able to play the surf game when the device is offline or if the user navigates to edge://surf.

If you enable or don't configure this policy, users can play the surf game.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowSurfGame
  • GP name: Allow surf game
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AllowSurfGame
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AllowSurfGame
  • Example value:
<false/>

Back to top

AllowSyncXHRInPageDismissal

Allow pages to send synchronous XHR requests during page dismissal (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 99.

Supported versions:

  • On Windows and macOS since 79, until 99

Description

This policy is obsolete because it was only intended to be a short-term mechanism to give enterprises more time to update their web content if and when it was found to be incompatible with the change to disallow synchronous XHR requests during page dismissal. It doesn't work in Microsoft Edge after version 99.

This policy lets you specify that a page can send synchronous XHR requests during page dismissal.

If you enable this policy, pages can send synchronous XHR requests during page dismissal.

If you disable this policy or don't configure this policy, pages aren't allowed to send synchronous XHR requests during page dismissal.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowSyncXHRInPageDismissal
  • GP name: Allow pages to send synchronous XHR requests during page dismissal (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AllowSyncXHRInPageDismissal
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AllowSyncXHRInPageDismissal
  • Example value:
<false/>

Back to top

AllowSystemNotifications

Allows system notifications

Supported versions:

  • On Windows since 117 or later

Description

Lets you use system notifications instead of Microsoft Edge's embedded Message Center on Windows and Linux.

If set to True or not set, Microsoft Edge is allowed to use system notifications.

If set to False, Microsoft Edge will not use system notifications. Microsoft Edge's embedded Message Center will be used as a fallback.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowSystemNotifications
  • GP name: Allows system notifications
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AllowSystemNotifications
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

AllowTokenBindingForUrls

Configure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with

Supported versions:

  • On Windows since 83 or later

Description

Configure the list of URL patterns for sites that the browser will attempt to perform the Token Binding protocol with. For the domains on this list, the browser will send the Token Binding ClientHello in the TLS handshake (See https://tools.ietf.org/html/rfc8472). If the server responds with a valid ServerHello response, the browser will create and send Token Binding messages on subsequent https requests. See https://tools.ietf.org/html/rfc8471 for more info.

If this list is empty, Token Binding will be disabled.

This policy is only available on Windows 10 devices with Virtual Secure Mode capability.

Starting in Microsoft Edge 86, this policy no longer supports dynamic refresh.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowTokenBindingForUrls
  • GP name: Configure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\AllowTokenBindingForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\AllowTokenBindingForUrls\1 = "mydomain.com"
SOFTWARE\Policies\Microsoft\Edge\AllowTokenBindingForUrls\2 = "[*.]mydomain2.com"
SOFTWARE\Policies\Microsoft\Edge\AllowTokenBindingForUrls\3 = "[*.].mydomain2.com"

Back to top

AllowTrackingForUrls

Configure tracking prevention exceptions for specific sites

Supported versions:

  • On Windows and macOS since 78 or later

Description

Configure the list of URL patterns that are excluded from tracking prevention.

If you configure this policy, the list of configured URL patterns is excluded from tracking prevention.

If you don't configure this policy, the global default value from the "Block tracking of users' web-browsing activity" policy (if set) or the user's personal configuration is used for all sites.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowTrackingForUrls
  • GP name: Configure tracking prevention exceptions for specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\AllowTrackingForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\AllowTrackingForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\AllowTrackingForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: AllowTrackingForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

AllowWebAuthnWithBrokenTlsCerts

Allow Web Authentication requests on sites with broken TLS certificates.

Supported versions:

  • On Windows and macOS since 123 or later

Description

If you enable this policy, Microsoft Edge will allow Web Authentication requests on websites that have TLS certificates with errors (i.e. websites considered not secure).

If you disable or don't configure this policy, the default behavior of blocking such requests will apply.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowWebAuthnWithBrokenTlsCerts
  • GP name: Allow Web Authentication requests on sites with broken TLS certificates.
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AllowWebAuthnWithBrokenTlsCerts
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AllowWebAuthnWithBrokenTlsCerts
  • Example value:
<true/>

Back to top

AllowedDomainsForApps

Define domains allowed to access Google Workspace

Supported versions:

  • On Windows and macOS since 104 or later

Description

Setting the policy on Microsoft Edge turns on the restricted sign-in feature in Google Workspace and prevents users from changing this setting. Users can only access Google tools using accounts from the specified domains. To allow gmail or googlemail accounts, add consumer_accounts to the list of domains. This policy is based on the Chrome policy of the same name.

If you don't provide a domain name or leave this policy unset, users can access Google Workspace with any account.

Users cannot change or override this setting.

Note: This policy causes the X-GoogApps-Allowed-Domains header to be appended to all HTTP and HTTPS requests to all google.com domains, as described in https://go.microsoft.com/fwlink/?linkid=2197973.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AllowedDomainsForApps
  • GP name: Define domains allowed to access Google Workspace
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AllowedDomainsForApps
  • Value Type: REG_SZ
Example value:
"example.com"

Mac information and settings

  • Preference Key Name: AllowedDomainsForApps
  • Example value:
<string>example.com</string>

Back to top

AlternateErrorPagesEnabled

Suggest similar pages when a webpage can't be found

Supported versions:

  • On Windows and macOS since 80 or later

Description

Allow Microsoft Edge to issue a connection to a web service to generate URL and search suggestions for connectivity issues such as DNS errors.

If you enable this policy, a web service is used to generate url and search suggestions for network errors.

If you disable this policy, no calls to the web service are made and a standard error page is shown.

If you don't configure this policy, Microsoft Edge respects the user preference that's set under Services at edge://settings/privacy. Specifically, there's a Suggest similar pages when a webpage can't be found toggle, which the user can switch on or off. Note that if you have enable this policy (AlternateErrorPagesEnabled), the Suggest similar pages when a webpage can't be found setting is turned on, but the user can't change the setting by using the toggle. If you disable this policy, the Suggest similar pages when a webpage can't be found setting is turned off, and the user can't change the setting by using the toggle.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AlternateErrorPagesEnabled
  • GP name: Suggest similar pages when a webpage can't be found
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: AlternateErrorPagesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AlternateErrorPagesEnabled
  • Example value:
<true/>

Back to top

AlwaysOpenPdfExternally

Always open PDF files externally

Supported versions:

  • On Windows and macOS since 77 or later

Description

Disables the internal PDF viewer in Microsoft Edge.

If you enable this policy Microsoft Edge treats PDF files as downloads and lets users open them with the default application.

If Microsoft Edge is the default PDF reader, PDF files aren't downloaded and will continue to open in Microsoft Edge.

If you don't configure this policy or disable it, Microsoft Edge will open PDF files (unless the user disables it).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AlwaysOpenPdfExternally
  • GP name: Always open PDF files externally
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AlwaysOpenPdfExternally
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AlwaysOpenPdfExternally
  • Example value:
<true/>

Back to top

AmbientAuthenticationInPrivateModesEnabled

Enable Ambient Authentication for InPrivate and Guest profiles

Supported versions:

  • On Windows and macOS since 81 or later

Description

Configure this policy to allow/disallow ambient authentication for InPrivate and Guest profiles in Microsoft Edge.

Ambient Authentication is http authentication with default credentials when explicit credentials aren't provided via NTLM/Kerberos/Negotiate challenge/response schemes.

If you set the policy to 'RegularOnly', it allows ambient authentication for Regular sessions only. InPrivate and Guest sessions won't be allowed to ambiently authenticate.

If you set the policy to 'InPrivateAndRegular', it allows ambient authentication for InPrivate and Regular sessions. Guest sessions won't be allowed to ambiently authenticate.

If you set the policy to 'GuestAndRegular', it allows ambient authentication for Guest and Regular sessions. InPrivate sessions won't be allowed to ambiently authenticate

If you set the policy to 'All', it allows ambient authentication for all sessions.

Note that ambient authentication is always allowed on regular profiles.

In Microsoft Edge version 81 and later, if the policy is left not set, ambient authentication will be enabled in regular sessions only.

Policy options mapping:

  • RegularOnly (0) = Enable ambient authentication in regular sessions only

  • InPrivateAndRegular (1) = Enable ambient authentication in InPrivate and regular sessions

  • GuestAndRegular (2) = Enable ambient authentication in guest and regular sessions

  • All (3) = Enable ambient authentication in regular, InPrivate and guest sessions

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AmbientAuthenticationInPrivateModesEnabled
  • GP name: Enable Ambient Authentication for InPrivate and Guest profiles
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AmbientAuthenticationInPrivateModesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AmbientAuthenticationInPrivateModesEnabled
  • Example value:
<integer>0</integer>

Back to top

AppCacheForceEnabled

Allows the AppCache feature to be re-enabled, even if it's turned off by default (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 96.

Supported versions:

  • On Windows and macOS since 84, until 96

Description

Support for AppCache and this policy was removed from Microsoft Edge starting in version 97.

If you set this policy to true, the AppCache is enabled, even when AppCache in Microsoft Edge is not available by default.

If you set this policy to false, or don't set it, AppCache will follow Microsoft Edge's defaults.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AppCacheForceEnabled
  • GP name: Allows the AppCache feature to be re-enabled, even if it's turned off by default (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AppCacheForceEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AppCacheForceEnabled
  • Example value:
<false/>

Back to top

ApplicationLocaleValue

Set application locale

Supported versions:

  • On Windows since 77 or later

Description

Configures the application locale in Microsoft Edge and prevents users from changing the locale.

If you enable this policy, Microsoft Edge uses the specified locale. If the configured locale isn't supported, 'en-US' is used instead.

If you disable or don't configure this setting, Microsoft Edge uses either the user-specified preferred locale (if configured) or the fallback locale 'en-US'.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ApplicationLocaleValue
  • GP name: Set application locale
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ApplicationLocaleValue
  • Value Type: REG_SZ
Example value:
"en"

Back to top

AskBeforeCloseEnabled

Get user confirmation before closing a browser window with multiple tabs

Supported versions:

  • On Windows and macOS since 104 or later

Description

This policy lets you configure whether users see a confirmation dialog before closing a browser window with multiple tabs. This dialog asks users to confirm that the browser window can be closed.

If you enable this policy, users will be presented with a confirmation dialog when closing a browser window with multiple tabs.

If you disable or don't configure this policy, a browser window with multiple tabs will close immediately without user confirmation.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AskBeforeCloseEnabled
  • GP name: Get user confirmation before closing a browser window with multiple tabs
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: AskBeforeCloseEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AskBeforeCloseEnabled
  • Example value:
<true/>

Back to top

AudioCaptureAllowed

Allow or block audio capture

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows you to set whether a user is prompted to grant a website access to their audio capture device. This policy applies to all URLs except for those configured in the AudioCaptureAllowedUrls list.

If you enable this policy or don't configure it (the default setting), the user is prompted for audio capture access except from the URLs in the AudioCaptureAllowedUrls list. These listed URLs are granted access without prompting.

If you disable this policy, the user is not prompted, and audio capture is accessible only to the URLs configured in AudioCaptureAllowedUrls.

This policy affects all types of audio inputs, not only the built-in microphone.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AudioCaptureAllowed
  • GP name: Allow or block audio capture
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AudioCaptureAllowed
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AudioCaptureAllowed
  • Example value:
<false/>

Back to top

AudioCaptureAllowedUrls

Sites that can access audio capture devices without requesting permission

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specify websites, based on URL patterns, that can use audio capture devices without asking the user for permission. Patterns in this list are matched against the security origin of the requesting URL. If they match, the site is automatically granted access to audio capture devices.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AudioCaptureAllowedUrls
  • GP name: Sites that can access audio capture devices without requesting permission
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\AudioCaptureAllowedUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\AudioCaptureAllowedUrls\1 = "https://www.contoso.com/"
SOFTWARE\Policies\Microsoft\Edge\AudioCaptureAllowedUrls\2 = "https://[*.]contoso.edu/"

Mac information and settings

  • Preference Key Name: AudioCaptureAllowedUrls
  • Example value:
<array>
  <string>https://www.contoso.com/</string>
  <string>https://[*.]contoso.edu/</string>
</array>

Back to top

AudioProcessHighPriorityEnabled

Allow the audio process to run with priority above normal on Windows

Supported versions:

  • On Windows since 96 or later

Description

This policy controls the priority of the audio process on Windows. If this policy is enabled, the audio process will run with above normal priority. If this policy is disabled, the audio process will run with normal priority. If this policy is not configured, the default configuration for the audio process will be used. This policy is intended as a temporary measure to give enterprises the ability to run audio with higher priority to address certain performance issues with audio capture. This policy will be removed in the future.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AudioProcessHighPriorityEnabled
  • GP name: Allow the audio process to run with priority above normal on Windows
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AudioProcessHighPriorityEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

AudioSandboxEnabled

Allow the audio sandbox to run

Supported versions:

  • On Windows and macOS since 81 or later

Description

This policy controls the audio process sandbox.

If you enable this policy, the audio process will run sandboxed.

If you disable this policy, the audio process will run unsandboxed and the WebRTC audio-processing module will run in the renderer process. This leaves users open to security risks related to running the audio subsystem unsandboxed.

If you don't configure this policy, the default configuration for the audio sandbox will be used, which might differ based on the platform.

This policy is intended to give enterprises flexibility to disable the audio sandbox if they use security software setups that interfere with the sandbox.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AudioSandboxEnabled
  • GP name: Allow the audio sandbox to run
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AudioSandboxEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AudioSandboxEnabled
  • Example value:
<true/>

Back to top

AutoImportAtFirstRun

Automatically import another browser's data and settings at first run

Supported versions:

  • On Windows and macOS since 77 or later

Description

If you enable this policy, all supported datatypes and settings from the specified browser will be silently and automatically imported at first run. During the First Run Experience, the import section will also be skipped.

The browser data from Microsoft Edge Legacy will always be silently migrated at the first run, irrespective of the value of this policy.

If this policy is set to 'FromDefaultBrowser', then the datatypes corresponding to the default browser on the managed device will be imported.

If the browser specified as the value of this policy is not present in the managed device, Microsoft Edge will simply skip the import without any notification to the user.

If you set this policy to 'DisabledAutoImport', the import section of the first-run experience is skipped entirely and Microsoft Edge doesn't import browser data and settings automatically.

If this policy is set to the value of 'FromInternetExplorer', the following datatypes will be imported from Internet Explorer:

  1. Favorites or bookmarks
  2. Saved passwords
  3. Search engines
  4. Browsing history
  5. Home page

If this policy is set to the value of 'FromGoogleChrome', the following datatypes will be imported from Google Chrome:

  1. Favorites
  2. Saved passwords
  3. Addresses and more
  4. Payment info
  5. Browsing history
  6. Settings
  7. Pinned and Open tabs
  8. Extensions
  9. Cookies

Note: For more details on what is imported from Google Chrome, please see https://go.microsoft.com/fwlink/?linkid=2120835

If this policy is set to the value of 'FromSafari', user data is no longer imported into Microsoft Edge. This is due to the way Full Disk Access works on Mac. On macOS Mojave and above, it's no longer possible to have automated and unattended import of Safari data into Microsoft Edge.

Starting with Microsoft Edge version 83, if this policy is set to the value of 'FromMozillaFirefox', the following datatypes will be imported from Mozilla Firefox:

  1. Favorites or bookmarks
  2. Saved passwords
  3. Addresses and more
  4. Browsing History

If you want to restrict specific datatypes from getting imported on the managed devices, you can use this policy with other policies such as ImportAutofillFormData, ImportBrowserSettings, ImportFavorites, and etc.

Policy options mapping:

  • FromDefaultBrowser (0) = Automatically imports all supported datatypes and settings from the default browser

  • FromInternetExplorer (1) = Automatically imports all supported datatypes and settings from Internet Explorer

  • FromGoogleChrome (2) = Automatically imports all supported datatypes and settings from Google Chrome

  • FromSafari (3) = Automatically imports all supported datatypes and settings from Safari

  • DisabledAutoImport (4) = Disables automatic import, and the import section of the first-run experience is skipped

  • FromMozillaFirefox (5) = Automatically imports all supported datatypes and settings from Mozilla Firefox

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutoImportAtFirstRun
  • GP name: Automatically import another browser's data and settings at first run
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AutoImportAtFirstRun
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: AutoImportAtFirstRun
  • Example value:
<integer>2</integer>

Back to top

AutoLaunchProtocolsComponentEnabled

AutoLaunch Protocols Component Enabled

Supported versions:

  • On Windows and macOS since 96 or later

Description

Specifies whether the AutoLaunch Protocols component should be enabled. This component allows Microsoft to provide a list similar to that of the AutoLaunchProtocolsFromOrigins policy, allowing certain external protocols to launch without prompt or blocking certain protocols (on specified origins). By default, this component is enabled.

If you enable or don't configure this policy, the AutoLaunch Protocols component is enabled.

If you disable this policy, the AutoLaunch Protocols component is disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutoLaunchProtocolsComponentEnabled
  • GP name: AutoLaunch Protocols Component Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AutoLaunchProtocolsComponentEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AutoLaunchProtocolsComponentEnabled
  • Example value:
<true/>

Back to top

AutoLaunchProtocolsFromOrigins

Define a list of protocols that can launch an external application from listed origins without prompting the user

Supported versions:

  • On Windows and macOS since 85 or later

Description

Allows you to set a list of protocols, and for each protocol an associated list of allowed origin patterns, that can launch an external application without prompting the user. The trailing separator should not be included when listing the protocol and the protocol should be all lower case. For example, list "skype" instead of "skype:", "skype://" or "Skype".

If you configure this policy, a protocol will only be permitted to launch an external application without prompting by policy if:

  • the protocol is listed

  • the origin of the site trying to launch the protocol matches one of the origin patterns in that protocol's allowed_origins list.

If either condition is false, the external protocol launch prompt will not be omitted by policy.

If you don't configure this policy, no protocols can launch without a prompt. Users can opt out of prompts on a per-protocol/per-site basis unless the ExternalProtocolDialogShowAlwaysOpenCheckbox policy is set to Disabled. This policy has no impact on per-protocol/per-site prompt exemptions set by users.

The origin matching patterns use a similar format to those for the URLBlocklist policy, which are documented at https://go.microsoft.com/fwlink/?linkid=2095322.

However, origin matching patterns for this policy cannot contain "/path" or "@query" elements. Any pattern that does contain a "/path" or "@query" element will be ignored.

This policy does not work as expected with file://* wildcards.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutoLaunchProtocolsFromOrigins
  • GP name: Define a list of protocols that can launch an external application from listed origins without prompting the user
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AutoLaunchProtocolsFromOrigins
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\AutoLaunchProtocolsFromOrigins = [
  {
    "allowed_origins": [
      "example.com",
      "http://www.example.com:8080"
    ],
    "protocol": "spotify"
  },
  {
    "allowed_origins": [
      "https://example.com",
      "https://.mail.example.com"
    ],
    "protocol": "msteams"
  },
  {
    "allowed_origins": [
      "*"
    ],
    "protocol": "msoutlook"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\AutoLaunchProtocolsFromOrigins = [{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "msteams"}, {"allowed_origins": ["*"], "protocol": "msoutlook"}]

Mac information and settings

  • Preference Key Name: AutoLaunchProtocolsFromOrigins
  • Example value:
<key>AutoLaunchProtocolsFromOrigins</key>
<array>
  <dict>
    <key>allowed_origins</key>
    <array>
      <string>example.com</string>
      <string>http://www.example.com:8080</string>
    </array>
    <key>protocol</key>
    <string>spotify</string>
  </dict>
  <dict>
    <key>allowed_origins</key>
    <array>
      <string>https://example.com</string>
      <string>https://.mail.example.com</string>
    </array>
    <key>protocol</key>
    <string>msteams</string>
  </dict>
  <dict>
    <key>allowed_origins</key>
    <array>
      <string>*</string>
    </array>
    <key>protocol</key>
    <string>msoutlook</string>
  </dict>
</array>

Back to top

AutoOpenAllowedForURLs

URLs where AutoOpenFileTypes can apply

Supported versions:

  • On Windows and macOS since 85 or later

Description

A list of URLs to which AutoOpenFileTypes will apply to. This policy has no impact on automatically open values set by users via the download shelf ... > "Always open files of this type" menu entry.

If you set URLs in this policy, files will only automatically open by policy if the URL is part of this set and the file type is listed in AutoOpenFileTypes. If either condition is false, the download won't automatically open by policy.

If you don't set this policy, all downloads where the file type is in AutoOpenFileTypes will automatically open.

A URL pattern has to be formatted according to https://go.microsoft.com/fwlink/?linkid=2095322.

This policy does not work as expected with file://* wildcards.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutoOpenAllowedForURLs
  • GP name: URLs where AutoOpenFileTypes can apply
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\AutoOpenAllowedForURLs
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\AutoOpenAllowedForURLs\1 = "example.com"
SOFTWARE\Policies\Microsoft\Edge\AutoOpenAllowedForURLs\2 = "https://ssl.server.com"
SOFTWARE\Policies\Microsoft\Edge\AutoOpenAllowedForURLs\3 = "hosting.com/good_path"
SOFTWARE\Policies\Microsoft\Edge\AutoOpenAllowedForURLs\4 = "https://server:8080/path"
SOFTWARE\Policies\Microsoft\Edge\AutoOpenAllowedForURLs\5 = ".exact.hostname.com"

Mac information and settings

  • Preference Key Name: AutoOpenAllowedForURLs
  • Example value:
<array>
  <string>example.com</string>
  <string>https://ssl.server.com</string>
  <string>hosting.com/good_path</string>
  <string>https://server:8080/path</string>
  <string>.exact.hostname.com</string>
</array>

Back to top

AutoOpenFileTypes

List of file types that should be automatically opened on download

Supported versions:

  • On Windows and macOS since 85 or later

Description

This policy sets a list of file types that should be automatically opened on download. Note: The leading separator should not be included when listing the file type, so list "txt" instead of ".txt".

By default, these file types will be automatically opened on all URLs. You can use the AutoOpenAllowedForURLs policy to restrict the URLs for which these file types will be automatically opened on.

Files with types that should be automatically opened will still be subject to the enabled Microsoft Defender SmartScreen checks and won't be opened if they fail those checks.

File types that a user has already specified to automatically be opened will continue to do so when downloaded. The user will continue to be able to specify other file types to be automatically opened.

If you don't set this policy, only file types that a user has already specified to automatically be opened will do so when downloaded.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory or instances that enrolled for device management.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutoOpenFileTypes
  • GP name: List of file types that should be automatically opened on download
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\AutoOpenFileTypes
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\AutoOpenFileTypes\1 = "exe"
SOFTWARE\Policies\Microsoft\Edge\AutoOpenFileTypes\2 = "txt"

Mac information and settings

  • Preference Key Name: AutoOpenFileTypes
  • Example value:
<array>
  <string>exe</string>
  <string>txt</string>
</array>

Back to top

AutofillAddressEnabled

Enable AutoFill for addresses

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enables the AutoFill feature and allows users to auto-complete address information in web forms using previously stored information.

If you disable this policy, AutoFill never suggests or fills in address information, nor does it save additional address information that the user might submit while browsing the web.

If you enable this policy or don't configure it, users can control AutoFill for addresses in the user interface.

Note that if you disable this policy you also stop all activity for all web forms, except payment and password forms. No further entries are saved, and Microsoft Edge won't suggest or AutoFill any previous entries.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutofillAddressEnabled
  • GP name: Enable AutoFill for addresses
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: AutofillAddressEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AutofillAddressEnabled
  • Example value:
<false/>

Back to top

AutofillCreditCardEnabled

Enable AutoFill for payment instruments

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enables Microsoft Edge's AutoFill feature and lets users auto complete payment instruments like credit or debit cards in web forms using previously stored information. This includes suggesting new payment instruments like Buy Now Pay Later (BNPL) in web forms and Express Checkout.

If you enable this policy or don't configure it, users can control AutoFill for payment instruments.

If you disable this policy, AutoFill never suggests, fills, or recommends new payment Instruments. Additionally, it won't save any payment instrument information that users submit while browsing the web.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutofillCreditCardEnabled
  • GP name: Enable AutoFill for payment instruments
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: AutofillCreditCardEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: AutofillCreditCardEnabled
  • Example value:
<false/>

Back to top

AutofillMembershipsEnabled

Save and fill memberships

Supported versions:

  • On Windows and macOS since 110 or later

Description

This policy lets you decide whether users can have their membership info (for example, program name and membership number) automatically saved and used to fill form fields while using Microsoft Edge. By default, users can choose whether to enable it or not.

If you enable this policy, users can only have their membership info automatically saved and used to fill form fields while using Microsoft Edge.

If you don't configure this policy, users can choose whether to have their membership info automatically saved and used to fill form fields while using Microsoft Edge.

If you disable this policy, users can't have their membership info automatically saved and used to fill form fields while using Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutofillMembershipsEnabled
  • GP name: Save and fill memberships
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: AutofillMembershipsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AutofillMembershipsEnabled
  • Example value:
<true/>

Back to top

AutomaticHttpsDefault

Configure Automatic HTTPS

Supported versions:

  • On Windows and macOS since 92 or later

Description

This policy lets you manage settings for AutomaticHttpsDefault, which switches connections from HTTP to HTTPS.

This feature helps protect against man-in-the-middle attacks by enforcing more secure connections, but users might experience more connection errors.

Microsoft Edge attempts to upgrade some navigations from HTTP to HTTPS, when possible. This policy can be used to disable this behavior. If set to "AlwaysUpgrade" or left unset, this feature will be enabled by default.

The separate HttpAllowlist policy can be used to exempt specific hostnames or hostname patterns from being upgraded to HTTPS by this feature.

Starting in Microsoft Edge 111, "UpgradePossibleDomains" is deprecated and is treated the same as "DisableAutomaticHttps". It won't work in Microsoft Edge version 114.

Policy options mapping:

  • DisableAutomaticHttps (0) = Automatic HTTPS functionality is disabled.

  • UpgradeCapableDomains (1) = (Deprecated) Navigations delivered over HTTP are switched to HTTPS, only on domains likely to support HTTPS.

  • AlwaysUpgrade (2) = All navigations delivered over HTTP are switched to HTTPS. Connection errors might occur more often.

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutomaticHttpsDefault
  • GP name: Configure Automatic HTTPS
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: AutomaticHttpsDefault
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: AutomaticHttpsDefault
  • Example value:
<integer>2</integer>

Back to top

AutoplayAllowed

Allow media autoplay for websites

Supported versions:

  • On Windows and macOS since 78 or later

Description

This policy sets the media autoplay policy for websites.

The default setting, "Not configured" respects the current media autoplay settings and lets users configure their autoplay settings.

Setting to "Enabled" sets media autoplay to "Allow". All websites are allowed to autoplay media. Users can't override this policy.

Setting to "Disabled" sets media autoplay to "Limit". This limits websites that are allowed to autoplay media to webpages with high media engagement and active WebRTC streams. Prior to Microsoft Edge version 92, this would set media autoplay to "Block". Users can't override this policy.

A tab will need to be closed and re-opened for this policy to take effect.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutoplayAllowed
  • GP name: Allow media autoplay for websites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: AutoplayAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: AutoplayAllowed
  • Example value:
<true/>

Back to top

AutoplayAllowlist

Allow media autoplay on specific sites

Supported versions:

  • On Windows and macOS since 93 or later

Description

Define a list of sites, based on URL patterns, that are allowed to autoplay media.

If you don't configure this policy, the global default value from the AutoplayAllowed policy (if set) or the user's personal configuration is used for all sites.

For detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.

Note: * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: AutoplayAllowlist
  • GP name: Allow media autoplay on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\AutoplayAllowlist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\AutoplayAllowlist\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\AutoplayAllowlist\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: AutoplayAllowlist
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

BackgroundModeEnabled

Continue running background apps after Microsoft Edge closes

Supported versions:

  • On Windows since 77 or later

Description

Allows Microsoft Edge processes to start at OS sign-in and keep running after the last browser window is closed. In this scenario, background apps and the current browsing session remain active, including any session cookies. An open background process displays an icon in the system tray and can always be closed from there.

If you enable this policy, background mode is turned on.

If you disable this policy, background mode is turned off.

If you don't configure this policy, background mode is initially turned off, and the user can configure its behavior in edge://settings/system.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BackgroundModeEnabled
  • GP name: Continue running background apps after Microsoft Edge closes
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: BackgroundModeEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

BackgroundTemplateListUpdatesEnabled

Enables background updates to the list of available templates for Collections and other features that use templates (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 79 or later

Description

This policy is deprecated because we are moving to a new policy. It won't work in Microsoft Edge as soon as version 104. The new policy to use is EdgeAssetDeliveryServiceEnabled.

Lets you enable or disable background updates to the list of available templates for Collections and other features that use templates. Templates are used to extract rich metadata from a webpage when the page is saved to a collection.

If you enable this setting or the setting is unconfigured, the list of available templates will be downloaded in the background from a Microsoft service every 24 hours.

If you disable this setting the list of available templates will be downloaded on demand. This type of download might result in small performance penalties for Collections and other features.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BackgroundTemplateListUpdatesEnabled
  • GP name: Enables background updates to the list of available templates for Collections and other features that use templates (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BackgroundTemplateListUpdatesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: BackgroundTemplateListUpdatesEnabled
  • Example value:
<true/>

Back to top

BeforeunloadEventCancelByPreventDefaultEnabled

Control the behavior for the cancel dialog produced by the beforeunload event

Supported versions:

  • On Windows and macOS since 118 or later

Description

This policy provides a temporary opt-out for two related fixes to the behavior of the confirmation dialog that's shown by the beforeunload event.

When this policy is Enabled, the new (correct) behavior will be used. When this policy is Disabled, the old (legacy) behavior will be used. When this policy is left not set, the default behavior will be used. Note: This policy is a temporary workaround and will be removed in a future release.

New and correct behavior: In beforeunload, calling event.preventDefault() will trigger the confirmation dialog. Setting event.returnValue to the empty string won't trigger the confirmation dialog.

Old and legacy behavior: In beforeunload, calling event.preventDefault() won't trigger the confirmation dialog. Setting event.returnValue to the empty string will trigger the confirmation dialog.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BeforeunloadEventCancelByPreventDefaultEnabled
  • GP name: Control the behavior for the cancel dialog produced by the beforeunload event
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BeforeunloadEventCancelByPreventDefaultEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: BeforeunloadEventCancelByPreventDefaultEnabled
  • Example value:
<true/>

Back to top

BingAdsSuppression

Block all ads on Bing search results

Supported versions:

  • On Windows and macOS since 83 or later

Description

Enables an ad-free search experience on Bing.com

If you enable this policy, then a user can search on bing.com and have an ad-free search experience. At the same time, the SafeSearch setting will be set to 'Strict' and can't be changed by the user.

If you don't configure this policy, then the default experience will have ads in the search results on bing.com. SafeSearch will be set to 'Moderate' by default and can be changed by the user.

This policy is only available for K-12 SKUs that are identified as EDU tenants by Microsoft.

Please refer to https://go.microsoft.com/fwlink/?linkid=2119711 to learn more about this policy or if the following scenarios apply to you:

  • You have an EDU tenant, but the policy doesn't work.

  • You had your IP allowlisted for having an ad free search experience.

  • You were experiencing an ad-free search experience on Microsoft Edge Legacy and want to upgrade to the new version of Microsoft Edge.

    Supported features:

    • Can be mandatory: Yes
    • Can be recommended: No
    • Dynamic Policy Refresh: No - Requires browser restart
    • Per Profile: No
    • Applies to a profile that is signed in with a Microsoft account: Yes

    Data Type:

    • Boolean

    Windows information and settings

    Group Policy (ADMX) info
    • GP unique name: BingAdsSuppression
    • GP name: Block all ads on Bing search results
    • GP path (Mandatory): Administrative Templates/Microsoft Edge/
    • GP path (Recommended): N/A
    • GP ADMX file name: MSEdge.admx
    Windows Registry Settings
    • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
    • Path (Recommended): N/A
    • Value Name: BingAdsSuppression
    • Value Type: REG_DWORD
    Example value:
0x00000001

Mac information and settings

  • Preference Key Name: BingAdsSuppression
  • Example value:
<true/>

Back to top

BlockThirdPartyCookies

Block third party cookies

Supported versions:

  • On Windows and macOS since 77 or later

Description

Block web page elements that aren't from the domain that's in the address bar from setting cookies.

If you enable this policy, web page elements that are not from the domain that is in the address bar can't set cookies

If you disable this policy, web page elements from domains other than in the address bar can set cookies.

If you don't configure this policy, third-party cookies are enabled but users can change this setting.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BlockThirdPartyCookies
  • GP name: Block third party cookies
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: BlockThirdPartyCookies
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: BlockThirdPartyCookies
  • Example value:
<false/>

Back to top

BrowserAddProfileEnabled

Enable profile creation from the Identity flyout menu or the Settings page

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows users to create new profiles, using the Add profile option. If you enable this policy or don't configure it, Microsoft Edge allows users to use Add profile on the Identity flyout menu or the Settings page to create new profiles.

If you disable this policy, users cannot add new profiles from the Identity flyout menu or the Settings page.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BrowserAddProfileEnabled
  • GP name: Enable profile creation from the Identity flyout menu or the Settings page
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BrowserAddProfileEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: BrowserAddProfileEnabled
  • Example value:
<true/>

Back to top

BrowserCodeIntegritySetting

Configure browser process code integrity guard setting

Supported versions:

  • On Windows since 104 or later

Description

This policy controls the use of code integrity guard in the browser process, which only allows Microsoft signed binaries to load.

Setting this policy to Enabled will enable code integrity guard in the browser process.

Setting this policy to Disabled, or if the policy is not set, will prevent the browser from enabling code integrity guard in the browser process.

The policy value Audit (1) is obsolete as of version 110. Setting this value is equivalent to the Disabled value.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, or Windows 10 Pro or Enterprise instances that enrolled for device management.

This policy will only take effect on Windows 10 RS2 and above.

Policy options mapping:

  • Disabled (0) = Do not enable code integrity guard in the browser process.

  • Audit (1) = Enable code integrity guard audit mode in the browser process.

  • Enabled (2) = Enable code integrity guard enforcement in the browser process.

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BrowserCodeIntegritySetting
  • GP name: Configure browser process code integrity guard setting
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BrowserCodeIntegritySetting
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

BrowserGuestModeEnabled

Enable guest mode

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enable the option to allow the use of guest profiles in Microsoft Edge. In a guest profile, the browser doesn't import browsing data from existing profiles, and it deletes browsing data when all guest profiles are closed.

If you enable this policy or don't configure it, Microsoft Edge lets users browse in guest profiles.

If you disable this policy, Microsoft Edge doesn't let users browse in guest profiles.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BrowserGuestModeEnabled
  • GP name: Enable guest mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BrowserGuestModeEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: BrowserGuestModeEnabled
  • Example value:
<true/>

Back to top

BrowserLegacyExtensionPointsBlockingEnabled

Enable browser legacy extension point blocking

Supported versions:

  • On Windows since 95 or later

Description

Sets the ProcessExtensionPointDisablePolicy on Microsoft Edge's browser process to block code injection from legacy third party applications.

If you enable or don't configure this policy, the ProcessExtensionPointDisablePolicy is applied to block legacy extension points in the browser process.

If you disable this policy, the ProcessExtensionPointDisablePolicy is not applied to block legacy extension points in the browser process. This has a detrimental effect on Microsoft Edge's security and stability as unknown and potentially hostile code can load inside Microsoft Edge's browser process. Only turn off the policy if there are compatibility issues with third-party software that must run inside Microsoft Edge's browser process.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BrowserLegacyExtensionPointsBlockingEnabled
  • GP name: Enable browser legacy extension point blocking
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BrowserLegacyExtensionPointsBlockingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

BrowserNetworkTimeQueriesEnabled

Allow queries to a Browser Network Time service

Supported versions:

  • On Windows and macOS since 77 or later

Description

Prevents Microsoft Edge from occasionally sending queries to a browser network time service to retrieve an accurate timestamp.

If you disable this policy, Microsoft Edge will stop sending queries to a browser network time service.

If you enable this policy or don't configure it, Microsoft Edge will occasionally send queries to a browser network time service.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BrowserNetworkTimeQueriesEnabled
  • GP name: Allow queries to a Browser Network Time service
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BrowserNetworkTimeQueriesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: BrowserNetworkTimeQueriesEnabled
  • Example value:
<true/>

Back to top

BrowserSignin

Browser sign-in settings

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specify whether a user can sign into Microsoft Edge with their account and use account-related services like sync and single sign on. To control the availability of sync, use the SyncDisabled policy instead.

If you set this policy to 'Disable', make sure that you also set the NonRemovableProfileEnabled policy to disabled because NonRemovableProfileEnabled disables the creation of an automatically signed in browser profile. If both policies are set, Microsoft Edge will use the 'Disable browser sign-in' policy and behave as if NonRemovableProfileEnabled is set to disabled.

If you set this policy to 'Enable', users can sign into the browser. Signing into the browser doesn't mean that sync is turned on by default; the user must separately opt-in to use this feature.

If you set this policy to 'Force', users must sign into a profile to use the browser. By default, this will allow the user to choose whether they want to sync to their account, unless sync is disabled by the domain admin or with the SyncDisabled policy. The default value of BrowserGuestModeEnabled policy is set to false.

If you don't configure this policy users can decide if they want to enable the browser sign-in option and use it as they see fit.

Policy options mapping:

  • Disable (0) = Disable browser sign-in

  • Enable (1) = Enable browser sign-in

  • Force (2) = Force users to sign-in to use the browser (all profiles)

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BrowserSignin
  • GP name: Browser sign-in settings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BrowserSignin
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: BrowserSignin
  • Example value:
<integer>2</integer>

Back to top

BrowsingDataLifetime

Browsing Data Lifetime Settings

Supported versions:

  • On Windows and macOS since 89 or later

Description

Configures browsing data lifetime settings for Microsoft Edge. This policy controls the lifetime of selected browsing data. This policy has no effect if Sync is enabled. The available data types are the 'browsing_history', 'download_history', 'cookies_and_other_site_data', 'cached_images_and_files', 'password_signin', 'autofill', 'site_settings' and 'hosted_app_data'. Microsoft Edge will regularly remove data of selected types that is older than 'time_to_live_in_hours'. The deletion of expired data will happen 15 seconds after the browser starts then every hour while the browser is running.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BrowsingDataLifetime
  • GP name: Browsing Data Lifetime Settings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BrowsingDataLifetime
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\BrowsingDataLifetime = [
  {
    "data_types": [
      "browsing_history"
    ],
    "time_to_live_in_hours": 24
  },
  {
    "data_types": [
      "password_signin",
      "autofill"
    ],
    "time_to_live_in_hours": 12
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\BrowsingDataLifetime = [{"data_types": ["browsing_history"], "time_to_live_in_hours": 24}, {"data_types": ["password_signin", "autofill"], "time_to_live_in_hours": 12}]

Mac information and settings

  • Preference Key Name: BrowsingDataLifetime
  • Example value:
<key>BrowsingDataLifetime</key>
<array>
  <dict>
    <key>data_types</key>
    <array>
      <string>browsing_history</string>
    </array>
    <key>time_to_live_in_hours</key>
    <integer>24</integer>
  </dict>
  <dict>
    <key>data_types</key>
    <array>
      <string>password_signin</string>
      <string>autofill</string>
    </array>
    <key>time_to_live_in_hours</key>
    <integer>12</integer>
  </dict>
</array>

Back to top

BuiltInDnsClientEnabled

Use built-in DNS client

Supported versions:

  • On Windows and macOS since 77 or later

Description

Controls whether to use the built-in DNS client.

This policy controls which software stack is used to communicate with the DNS server: the operating system DNS client, or Microsoft Edge's built-in DNS client. This policy does not affect which DNS servers are used: if, for example, the operating system is configured to use an enterprise DNS server, that same server would be used by the built-in DNS client. It also does not control if DNS-over-HTTPS is used; Microsoft Edge always uses the built-in resolver for DNS-over-HTTPS requests. Please see the DnsOverHttpsMode policy for information on controlling DNS-over-HTTPS.

If you enable this policy, the built-in DNS client is used, if it's available.

If you disable this policy, the built-in DNS client is only used when DNS-over-HTTPS is in use.

If you don't configure this policy, the built-in DNS client is enabled by default on Windows, macOS and Android (when neither Private DNS nor VPN are enabled).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: BuiltInDnsClientEnabled
  • GP name: Use built-in DNS client
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: BuiltInDnsClientEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: BuiltInDnsClientEnabled
  • Example value:
<true/>

Back to top

BuiltinCertificateVerifierEnabled

Determines whether the built-in certificate verifier will be used to verify server certificates (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 106.

Supported versions:

  • On macOS since 83, until 106

Description

This policy is obsolete because it was a short-term mechanism to give enterprises more time to update their environments and report issues if they are found to be incompatible with the built-in certificate verifier.

The policy doesn't work in Microsoft Edge version 107.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Mac information and settings

  • Preference Key Name: BuiltinCertificateVerifierEnabled
  • Example value:
<false/>

Back to top

CECPQ2Enabled

CECPQ2 post-quantum key-agreement enabled for TLS (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 113.

Supported versions:

  • On Windows and macOS since 93, until 113

Description

This policy was removed in Microsoft Edge 114 and is ignored if set. It served to disable CECPQ2, but CECPQ2 has been disabled by default. A separate policy will be introduced to control the rollout of the replacement of CECPQ2. That replacement will be a combination of the standard key-agreement X25519 with NIST's chosen post-quantum KEM, called "Kyber".

If this policy is not configured, or is set to enabled, then Microsoft Edge will follow the default rollout process for CECPQ2, a post-quantum key-agreement algorithm in TLS.

CECPQ2 results in larger TLS messages which, in very rare cases, can trigger bugs in some networking hardware. This policy can be set to False to disable CECPQ2 while networking issues are resolved.

This policy is a temporary measure and will be removed in future versions of Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CECPQ2Enabled
  • GP name: CECPQ2 post-quantum key-agreement enabled for TLS (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: CECPQ2Enabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: CECPQ2Enabled
  • Example value:
<true/>

Back to top

CORSNonWildcardRequestHeadersSupport

CORS non-wildcard request header support enabled

Supported versions:

  • On Windows and macOS since 97 or later

Description

This policy lets you configure support of CORS non-wildcard request headers.

Microsoft Edge version 97 introduces support for CORS non-wildcard request headers. When a script makes a cross-origin network request via fetch() and XMLHttpRequest with a script-added Authorization header, the header must be explicitly allowed by the Access-Control-Allow-Headers header in the CORS preflight response. "Explicitly" here means that the wild card symbol "*" doesn't cover the Authorization header. See https://go.microsoft.com/fwlink/?linkid=2180022 for more detail.

If you enable or don't configure the policy, Microsoft Edge will support the CORS non-wildcard request headers and behave as previously described.

If you disable this policy, Microsoft Edge will allow the wildcard symbol ("*") in the Access-Control-Allow-Headers header in the CORS preflight response to cover the Authorization header.

This policy is a temporary workaround for the new CORS non-wildcard request header feature. It's intended to be removed in the future.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CORSNonWildcardRequestHeadersSupport
  • GP name: CORS non-wildcard request header support enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: CORSNonWildcardRequestHeadersSupport
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: CORSNonWildcardRequestHeadersSupport
  • Example value:
<true/>

Back to top

CertificateTransparencyEnforcementDisabledForCas

Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes

Supported versions:

  • On Windows and macOS since 77 or later

Description

Disables enforcement of Certificate Transparency requirements for a list of subjectPublicKeyInfo hashes.

This policy lets you disable Certificate Transparency disclosure requirements for certificate chains that contain certificates with one of the specified subjectPublicKeyInfo hashes. This allows certificates that would otherwise be untrusted because they were not properly publicly disclosed to still be used for Enterprise hosts.

To disable Certificate Transparency enforcement when this policy is set, one of the following sets of conditions must be met:

  1. The hash is of the server certificate's subjectPublicKeyInfo.
  2. The hash is of a subjectPublicKeyInfo that appears in a CA certificate in the certificate chain, that CA certificate is constrained via the X.509v3 nameConstraints extension, one or more directoryName nameConstraints are present in the permittedSubtrees, and the directoryName contains an organizationName attribute.
  3. The hash is of a subjectPublicKeyInfo that appears in a CA certificate in the certificate chain, the CA certificate has one or more organizationName attributes in the certificate Subject, and the server's certificate contains the same number of organizationName attributes, in the same order, and with byte-for-byte identical values.

A subjectPublicKeyInfo hash is specified by concatenating the hash algorithm name, the "/" character, and the Base64 encoding of that hash algorithm applied to the DER-encoded subjectPublicKeyInfo of the specified certificate. This Base64 encoding is the same format as an SPKI Fingerprint, as defined in RFC 7469, Section 2.4. Unrecognized hash algorithms are ignored. The only supported hash algorithm at this time is "sha256".

If you disable this policy or don't configure it, any certificate that's required to be disclosed via Certificate Transparency will be treated as untrusted if it's not disclosed according to the Certificate Transparency policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CertificateTransparencyEnforcementDisabledForCas
  • GP name: Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForCas
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForCas\1 = "sha256/AAAAAAAAAAAAAAAAAAAAAA=="
SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForCas\2 = "sha256//////////////////////w=="

Mac information and settings

  • Preference Key Name: CertificateTransparencyEnforcementDisabledForCas
  • Example value:
<array>
  <string>sha256/AAAAAAAAAAAAAAAAAAAAAA==</string>
  <string>sha256//////////////////////w==</string>
</array>

Back to top

CertificateTransparencyEnforcementDisabledForLegacyCas

Disable Certificate Transparency enforcement for a list of legacy certificate authorities

Supported versions:

  • On Windows and macOS since 77 or later

Description

Disables enforcing Certificate Transparency requirements for a list of legacy certificate authorities (Cas).

This policy lets you disable Certificate Transparency disclosure requirements for certificate chains that contain certificates with one of the specified subjectPublicKeyInfo hashes. This allows certificates that would otherwise be untrusted because they were not properly publicly disclosed, continue to be used for enterprise hosts.

In order for Certificate Transparency enforcement to be disabled, you must set the hash to a subjectPublicKeyInfo appearing in a CA certificate that is recognized as a legacy certificate authority (CA). A legacy CA is a CA that has been publicly trusted by default by one or more operating systems supported by Microsoft Edge.

You specify a subjectPublicKeyInfo hash by concatenating the hash algorithm name, the "/" character, and the Base64 encoding of that hash algorithm applied to the DER-encoded subjectPublicKeyInfo of the specified certificate. This Base64 encoding is the same format as an SPKI Fingerprint, as defined in RFC 7469, Section 2.4. Unrecognized hash algorithms are ignored. The only supported hash algorithm at this time is "sha256".

If you don't configure this policy, any certificate that's required to be disclosed via Certificate Transparency will be treated as untrusted if it isn't disclosed according to the Certificate Transparency policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CertificateTransparencyEnforcementDisabledForLegacyCas
  • GP name: Disable Certificate Transparency enforcement for a list of legacy certificate authorities
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForLegacyCas
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForLegacyCas\1 = "sha256/AAAAAAAAAAAAAAAAAAAAAA=="
SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForLegacyCas\2 = "sha256//////////////////////w=="

Mac information and settings

  • Preference Key Name: CertificateTransparencyEnforcementDisabledForLegacyCas
  • Example value:
<array>
  <string>sha256/AAAAAAAAAAAAAAAAAAAAAA==</string>
  <string>sha256//////////////////////w==</string>
</array>

Back to top

CertificateTransparencyEnforcementDisabledForUrls

Disable Certificate Transparency enforcement for specific URLs

Supported versions:

  • On Windows and macOS since 77 or later

Description

Disables enforcing Certificate Transparency requirements for the listed URLs.

This policy lets you not disclose certificates for the hostnames in the specified URLs via Certificate Transparency. This lets you use certificates that would otherwise be untrusted, because they weren't properly publicly disclosed, but it makes it harder to detect mis-issued certificates for those hosts.

Form your URL pattern according to https://go.microsoft.com/fwlink/?linkid=2095322. Because certificates are valid for a given hostname, independent of the scheme, port, or path, only the hostname part of the URL is considered. Wildcard hosts are not supported.

If you don't configure this policy, any certificate that should be disclosed via Certificate Transparency is treated as untrusted if it's not disclosed.

This policy does not work as expected with file://* wildcards.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CertificateTransparencyEnforcementDisabledForUrls
  • GP name: Disable Certificate Transparency enforcement for specific URLs
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForUrls\1 = "contoso.com"
SOFTWARE\Policies\Microsoft\Edge\CertificateTransparencyEnforcementDisabledForUrls\2 = ".contoso.com"

Mac information and settings

  • Preference Key Name: CertificateTransparencyEnforcementDisabledForUrls
  • Example value:
<array>
  <string>contoso.com</string>
  <string>.contoso.com</string>
</array>

Back to top

ClearBrowsingDataOnExit

Clear browsing data when Microsoft Edge closes

Supported versions:

  • On Windows and macOS since 78 or later

Description

Microsoft Edge doesn't clear the browsing data by default when it closes. Browsing data includes information entered in forms, passwords, and even the websites visited.

If you enable this policy, all browsing data is deleted each time Microsoft Edge closes. Note that if you enable this policy, it takes precedence over how you configured DefaultCookiesSetting

If you disable or don't configure this policy, users can configure the Clear browsing data option in Settings.

If you enable this policy, don't configure the AllowDeletingBrowserHistory or the ClearCachedImagesAndFilesOnExit policy, because they all deal with deleting browsing data. If you configure the preceding policies and this policy, all browsing data is deleted when Microsoft Edge closes, regardless of how you configured AllowDeletingBrowserHistory or ClearCachedImagesAndFilesOnExit.

To exclude cookies from being deleted on exit, configure the SaveCookiesOnExit policy. To exclude passwords from being deleted on exit, configure the "SavePasswordsOnExit" policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ClearBrowsingDataOnExit
  • GP name: Clear browsing data when Microsoft Edge closes
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ClearBrowsingDataOnExit
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ClearBrowsingDataOnExit
  • Example value:
<true/>

Back to top

ClearCachedImagesAndFilesOnExit

Clear cached images and files when Microsoft Edge closes

Supported versions:

  • On Windows and macOS since 83 or later

Description

Microsoft Edge doesn't clear cached images and files by default when it closes.

If you enable this policy, cached images and files will be deleted each time Microsoft Edge closes.

If you disable this policy, users cannot configure the cached images and files option in edge://settings/clearBrowsingDataOnClose.

If you don't configure this policy, users can choose whether cached images and files are cleared on exit.

If you disable this policy, don't enable the ClearBrowsingDataOnExit policy, because they both deal with deleting data. If you configure both, the ClearBrowsingDataOnExit policy takes precedence and deletes all data when Microsoft Edge closes, regardless of how you configured ClearCachedImagesAndFilesOnExit.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ClearCachedImagesAndFilesOnExit
  • GP name: Clear cached images and files when Microsoft Edge closes
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ClearCachedImagesAndFilesOnExit
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ClearCachedImagesAndFilesOnExit
  • Example value:
<true/>

Back to top

ClickOnceEnabled

Allow users to open files using the ClickOnce protocol

Supported versions:

  • On Windows since 78 or later

Description

Allow users to open files using the ClickOnce protocol. The ClickOnce protocol allows websites to request that the browser open files from a specific URL using the ClickOnce file handler on the user's computer or device.

If you enable this policy, users can open files using the ClickOnce protocol. This policy overrides the user's ClickOnce setting in the edge://flags/ page.

If you disable this policy, users can't open files using the ClickOnce protocol. Instead, the file will be saved to the file system using the browser. This policy overrides the user's ClickOnce setting in the edge://flags/ page.

If you don't configure this policy, users with Microsoft Edge versions before Microsoft Edge 87 can't open files using the ClickOnce protocol by default. However, they have the option to enable the use of the ClickOnce protocol with the edge://flags/ page. Users with Microsoft Edge versions 87 and later can open files using the ClickOnce protocol by default but have the option to disable the ClickOnce protocol with edge://flags/ page.

Disabling ClickOnce may prevent ClickOnce applications (.application files) from launching properly.

For more information about ClickOnce, see https://go.microsoft.com/fwlink/?linkid=2103872 and https://go.microsoft.com/fwlink/?linkid=2099880.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ClickOnceEnabled
  • GP name: Allow users to open files using the ClickOnce protocol
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ClickOnceEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

ClipboardAllowedForUrls

Allow clipboard use on specific sites

Supported versions:

  • On Windows and macOS since 109 or later

Description

Configure the list of URL patterns that specify which sites can use the clipboard site permission.

Setting the policy lets you create a list of URL patterns that specify which sites can use the clipboard site permission. This doesn't include all clipboard operations on origins that match the patterns. For example, users will still be able to paste using keyboard shortcuts because this isn't controlled by the clipboard site permission.

Leaving the policy unset means DefaultClipboardSetting applies for all sites if it's set. If it isn't set, the user's personal setting applies.

For more information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ClipboardAllowedForUrls
  • GP name: Allow clipboard use on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ClipboardAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ClipboardAllowedForUrls\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\ClipboardAllowedForUrls\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: ClipboardAllowedForUrls
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

ClipboardBlockedForUrls

Block clipboard use on specific sites

Supported versions:

  • On Windows and macOS since 109 or later

Description

Configure the list of URL patterns that specify which sites can use the clipboard site permission.

Setting the policy lets you create a list of URL patterns that specify sites that can't use the clipboard site permission. This doesn't include all clipboard operations on origins that match the patterns. For example, users will still be able to paste using keyboard shortcuts because this isn't controlled by the clipboard site permission.

Leaving the policy unset means DefaultClipboardSetting applies for all sites if it's set. If it isn't set, the user's personal setting applies.

For more information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ClipboardBlockedForUrls
  • GP name: Block clipboard use on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ClipboardBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ClipboardBlockedForUrls\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\ClipboardBlockedForUrls\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: ClipboardBlockedForUrls
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

CollectionsServicesAndExportsBlockList

Block access to a specified list of services and export targets in Collections

Supported versions:

  • On Windows and macOS since 86 or later

Description

List specific services and export targets that users can't access in the Collections feature in Microsoft Edge. This includes displaying additional data from Bing and exporting collections to Microsoft products or external partners.

If you enable this policy, services and export targets that match the given list are blocked.

If you don't configure this policy, no restrictions on the acceptable services and export targets are enforced.

Policy options mapping:

  • pinterest_suggestions (pinterest_suggestions) = Pinterest suggestions

  • collections_share (collections_share) = Sharing of Collections

  • local_pdf (local_pdf) = Save local PDFs in Collections to OneDrive

  • send_word (send_word) = Send collection to Microsoft Word

  • send_excel (send_excel) = Send collection to Microsoft Excel

  • send_onenote (send_onenote) = Send collection to Microsoft OneNote

  • send_pinterest (send_pinterest) = Send collection to Pinterest

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CollectionsServicesAndExportsBlockList
  • GP name: Block access to a specified list of services and export targets in Collections
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\CollectionsServicesAndExportsBlockList
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\CollectionsServicesAndExportsBlockList\1 = "collections_share"
SOFTWARE\Policies\Microsoft\Edge\CollectionsServicesAndExportsBlockList\2 = "local_pdf"
SOFTWARE\Policies\Microsoft\Edge\CollectionsServicesAndExportsBlockList\3 = "send_word"
SOFTWARE\Policies\Microsoft\Edge\CollectionsServicesAndExportsBlockList\4 = "send_excel"
SOFTWARE\Policies\Microsoft\Edge\CollectionsServicesAndExportsBlockList\5 = "send_onenote"

Mac information and settings

  • Preference Key Name: CollectionsServicesAndExportsBlockList
  • Example value:
<array>
  <string>collections_share</string>
  <string>local_pdf</string>
  <string>send_word</string>
  <string>send_excel</string>
  <string>send_onenote</string>
</array>

Back to top

CommandLineFlagSecurityWarningsEnabled

Enable security warnings for command-line flags

Supported versions:

  • On Windows and macOS since 78 or later

Description

If disabled, this policy prevents security warnings from appearing when Microsoft Edge is launched with potentially dangerous command-line flags.

If enabled or unset, security warnings are displayed when these command-line flags are used to launch Microsoft Edge.

For example, the --disable-gpu-sandbox flag generates this warning: You're using an unsupported command-line flag: --disable-gpu-sandbox. This poses stability and security risks.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CommandLineFlagSecurityWarningsEnabled
  • GP name: Enable security warnings for command-line flags
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: CommandLineFlagSecurityWarningsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: CommandLineFlagSecurityWarningsEnabled
  • Example value:
<true/>

Back to top

ComponentUpdatesEnabled

Enable component updates in Microsoft Edge

Supported versions:

  • On Windows and macOS since 77 or later

Description

If you enable or don't configure this policy, component updates are enabled in Microsoft Edge.

If you disable this policy or set it to false, component updates are disabled for all components in Microsoft Edge.

However, some components are exempt from this policy. This includes any component that doesn't contain executable code, that doesn't significantly alter the behavior of the browser, or that's critical for security. That is, updates that are deemed "critical for security" are still applied even if you disable this policy.

Examples of such components include the certificate revocation lists and security lists like tracking prevention lists.

Please note that disabling this policy can potentially prevent the Microsoft Edge developers from providing critical security fixes in a timely manner and is thus not recommended.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ComponentUpdatesEnabled
  • GP name: Enable component updates in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ComponentUpdatesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ComponentUpdatesEnabled
  • Example value:
<true/>

Back to top

ComposeInlineEnabled

Compose is enabled for writing on the web

Supported versions:

  • On Windows and macOS since 115 or later

Description

This policy lets you configure Compose in Microsoft Edge. Compose provides help for writing with AI-generated text, which lets the user get ideas for writing. This includes elaborating on text, re-writing, changing tone, formatting the text, and more.

If you enable or don't configure this policy, Compose can provide text generation for eligible fields, which are text editable and don't have an autocomplete attribute.

If you disable this policy, Compose will not be able to provide text generation for eligible fields. Compose will still be available for prompt-based text generation through the sidebar and must be managed with either EdgeDiscoverEnabled policy or HubsSidebarEnabled policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ComposeInlineEnabled
  • GP name: Compose is enabled for writing on the web
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ComposeInlineEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ComposeInlineEnabled
  • Example value:
<false/>

Back to top

ConfigureDoNotTrack

Configure Do Not Track

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specify whether to send Do Not Track requests to websites that ask for tracking info. Do Not Track requests let the websites you visit know that you don't want your browsing activity to be tracked. By default, Microsoft Edge doesn't send Do Not Track requests, but users can turn on this feature to send them.

If you enable this policy, Do Not Track requests are always sent to websites asking for tracking info.

If you disable this policy, requests are never sent.

If you don't configure this policy, users can choose whether to send these requests.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ConfigureDoNotTrack
  • GP name: Configure Do Not Track
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ConfigureDoNotTrack
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ConfigureDoNotTrack
  • Example value:
<false/>

Back to top

ConfigureFriendlyURLFormat

Configure the default paste format of URLs copied from Microsoft Edge, and determine if additional formats will be available to users

Supported versions:

  • On Windows since 87 or later
  • On macOS since 88 or later

Description

If FriendlyURLs are enabled, Microsoft Edge will compute additional representations of the URL and place them on the clipboard.

This policy configures what format will be pasted when the user pastes in external applications, or inside Microsoft Edge without the 'Paste as' context menu item.

If configured, this policy makes a choice on behalf of the user. The options in edge://settings/shareCopyPaste will be grayed out, and the options in the 'Paste As' context menu will not be available.

  • Not configured = The user will be able to choose their preferred paste format. By default, this is set to the friendly URL format. The 'Paste As' menu will be available in Microsoft Edge.

  • 1 = No additional formats will be stored on the clipboard. There will be no 'Paste as' context menu item in Microsoft Edge and the only format available to paste will be the plain text URL format. Effectively, the friendly URL feature will be disabled.

  • 3 = The user will get a friendly URL whenever they paste into surfaces that accept rich text. The plain URL will still be available for non-rich surfaces. There will be no 'Paste As' menu in Microsoft Edge.

  • 4 = (Not currently used)

The richer formats may not be well-supported in some paste destinations and/or websites. In these scenarios, the plain URL option is recommended when configuring this policy.

The recommended policy is available in Microsoft Edge 105 or later.

Policy options mapping:

  • PlainText (1) = The plain URL without any extra information, such as the page's title. This is the recommended option when this policy is configured. For more information, see the description.

  • TitledHyperlink (3) = Titled Hyperlink: A hyperlink that points to the copied URL, but whose visible text is the title of the destination page. This is the Friendly URL format.

  • WebPreview (4) = Coming soon. If set, behaves the same as 'Plain URL'.

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ConfigureFriendlyURLFormat
  • GP name: Configure the default paste format of URLs copied from Microsoft Edge, and determine if additional formats will be available to users
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ConfigureFriendlyURLFormat
  • Value Type: REG_DWORD
Example value:
0x00000003

Mac information and settings

  • Preference Key Name: ConfigureFriendlyURLFormat
  • Example value:
<integer>3</integer>

Back to top

ConfigureKeyboardShortcuts

Configure the list of commands for which to disable keyboard shortcuts

Supported versions:

  • On Windows since 101 or later

Description

Configure the list of Microsoft Edge commands for which to disable keyboard shortcuts.

See https://go.microsoft.com/fwlink/?linkid=2186950 for a list of possible commands to disable.

If you enable this policy, commands in the 'disabled' list will no longer be activated by keyboard shortcuts.

If you disable this policy, all keyboard shortcuts behave as usual.

Note: Disabling a command will only remove its shortcut mapping. Commands in the 'disabled' list will still function if accessed via browser UI.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ConfigureKeyboardShortcuts
  • GP name: Configure the list of commands for which to disable keyboard shortcuts
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ConfigureKeyboardShortcuts
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ConfigureKeyboardShortcuts = {
  "disabled": [
    "new_tab",
    "fullscreen"
  ]
}
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\ConfigureKeyboardShortcuts = {"disabled": ["new_tab", "fullscreen"]}

Back to top

ConfigureOnPremisesAccountAutoSignIn

Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account

Supported versions:

  • On Windows since 81 or later

Description

Enable the use of Active Directory accounts for automatic sign in if your users' machines are Domain Joined and your environment is not hybrid joined. If you want users automatically signed in with their Azure Active Directory accounts instead, please Azure AD join (See https://go.microsoft.com/fwlink/?linkid=2118197 for more information) or hybrid join (See https://go.microsoft.com/fwlink/?linkid=2118365 for more information) your environment.

On every launch, Microsoft Edge will try to sign-in using this policy, as long as the first profile being launched isn't signed-in or an auto sign-in hasn't happened before.

If you have configured the BrowserSignin policy to disabled, this policy will not take any effect.

If you enable this policy and set it to 'SignInAndMakeDomainAccountNonRemovable', Microsoft Edge will automatically sign in users that are on domain joined machines using their Active Directory accounts.

If you set this policy to 'Disabled' or don't set it, Microsoft Edge will not automatically sign in users that are on domain joined machines with Active Directory accounts.

From Microsoft Edge 89 onwards, if there is an existing on-premises profile with RoamingProfileSupportEnabled policy disabled and machine is now hybrid joined i.e it has an Azure AD account, it will auto-upgrade the on-premises profile to Azure AD profile to get full Azure AD sync facilities.

From Microsoft Edge 93 onwards, if policy ImplicitSignInEnabled is disabled, this policy will not take any effect.

From Microsoft Edge 94 onwards, if policy OnlyOnPremisesImplicitSigninEnabled is enabled, and this policy is set to 'SignInAndMakeDomainAccountNonRemovable', it will take effect even on hybrid joined environment. Microsoft Edge will automatically sign in users using their Active Directory domain account even if there are MSA or AAD accounts.

Policy options mapping:

  • Disabled (0) = Disabled

  • SignInAndMakeDomainAccountNonRemovable (1) = Sign in and make domain account non-removable

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ConfigureOnPremisesAccountAutoSignIn
  • GP name: Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ConfigureOnPremisesAccountAutoSignIn
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

ConfigureOnlineTextToSpeech

Configure Online Text To Speech

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set whether the browser can leverage Online Text to Speech voice fonts, part of Azure Cognitive Services. These voice fonts are higher quality than the pre-installed system voice fonts.

If you enable or don't configure this policy, web-based applications that use the SpeechSynthesis API can use Online Text to Speech voice fonts.

If you disable this policy, the voice fonts aren't available.

Read more about this feature here: SpeechSynthesis API: https://go.microsoft.com/fwlink/?linkid=2110038 Cognitive Services: https://go.microsoft.com/fwlink/?linkid=2110141

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ConfigureOnlineTextToSpeech
  • GP name: Configure Online Text To Speech
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ConfigureOnlineTextToSpeech
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ConfigureOnlineTextToSpeech
  • Example value:
<true/>

Back to top

ConfigureShare

Configure the Share experience

Supported versions:

  • On Windows since 83 or later
  • On macOS since 93 or later

Description

If you set this policy to 'ShareAllowed' (the default), users will be able to access the Share experience from the Settings and More Menu in Microsoft Edge to share with other apps on the system.

If you set this policy to 'ShareDisallowed', users won't be able to access the Share experience. If the Share button is on the toolbar, it will also be hidden.

Policy options mapping:

  • ShareAllowed (0) = Allow using the Share experience

  • ShareDisallowed (1) = Don't allow using the Share experience

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ConfigureShare
  • GP name: Configure the Share experience
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ConfigureShare
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ConfigureShare
  • Example value:
<integer>1</integer>

Back to top

ConfigureViewInFileExplorer

Configure the View in File Explorer feature for SharePoint pages in Microsoft Edge

Supported versions:

  • On Windows since 93 or later

Description

This setting allows you to configure the View in File Explorer capability for file management in SharePoint Online while using Microsoft Edge.

You will need to list the specific domains where this is allowed and list cookies needed for SharePoint authentication (rtFa and FedAuth).

Behind the scenes, the policy allows URLs with the viewinfileexplorer: scheme to open WebDAV URLs in Windows File Explorer on pages matching the list of domains and uses the cookies you specified for WebDAV authentication.

If you enable this policy, you can use the "View in File Explorer" feature on the SharePoint document libraries you list. You will need to specify the SharePoint domain and authentication cookies. See example value below.

If you disable or don't configure this policy, you cannot use the "View in File Explorer" feature on SharePoint document libraries.

Note that while this is an available option through Microsoft Edge, rather than use the View in File Explorer option, the recommended approach to managing files and folders outside of SharePoint is to sync your SharePoint files or move or copy files in SharePoint. Sync your SharePoint files: https://go.microsoft.com/fwlink/p/?linkid=2166983 Move or copy files in SharePoint: https://go.microsoft.com/fwlink/p/?linkid=2167123

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, or Windows 10 Pro or Enterprise instances enrolled for device management.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ConfigureViewInFileExplorer
  • GP name: Configure the View in File Explorer feature for SharePoint pages in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ConfigureViewInFileExplorer
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ConfigureViewInFileExplorer = [
  {
    "cookies": [
      "rtFa",
      "FedAuth"
    ],
    "domain": "contoso.sharepoint.com"
  },
  {
    "cookies": [
      "rtFa",
      "FedAuth"
    ],
    "domain": "contoso2.sharepoint.com"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\ConfigureViewInFileExplorer = [{"cookies": ["rtFa", "FedAuth"], "domain": "contoso.sharepoint.com"}, {"cookies": ["rtFa", "FedAuth"], "domain": "contoso2.sharepoint.com"}]

Back to top

CrossOriginWebAssemblyModuleSharingEnabled

Specifies whether WebAssembly modules can be sent cross-origin (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 98.

Supported versions:

  • On Windows and macOS since 95, until 98

Description

Specifies whether WebAssembly modules can be sent to another window or worker cross-origin. Cross-origin WebAssembly module sharing was deprecated as part of the efforts to deprecate document.domain, see https://github.com/mikewest/deprecating-document-domain. This policy allowed re-enabling of cross-origin WebAssembly module sharing. This policy is obsolete because it was intended to offer a longer transition period in the deprecation process.

If you enable this policy, sites can send WebAssembly modules cross-origin without restrictions.

If you disable or don't configure this policy, sites can only send WebAssembly modules to windows and workers in the same origin.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CrossOriginWebAssemblyModuleSharingEnabled
  • GP name: Specifies whether WebAssembly modules can be sent cross-origin (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: CrossOriginWebAssemblyModuleSharingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: CrossOriginWebAssemblyModuleSharingEnabled
  • Example value:
<true/>

Back to top

CryptoWalletEnabled

Enable CryptoWallet feature

Supported versions:

  • On Windows since 112 or later

Description

Enables CryptoWallet feature in Microsoft Edge.

If you enable this policy or don't configure it, users can use CryptoWallet feature which allows users to securely store, manage and transact digital assets such as Bitcoin, Ethereum and other cryptocurrencies. Therefore, Microsoft Edge may access Microsoft servers to communicate with the web3 world during the use of the CryptoWallet feature.

If you disable this policy, users can't use CryptoWallet feature.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CryptoWalletEnabled
  • GP name: Enable CryptoWallet feature
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: CryptoWalletEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

Supported versions:

  • On Windows and macOS since 79 or later

Description

Specify a link for the Help menu or the F1 key.

If you enable this policy, an admin can specify a link for the Help menu or the F1 key.

If you disable or don't configure this policy, the default link for the Help menu or the F1 key is used.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: CustomHelpLink
  • GP name: Specify custom help link
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: CustomHelpLink
  • Value Type: REG_SZ
Example value:
"https://go.microsoft.com/fwlink/?linkid=2080734"

Mac information and settings

  • Preference Key Name: CustomHelpLink
  • Example value:
<string>https://go.microsoft.com/fwlink/?linkid=2080734</string>

Back to top

DNSInterceptionChecksEnabled

DNS interception checks enabled

Supported versions:

  • On Windows and macOS since 80 or later

Description

This policy configures a local switch that can be used to disable DNS interception checks. These checks attempt to discover whether the browser is behind a proxy that redirects unknown host names.

This detection might not be necessary in an enterprise environment where the network configuration is known. It can be disabled to avoid additional DNS and HTTP traffic on start-up and each DNS configuration change.

If you enable or don't set this policy, the DNS interception checks are performed.

If you disable this policy, DNS interception checks aren't performed.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DNSInterceptionChecksEnabled
  • GP name: DNS interception checks enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DNSInterceptionChecksEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DNSInterceptionChecksEnabled
  • Example value:
<true/>

Back to top

DefaultBrowserSettingEnabled

Set Microsoft Edge as default browser

Supported versions:

  • On Windows 7 and macOS since 77 or later

Description

If you set this policy to True, Microsoft Edge always checks whether it's the default browser on startup and, if possible, automatically registers itself.

If you set this policy to False, Microsoft Edge is stopped from ever checking if it's the default and turns user controls off for this option.

If you don't set this policy, Microsoft Edge lets users control whether it's the default and, if not, whether user notifications should appear.

Note for Windows administrators: This policy only works for PCs running Windows 7. For later versions of Windows, you have to deploy a "default application associations" file that makes Microsoft Edge the handler for the https and http protocols (and, optionally, the ftp protocol and file formats such as .html, .htm, .pdf, .svg, .webp). See https://go.microsoft.com/fwlink/?linkid=2094932 for more information.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultBrowserSettingEnabled
  • GP name: Set Microsoft Edge as default browser
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultBrowserSettingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DefaultBrowserSettingEnabled
  • Example value:
<true/>

Back to top

DefaultBrowserSettingsCampaignEnabled

Enables default browser settings campaigns

Supported versions:

  • On Windows since 113 or later

Description

This policy enables the default browser settings campaign. If a user clicks to accept the campaign, their default browser and/or default search engine will be changed to Microsoft Edge and Microsoft Bing, respectively. If the user dismisses the campaign, the user's browser settings will remain unchanged.

If you enable or don't configure this policy, users will be prompted to set Microsoft Edge as the default browser and Microsoft Bing as the default search engine, if they do not have those browser settings.

If you disable this policy, users will not be prompted to set Microsoft Edge as the default browser, or to set Microsoft Bing as the default search engine.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultBrowserSettingsCampaignEnabled
  • GP name: Enables default browser settings campaigns
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultBrowserSettingsCampaignEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

DefaultClipboardSetting

Default clipboard site permission

Supported versions:

  • On Windows and macOS since 109 or later

Description

This policy controls the default value for the clipboard site permission.

Setting the policy to 2 blocks sites from using the clipboard site permission.

Setting the policy to 3 or leaving it unset lets the user change the setting and decide if the clipboard APIs are available when a site wants to use an API.

This policy can be overridden for specific URL patterns using the ClipboardAllowedForUrls and ClipboardBlockedForUrls policies.

This policy only affects clipboard operations controlled by the clipboard site permission and doesn't affect sanitized clipboard writes or trusted copy and paste operations.

Policy options mapping:

  • BlockClipboard (2) = Do not allow any site to use the clipboard site permission

  • AskClipboard (3) = Allow sites to ask the user to grant the clipboard site permission

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultClipboardSetting
  • GP name: Default clipboard site permission
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultClipboardSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultClipboardSetting
  • Example value:
<integer>2</integer>

Back to top

DefaultSearchProviderContextMenuAccessAllowed

Allow default search provider context menu search access

Supported versions:

  • On Windows and macOS since 85 or later

Description

Enables the use of a default search provider on the context menu.

If you set this policy to disabled the search context menu item that relies on your default search provider and sidebar search will not be available.

If this policy is set to enabled or not set, the context menu item for your default search provider and sidebar search will be available.

The policy value is only applied when the DefaultSearchProviderEnabled policy is enabled, and is not applicable otherwise.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultSearchProviderContextMenuAccessAllowed
  • GP name: Allow default search provider context menu search access
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultSearchProviderContextMenuAccessAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DefaultSearchProviderContextMenuAccessAllowed
  • Example value:
<true/>

Back to top

DefaultSensorsSetting

Default sensors setting

Supported versions:

  • On Windows and macOS since 86 or later

Description

Set whether websites can access and use sensors such as motion and light sensors. You can completely block or allow websites to get access to sensors.

Setting the policy to 1 lets websites access and use sensors. Setting the policy to 2 denies access to sensors.

You can override this policy for specific URL patterns by using the SensorsAllowedForUrls and SensorsBlockedForUrls policies.

If you don't configure this policy, websites can access and use sensors, and users can change this setting. This is the global default for SensorsAllowedForUrls and SensorsBlockedForUrls.

Policy options mapping:

  • AllowSensors (1) = Allow sites to access sensors

  • BlockSensors (2) = Do not allow any site to access sensors

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultSensorsSetting
  • GP name: Default sensors setting
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultSensorsSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultSensorsSetting
  • Example value:
<integer>2</integer>

Back to top

DefaultSerialGuardSetting

Control use of the Serial API

Supported versions:

  • On Windows and macOS since 86 or later

Description

Set whether websites can access serial ports. You can completely block access or ask the user each time a website wants to get access to a serial port.

Setting the policy to 3 lets websites ask for access to serial ports. Setting the policy to 2 denies access to serial ports.

You can override this policy for specific URL patterns by using the SerialAskForUrls and SerialBlockedForUrls policies.

If you don't configure this policy, by default, websites can ask users whether they can access a serial port, and users can change this setting.

Policy options mapping:

  • BlockSerial (2) = Do not allow any site to request access to serial ports via the Serial API

  • AskSerial (3) = Allow sites to ask for user permission to access a serial port

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultSerialGuardSetting
  • GP name: Control use of the Serial API
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefaultSerialGuardSetting
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DefaultSerialGuardSetting
  • Example value:
<integer>2</integer>

Back to top

DefaultShareAdditionalOSRegionSetting

Set the default "share additional operating system region" setting

Supported versions:

  • On Windows and macOS since 108 or later

Description

This policy controls the default value for the "share additional operating system region" setting in Microsoft Edge.

The "share additional operating system region" Microsoft Edge setting controls whether the OS Regional format setting will be shared with the web through the default JavaScript locale. If shared, websites will be able to query the OS Regional format using JavaScript code, for example; "Intl.DateTimeFormat().resolvedOptions().locale". The default value for the setting is "Limited".

If you set this policy to "Limited", the OS Regional format will only be shared if its language part matches the Microsoft Edge display language.

If you set this policy to "Always", the OS Regional format will always be shared. This value could cause unexpected website behavior if the OS Regional format language is different from the Microsoft Edge display language. For example, if a website uses the JavaScript default locale to format dates, the names of the days and months can be displayed in one language while the surrounding text is displayed in another language.

If you set this policy to "Never", the OS Regional format will never be shared.

Example 1: In this example the OS Regional format is set to "en-GB" and the browser display language is set to "en-US". Then the OS Regional format will be shared if the policy is set to "Limited", or "Always".

Example 2: In this example the OS Regional format is set to "es-MX" and the browser display language is set to "en-US". Then the OS Regional format will be shared if the policy is set to "Always" but will not if the policy is set to "Limited".

For more information about this setting, see https://go.microsoft.com/fwlink/?linkid=2222282

Policy options mapping:

  • Limited (0) = Limited

  • Always (1) = Always share the OS Regional format

  • Never (2) = Never share the OS Regional format

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefaultShareAdditionalOSRegionSetting
  • GP name: Set the default "share additional operating system region" setting
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: DefaultShareAdditionalOSRegionSetting
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: DefaultShareAdditionalOSRegionSetting
  • Example value:
<integer>0</integer>

Back to top

DefinePreferredLanguages

Define an ordered list of preferred languages that websites should display in if the site supports the language

Supported versions:

  • On Windows and macOS since 89 or later

Description

Configures the language variants that Microsoft Edge sends to websites as part of the Accept-Language request HTTP header and prevents users from adding, removing, or changing the order of preferred languages in Microsoft Edge settings. Users who want to change the languages Microsoft Edge displays in or offers to translate pages to will be limited to the languages configured in this policy.

If you enable this policy, websites will appear in the first language in the list that they support unless other site-specific logic is used to determine the display language. The language variants defined in this policy override the languages configured as part of the SpellcheckLanguage policy.

If you don't configure or disable this policy, Microsoft Edge sends websites the user-specified preferred languages as part of the Accept-Language request HTTP header.

For detailed information on valid language variants, see https://go.microsoft.com/fwlink/?linkid=2148854.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DefinePreferredLanguages
  • GP name: Define an ordered list of preferred languages that websites should display in if the site supports the language
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DefinePreferredLanguages
  • Value Type: REG_SZ
Example value:
"en-US,fr,es"

Mac information and settings

  • Preference Key Name: DefinePreferredLanguages
  • Example value:
<string>en-US,fr,es</string>

Back to top

DelayNavigationsForInitialSiteListDownload

Require that the Enterprise Mode Site List is available before tab navigation

Supported versions:

  • On Windows since 84 or later

Description

Lets you specify whether Microsoft Edge tabs wait to navigate until the browser has downloaded the initial Enterprise Mode Site List. This setting is intended for the scenario where the browser home page should load in Internet Explorer mode, and it is important that is does so on browser first run after IE mode is enabled. If this scenario does not exist, we recommend not enabling this setting because it can negatively impact the performance of loading the home page. The setting only applies when Microsoft Edge does not have a cached Enterprise Mode Site List, such as on browser first run after IE mode is enabled.

This setting works in conjunction with: InternetExplorerIntegrationLevel is set to 'IEMode' and one of either the InternetExplorerIntegrationSiteList or the InternetExplorerIntegrationCloudSiteList policy where the list has at least one entry.

The timeout behavior of this policy can be configured with the NavigationDelayForInitialSiteListDownloadTimeout policy.

If you set this policy to 'All', when Microsoft Edge does not have a cached version of the Enterprise Mode Site List, tabs delay navigating until the browser has downloaded the site list. Sites configured to open in Internet Explorer mode by the site list will load in Internet Explorer mode, even during the initial navigation of the browser. Sites that cannot possibly be configured to open in Internet Explorer, such as any site with a scheme other than http:, https:, file:, or ftp: do not delay navigating and load immediately in Edge mode.

When used in conjunction with the InternetExplorerIntegrationCloudSiteList policy, during first launch of Microsoft Edge, there is a delay because implicit sign-in needs to finish before Microsoft Edge attempts to download the site list from the Microsoft cloud, since this requires authentication to the cloud service.

If you set this policy to 'None' or don't configure it, when Microsoft Edge does not have a cached version of the Enterprise Mode Site List, tabs will navigate immediately, and not wait for the browser to download the Enterprise Mode Site List. Sites configured to open in Internet Explorer mode by the site list will open in Microsoft Edge mode until the browser has finished downloading the Enterprise Mode Site List.

Policy options mapping:

  • None (0) = None

  • All (1) = All eligible navigations

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DelayNavigationsForInitialSiteListDownload
  • GP name: Require that the Enterprise Mode Site List is available before tab navigation
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DelayNavigationsForInitialSiteListDownload
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

DeleteDataOnMigration

Delete old browser data on migration

Supported versions:

  • On Windows since 83 or later

Description

This policy determines whether user browsing data from Microsoft Edge Legacy will be deleted after migrating to the Microsoft Edge version 81 or later.

If you set this policy to "Enabled", all browsing data from Microsoft Edge Legacy after migrating to the Microsoft Edge version 81 or later will be deleted. This policy must be set before migrating to the Microsoft Edge version 81 or later to have any effect on existing browsing data.

If you set this policy to "Disabled", or the policy is not configured, user browsing data isn't deleted after migrating to the Microsoft Edge version 83 or later.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DeleteDataOnMigration
  • GP name: Delete old browser data on migration
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DeleteDataOnMigration
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

DeveloperToolsAvailability

Control where developer tools can be used

Supported versions:

  • On Windows and macOS since 77 or later

Description

Control where developer tools can be used.

If you set this policy to 'DeveloperToolsDisallowedForForceInstalledExtensions' (the default), users can access the developer tools and the JavaScript console in general, but not in the context of extensions installed by enterprise policy.

If you set this policy to 'DeveloperToolsAllowed', users can access the developer tools and the JavaScript console in all contexts, including extensions installed by enterprise policy.

If you set this policy to 'DeveloperToolsDisallowed', users can't access the developer tools or inspect website elements. Keyboard shortcuts and menu or context menu entries that open the developer tools or the JavaScript Console are disabled.

Policy options mapping:

  • DeveloperToolsDisallowedForForceInstalledExtensions (0) = Block the developer tools on extensions installed by enterprise policy, allow in other contexts

  • DeveloperToolsAllowed (1) = Allow using the developer tools

  • DeveloperToolsDisallowed (2) = Don't allow using the developer tools

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DeveloperToolsAvailability
  • GP name: Control where developer tools can be used
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DeveloperToolsAvailability
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DeveloperToolsAvailability
  • Example value:
<integer>2</integer>

Back to top

DiagnosticData

Send required and optional diagnostic data about browser usage

Supported versions:

  • On Windows since 122 or later
  • On macOS since 86 or later

Description

This policy controls sending required and optional diagnostic data about browser usage to Microsoft.

Required diagnostic data is collected to keep Microsoft Edge secure, up to date and performing as expected.

Optional diagnostic data includes data about how you use the browser, websites you visit and crash reports to Microsoft for product and service improvement.

Up to version 121, this policy is not supported on Windows 10 devices. To control this data collection on Windows 10 for 121 and previous, IT admins must use the Windows diagnostic data group policy. This policy will either be 'Allow Telemetry' or 'Allow Diagnostic Data', depending on the version of Windows. Learn more about Windows 10 diagnostic data collection: https://go.microsoft.com/fwlink/?linkid=2099569

For version 122 and later, this policy is supported on Windows 10 devices to allow controlling Microsoft Edge data collection separately from Windows 10 diagnostics data collection.

Use one of the following settings to configure this policy:

'Off' turns off required and optional diagnostic data collection. This option is not recommended.

'RequiredData' sends required diagnostic data but turns off optional diagnostic data collection. Microsoft Edge will send required diagnostic data to keep Microsoft Edge secure, up to date and performing as expected.

'OptionalData' sends optional diagnostic data includes data about browser usage, websites that are visited, crash reports sent to Microsoft for product and service improvement.

On Windows 7/macOS, this policy controls sending required and optional data to Microsoft.

If you don't configure this policy or disable it, Microsoft Edge will default to the user's preference.

Policy options mapping:

  • Off (0) = Off (Not recommended)

  • RequiredData (1) = Required data

  • OptionalData (2) = Optional data

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DiagnosticData
  • GP name: Send required and optional diagnostic data about browser usage
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DiagnosticData
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DiagnosticData
  • Example value:
<integer>2</integer>

Back to top

DirectInvokeEnabled

Allow users to open files using the DirectInvoke protocol

Supported versions:

  • On Windows since 78 or later

Description

Allow users to open files using the DirectInvoke protocol. The DirectInvoke protocol allows websites to request that the browser open files from a specific URL using a specific file handler on the user's computer or device.

If you enable or don't configure this policy, users can open files using the DirectInvoke protocol.

If you disable this policy, users can't open files using the DirectInvoke protocol. Instead, the file will be saved to the file system.

Note: Disabling DirectInvoke may prevent certain Microsoft SharePoint Online features from working as expected.

For more information about DirectInvoke, see https://go.microsoft.com/fwlink/?linkid=2103872 and https://go.microsoft.com/fwlink/?linkid=2099871.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DirectInvokeEnabled
  • GP name: Allow users to open files using the DirectInvoke protocol
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DirectInvokeEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

Disable3DAPIs

Disable support for 3D graphics APIs

Supported versions:

  • On Windows and macOS since 77 or later

Description

Prevent web pages from accessing the graphics processing unit (GPU). Specifically, web pages can't access the WebGL API and plug-ins can't use the Pepper 3D API.

If you don't configure or disable this policy, it potentially allows web pages to use the WebGL API and plug-ins to use the Pepper 3D API. Microsoft Edge might, by default, still require command line arguments to be passed in order to use these APIs.

If HardwareAccelerationModeEnabled policy is set to false, the setting for 'Disable3DAPIs' policy is ignored - it's the equivalent of setting 'Disable3DAPIs' policy to true.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: Disable3DAPIs
  • GP name: Disable support for 3D graphics APIs
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: Disable3DAPIs
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: Disable3DAPIs
  • Example value:
<false/>

Back to top

DisableScreenshots

Disable taking screenshots

Supported versions:

  • On Windows and macOS since 77 or later

Description

Controls if users can take screenshots of the browser page.

If you enable this policy, users can't take screenshots using keyboard shortcuts or extension APIs.

If you disable or don't configure this policy, users can take screenshots.

Note: Even if you disable screenshots using this policy, users might still be able to take screenshots using Web Capture within the browser or other methods outside of the browser. For example, using an operating system feature or another application.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DisableScreenshots
  • GP name: Disable taking screenshots
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DisableScreenshots
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DisableScreenshots
  • Example value:
<true/>

Back to top

DiscoverPageContextEnabled

Enable Discover access to page contents for AAD profiles

Supported versions:

  • On Windows and macOS since 113 or later

Description

This policy controls Discover access to page contents for AAD profiles. Discover is an extension that hosts Bing Chat. In order to summarize pages and interact with text selections, it needs to be able to access the page contents. When enabled, page contents will be sent to Bing. This policy does not affect MSA profiles.

If you enable or don't configure this policy, Discover will have access to page contents.

If you disable this policy, Discover will not be able to access page contents.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DiscoverPageContextEnabled
  • GP name: Enable Discover access to page contents for AAD profiles
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DiscoverPageContextEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DiscoverPageContextEnabled
  • Example value:
<true/>

Back to top

DiskCacheDir

Set disk cache directory

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configures the directory to use to store cached files.

If you enable this policy, Microsoft Edge uses the provided directory regardless of whether the user has specified the '--disk-cache-dir' flag. To avoid data loss or other unexpected errors, don't configure this policy to a volume's root directory or to a directory used for other purposes, because Microsoft Edge manages its contents.

See https://go.microsoft.com/fwlink/?linkid=2095041 for a list of variables you can use when specifying directories and paths.

If you don't configure this policy, the default cache directory is used, and users can override that default with the '--disk-cache-dir' command line flag.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DiskCacheDir
  • GP name: Set disk cache directory
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DiskCacheDir
  • Value Type: REG_SZ
Example value:
"${user_home}/Edge_cache"

Mac information and settings

  • Preference Key Name: DiskCacheDir
  • Example value:
<string>${user_home}/Edge_cache</string>

Back to top

DiskCacheSize

Set disk cache size, in bytes

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configures the size of the cache, in bytes, used to store files on the disk.

If you enable this policy, Microsoft Edge uses the provided cache size regardless of whether the user has specified the '--disk-cache-size' flag. The value specified in this policy isn't a hard boundary but rather a suggestion to the caching system; any value below a few megabytes is too small and will be rounded up to a reasonable minimum.

If you set the value of this policy to 0, the default cache size is used, and users can't change it.

If you don't configure this policy, the default size is used, but users can override it with the '--disk-cache-size' flag.

Note: The value specified in this policy is used as a hint to various cache subsystems in the browser. The aggregate disk usage of all caches may therefore be larger than (but within the same order of magnitude as) the value specified.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DiskCacheSize
  • GP name: Set disk cache size, in bytes
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DiskCacheSize
  • Value Type: REG_DWORD
Example value:
0x06400000

Mac information and settings

  • Preference Key Name: DiskCacheSize
  • Example value:
<integer>104857600</integer>

Back to top

DisplayCapturePermissionsPolicyEnabled

Specifies whether the display-capture permissions-policy is checked or skipped (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 109.

Supported versions:

  • On Windows and macOS since 95, until 109

Description

This policy is obsolete. The policy was a temporary workaround for non-spec-compliant enterprise applications.

This policy stopped working in Microsoft Edge 107 and was obsoleted in Microsoft Edge 110.

The display-capture permissions-policy gates access to getDisplayMedia(), as per this spec: https://www.w3.org/TR/screen-capture/#feature-policy-integration However, if this policy is Disabled, this requirement is not enforced, and getDisplayMedia() is allowed from contexts that would otherwise be forbidden.

If you enable or don't configure this policy, sites can only call getDisplayMedia() from contexts which are allowlisted by the display-capture permissions-policy.

If you disable this policy, sites can call getDisplayMedia() even from contexts which are not allowlisted by the display-capture permissions policy. Note that other restrictions may still apply.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DisplayCapturePermissionsPolicyEnabled
  • GP name: Specifies whether the display-capture permissions-policy is checked or skipped (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DisplayCapturePermissionsPolicyEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DisplayCapturePermissionsPolicyEnabled
  • Example value:
<true/>

Back to top

DnsOverHttpsMode

Control the mode of DNS-over-HTTPS

Supported versions:

  • On Windows and macOS since 83 or later

Description

Control the mode of the DNS-over-HTTPS resolver. Note that this policy will only set the default mode for each query. The mode can be overridden for special types of queries such as requests to resolve a DNS-over-HTTPS server hostname.

The "off" mode will disable DNS-over-HTTPS.

The "automatic" mode will send DNS-over-HTTPS queries first if a DNS-over-HTTPS server is available and may fallback to sending insecure queries on error.

The "secure" mode will only send DNS-over-HTTPS queries and will fail to resolve on error.

If you don't configure this policy, the browser might send DNS-over-HTTPS requests to a resolver associated with the user's configured system resolver.

Policy options mapping:

  • off (off) = Disable DNS-over-HTTPS

  • automatic (automatic) = Enable DNS-over-HTTPS with insecure fallback

  • secure (secure) = Enable DNS-over-HTTPS without insecure fallback

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DnsOverHttpsMode
  • GP name: Control the mode of DNS-over-HTTPS
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DnsOverHttpsMode
  • Value Type: REG_SZ
Example value:
"off"

Mac information and settings

  • Preference Key Name: DnsOverHttpsMode
  • Example value:
<string>off</string>

Back to top

DnsOverHttpsTemplates

Specify URI template of desired DNS-over-HTTPS resolver

Supported versions:

  • On Windows and macOS since 83 or later

Description

The URI template of the desired DNS-over-HTTPS resolver. To specify multiple DNS-over-HTTPS resolvers, separate the corresponding URI templates with spaces.

If you set DnsOverHttpsMode to "secure" then this policy must be set and cannot be empty.

If you set DnsOverHttpsMode to "automatic" and this policy is set then the URI templates specified will be used. If you don't set this policy, then hardcoded mappings will be used to attempt to upgrade the user's current DNS resolver to a DoH resolver operated by the same provider.

If the URI template contains a dns variable, requests to the resolver will use GET; otherwise requests will use POST.

Incorrectly formatted templates will be ignored.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DnsOverHttpsTemplates
  • GP name: Specify URI template of desired DNS-over-HTTPS resolver
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DnsOverHttpsTemplates
  • Value Type: REG_SZ
Example value:
"https://dns.example.net/dns-query{?dns}"

Mac information and settings

  • Preference Key Name: DnsOverHttpsTemplates
  • Example value:
<string>https://dns.example.net/dns-query{?dns}</string>

Back to top

DoNotSilentlyBlockProtocolsFromOrigins

Define a list of protocols that can not be silently blocked by anti-flood protection

Supported versions:

  • On Windows and macOS since 99 or later

Description

Allows you to create a list of protocols, and for each protocol an associated list of allowed origin patterns. These origins won't be silently blocked from launching an external application by anti-flood protection. The trailing separator shouldn't be included when listing the protocol. For example, list "skype" instead of "skype:" or "skype://".

If you configure this policy, a protocol will only be permitted to bypass being silently blocked by anti-flood protection if:

  • the protocol is listed

  • the origin of the site trying to launch the protocol matches one of the origin patterns in that protocol's allowed_origins list.

If either condition is false, the external protocol launch may be blocked by anti-flood protection.

If you don't configure this policy, no protocols can bypass being silently blocked.

The origin matching patterns use a similar format to those for the URLBlocklist policy, that are documented at https://go.microsoft.com/fwlink/?linkid=2095322.

However, origin matching patterns for this policy cannot contain "/path" or "@query" elements. Any pattern that does contain a "/path" or "@query" element will be ignored.

This policy doesn't work as expected with file://* wildcards.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DoNotSilentlyBlockProtocolsFromOrigins
  • GP name: Define a list of protocols that can not be silently blocked by anti-flood protection
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DoNotSilentlyBlockProtocolsFromOrigins
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\DoNotSilentlyBlockProtocolsFromOrigins = [
  {
    "allowed_origins": [
      "example.com",
      "http://www.example.com:8080"
    ],
    "protocol": "spotify"
  },
  {
    "allowed_origins": [
      "https://example.com",
      "https://.mail.example.com"
    ],
    "protocol": "msteams"
  },
  {
    "allowed_origins": [
      "*"
    ],
    "protocol": "msoutlook"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\DoNotSilentlyBlockProtocolsFromOrigins = [{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "msteams"}, {"allowed_origins": ["*"], "protocol": "msoutlook"}]

Mac information and settings

  • Preference Key Name: DoNotSilentlyBlockProtocolsFromOrigins
  • Example value:
<key>DoNotSilentlyBlockProtocolsFromOrigins</key>
<array>
  <dict>
    <key>allowed_origins</key>
    <array>
      <string>example.com</string>
      <string>http://www.example.com:8080</string>
    </array>
    <key>protocol</key>
    <string>spotify</string>
  </dict>
  <dict>
    <key>allowed_origins</key>
    <array>
      <string>https://example.com</string>
      <string>https://.mail.example.com</string>
    </array>
    <key>protocol</key>
    <string>msteams</string>
  </dict>
  <dict>
    <key>allowed_origins</key>
    <array>
      <string>*</string>
    </array>
    <key>protocol</key>
    <string>msoutlook</string>
  </dict>
</array>

Back to top

DoubleClickCloseTabEnabled

Double Click feature in Microsoft Edge enabled (only available in China)

Supported versions:

  • On Windows and macOS since 104 or later

Description

This policy lets you configure the double click feature in Microsoft Edge.

Double Click lets users close a tab by double clicking the left mouse button.

If you enable or don't configure this policy, you can use the double click feature to close a tab on Microsoft Edge to start using this feature.

If you disable this policy, you can't use the double click feature in Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DoubleClickCloseTabEnabled
  • GP name: Double Click feature in Microsoft Edge enabled (only available in China)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: DoubleClickCloseTabEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: DoubleClickCloseTabEnabled
  • Example value:
<true/>

Back to top

DownloadDirectory

Set download directory

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configures the directory to use when downloading files.

If you enable this policy, Microsoft Edge uses the provided directory regardless of whether the user has specified one or chosen to be prompted for download location every time. See https://go.microsoft.com/fwlink/?linkid=2095041 for a list of variables that can be used.

If you disable or don't configure this policy, the default download directory is used, and the user can change it.

If you set an invalid path, Microsoft Edge will default to the user's default download directory.

If the folder specified by the path doesn't exist, the download will trigger a prompt that asks the user where they want to save their download.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DownloadDirectory
  • GP name: Set download directory
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: DownloadDirectory
  • Value Type: REG_SZ
Example value:
"\n        Linux-based OSes (including Mac): /home/${user_name}/Downloads\n        Windows: C:\\Users\\${user_name}\\Downloads"

Mac information and settings

  • Preference Key Name: DownloadDirectory
  • Example value:
<string>
        Linux-based OSes (including Mac): /home/${user_name}/Downloads
        Windows: C:\Users\${user_name}\Downloads</string>

Back to top

DownloadRestrictions

Allow download restrictions

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configures the type of downloads that Microsoft Edge completely blocks, without letting users override the security decision.

Set 'BlockDangerousDownloads' to allow all downloads except for those that carry Microsoft Defender SmartScreen warnings of known dangerous downloads or that have dangerous file type extensions.

Set 'BlockPotentiallyDangerousDownloads' to allow all downloads except for those that carry Microsoft Defender SmartScreen warnings of potentially dangerous or unwanted downloads or that have dangerous file type extensions.

Set 'BlockAllDownloads' to block all downloads.

Set 'BlockMaliciousDownloads' to allow all downloads except for those that carry Microsoft Defender SmartScreen warnings of known malicious downloads.

If you don't configure this policy or set the 'DefaultDownloadSecurity' option, the downloads go through the usual security restrictions based on Microsoft Defender SmartScreen analysis results.

Note that these restrictions apply to downloads from web page content, as well as the 'download link...' context menu option. These restrictions don't apply to saving or downloading the currently displayed page, nor do they apply to the Save as PDF option from the printing options.

See https://go.microsoft.com/fwlink/?linkid=2094934 for more info on Microsoft Defender SmartScreen.

Policy options mapping:

  • DefaultDownloadSecurity (0) = No special restrictions

  • BlockDangerousDownloads (1) = Block malicious downloads and dangerous file types

  • BlockPotentiallyDangerousDownloads (2) = Block potentially dangerous or unwanted downloads and dangerous file types

  • BlockAllDownloads (3) = Block all downloads

  • BlockMaliciousDownloads (4) = Block malicious downloads

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: DownloadRestrictions
  • GP name: Allow download restrictions
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: DownloadRestrictions
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: DownloadRestrictions
  • Example value:
<integer>2</integer>

Back to top

Edge3PSerpTelemetryEnabled

Edge 3P SERP Telemetry Enabled

Supported versions:

  • On Windows since 120 or later

Description

Edge3P Telemetry in Microsoft Edge captures the searches user does on third party search providers without identifying the person or the device and captures only if the user has consented to this collection of data. User can turn off the collection at any time in the browser settings.

If you enable or don't configure this policy, Edge 3P SERP Telemetry feature will be enabled.

If you disable this policy, Edge 3P SERP Telemetry feature will be disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: Edge3PSerpTelemetryEnabled
  • GP name: Edge 3P SERP Telemetry Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: Edge3PSerpTelemetryEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

EdgeAssetDeliveryServiceEnabled

Allow features to download assets from the Asset Delivery Service

Supported versions:

  • On Windows and macOS since 101 or later

Description

The Asset Delivery Service is a general pipeline used to deliver assets to the Microsoft Edge Clients. These assets can be config files or Machine Learning models that power the features that use this service.

If you enable or don't configure this policy, features can download assets from the Asset Delivery Service.

If you disable this policy, features won't be able to download assets needed for them to run correctly.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeAssetDeliveryServiceEnabled
  • GP name: Allow features to download assets from the Asset Delivery Service
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: EdgeAssetDeliveryServiceEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: EdgeAssetDeliveryServiceEnabled
  • Example value:
<false/>

Back to top

EdgeCollectionsEnabled

Enable the Collections feature

Supported versions:

  • On Windows and macOS since 78 or later

Description

Lets you allow users to access the Collections feature, where they can collect, organize, share, and export content more efficiently and with Office integration.

If you enable or don't configure this policy, users can access and use the Collections feature in Microsoft Edge.

If you disable this policy, users can't access and use Collections in Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeCollectionsEnabled
  • GP name: Enable the Collections feature
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeCollectionsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeCollectionsEnabled
  • Example value:
<true/>

Back to top

EdgeDiscoverEnabled

Discover feature In Microsoft Edge (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 105.

Supported versions:

  • On Windows and macOS since 97, until 105

Description

This policy doesn't work because Discover is now contained within the Edge Sidebar and can be managed using the HubsSidebarEnabled policy.

This policy lets you configure the Discover feature in Microsoft Edge.

Working in the background when enabled, this feature sends URLs to Microsoft Bing to search for related recommendations.

If you enable or don't configure this policy, you can use the Discover button on Microsoft Edge to start using this feature.

If you disable this policy, you can't use the Discover feature in Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeDiscoverEnabled
  • GP name: Discover feature In Microsoft Edge (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: EdgeDiscoverEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeDiscoverEnabled
  • Example value:
<true/>

Back to top

EdgeEDropEnabled

Enable Drop feature in Microsoft Edge

Supported versions:

  • On Windows and macOS since 104 or later

Description

This policy lets you configure the Drop feature in Microsoft Edge.

Drop lets users send messages or files to themselves.

If you enable or don't configure this policy, you can use the Drop feature in Microsoft Edge.

If you disable this policy, you can't use the Drop feature in Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeEDropEnabled
  • GP name: Enable Drop feature in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeEDropEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeEDropEnabled
  • Example value:
<true/>

Back to top

EdgeEnhanceImagesEnabled

Enhance images enabled (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 121.

Supported versions:

  • On Windows and macOS since 97, until 121

Description

The enhance images feature is deprecated and starting in 122 this policy will be removed. Set whether Microsoft Edge can automatically enhance images to show you sharper images with better color, lighting, and contrast.

If you enable this policy or don't configure the policy, Microsoft Edge will automatically enhance images on specific web applications.

If you disable this policy, Microsoft Edge will not enhance images.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeEnhanceImagesEnabled
  • GP name: Enhance images enabled (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeEnhanceImagesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeEnhanceImagesEnabled
  • Example value:
<true/>

Back to top

EdgeFollowEnabled

Enable Follow service in Microsoft Edge

Supported versions:

  • On Windows and macOS since 98 or later

Description

Allows the Microsoft Edge browser to enable Follow service and apply it to users.

Users can use the Follow an influencer, site, or topic in Microsoft Edge..

If you enable or don't configure this policy, Follow in Microsoft Edge can be applied.

If you disable this policy, Microsoft Edge will not communicate with Follow service to provide the follow feature.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeFollowEnabled
  • GP name: Enable Follow service in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeFollowEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeFollowEnabled
  • Example value:
<true/>

Back to top

EdgeOpenInSidebarEnabled

Enable open in sidebar

Supported versions:

  • On Windows and macOS since 122 or later

Description

Allow/Disallow user open a website or an app to the sidebar.

If you enable or don't configure this policy, users will be able to access the feature. If you disable this policy, users will not be able to access the feature.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeOpenInSidebarEnabled
  • GP name: Enable open in sidebar
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeOpenInSidebarEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeOpenInSidebarEnabled
  • Example value:
<true/>

Back to top

EdgeShoppingAssistantEnabled

Shopping in Microsoft Edge Enabled

Supported versions:

  • On Windows and macOS since 87 or later

Description

This policy lets users compare the prices of a product they are looking at, get coupons or rebates from the website they're on, auto-apply coupons and help checkout faster using autofill data.

If you enable or don't configure this policy, shopping features such as price comparison, coupons, rebates and express checkout will be automatically applied for retail domains. Coupons for the current retailer and prices from other retailers will be fetched from a server.

If you disable this policy shopping features such as price comparison, coupons, rebates and express checkout will not be automatically found for retail domains.

Starting in version 90.0.818.56, the behavior of the messaging letting users know that there is a coupon, rebate, price comparison or price history available on shopping domains is also done through a horizontal banner below the address bar. Previously this messaging was done on the address bar.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeShoppingAssistantEnabled
  • GP name: Shopping in Microsoft Edge Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: EdgeShoppingAssistantEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeShoppingAssistantEnabled
  • Example value:
<true/>

Back to top

EdgeSidebarCustomizeEnabled

Enable sidebar customize

Supported versions:

  • On Windows and macOS since 122 or later

Description

Allow/Disallow to use sidebar customize.

If you enable or don't configure this policy, users will be able to access sidebar customize. If you disable this policy, users will not be able to access the sidebar customize.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeSidebarCustomizeEnabled
  • GP name: Enable sidebar customize
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EdgeSidebarCustomizeEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeSidebarCustomizeEnabled
  • Example value:
<true/>

Back to top

EdgeWalletCheckoutEnabled

Enable Wallet Checkout feature

Supported versions:

  • On Windows since 114 or later

Description

Enables Wallet Checkout feature in Microsoft Edge.

If you enable or don't configure this policy, users can choose whether to use wallet checkout while shopping on Microsoft Edge.

If you disable this policy, users can't use wallet checkout while shopping on Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeWalletCheckoutEnabled
  • GP name: Enable Wallet Checkout feature
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: EdgeWalletCheckoutEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

EdgeWalletEtreeEnabled

Edge Wallet E-Tree Enabled

Supported versions:

  • On Windows and macOS since 117 or later

Description

The Edge Wallet E-Tree feature in Microsoft Edge allows users to plant a E-Tree for their own.

If you enable or don't configure this policy, users can use the Edge Wallet E-Tree feature.

If you disable this policy, users can't use the Edge Wallet E-Tree feature.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EdgeWalletEtreeEnabled
  • GP name: Edge Wallet E-Tree Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: EdgeWalletEtreeEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EdgeWalletEtreeEnabled
  • Example value:
<true/>

Back to top

EditFavoritesEnabled

Allows users to edit favorites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enable this policy to let users add, remove, and modify favorites. This is the default behavior if you don't configure the policy.

Disable this policy to stop users from adding, removing, or modifying favorites. They can still use existing favorites.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EditFavoritesEnabled
  • GP name: Allows users to edit favorites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EditFavoritesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: EditFavoritesEnabled
  • Example value:
<false/>

Back to top

EnableDeprecatedWebPlatformFeatures

Re-enable deprecated web platform features for a limited time (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 86.

Supported versions:

  • On Windows and macOS since 77, until 86

Description

This policy is obsolete because dedicated web platform policies are now used to manage individual web platform feature deprecations.

Specify a list of deprecated web platform features to temporarily re-enable.

This policy lets you re-enable deprecated web platform features for a limited time. Features are identified by a string tag.

If you don't configure this policy, if the list is empty, or if a feature doesn't match one of the supported string tags, all deprecated web platform features remain disabled.

While the policy itself is supported on the above platforms, the feature it's enabling might not be available on all of those platforms. Not all deprecated Web Platform features can be re-enabled. Only those explicitly listed below can be re-enabled, and only for a limited period of time, which differs per feature. You can review the intent behind the Web Platform feature changes at https://bit.ly/blinkintents.

The general format of the string tag is [DeprecatedFeatureName]_EffectiveUntil[yyyymmdd].

Policy options mapping:

  • ExampleDeprecatedFeature (ExampleDeprecatedFeature_EffectiveUntil20080902) = Enable ExampleDeprecatedFeature API through 2008/09/02

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnableDeprecatedWebPlatformFeatures
  • GP name: Re-enable deprecated web platform features for a limited time (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\EnableDeprecatedWebPlatformFeatures
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\EnableDeprecatedWebPlatformFeatures\1 = "ExampleDeprecatedFeature_EffectiveUntil20080902"

Mac information and settings

  • Preference Key Name: EnableDeprecatedWebPlatformFeatures
  • Example value:
<array>
  <string>ExampleDeprecatedFeature_EffectiveUntil20080902</string>
</array>

Back to top

EnableDomainActionsDownload

Enable Domain Actions Download from Microsoft (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 84.

Supported versions:

  • On Windows and macOS since 77, until 84

Description

This policy doesn't work because conflicting states should be avoided. This policy was used to enable/disable download of the domain actions list, but it didn't always achieve the desired state. The Experimentation and Configuration Service, which handles the download, has its own policy to configure what is downloaded from the service. Use the ExperimentationAndConfigurationServiceControl policy instead.

In Microsoft Edge, Domain Actions represent a series of compatibility features that help the browser work correctly on the web.

Microsoft keeps a list of actions to take on certain domains for compatibility reasons. For example, the browser may override the User Agent string on a website if that website is broken due to the new User Agent string on Microsoft Edge. Each of these actions is intended to be temporary while Microsoft tries to resolve the issue with the site owner.

When the browser starts up and then periodically afterwards, the browser will contact the Experimentation and Configuration Service that contains the most up to date list of compatibility actions to perform. This list is saved locally after it is first retrieved so that subsequent requests will only update the list if the server's copy has changed.

If you enable this policy, the list of Domain Actions will continue to be downloaded from the Experimentation and Configuration Service.

If you disable this policy, the list of Domain Actions will no longer be downloaded from the Experimentation and Configuration Service.

If you don't configure this policy, the list of Domain Actions will continue to be downloaded from the Experimentation and Configuration Service.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnableDomainActionsDownload
  • GP name: Enable Domain Actions Download from Microsoft (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnableDomainActionsDownload
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EnableDomainActionsDownload
  • Example value:
<true/>

Back to top

EnableOnlineRevocationChecks

Enable online OCSP/CRL checks

Supported versions:

  • On Windows and macOS since 77 or later

Description

Online revocation checks don't provide a significant security benefit and are disabled by default.

If you enable this policy, Microsoft Edge will perform soft-fail, online OCSP/CRL checks. "Soft fail" means that if the revocation server can't be reached, the certificate will be considered valid.

If you disable the policy or don't configure it, Microsoft Edge won't perform online revocation checks.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnableOnlineRevocationChecks
  • GP name: Enable online OCSP/CRL checks
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnableOnlineRevocationChecks
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: EnableOnlineRevocationChecks
  • Example value:
<false/>

Back to top

EnableSha1ForLocalAnchors

Allow certificates signed using SHA-1 when issued by local trust anchors (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 91.

Supported versions:

  • On Windows and macOS since 85, until 91

Description

When this setting is enabled, Microsoft Edge allows connections secured by SHA-1 signed certificates so long as the the certificate chains to a locally-installed root certificate and is otherwise valid.

Note that this policy depends on the operating system (OS) certificate verification stack allowing SHA-1 signatures. If an OS update changes the OS handling of SHA-1 certificates, this policy might no longer have effect. Further, this policy is intended as a temporary workaround to give enterprises more time to move away from SHA-1. This policy will be removed in Microsoft Edge 92 releasing in mid 2021.

If you don't set this policy or set it to false, or the SHA-1 certificate chains to a publicly trusted certificate root, then Microsoft Edge won't allow certificates signed by SHA-1.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnableSha1ForLocalAnchors
  • GP name: Allow certificates signed using SHA-1 when issued by local trust anchors (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnableSha1ForLocalAnchors
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: EnableSha1ForLocalAnchors
  • Example value:
<false/>

Back to top

EncryptedClientHelloEnabled

TLS Encrypted ClientHello Enabled

Supported versions:

  • On Windows and macOS since 108 or later

Description

Encrypted ClientHello (ECH) is an extension to TLS that encrypts the sensitive fields of ClientHello to improve privacy.

If ECH is enabled, Microsoft Edge might or might not use ECH depending on server support, the availability of the HTTPS DNS record, or the rollout status.

If you enable or do not configure this policy, Microsoft Edge will follow the default rollout process for ECH.

If this policy is disabled, Microsoft Edge will not enable ECH.

Because ECH is an evolving protocol, Microsoft Edge's implementation is subject to change.

As such, this policy is a temporary measure to control the initial experimental implementation. It will be replaced with final controls as the protocol finalizes.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EncryptedClientHelloEnabled
  • GP name: TLS Encrypted ClientHello Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EncryptedClientHelloEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EncryptedClientHelloEnabled
  • Example value:
<true/>

Back to top

EnforceLocalAnchorConstraintsEnabled

Determines whether the built-in certificate verifier will enforce constraints encoded into trust anchors loaded from the platform trust store (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 113 or later

Description

X.509 certificates may encode constraints, such as Name Constraints, in extensions in the certificate. RFC 5280 specifies that enforcing such constraints on trust anchor certificates is optional.

Starting in Microsoft Edge 112, such constraints in certificates loaded from the platform certificate store will now be enforced.

This policy exists as a temporary opt-out in case an enterprise encounters issues with the constraints encoded in their private roots. In that case this policy may be used to temporarily disable enforcement of the constraints while correcting the certificate issues.

If you enable this policy or don't configure it, Microsoft Edge will enforce constraints encoded into trust anchors loaded from the platform trust store.

If you disable this policy, Microsoft Edge will not enforce constraints encoded into trust anchors loaded from the platform trust store.

This policy has no effect if the MicrosoftRootStoreEnabled policy is disabled.

This policy is planned to be removed in Microsoft Edge version 118.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnforceLocalAnchorConstraintsEnabled
  • GP name: Determines whether the built-in certificate verifier will enforce constraints encoded into trust anchors loaded from the platform trust store (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnforceLocalAnchorConstraintsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: EnforceLocalAnchorConstraintsEnabled
  • Example value:
<false/>

Back to top

EnhanceSecurityMode

Enhance the security state in Microsoft Edge

Supported versions:

  • On Windows and macOS since 98 or later

Description

This policy lets you enhance the security state in Microsoft Edge.

If you set this policy to 'StandardMode', the enhanced mode will be turned off and Microsoft Edge will fallback to its standard security mode.

If you set this policy to 'BalancedMode', the security state will be in balanced mode.

If you set this policy to 'StrictMode', the security state will be in strict mode.

If you set this policy to 'BasicMode', the security state will be in basic mode.

Note: Sites that use WebAssembly (WASM) are not supported on 32-bit systems when EnhanceSecurityMode is enabled. If you require access to a site that uses WASM, consider adding it to your exception list as described in https://go.microsoft.com/fwlink/?linkid=2183321.

Starting in Microsoft Edge 113, 'BasicMode' is deprecated and is treated the same as 'BalancedMode'. It won't work in Microsoft Edge version 116.

For detailed information about Enhanced Security Mode, see https://go.microsoft.com/fwlink/?linkid=2185895

Policy options mapping:

  • StandardMode (0) = Standard mode

  • BalancedMode (1) = Balanced mode

  • StrictMode (2) = Strict mode

  • BasicMode (3) = (Deprecated) Basic mode

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnhanceSecurityMode
  • GP name: Enhance the security state in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnhanceSecurityMode
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: EnhanceSecurityMode
  • Example value:
<integer>0</integer>

Back to top

EnhanceSecurityModeAllowUserBypass

Allow users to bypass Enhanced Security Mode

Supported versions:

  • On Windows since 122 or later

Description

Microsoft Edge will let users bypass Enhanced Security Mode on a site via Settings page or PageInfo flyout. This policy lets you configure whether users can bypass Enhanced Security Mode.

If you disable this policy, Microsoft Edge won't allow users to bypass Enhanced Security Mode.

If you enable or don't configure this policy, Microsoft Edge will allow users to bypass Enhanced Security Mode.

For detailed information about Enhanced Security Mode, see https://go.microsoft.com/fwlink/?linkid=2185895

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnhanceSecurityModeAllowUserBypass
  • GP name: Allow users to bypass Enhanced Security Mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnhanceSecurityModeAllowUserBypass
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

EnhanceSecurityModeBypassIntranet

Enhanced Security Mode configuration for Intranet zone sites

Supported versions:

  • On Windows since 107 or later

Description

Microsoft Edge will apply Enhanced Security Mode on Intranet zone sites by default. This may lead to Intranet zone sites acting in an unexpected manner.

If you enable this policy, Microsoft Edge won't apply Enhanced Security Mode on Intranet zone sites.

If you disable or don't configure this policy, Microsoft Edge will apply Enhanced Security Mode on Intranet zone sites.

For detailed information about Enhanced Security Mode, see https://go.microsoft.com/fwlink/?linkid=2185895

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnhanceSecurityModeBypassIntranet
  • GP name: Enhanced Security Mode configuration for Intranet zone sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnhanceSecurityModeBypassIntranet
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

EnhanceSecurityModeBypassListDomains

Configure the list of domains for which enhance security mode will not be enforced

Supported versions:

  • On Windows and macOS since 98 or later

Description

Configure the list of enhance security trusted domains. This means that enhance security mode will not be enforced when loading the sites in trusted domains.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnhanceSecurityModeBypassListDomains
  • GP name: Configure the list of domains for which enhance security mode will not be enforced
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\EnhanceSecurityModeBypassListDomains
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\EnhanceSecurityModeBypassListDomains\1 = "mydomain.com"
SOFTWARE\Policies\Microsoft\Edge\EnhanceSecurityModeBypassListDomains\2 = "myuniversity.edu"

Mac information and settings

  • Preference Key Name: EnhanceSecurityModeBypassListDomains
  • Example value:
<array>
  <string>mydomain.com</string>
  <string>myuniversity.edu</string>
</array>

Back to top

EnhanceSecurityModeEnforceListDomains

Configure the list of domains for which enhance security mode will always be enforced

Supported versions:

  • On Windows and macOS since 98 or later

Description

Configure the list of enhance security untrusted domains. This means that enhance security mode will always be enforced when loading the sites in untrusted domains.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnhanceSecurityModeEnforceListDomains
  • GP name: Configure the list of domains for which enhance security mode will always be enforced
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\EnhanceSecurityModeEnforceListDomains
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\EnhanceSecurityModeEnforceListDomains\1 = "mydomain.com"
SOFTWARE\Policies\Microsoft\Edge\EnhanceSecurityModeEnforceListDomains\2 = "myuniversity.edu"

Mac information and settings

  • Preference Key Name: EnhanceSecurityModeEnforceListDomains
  • Example value:
<array>
  <string>mydomain.com</string>
  <string>myuniversity.edu</string>
</array>

Back to top

EnhanceSecurityModeIndicatorUIEnabled

Manage the indicator UI of the Enhanced Security Mode (ESM) feature in Microsoft Edge

Supported versions:

  • On Windows and macOS since 115 or later

Description

This policy lets you manage whether the indicator User Interface (UI) for enhanced security mode is shown or not when ESM is turned on.

If you enable or don't configure this policy, the indicator UI is on.

If you disable this policy, the indicator UI is off.

Note: If this policy is used, only the indicator User Interface experience is supressed - ESM is still turned on. For more information, see the EnhanceSecurityMode policy.

For detailed information about Enhanced Security Mode, see https://go.microsoft.com/fwlink/?linkid=2185895

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnhanceSecurityModeIndicatorUIEnabled
  • GP name: Manage the indicator UI of the Enhanced Security Mode (ESM) feature in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnhanceSecurityModeIndicatorUIEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EnhanceSecurityModeIndicatorUIEnabled
  • Example value:
<true/>

Back to top

EnhanceSecurityModeOptOutUXEnabled

Manage opt-out user experience for Enhanced Security Mode (ESM) in Microsoft Edge

Supported versions:

  • On Windows and macOS since 115 or later

Description

This policy lets you manage whether the opt-out user experience for enhanced security mode is presented when ESM is turned on for Microsoft Edge.

If you enable or don't configure this policy, the UI for the opt-out user experience is on.

If you disable this policy, the UI for the opt-out user experience is off.

Note: If this policy is used, only the User Interface for the opt-out experience is supressed - ESM is still turned on. For more information, see the EnhanceSecurityMode policy.

For detailed information about Enhanced Security Mode, see https://go.microsoft.com/fwlink/?linkid=2185895

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnhanceSecurityModeOptOutUXEnabled
  • GP name: Manage opt-out user experience for Enhanced Security Mode (ESM) in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnhanceSecurityModeOptOutUXEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EnhanceSecurityModeOptOutUXEnabled
  • Example value:
<true/>

Back to top

EnterpriseHardwarePlatformAPIEnabled

Allow managed extensions to use the Enterprise Hardware Platform API

Supported versions:

  • On Windows and macOS since 78 or later

Description

When this policy is set to enabled, extensions installed by enterprise policy are allowed to use the Enterprise Hardware Platform API. When this policy is set to disabled or isn't set, no extensions are allowed to use the Enterprise Hardware Platform API. This policy also applies to component extensions.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnterpriseHardwarePlatformAPIEnabled
  • GP name: Allow managed extensions to use the Enterprise Hardware Platform API
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnterpriseHardwarePlatformAPIEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EnterpriseHardwarePlatformAPIEnabled
  • Example value:
<true/>

Back to top

EnterpriseModeSiteListManagerAllowed

Allow access to the Enterprise Mode Site List Manager tool

Supported versions:

  • On Windows since 86 or later

Description

Allows you to set whether Enterprise Mode Site List Manager is available to users.

If you enable this policy, users can see the Enterprise Mode Site List Manager nav button on edge://compat page, navigate to the tool and use it.

If you disable or don't configure this policy, users won't see the Enterprise Mode Site List Manager nav button and won't be able to use it.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EnterpriseModeSiteListManagerAllowed
  • GP name: Allow access to the Enterprise Mode Site List Manager tool
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EnterpriseModeSiteListManagerAllowed
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

EventPathEnabled

Re-enable the Event.path API until Microsoft Edge version 115 (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 115.

Supported versions:

  • On Windows and macOS since 107, until 115

Description

Starting in Microsoft Edge version 109, the non-standard API Event.path will be removed to improve web compatibility. This policy re-enables the API until version 115.

If you enable this policy, the Event.path API will be available.

If you disable this policy, the Event.path API will be unavailable.

If this policy is not set, the Event.path API will be in the following default states: available before version 109, and unavailable in version 109 to version 114.

This policy will be made obsolete after Microsoft Edge version 115.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: EventPathEnabled
  • GP name: Re-enable the Event.path API until Microsoft Edge version 115 (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: EventPathEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: EventPathEnabled
  • Example value:
<true/>

Back to top

ExemptDomainFileTypePairsFromFileTypeDownloadWarnings

Disable download file type extension-based warnings for specified file types on domains (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 109.

Supported versions:

  • On Windows and macOS since 85, until 109

Description

This policy has been obsoleted in favor of ExemptFileTypeDownloadWarnings because of a type mismatch that caused errors in Mac.

You can enable this policy to create a dictionary of file type extensions with a corresponding list of domains that will be exempted from file type extension-based download warnings. This lets enterprise administrators block file type extension-based download warnings for files that are associated with a listed domain. For example, if the "jnlp" extension is associated with "website1.com", users would not see a warning when downloading "jnlp" files from "website1.com", but see a download warning when downloading "jnlp" files from "website2.com".

Files with file type extensions specified for domains identified by this policy will still be subject to non-file type extension-based security warnings such as mixed-content download warnings and Microsoft Defender SmartScreen warnings.

If you disable this policy or don't configure it, file types that trigger extension-based download warnings will show warnings to the user.

If you enable this policy:

  • The URL pattern should be formatted according to https://go.microsoft.com/fwlink/?linkid=2095322.
  • The file type extension entered must be in lower-cased ASCII. The leading separator should not be included when listing the file type extension, so list "jnlp" should be used instead of ".jnlp".

Example:

The following example value would prevent file type extension-based download warnings on swf, exe, and jnlp extensions for *.contoso.com domains. It will show the user a file type extension-based download warning on any other domain for exe and jnlp files, but not for swf files.

[ { "file_extension": "jnlp", "domains": ["contoso.com"] }, { "file_extension": "exe", "domains": ["contoso.com"] }, { "file_extension": "swf", "domains": ["*"] } ]

Note that while the preceding example shows the suppression of file type extension-based download warnings for "swf" files for all domains, applying suppression of such warnings for all domains for any dangerous file type extension is not recommended due to security concerns. It is shown in the example merely to demonstrate the ability to do so.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
  • GP name: Disable download file type extension-based warnings for specified file types on domains (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings\1 = {"domains": ["https://contoso.com", "contoso2.com"], "file_extension": "jnlp"}
SOFTWARE\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings\2 = {"domains": ["*"], "file_extension": "swf"}

Mac information and settings

  • Preference Key Name: ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
  • Example value:
<array>
  <string>{'domains': ['https://contoso.com', 'contoso2.com'], 'file_extension': 'jnlp'}</string>
  <string>{'domains': ['*'], 'file_extension': 'swf'}</string>
</array>

Back to top

ExemptFileTypeDownloadWarnings

Disable download file type extension-based warnings for specified file types on domains

Supported versions:

  • On Windows and macOS since 105 or later

Description

You can enable this policy to create a dictionary of file type extensions with a corresponding list of domains that will be exempted from file type extension-based download warnings. This lets enterprise administrators block file type extension-based download warnings for files that are associated with a listed domain. For example, if the "jnlp" extension is associated with "website1.com", users would not see a warning when downloading "jnlp" files from "website1.com", but see a download warning when downloading "jnlp" files from "website2.com".

Files with file type extensions specified for domains identified by this policy will still be subject to non-file type extension-based security warnings such as mixed-content download warnings and Microsoft Defender SmartScreen warnings.

If you disable this policy or don't configure it, file types that trigger extension-based download warnings will show warnings to the user.

If you enable this policy:

  • The URL pattern should be formatted according to https://go.microsoft.com/fwlink/?linkid=2095322.
  • The file type extension entered must be in lower-cased ASCII. The leading separator should not be included when listing the file type extension, so list "jnlp" should be used instead of ".jnlp".

Example:

The following example value would prevent file type extension-based download warnings on swf, exe, and jnlp extensions for *.contoso.com domains. It will show the user a file type extension-based download warning on any other domain for exe and jnlp files, but not for swf files.

[ { "file_extension": "jnlp", "domains": ["contoso.com"] }, { "file_extension": "exe", "domains": ["contoso.com"] }, { "file_extension": "swf", "domains": ["*"] } ]

Note that while the preceding example shows the suppression of file type extension-based download warnings for "swf" files for all domains, applying suppression of such warnings for all domains for any dangerous file type extension is not recommended due to security concerns. It is shown in the example merely to demonstrate the ability to do so.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExemptFileTypeDownloadWarnings
  • GP name: Disable download file type extension-based warnings for specified file types on domains
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ExemptFileTypeDownloadWarnings
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ExemptFileTypeDownloadWarnings = [
  {
    "domains": [
      "https://contoso.com",
      "contoso2.com"
    ],
    "file_extension": "jnlp"
  },
  {
    "domains": [
      "*"
    ],
    "file_extension": "swf"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\ExemptFileTypeDownloadWarnings = [{"domains": ["https://contoso.com", "contoso2.com"], "file_extension": "jnlp"}, {"domains": ["*"], "file_extension": "swf"}]

Mac information and settings

  • Preference Key Name: ExemptFileTypeDownloadWarnings
  • Example value:
<key>ExemptFileTypeDownloadWarnings</key>
<array>
  <dict>
    <key>domains</key>
    <array>
      <string>https://contoso.com</string>
      <string>contoso2.com</string>
    </array>
    <key>file_extension</key>
    <string>jnlp</string>
  </dict>
  <dict>
    <key>domains</key>
    <array>
      <string>*</string>
    </array>
    <key>file_extension</key>
    <string>swf</string>
  </dict>
</array>

Back to top

ExperimentationAndConfigurationServiceControl

Control communication with the Experimentation and Configuration Service

Supported versions:

  • On Windows and macOS since 77 or later

Description

The Experimentation and Configuration Service is used to deploy Experimentation and Configuration payloads to the client.

Experimentation payload consists of a list of early in development features that Microsoft is enabling for testing and feedback.

Configuration payload consists of a list of recommended settings that Microsoft wants to deploy to optimize the user experience.

Configuration payload may also contain a list of actions to take on certain domains for compatibility reasons. For example, the browser may override the User Agent string on a website if that website is broken. Each of these actions is intended to be temporary while Microsoft tries to resolve the issue with the site owner.

If you set this policy to 'FullMode', the full payload is downloaded from the Experimentation and Configuration Service. This includes both the experimentation and configuration payloads.

If you set this policy to 'ConfigurationsOnlyMode', only the configuration payload is downloaded.

If you set this policy to 'RestrictedMode', the communication with the Experimentation and Configuration Service is stopped completely. Microsoft does not recommend this setting.

If you don't configure this policy on a managed device, the behavior on Beta and Stable channels is the same as the 'ConfigurationsOnlyMode'. On Canary and Dev channels the behavior is the same as 'FullMode'.

If you don't configure this policy on an unmanaged device, the behavior is the same as the 'FullMode'.

Policy options mapping:

  • FullMode (2) = Retrieve configurations and experiments

  • ConfigurationsOnlyMode (1) = Retrieve configurations only

  • RestrictedMode (0) = Disable communication with the Experimentation and Configuration Service

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExperimentationAndConfigurationServiceControl
  • GP name: Control communication with the Experimentation and Configuration Service
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ExperimentationAndConfigurationServiceControl
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: ExperimentationAndConfigurationServiceControl
  • Example value:
<integer>2</integer>

Back to top

ExplicitlyAllowedNetworkPorts

Explicitly allowed network ports

Supported versions:

  • On Windows and macOS since 91 or later

Description

There is a list of restricted ports built into Microsoft Edge. Connections to these ports will fail. This policy allows bypassing that list. The set of ports is defined as a comma-separated list that outgoing connections should be permitted on.

Ports are restricted to prevent Microsoft Edge from being used as a vector to exploit various network vulnerabilities. Setting this policy may expose your network to attacks. This policy is intended as a temporary workaround for error code "ERR_UNSAFE_PORT" while migrating a service running on a blocked port to a standard port (for example port 80 or 443).

Malicious websites can easily detect that this policy is set, and for which ports, then use that information to target attacks.

Each port listed in this policy is labeled with a date that it can be unblocked until. After that date the port will be restricted regardless of if it's specified by the value of this policy.

Leaving the value empty or unset means that all restricted ports will be blocked. Invalid port values set through this policy will be ignored while valid ones will still be applied.

This policy overrides the "--explicitly-allowed-ports" command-line option.

Policy options mapping:

  • 554 (554) = port 554 (can be unblocked until 2021/10/15)

  • 10080 (10080) = port 10080 (can be unblocked until 2022/04/01)

  • 6566 (6566) = port 6566 (can be unblocked until 2021/10/15)

  • 989 (989) = port 989 (can be unblocked until 2022/02/01)

  • 990 (990) = port 990 (can be unblocked until 2022/02/01)

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExplicitlyAllowedNetworkPorts
  • GP name: Explicitly allowed network ports
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ExplicitlyAllowedNetworkPorts
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ExplicitlyAllowedNetworkPorts\1 = "10080"

Mac information and settings

  • Preference Key Name: ExplicitlyAllowedNetworkPorts
  • Example value:
<array>
  <string>10080</string>
</array>

Back to top

ExternalProtocolDialogShowAlwaysOpenCheckbox

Show an "Always open" checkbox in external protocol dialog

Supported versions:

  • On Windows and macOS since 79 or later

Description

This policy controls whether the "Always allow this site to open links of this type" checkbox is shown on external protocol launch confirmation prompts. This policy only applies to https:// links.

If you enable this policy, when an external protocol confirmation prompt is shown, the user can select "Always allow" to skip all future confirmation prompts for the protocol on this site.

If you disable this policy, the "Always allow" checkbox isn't displayed. The user will be prompted for confirmation every time an external protocol is invoked.

Prior to Microsoft Edge 83, if you don't configure this policy, the "Always allow" checkbox isn't displayed. The user will be prompted for confirmation every time an external protocol is invoked.

On Microsoft Edge 83, if you don't configure this policy, the checkbox visibility is controlled by the "Enable remembering protocol launch prompting preferences" flag in edge://flags

As of Microsoft Edge 84, if you don't configure this policy, when an external protocol confirmation prompt is shown, the user can select "Always allow" to skip all future confirmation prompts for the protocol on this site.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ExternalProtocolDialogShowAlwaysOpenCheckbox
  • GP name: Show an "Always open" checkbox in external protocol dialog
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ExternalProtocolDialogShowAlwaysOpenCheckbox
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ExternalProtocolDialogShowAlwaysOpenCheckbox
  • Example value:
<true/>

Back to top

FamilySafetySettingsEnabled

Allow users to configure Family safety and Kids Mode

Supported versions:

  • On Windows and macOS since 83 or later

Description

This policy disables two family safety related features in the browser. This will hide the Family page inside Settings and navigation to edge://settings/family will be blocked. The family settings page describes what features are available with family groups with Microsoft Family Safety. Learn more about Family Safety here: (https://go.microsoft.com/fwlink/?linkid=2098432). Starting in Microsoft Edge 90, this policy also disables Kids Mode, a kid friendly browsing mode with custom themes and allow list browsing that requires the device password to exit. Learn more about Kids Mode here: (https://go.microsoft.com/fwlink/?linkid=2146910)

If you enable this policy or don't configure it, the family page in Settings will be shown and Kids Mode will be available.

If you disable this policy, the family page will not be shown, and Kids Mode will be hidden.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: FamilySafetySettingsEnabled
  • GP name: Allow users to configure Family safety and Kids Mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: FamilySafetySettingsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: FamilySafetySettingsEnabled
  • Example value:
<true/>

Back to top

FavoritesBarEnabled

Enable favorites bar

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enables or disables the favorites bar.

If you enable this policy, users will see the favorites bar.

If you disable this policy, users won't see the favorites bar.

If this policy is not configured, then the user can decide to use the favorites bar or not.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: FavoritesBarEnabled
  • GP name: Enable favorites bar
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: FavoritesBarEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: FavoritesBarEnabled
  • Example value:
<true/>

Back to top

FetchKeepaliveDurationSecondsOnShutdown

Fetch keepalive duration on shutdown

Supported versions:

  • On Windows and macOS since 90 or later

Description

Controls the duration (in seconds) that keepalive requests are allowed to prevent the browser from completing its shutdown.

If you configure this policy, the browser will block completing shutdown while it processes any outstanding keepalive requests (see https://fetch.spec.whatwg.org/#request-keepalive-flag) up to the maximum period of time specified by this policy.

If you disable or don't configure this policy, the default value of 0 seconds is used and outstanding keepalive requests will be immediately cancelled during browser shutdown.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: FetchKeepaliveDurationSecondsOnShutdown
  • GP name: Fetch keepalive duration on shutdown
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: FetchKeepaliveDurationSecondsOnShutdown
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: FetchKeepaliveDurationSecondsOnShutdown
  • Example value:
<integer>1</integer>

Back to top

FileOrDirectoryPickerWithoutGestureAllowedForOrigins

Allow file or directory picker APIs to be called without prior user gesture

Supported versions:

  • On Windows and macOS since 123 or later

Description

For security reasons, the showOpenFilePicker(), showSaveFilePicker() and showDirectoryPicker() web APIs require a prior user gesture ("transient activation") to be called or will otherwise fail.

If you enable this policy, admins can specify origins on which these APIs can be called without prior user gesture.

For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.

If you disable or don't configure this policy, all origins will require a prior user gesture to call these APIs.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: FileOrDirectoryPickerWithoutGestureAllowedForOrigins
  • GP name: Allow file or directory picker APIs to be called without prior user gesture
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\FileOrDirectoryPickerWithoutGestureAllowedForOrigins
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\FileOrDirectoryPickerWithoutGestureAllowedForOrigins\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\FileOrDirectoryPickerWithoutGestureAllowedForOrigins\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: FileOrDirectoryPickerWithoutGestureAllowedForOrigins
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

ForceBingSafeSearch

Enforce Bing SafeSearch

Supported versions:

  • On Windows and macOS since 77 or later

Description

Ensure that queries in Bing web search are done with SafeSearch set to the value specified. Users can't change this setting.

If you configure this policy to 'BingSafeSearchNoRestrictionsMode', SafeSearch in Bing search falls back to the bing.com value.

If you configure this policy to 'BingSafeSearchModerateMode', the moderate setting is used in SafeSearch. The moderate setting filters adult videos and images but not text from search results.

If you configure this policy to 'BingSafeSearchStrictMode', the strict setting in SafeSearch is used. The strict setting filters adult text, images, and videos.

If you disable this policy or don't configure it, SafeSearch in Bing search isn't enforced, and users can set the value they want on bing.com.

Policy options mapping:

  • BingSafeSearchNoRestrictionsMode (0) = Don't configure search restrictions in Bing

  • BingSafeSearchModerateMode (1) = Configure moderate search restrictions in Bing

  • BingSafeSearchStrictMode (2) = Configure strict search restrictions in Bing

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForceBingSafeSearch
  • GP name: Enforce Bing SafeSearch
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ForceBingSafeSearch
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ForceBingSafeSearch
  • Example value:
<integer>0</integer>

Back to top

ForceBuiltInPushMessagingClient

Forces Microsoft Edge to use its built-in WNS push client to connect to the Windows Push Notification Service.

Supported versions:

  • On Windows since 118 or later

Description

In some environments, the Windows OS client can't connect to the Windows Push Notification Service (WNS). For these environments, you can use the Microsoft Edge built-in WNS push client, which may be able to connect successfully.

If enabled, Microsoft Edge will use its built-in WNS push client to connect to WNS.

If disabled or not configured, Microsoft Edge will use the Windows OS client to connect to the Windows Push Notification Service. This is the default setting.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForceBuiltInPushMessagingClient
  • GP name: Forces Microsoft Edge to use its built-in WNS push client to connect to the Windows Push Notification Service.
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ForceBuiltInPushMessagingClient
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

ForceCertificatePromptsOnMultipleMatches

Configure whether Microsoft Edge should automatically select a certificate when there are multiple certificate matches for a site configured with "AutoSelectCertificateForUrls" (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 81 or later

Description

This policy is deprecated because we are moving to a new policy. It won't work in Microsoft Edge version 104. The new policy to use is PromptOnMultipleMatchingCertificates.

Toggles whether users are prompted to select a certificate if there are multiple certificates available and a site is configured with AutoSelectCertificateForUrls. If you don't configure AutoSelectCertificateForUrls for a site, the user will always be prompted to select a certificate.

If you set this policy to True, Microsoft Edge will prompt a user to select a certificate for sites on the list defined in AutoSelectCertificateForUrls if and only if there is more than one certificate.

If you set this policy to False or don't configure it, Microsoft Edge will automatically select a certificate even if there are multiple matches for a certificate. The user will not be prompted to select a certificate for sites on the list defined in AutoSelectCertificateForUrls.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForceCertificatePromptsOnMultipleMatches
  • GP name: Configure whether Microsoft Edge should automatically select a certificate when there are multiple certificate matches for a site configured with "AutoSelectCertificateForUrls" (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ForceCertificatePromptsOnMultipleMatches
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ForceCertificatePromptsOnMultipleMatches
  • Example value:
<true/>

Back to top

ForceEphemeralProfiles

Enable use of ephemeral profiles

Supported versions:

  • On Windows and macOS since 77 or later

Description

Controls whether user profiles are switched to ephemeral mode. An ephemeral profile is created when a session begins, is deleted when the session ends, and is associated with the user's original profile.

If you enable this policy, profiles run in ephemeral mode. This lets users work from their own devices without saving browsing data to those devices. If you enable this policy as an OS policy (by using GPO on Windows, for example), it applies to every profile on the system.

If you disable this policy or don't configure it, users get their regular profiles when they sign in to the browser.

In ephemeral mode, profile data is saved on disk only for the length of the user session. Features like browser history, extensions and their data, web data like cookies, and web databases aren't saved after the browser is closed. This doesn't prevent a user from manually downloading any data to disk, or from saving pages or printing them. If the user has enabled sync, all data is preserved in their sync accounts just like with regular profiles. Users can also use InPrivate browsing in ephemeral mode unless you explicitly disable this.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForceEphemeralProfiles
  • GP name: Enable use of ephemeral profiles
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ForceEphemeralProfiles
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ForceEphemeralProfiles
  • Example value:
<true/>

Back to top

ForceGoogleSafeSearch

Enforce Google SafeSearch

Supported versions:

  • On Windows and macOS since 77 or later

Description

Forces queries in Google Web Search to be performed with SafeSearch set to active, and prevents users from changing this setting.

If you enable this policy, SafeSearch in Google Search is always active.

If you disable this policy or don't configure it, SafeSearch in Google Search isn't enforced.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForceGoogleSafeSearch
  • GP name: Enforce Google SafeSearch
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ForceGoogleSafeSearch
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ForceGoogleSafeSearch
  • Example value:
<false/>

Back to top

ForceLegacyDefaultReferrerPolicy

Use a default referrer policy of no-referrer-when-downgrade (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 88.

Supported versions:

  • On Windows and macOS since 81, until 88

Description

This policy doesn't work because it was only intended to be a short-term mechanism to give enterprises more time to update their web content if it was found to be incompatible with the new default referrer policy.

Microsoft Edge's default referrer policy was strengthened from the value of no-referrer-when-downgrade to the more secure strict-origin-when-cross-origin.

When this enterprise policy is enabled, Microsoft Edge's default referrer policy will be set to its old value of no-referrer-when-downgrade.

This enterprise policy is disabled by default.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForceLegacyDefaultReferrerPolicy
  • GP name: Use a default referrer policy of no-referrer-when-downgrade (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ForceLegacyDefaultReferrerPolicy
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ForceLegacyDefaultReferrerPolicy
  • Example value:
<false/>

Back to top

ForceMajorVersionToMinorPositionInUserAgent

Enable or disable freezing the User-Agent string at major version 99 (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 117.

Supported versions:

  • On Windows and macOS since 99, until 117

Description

This policy was removed in Microsoft Edge 118 and is ignored if configured.

This policy controls whether the User-Agent string major version should be frozen at 99.

The User-Agent request header lets websites identify the application, operating system, vendor, and/or version of the requesting user agent. Some websites make assumptions about how this header is formatted and may encounter issues with version strings that include three digits in the major position (for example, 100.0.0.0).

Setting the policy to 'Default' or leaving it unset will default to browser settings for the User-Agent string major version. If set to 'ForceEnabled', the User-Agent string will always report the major version as 99 and include the browser's major version in the minor position. For example, browser version 101.0.0.0 would send a User-Agent request header that reports version 99.101.0.0. If set to 'ForceDisabled', the User-Agent string will not freeze the major version.

This policy is temporary and will be deprecated in the future. Note that if this policy and User-Agent Reduction are both enabled, the User-Agent version string will always be 99.0.0.0.

Policy options mapping:

  • Default (0) = Default to browser settings for User-Agent string version.

  • ForceDisabled (1) = The User-Agent string will not freeze the major version.

  • ForceEnabled (2) = The User-Agent string will freeze the major version as 99 and include the browser's major version in the minor position.

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForceMajorVersionToMinorPositionInUserAgent
  • GP name: Enable or disable freezing the User-Agent string at major version 99 (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ForceMajorVersionToMinorPositionInUserAgent
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ForceMajorVersionToMinorPositionInUserAgent
  • Example value:
<integer>0</integer>

Back to top

ForceNetworkInProcess

Force networking code to run in the browser process (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 83.

Supported versions:

  • On Windows since 78, until 83

Description

This policy doesn't work because it was only intended to be a short-term mechanism to give enterprises more time to migrate to 3rd party software that doesn't depend on hooking networking APIs. Proxy servers are recommended over LSPs and Win32 API patching.

This policy forces networking code to run in the browser process.

This policy is disabled by default. If enabled, users are open to security issues when the networking process is sandboxed.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForceNetworkInProcess
  • GP name: Force networking code to run in the browser process (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ForceNetworkInProcess
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

ForcePermissionPolicyUnloadDefaultEnabled

Controls whether unload event handlers can be disabled.

Supported versions:

  • On Windows and macOS since 118 or later

Description

unload event handlers are being deprecated. Whether they fire depends on the unload Permissions-Policy. Currently, they are allowed by policy by default. In the future they will gradually move to being disallowed by default and sites must explicitly enable them using Permissions-Policy headers. This enterprise policy can be used to opt out of this gradual deprecation by forcing the default to stay enabled.

Pages might depend on unload event handlers to save data or signal the end of a user session to the server. This is not recommended because it's unreliable and impacts performance by blocking use of BackForwardCache. Recommended alternatives exist, but the unload event has been used for a long time. Some applications might still rely on them.

If you disable this policy or don't configure it, unload event handlers will gradually be deprecated in-line with the deprecation rollout and sites which don't set Permissions-Policy header will stop firing unload events.

If you enable this policy then unload event handlers will continue to work by default.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForcePermissionPolicyUnloadDefaultEnabled
  • GP name: Controls whether unload event handlers can be disabled.
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ForcePermissionPolicyUnloadDefaultEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ForcePermissionPolicyUnloadDefaultEnabled
  • Example value:
<true/>

Back to top

ForceSync

Supported versions:

  • On Windows and macOS since 86 or later

Description

Forces data synchronization in Microsoft Edge. This policy also prevents the user from turning sync off.

If you don't configure this policy, users will be able to turn sync on or off. If you enable this policy, users will not be able to turn sync off.

For this policy to work as intended, BrowserSignin policy must not be configured, or must be set to enabled. If BrowserSignin is set to disabled, then ForceSync will not take affect.

SyncDisabled must not be configured or must be set to False. If this is set to True, ForceSync will not take affect. If you wish to ensure specific datatypes sync or do not sync, use the ForceSyncTypes policy and SyncTypesListDisabled policy.

0 = Do not automatically start sync and show the sync consent (default) 1 = Force sync to be turned on for Azure AD/Azure AD-Degraded user profile and do not show the sync consent prompt

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForceSync
  • GP name: Force synchronization of browser data and do not show the sync consent prompt
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ForceSync
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ForceSync
  • Example value:
<true/>

Back to top

ForceSyncTypes

Configure the list of types that are included for synchronization

Supported versions:

  • On Windows and macOS since 96 or later

Description

If you enable this policy all the specified data types will be included for synchronization for Azure AD/Azure AD-Degraded user profiles. This policy can be used to ensure the type of data uploaded to the Microsoft Edge synchronization service.

You can provide one of the following data types for this policy: "favorites", "settings", "passwords", "addressesAndMore", "extensions", "history", "openTabs", "edgeWallet", and "collections". The "apps" data type will be supported starting in Microsoft Edge version 100. Note that these data type names are case sensitive.

Users will not be able to override the enabled data types.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForceSyncTypes
  • GP name: Configure the list of types that are included for synchronization
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ForceSyncTypes
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ForceSyncTypes\1 = "favorites"

Mac information and settings

  • Preference Key Name: ForceSyncTypes
  • Example value:
<array>
  <string>favorites</string>
</array>

Back to top

ForceYouTubeRestrict

Force minimum YouTube Restricted Mode

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enforces a minimum Restricted Mode on YouTube and prevents users from picking a less restricted mode.

Set to 'Strict' to enforce Strict Restricted Mode on YouTube.

Set to 'Moderate' to enforce the user to only use Moderate Restricted Mode and Strict Restricted Mode on YouTube. They can't disable Restricted Mode.

Set to 'Off' or don't configure this policy to not enforce Restricted Mode on YouTube. External policies such as YouTube policies might still enforce Restricted Mode.

Policy options mapping:

  • Off (0) = Do not enforce Restricted Mode on YouTube

  • Moderate (1) = Enforce at least Moderate Restricted Mode on YouTube

  • Strict (2) = Enforce Strict Restricted Mode for YouTube

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ForceYouTubeRestrict
  • GP name: Force minimum YouTube Restricted Mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ForceYouTubeRestrict
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ForceYouTubeRestrict
  • Example value:
<integer>0</integer>

Back to top

FullscreenAllowed

Allow full screen mode

Supported versions:

  • On Windows since 77 or later

Description

Set the availability of full screen mode - all Microsoft Edge UI is hidden and only web content is visible.

If you enable this policy or don't configure it, the user, apps, and extensions with appropriate permissions can enter full screen mode.

If you disable this policy, users, apps, and extensions can't enter full screen mode.

Opening Microsoft Edge in kiosk mode using the command line is unavailable when full screen mode is disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: FullscreenAllowed
  • GP name: Allow full screen mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: FullscreenAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

GloballyScopeHTTPAuthCacheEnabled

Enable globally scoped HTTP auth cache

Supported versions:

  • On Windows and macOS since 81 or later

Description

This policy configures a single global per profile cache with HTTP server authentication credentials.

If you disable or don't set this policy, the browser will use the default behavior of cross-site auth, which as of version 80, will be to scope HTTP server authentication credentials by top-level site. So, if two sites use resources from the same authenticating domain, credentials will need to be provided independently in the context of both sites. Cached proxy credentials will be reused across sites.

If you enable this policy HTTP auth credentials entered in the context of one site will automatically be used in the context of another site.

Enabling this policy leaves sites open to some types of cross-site attacks, and allows users to be tracked across sites even without cookies by adding entries to the HTTP auth cache using credentials embedded in URLs.

This policy is intended to give enterprises depending on the legacy behavior a chance to update their login procedures and will be removed in the future.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: GloballyScopeHTTPAuthCacheEnabled
  • GP name: Enable globally scoped HTTP auth cache
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: GloballyScopeHTTPAuthCacheEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: GloballyScopeHTTPAuthCacheEnabled
  • Example value:
<false/>

Back to top

GoToIntranetSiteForSingleWordEntryInAddressBar

Force direct intranet site navigation instead of searching on single word entries in the Address Bar

Supported versions:

  • On Windows and macOS since 78 or later

Description

If you enable this policy, the top auto-suggest result in the address bar suggestion list will navigate to intranet sites if the text entered in the address bar is a single word without punctuation.

Default navigation when typing a single word without punctuation will conduct a navigation to an intranet site matching the entered text.

If you enable this policy, the second auto-suggest result in the address bar suggestion list will conduct a web search exactly as it was entered, provided that this text is a single word without punctuation. The default search provider will be used unless a policy to prevent web search is also enabled.

Two effects of enabling this policy are:

Navigation to sites in response to single word queries that would typically resolve to a history item will no longer happen. Instead, the browser will attempt navigate to internal sites that may not exist in an organization's intranet. This will result in a 404 error.

Popular, single-word search terms will require manual selection of search suggestions to properly conduct a search.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: GoToIntranetSiteForSingleWordEntryInAddressBar
  • GP name: Force direct intranet site navigation instead of searching on single word entries in the Address Bar
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: GoToIntranetSiteForSingleWordEntryInAddressBar
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: GoToIntranetSiteForSingleWordEntryInAddressBar
  • Example value:
<false/>

Back to top

HSTSPolicyBypassList

Configure the list of names that will bypass the HSTS policy check

Supported versions:

  • On Windows and macOS since 79 or later

Description

Setting the policy specifies a list of hostnames that bypass preloaded HSTS upgrades from http to https.

Only single-label hostnames are allowed in this policy, and this policy only applies to static HSTS-preloaded entries (for example, "app", "new", "search", "play"). This policy does not prevent HSTS upgrades for servers that have dynamically requested HSTS upgrades using a Strict-Transport-Security response header.

Supplied hostnames must be canonicalized: Any IDNs must be converted to their A-label format, and all ASCII letters must be lowercase. This policy only applies to the specific single-label hostnames specified, not to subdomains of those names.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: HSTSPolicyBypassList
  • GP name: Configure the list of names that will bypass the HSTS policy check
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\HSTSPolicyBypassList
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\HSTSPolicyBypassList\1 = "meet"

Mac information and settings

  • Preference Key Name: HSTSPolicyBypassList
  • Example value:
<array>
  <string>meet</string>
</array>

Back to top

HardwareAccelerationModeEnabled

Use hardware acceleration when available

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies whether to use hardware acceleration if it's available. If you enable this policy or don't configure it, hardware acceleration is enabled unless a GPU feature is explicitly blocked.

If you disable this policy, hardware acceleration is disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: HardwareAccelerationModeEnabled
  • GP name: Use hardware acceleration when available
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: HardwareAccelerationModeEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: HardwareAccelerationModeEnabled
  • Example value:
<true/>

Back to top

HeadlessModeEnabled

Control use of the Headless Mode

Supported versions:

  • On Windows and macOS since 92 or later

Description

This policy setting lets you decide whether users can launch Microsoft Edge in headless mode.

If you enable or don't configure this policy, Microsoft Edge allows use of the headless mode.

If you disable this policy, Microsoft Edge denies use of the headless mode.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: HeadlessModeEnabled
  • GP name: Control use of the Headless Mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: HeadlessModeEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: HeadlessModeEnabled
  • Example value:
<true/>

Back to top

HideFirstRunExperience

Hide the First-run experience and splash screen

Supported versions:

  • On Windows and macOS since 80 or later

Description

If you enable this policy, the First-run experience and the splash screen will not be shown to users when they run Microsoft Edge for the first time.

For the configuration options shown in the First Run Experience, the browser will default to the following:

-On the New Tab Page, the feed type will be set to MSN News and the layout to Inspirational.

-The user will still be automatically signed into Microsoft Edge if the Windows account is of Azure AD or MSA type.

-Sync will not be enabled by default and users will be prompted to choose whether they'd like to sync on browser startup. You can use the ForceSync or the SyncDisabled policy to configure sync and the sync consent prompt.

If you disable or don't configure this policy, the First-run experience and the Splash screen will be shown.

Note: The specific configuration options shown to the user in the First Run Experience, can also be managed by using other specific policies. You can use the HideFirstRunExperience policy in combination with these policies to configure a specific browser experience on your managed devices. Some of these other policies are:

-AutoImportAtFirstRun

-NewTabPageLocation

-NewTabPageSetFeedType

-ForceSync

-SyncDisabled

-BrowserSignin

-NonRemovableProfileEnabled

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: HideFirstRunExperience
  • GP name: Hide the First-run experience and splash screen
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: HideFirstRunExperience
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: HideFirstRunExperience
  • Example value:
<true/>

Back to top

HideInternetExplorerRedirectUXForIncompatibleSitesEnabled

Hide the one-time redirection dialog and the banner on Microsoft Edge

Supported versions:

  • On Windows since 87 or later

Description

This policy gives an option to disable one-time redirection dialog and the banner. When this policy is enabled, users will not see both the one-time dialog and the banner. Users will continue to be redirected to Microsoft Edge when they encounter an incompatible website on Internet Explorer, but their browsing data will not be imported.

  • If you enable this policy the one-time redirection dialog and banner will never be shown to users. Users' browsing data will not be imported when a redirection happens.

  • If you disable or don't set this policy, the redirection dialog will be shown on the first redirection and the persistent redirection banner will be shown to users on sessions that begin with a redirection. Users' browsing data will be imported every time user encounters such redirection (ONLY IF user consents to it on the one-time dialog).

    Supported features:

    • Can be mandatory: Yes
    • Can be recommended: No
    • Dynamic Policy Refresh: No - Requires browser restart
    • Per Profile: No
    • Applies to a profile that is signed in with a Microsoft account: Yes

    Data Type:

    • Boolean

    Windows information and settings

    Group Policy (ADMX) info
    • GP unique name: HideInternetExplorerRedirectUXForIncompatibleSitesEnabled
    • GP name: Hide the one-time redirection dialog and the banner on Microsoft Edge
    • GP path (Mandatory): Administrative Templates/Microsoft Edge/
    • GP path (Recommended): N/A
    • GP ADMX file name: MSEdge.admx
    Windows Registry Settings
    • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
    • Path (Recommended): N/A
    • Value Name: HideInternetExplorerRedirectUXForIncompatibleSitesEnabled
    • Value Type: REG_DWORD
    Example value:
0x00000001

Back to top

HideRestoreDialogEnabled

Hide restore pages dialog after browser crash

Supported versions:

  • On Windows and macOS since 100 or later

Description

This policy gives an option to hide the "Restore pages" dialog after Microsoft Edge has crashed. The "Restore pages" dialog gives users the option to restore the pages that were previously open before Microsoft Edge crashed.

If you enable this policy, the "Restore pages" dialog will not be shown. In the event of a crash, Microsoft Edge will not restore previous tabs and will start the session with a new tab page.

If you disable or don't set this policy, the "Restore pages" dialog will be shown.

If you set this policy, do not set the ClearBrowsingDataOnExit or SavingBrowserHistoryDisabled policy since that prevents history from being saved which also disables the dialog.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: HideRestoreDialogEnabled
  • GP name: Hide restore pages dialog after browser crash
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: HideRestoreDialogEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: HideRestoreDialogEnabled
  • Example value:
<false/>

Back to top

HttpAllowlist

HTTP Allowlist

Supported versions:

  • On Windows and macOS since 123 or later

Description

Setting the policy specifies a list of hostnames or hostname patterns (such as '[*.]example.com') that will not be upgraded to HTTPS and will not show an error interstitial if HTTPS-First Mode is enabled. Organizations can use this policy to maintain access to servers that do not support HTTPS, without needing to disable AutomaticHttpsDefault.

Supplied hostnames must be canonicalized: Any IDNs must be converted to their A-label format, and all ASCII letters must be lowercase.

Blanket host wildcards (i.e., "" or "[]") are not allowed. Instead, HTTPS-First Mode and HTTPS Upgrades should be explicitly disabled via their specific policies.

Note: This policy does not apply to HSTS upgrades.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: HttpAllowlist
  • GP name: HTTP Allowlist
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\HttpAllowlist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\HttpAllowlist\1 = "testserver.example.com"
SOFTWARE\Policies\Microsoft\Edge\HttpAllowlist\2 = "[*.]example.org"

Mac information and settings

  • Preference Key Name: HttpAllowlist
  • Example value:
<array>
  <string>testserver.example.com</string>
  <string>[*.]example.org</string>
</array>

Back to top

HubsSidebarEnabled

Show Hubs Sidebar

Supported versions:

  • On Windows and macOS since 99 or later

Description

Sidebar is a launcher bar on the right side of Microsoft Edge's screen.

If you enable or don't configure this policy, the Sidebar will be shown. If you disable this policy, the Sidebar will never be shown.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: HubsSidebarEnabled
  • GP name: Show Hubs Sidebar
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: HubsSidebarEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: HubsSidebarEnabled
  • Example value:
<true/>

Back to top

ImportAutofillFormData

Allow importing of autofill form data

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows users to import autofill form data from another browser into Microsoft Edge.

If you enable this policy, the option to manually import autofill data is automatically selected.

If you disable this policy, autofill form data isn't imported at first run, and users can't import it manually.

If you don't configure this policy, autofill data is imported at first run, and users can choose whether to import this data manually during later browsing sessions.

You can set this policy as a recommendation. This means that Microsoft Edge will import autofill data on first run, but users can select or clear autofill data option during manual import.

Note: This policy currently manages importing from Google Chrome (on Windows 7, 8, and 10 and on macOS) and Mozilla Firefox (on Windows 7, 8, and 10 and on macOS) browsers.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportAutofillFormData
  • GP name: Allow importing of autofill form data
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportAutofillFormData
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportAutofillFormData
  • Example value:
<true/>

Back to top

ImportBrowserSettings

Allow importing of browser settings

Supported versions:

  • On Windows and macOS since 78 or later

Description

Allows users to import browser settings from another browser into Microsoft Edge.

If you enable this policy, the Browser settings check box is automatically selected in the Import browser data dialog box.

If you disable this policy, browser settings aren't imported at first run, and users can't import them manually.

If you don't configure this policy, browser settings are imported at first run, and users can choose whether to import them manually during later browsing sessions.

You can also set this policy as a recommendation. This means that Microsoft Edge imports the settings on first run, but users can select or clear the browser settings option during manual import.

Note: This policy currently manages importing Google Chrome (on Windows 7, 8, and 10 and on macOS).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportBrowserSettings
  • GP name: Allow importing of browser settings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportBrowserSettings
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportBrowserSettings
  • Example value:
<true/>

Back to top

ImportCookies

Allow importing of Cookies

Supported versions:

  • On Windows and macOS since 81 or later

Description

Allows users to import Cookies from another browser into Microsoft Edge.

If you disable this policy, Cookies aren't imported on first run.

If you don't configure this policy, Cookies are imported on first run.

You can also set this policy as a recommendation. This means that Microsoft Edge imports Cookies on first run.

Note: This policy currently manages importing Google Chrome (on Windows 7, 8, and 10 and on macOS).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportCookies
  • GP name: Allow importing of Cookies
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportCookies
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportCookies
  • Example value:
<true/>

Back to top

ImportExtensions

Allow importing of extensions

Supported versions:

  • On Windows and macOS since 81 or later

Description

Allows users to import extensions from another browser into Microsoft Edge.

If you enable this policy, the Extensions check box is automatically selected in the Import browser data dialog box.

If you disable this policy, extensions aren't imported at first run, and users can't import them manually.

If you don't configure this policy, extensions are imported at first run, and users can choose whether to import them manually during later browsing sessions.

You can also set this policy as a recommendation. This means that Microsoft Edge imports extensions on first run, but users can select or clear the extensions option during manual import.

Note: This policy currently only supports importing from Google Chrome (on Windows 7, 8, and 10 and on macOS).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportExtensions
  • GP name: Allow importing of extensions
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportExtensions
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportExtensions
  • Example value:
<true/>

Back to top

ImportFavorites

Allow importing of favorites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows users to import favorites from another browser into Microsoft Edge.

If you enable this policy, the Favorites check box is automatically selected in the Import browser data dialog box.

If you disable this policy, favorites aren't imported at first run, and users can't import them manually.

If you don't configure this policy, favorites are imported at first run, and users can choose whether to import them manually during later browsing sessions.

You can also set this policy as a recommendation. This means that Microsoft Edge imports favorites on first run, but users can select or clear the favorites option during manual import.

Note: This policy currently manages importing from Internet Explorer (on Windows 7, 8, and 10), Google Chrome (on Windows 7, 8, and 10 and on macOS), Mozilla Firefox (on Windows 7, 8, and 10 and on macOS), and Apple Safari (on macOS) browsers.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportFavorites
  • GP name: Allow importing of favorites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportFavorites
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportFavorites
  • Example value:
<true/>

Back to top

ImportHistory

Allow importing of browsing history

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows users to import their browsing history from another browser into Microsoft Edge.

If you enable this policy, the Browsing history check box is automatically selected in the Import browser data dialog box.

If you disable this policy, browsing history data isn't imported at first run, and users can't import this data manually.

If you don't configure this policy, browsing history data is imported at first run, and users can choose whether to import it manually during later browsing sessions.

You can also set this policy as a recommendation. This means that Microsoft Edge imports browsing history on first run, but users can select or clear the history option during manual import.

Note: This policy currently manages importing from Internet Explorer (on Windows 7, 8, and 10), Google Chrome (on Windows 7, 8, and 10 and on macOS), Mozilla Firefox (on Windows 7, 8, and 10 and on macOS), and Apple Safari (macOS) browsers.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportHistory
  • GP name: Allow importing of browsing history
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportHistory
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportHistory
  • Example value:
<true/>

Back to top

ImportHomepage

Allow importing of home page settings

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows users to import their home page setting from another browser into Microsoft Edge.

If you enable this policy, the option to manually import the home page setting is automatically selected.

If you disable this policy, the home page setting isn't imported at first run, and users can't import it manually.

If you don't configure this policy, the home page setting is imported at first run, and users can choose whether to import this data manually during later browsing sessions.

You can set this policy as a recommendation. This means that Microsoft Edge imports the home page setting on first run, but users can select or clear the home page option during manual import.

Note: This policy currently manages importing from Internet Explorer (on Windows 7, 8, and 10).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportHomepage
  • GP name: Allow importing of home page settings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ImportHomepage
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportHomepage
  • Example value:
<true/>

Back to top

ImportOnEachLaunch

Allow import of data from other browsers on each Microsoft Edge launch

Supported versions:

  • On Windows since 104 or later

Description

If you enable this policy, users will see a prompt to import their browsing data from other browsers on each Microsoft Edge launch.

If you disable this policy, users will never see a prompt to import their browsing data from other browsers on each Microsoft Edge launch.

If the policy is left unconfigured, users can activate this feature from a Microsoft Edge prompt or from the Settings page.

Note: A similar policy named AutoImportAtFirstRun exists. This policy should be used if you want to import supported data from other browsers only once while setting up your device.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportOnEachLaunch
  • GP name: Allow import of data from other browsers on each Microsoft Edge launch
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ImportOnEachLaunch
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

ImportOpenTabs

Allow importing of open tabs

Supported versions:

  • On Windows and macOS since 79 or later

Description

Allows users to import open and pinned tabs from another browser into Microsoft Edge.

If you enable this policy, the Open tabs check box is automatically selected in the Import browser data dialog box.

If you disable this policy, open tabs aren't imported at first run, and users can't import them manually.

If you don't configure this policy, open tabs are imported at first run, and users can choose whether to import them manually during later browsing sessions.

You can also set this policy as a recommendation. This means that Microsoft Edge imports open tabs on first run, but users can select or clear the Open tabs option during manual import.

Note: This policy currently only supports importing from Google Chrome (on Windows 7, 8, and 10 and on macOS).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportOpenTabs
  • GP name: Allow importing of open tabs
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportOpenTabs
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportOpenTabs
  • Example value:
<true/>

Back to top

ImportPaymentInfo

Allow importing of payment info

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows users to import payment info from another browser into Microsoft Edge.

If you enable this policy, the payment info check box is automatically selected in the Import browser data dialog box.

If you disable this policy, payment info isn't imported at first run, and users can't import it manually.

If you don't configure this policy, payment info is imported at first run, and users can choose whether to import it manually during later browsing sessions.

You can also set this policy as a recommendation. This means that Microsoft Edge imports payment info on first run, but users can select or clear the payment info option during manual import.

Note: This policy currently manages importing from Google Chrome (on Windows 7, 8, and 10 and on macOS).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportPaymentInfo
  • GP name: Allow importing of payment info
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportPaymentInfo
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportPaymentInfo
  • Example value:
<true/>

Back to top

ImportSavedPasswords

Allow importing of saved passwords

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows users to import saved passwords from another browser into Microsoft Edge.

If you enable this policy, the option to manually import saved passwords is automatically selected.

If you disable this policy, saved passwords aren't imported on first run, and users can't import them manually.

If you don't configure this policy, no passwords are imported at first run, and users can choose whether to import them manually during later browsing sessions.

You can set this policy as a recommendation. This means that Microsoft Edge imports passwords on first run, but users can select or clear the passwords option during manual import.

Note: This policy currently manages importing from Internet Explorer (on Windows 7, 8, and 10), Google Chrome (on Windows 7, 8, and 10 and on macOS), and Mozilla Firefox (on Windows 7, 8, and 10 and on macOS) browsers.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportSavedPasswords
  • GP name: Allow importing of saved passwords
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportSavedPasswords
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportSavedPasswords
  • Example value:
<true/>

Back to top

ImportSearchEngine

Allow importing of search engine settings

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows users to import search engine settings from another browser into Microsoft Edge.

If you enable, this policy, the option to import search engine settings is automatically selected.

If you disable this policy, search engine settings aren't imported at first run, and users can't import them manually.

If you don't configure this policy, search engine settings are imported at first run, and users can choose whether to import this data manually during later browsing sessions.

You can set this policy as a recommendation. This means that Microsoft Edge imports search engine settings on first run, but users can select or clear the search engine option during manual import.

Note: This policy currently manages importing from Internet Explorer (on Windows 7, 8, and 10).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportSearchEngine
  • GP name: Allow importing of search engine settings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportSearchEngine
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportSearchEngine
  • Example value:
<true/>

Back to top

ImportShortcuts

Allow importing of shortcuts

Supported versions:

  • On Windows and macOS since 81 or later

Description

Allows users to import Shortcuts from another browser into Microsoft Edge.

If you disable this policy, Shortcuts aren't imported on first run.

If you don't configure this policy, Shortcuts are imported on first run.

You can also set this policy as a recommendation. This means that Microsoft Edge imports Shortcuts on first run.

Note: This policy currently manages importing from Google Chrome (on Windows 7, 8, and 10 and on macOS).

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportShortcuts
  • GP name: Allow importing of shortcuts
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportShortcuts
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ImportShortcuts
  • Example value:
<true/>

Back to top

ImportStartupPageSettings

Allow importing of startup page settings

Supported versions:

  • On Windows since 91 or later

Description

Allows users to import Startup settings from another browser into Microsoft Edge.

If you enable this policy, the Startup settings are always imported.

If you disable this policy, startup settings are not imported at first run or at manual import.

If you don't configure this policy, startup settings are imported at first run, and users can choose whether to import this data manually by selecting browser settings option during later browsing sessions.

You can set this policy as a recommendation. This means that Microsoft Edge will import startup settings on first run, but users can select or clear browser settings option during manual import.

Note: This policy currently manages importing from Microsoft Edge Legacy and Google Chrome (on Windows 7, 8, and 10) browsers.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ImportStartupPageSettings
  • GP name: Allow importing of startup page settings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ImportStartupPageSettings
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

InAppSupportEnabled

In-app support Enabled

Supported versions:

  • On Windows and macOS since 98 or later

Description

Microsoft Edge uses the in-app support feature (enabled by default) to allow users to contact our support agents directly from the browser. Also, by default, users can't disable (turn off) the in-app support feature.

If you enable this policy or don't configure it, users can invoke in-app support.

If you disable this policy, users can't invoke in-app support.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InAppSupportEnabled
  • GP name: In-app support Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InAppSupportEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: InAppSupportEnabled
  • Example value:
<true/>

Back to top

InPrivateModeAvailability

Configure InPrivate mode availability

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies whether the user can open pages in InPrivate mode in Microsoft Edge.

If you don't configure this policy or set it to 'Enabled', users can open pages in InPrivate mode.

Set this policy to 'Disabled' to stop users from using InPrivate mode.

Set this policy to 'Forced' to always use InPrivate mode.

Policy options mapping:

  • Enabled (0) = InPrivate mode available

  • Disabled (1) = InPrivate mode disabled

  • Forced (2) = InPrivate mode forced

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InPrivateModeAvailability
  • GP name: Configure InPrivate mode availability
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InPrivateModeAvailability
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: InPrivateModeAvailability
  • Example value:
<integer>1</integer>

Back to top

InsecureFormsWarningsEnabled

Enable warnings for insecure forms

Supported versions:

  • On Windows and macOS since 86 or later

Description

This policy controls the handling of insecure forms (forms submitted over HTTP) embedded in secure (HTTPS) sites in the browser. If you enable this policy or don't set it, a full page warning will be shown when an insecure form is submitted. Additionally, a warning bubble will be shown next to the form fields when they are focused, and autofill will be disabled for those forms. If you disable this policy, warnings will not be shown for insecure forms, and autofill will work normally.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InsecureFormsWarningsEnabled
  • GP name: Enable warnings for insecure forms
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InsecureFormsWarningsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: InsecureFormsWarningsEnabled
  • Example value:
<true/>

Back to top

IntensiveWakeUpThrottlingEnabled

Control the IntensiveWakeUpThrottling feature

Supported versions:

  • On Windows and macOS since 85 or later

Description

When enabled the IntensiveWakeUpThrottling feature causes Javascript timers in background tabs to be aggressively throttled and coalesced, running no more than once per minute after a page has been backgrounded for 5 minutes or more.

This is a web standards compliant feature, but it may break functionality on some websites by causing certain actions to be delayed by up to a minute. However, it results in significant CPU and battery savings when enabled. See https://bit.ly/30b1XR4 for more details.

If you enable this policy, the feature will be force enabled, and users will not be able to override this setting. If you disable this policy, the feature will be force disabled, and users will not be able to override this setting. If you don't configure this policy, the feature will be controlled by its own internal logic. Users can manually configure this setting.

Note that the policy is applied per renderer process, with the most recent value of the policy setting in force when a renderer process starts. A full restart is required to ensure that all the loaded tabs receive a consistent policy setting. It is harmless for processes to be running with different values of this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: IntensiveWakeUpThrottlingEnabled
  • GP name: Control the IntensiveWakeUpThrottling feature
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: IntensiveWakeUpThrottlingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: IntensiveWakeUpThrottlingEnabled
  • Example value:
<true/>

Back to top

InternetExplorerIntegrationAlwaysUseOSCapture

Always use the OS capture engine to avoid issues with capturing Internet Explorer mode tabs

Supported versions:

  • On Windows since 106 or later

Description

Configure this policy to control whether Microsoft Edge will use the "OS capture engine" or the "Browser capture engine" when capturing browser windows in the same process using the screen-share APIs.

You should configure this policy if you want to capture the contents of Internet Explorer mode tabs. However, enabling this policy may negatively impact performance when capturing browser windows in the same process.

This policy only affects window capture, not tab capture. The contents of Internet Explorer mode tabs will not be captured when you choose to capture only a single tab, even if you configure this policy.

If you enable this policy, Microsoft Edge will always use the OS capture engine for window capture. Internet Explorer mode tabs will have their contents captured.

If you disable or don't configure this policy, Microsoft Edge will use the Browser capture engine for browser windows in the same process. Internet Explorer mode tabs in these windows will not have their contents captured.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2174004

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationAlwaysUseOSCapture
  • GP name: Always use the OS capture engine to avoid issues with capturing Internet Explorer mode tabs
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationAlwaysUseOSCapture
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

InternetExplorerIntegrationAlwaysWaitForUnload

Wait for Internet Explorer mode tabs to completely unload before ending the browser session

Supported versions:

  • On Windows since 105 or later

Description

This policy causes Microsoft Edge to continue running until all Internet Explorer tabs have completely finished unloading. This allows Internet Explorer plugins like ActiveX controls to perform additional critical work even after the browser has been closed. However, this can cause stability and performance issues, and Microsoft Edge processes may remain active in the background with no visible windows if the webpage or plugin prevents Internet Explorer from unloading. This policy should only be used if your organization depends on a plugin that requires this behavior.

If you enable this policy, Microsoft Edge will always wait for Internet Explorer mode tabs to fully unload before ending the browser session.

If you disable or don't configure this policy, Microsoft Edge will not always wait for Internet Explorer mode tabs to fully unload before ending the browser session.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2174004

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationAlwaysWaitForUnload
  • GP name: Wait for Internet Explorer mode tabs to completely unload before ending the browser session
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationAlwaysWaitForUnload
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

InternetExplorerIntegrationCloudNeutralSitesReporting

Configure reporting of potentially misconfigured neutral site URLs to the M365 Admin Center Site Lists app

Supported versions:

  • On Windows since 99 or later

Description

This setting lets you enable reporting of sites that might need to be configured as a neutral site on the Enterprise Mode Site List. The user must be signed into Microsoft Edge with a valid work or school account for reports to be sent, and the user's account tenant must match the tenant specified by the policy.

If you configure this policy, Microsoft Edge will send a report to the M365 Admin Center Site Lists app when a navigation appears stuck redirecting back and forth between the Microsoft Edge and Internet Explorer engines several times. This usually indicates that redirection to an authentication server is switching engines, which repeatedly fails in a loop. The report will show the URL of the site that is the redirect target, minus any query string or fragment. The user's identity isn't reported.

For this reporting to work correctly, you must have successfully visited the Microsoft Edge Site Lists app in the M365 Admin Center at least once. This activates a per-tenant storage account used to store these reports. Microsoft Edge will still attempt to send reports if this step hasn't been completed. However, the reports will not be stored in the Site Lists app.

When enabling this policy, you must specify your O365 tenant ID. To learn more about finding your O365 tenant ID, see https://go.microsoft.com/fwlink/?linkid=2185668

If you disable or don't configure this policy, Microsoft Edge will never send reports about potentially misconfigured neutral sites to the Site Lists app.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2165707

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationCloudNeutralSitesReporting
  • GP name: Configure reporting of potentially misconfigured neutral site URLs to the M365 Admin Center Site Lists app
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationCloudNeutralSitesReporting
  • Value Type: REG_SZ
Example value:
"aba95e58-070f-4784-8dcd-e5fd46c2c6d6"

Back to top

InternetExplorerIntegrationCloudSiteList

Configure the Enterprise Mode Cloud Site List

Supported versions:

  • On Windows since 93 or later

Description

The Microsoft Edge Site Lists setting in the M365 Admin Center allows you to host your site list(s) in a compliant cloud location and manage the contents of your site list(s) through the built-in experience. This setting allows you to specify which site list within the M365 Admin Center to deploy to your users. The user must be signed into Microsoft Edge with a valid work or school account. Otherwise, Microsoft Edge will not download the site list from the cloud location.

This setting is applicable only when the InternetExplorerIntegrationLevel setting is configured.

If you configure this policy, Microsoft Edge will use the specified site list. When enabled, you can enter the identifier of the site list that you created and published to the cloud in M365 Admin Center.

This setting takes precedence over Microsoft Edge's InternetExplorerIntegrationSiteList policy as well as Internet Explorer's site list setting (Use the Enterprise mode IE website list). If you disable or don't configure this policy, Microsoft Edge will use the InternetExplorerIntegrationSiteList policy instead.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2165707

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationCloudSiteList
  • GP name: Configure the Enterprise Mode Cloud Site List
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationCloudSiteList
  • Value Type: REG_SZ
Example value:
"aba95e58-070f-4784-8dcd-e5fd46c2c6d6"

Back to top

InternetExplorerIntegrationCloudUserSitesReporting

Configure reporting of IE Mode user list entries to the M365 Admin Center Site Lists app

Supported versions:

  • On Windows since 99 or later

Description

This setting lets you enable reporting of sites that Microsoft Edge users add to their local IE Mode site list. The user must be signed into Microsoft Edge with a valid work or school account for reports to be sent, and the user's account tenant must match the tenant specified by the policy.

If you configure this policy, Microsoft Edge will send a report to the M365 Admin Center Site Lists app when a user adds a site to their local IE mode site list. The report will show the URL of the site the user added, minus any query string or fragment. The user's identity isn't reported.

For this reporting to work correctly, you must have successfully visited the Microsoft Edge Site Lists app in the M365 Admin Center at least once. This activates a per-tenant storage account used to store these reports. Microsoft Edge will still attempt to send reports if this step hasn't been completed. However, the reports will not be stored in the Site Lists app.

When enabling this policy, you must specify your O365 tenant ID. To learn more about finding your O365 tenant ID, see https://go.microsoft.com/fwlink/?linkid=2185668

If you disable or don't configure this policy, Microsoft Edge will never send reports about URLs added to a user's local site list to the Site Lists app.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2165707

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationCloudUserSitesReporting
  • GP name: Configure reporting of IE Mode user list entries to the M365 Admin Center Site Lists app
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationCloudUserSitesReporting
  • Value Type: REG_SZ
Example value:
"aba95e58-070f-4784-8dcd-e5fd46c2c6d6"

Back to top

InternetExplorerIntegrationComplexNavDataTypes

Configure whether form data and HTTP headers will be sent when entering or exiting Internet Explorer mode

Supported versions:

  • On Windows since 96 or later

Description

Starting with Microsoft Edge version 96, navigations that switch between Internet Explorer mode and Microsoft Edge will include form data.

If you enable this policy, you can specify which data types should be included in navigations between Microsoft Edge and Internet Explorer mode.

If you disable or don't configure this policy, Microsoft Edge will use the new behavior of including form data in navigations that change modes.

To learn more, see https://go.microsoft.com/fwlink/?linkid=2174004

Policy options mapping:

  • IncludeNone (0) = Do not send form data or headers

  • IncludeFormDataOnly (1) = Send form data only

  • IncludeHeadersOnly (2) = Send additional headers only

  • IncludeFormDataAndHeaders (3) = Send form data and additional headers

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationComplexNavDataTypes
  • GP name: Configure whether form data and HTTP headers will be sent when entering or exiting Internet Explorer mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationComplexNavDataTypes
  • Value Type: REG_DWORD
Example value:
0x00000003

Back to top

InternetExplorerIntegrationEnhancedHangDetection

Configure enhanced hang detection for Internet Explorer mode

Supported versions:

  • On Windows since 84 or later

Description

Enhanced hang detection is a more granular approach to detecting hung webpages in Internet Explorer mode than what standalone Internet Explorer uses. When a hung webpage is detected, the browser will apply a mitigation to prevent the rest of the browser from hanging.

This setting allows you to configure the use of enhanced hang detection in case you run into incompatible issues with any of your websites. We recommend disabling this policy only if you see notifications such as "(website) is not responding" in Internet Explorer mode but not in standalone Internet Explorer.

This setting works in conjunction with: InternetExplorerIntegrationLevel is set to 'IEMode' and InternetExplorerIntegrationSiteList policy where the list has at least one entry.

If you set this policy to 'Enabled' or don't configure it, websites running in Internet Explorer mode will use enhanced hang detection.

If you set this policy to 'Disabled', enhanced hang detection is disabled, and users will get the basic Internet Explorer hang detection behavior.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2094210

Policy options mapping:

  • Disabled (0) = Enhanced hang detection disabled

  • Enabled (1) = Enhanced hang detection enabled

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationEnhancedHangDetection
  • GP name: Configure enhanced hang detection for Internet Explorer mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationEnhancedHangDetection
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

InternetExplorerIntegrationLevel

Configure Internet Explorer integration

Supported versions:

  • On Windows since 77 or later

Description

For guidance about configuring the optimal experience for Internet Explorer mode see https://go.microsoft.com/fwlink/?linkid=2094210

Policy options mapping:

  • None (0) = None

  • IEMode (1) = Internet Explorer mode

  • NeedIE (2) = Internet Explorer 11

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationLevel
  • GP name: Configure Internet Explorer integration
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationLevel
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

InternetExplorerIntegrationLocalFileAllowed

Allow launching of local files in Internet Explorer mode

Supported versions:

  • On Windows since 88 or later

Description

This policy controls the availability of the --ie-mode-file-url command line argument which is used to launch Microsoft Edge with a local file specified on the command line into Internet Explorer mode.

This setting works in conjunction with: InternetExplorerIntegrationLevel is set to 'IEMode'.

If you set this policy to true, or don't configure it, the user is allowed to use the --ie-mode-file-url command line argument for launching local files in Internet Explorer mode.

If you set this policy to false, the user isn't allowed to use the --ie-mode-file-url command line argument for launching local files in Internet Explorer mode.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2094210

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationLocalFileAllowed
  • GP name: Allow launching of local files in Internet Explorer mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationLocalFileAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

InternetExplorerIntegrationLocalFileExtensionAllowList

Open local files in Internet Explorer mode file extension allow list

Supported versions:

  • On Windows since 88 or later

Description

This policy limits which file:// URLs are allowed to be launched into Internet Explorer mode based on file extension.

This setting works in conjunction with: InternetExplorerIntegrationLevel is set to 'IEMode'.

When a file:// URL is requested to launch in Internet Explorer mode, the file extension of the URL must be present in this list in order for the URL to be allowed to launch in Internet Explorer mode. A URL which is blocked from opening in Internet Explorer mode will instead open in Edge mode.

If you set this policy to the special value "*" or don't configure it, all file extensions are allowed.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2094210

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationLocalFileExtensionAllowList
  • GP name: Open local files in Internet Explorer mode file extension allow list
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\InternetExplorerIntegrationLocalFileExtensionAllowList
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\InternetExplorerIntegrationLocalFileExtensionAllowList\1 = ".mht"
SOFTWARE\Policies\Microsoft\Edge\InternetExplorerIntegrationLocalFileExtensionAllowList\2 = ".pdf"
SOFTWARE\Policies\Microsoft\Edge\InternetExplorerIntegrationLocalFileExtensionAllowList\3 = ".vsdx"

Back to top

InternetExplorerIntegrationLocalFileShowContextMenu

Supported versions:

  • On Windows since 88 or later

Description

This policy controls the visibility of the 'Open link in new Internet Explorer mode tab' option on the context menu for file:// links.

This setting works in conjunction with: InternetExplorerIntegrationLevel is set to 'IEMode'.

If you set this policy to true, the 'Open link in new Internet Explorer mode tab' context menu item will be available for file:// links.

If you set this policy to false or don't configure it, the context menu item will not be added.

If the InternetExplorerIntegrationReloadInIEModeAllowed policy allows users to reload sites in Internet Explorer mode, then the 'Open link in new Internet Explorer mode tab' context menu item will be available for all links, except links to sites explicitly configured by the site list to use Microsoft Edge mode. In this case, if you set this policy to true, the context menu item will be available for file:// links even for sites configured to use Microsoft Edge mode. If you set this policy to false or don't configure it, this policy has no effect.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2094210

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationLocalFileShowContextMenu
  • GP name: Show context menu to open a file:// link in Internet Explorer mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationLocalFileShowContextMenu
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

InternetExplorerIntegrationLocalMhtFileAllowed

Allow local MHTML files to open automatically in Internet Explorer mode

Supported versions:

  • On Windows since 107 or later

Description

This policy controls whether local mht or mhtml files launched from the command line can open automatically in Internet Explorer mode based on the file content without specifying the --ie-mode-file-url command line.

This setting works in conjunction with: InternetExplorerIntegrationLevel is set to 'IEMode' and InternetExplorerIntegrationLocalFileAllowed is enabled or not configured.

If you enable or don't configure this policy, local mht or mhtml files can launch in Microsoft Edge or Internet Explorer mode to best view the file.

If you disable this policy, local mht or mhtml files will launch in Microsoft Edge.

Note that if you use the --ie-mode-file-url command line argument for launching local mht or mhtml files, it takes precedence over how you configured this policy.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2094210

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationLocalMhtFileAllowed
  • GP name: Allow local MHTML files to open automatically in Internet Explorer mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationLocalMhtFileAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

InternetExplorerIntegrationLocalSiteListExpirationDays

Specify the number of days that a site remains on the local IE mode site list

Supported versions:

  • On Windows since 92 or later

Description

If the InternetExplorerIntegrationReloadInIEModeAllowed policy is enabled or not configured, users will be able to tell Microsoft Edge to load specific pages in Internet Explorer mode for a limited number of days.

You can use this setting to determine how many days that configuration is remembered in the browser. After this period has elapsed, the individual page will no longer automatically load in IE mode.

If you disable the InternetExplorerIntegrationReloadInIEModeAllowed policy, this policy has no effect.

If you disable or don't configure this policy, the default value of 30 days is used.

If you enable this policy, you must enter the number of days for which the sites are retained on the user's local site list in Microsoft Edge. The value can be from 0 to 90 days.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2094210

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationLocalSiteListExpirationDays
  • GP name: Specify the number of days that a site remains on the local IE mode site list
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationLocalSiteListExpirationDays
  • Value Type: REG_DWORD
Example value:
0x0000001e

Back to top

InternetExplorerIntegrationReloadInIEModeAllowed

Allow unconfigured sites to be reloaded in Internet Explorer mode

Supported versions:

  • On Windows since 92 or later

Description

This policy allows users to reload unconfigured sites (that are not configured in the Enterprise Mode Site List) in Internet Explorer mode when browsing in Microsoft Edge and a site requires Internet Explorer for compatibility.

After a site has been reloaded in Internet Explorer mode, "in-page" navigations will stay in Internet Explorer mode (for example, a link, script, or form on the page, or a server-side redirect from another "in-page" navigation). Users can choose to exit from Internet Explorer mode, or Microsoft Edge will automatically exit from Internet Explorer mode when a navigation that isn't "in-page" occurs (for example, using the address bar, the back button, or a favorite link).

Users can also optionally tell Microsoft Edge to use Internet Explorer mode for the site in the future. This choice will be remembered for a length of time managed by the InternetExplorerIntegrationLocalSiteListExpirationDays policy.

If the InternetExplorerIntegrationLevel policy is set to 'IEMode', then sites explicitly configured by the InternetExplorerIntegrationSiteList policy's site list to use Microsoft Edge can't be reloaded in Internet Explorer mode, and sites configured by the site list or by the SendIntranetToInternetExplorer policy to use Internet Explorer mode can't exit from Internet Explorer mode.

If you enable this policy, users are allowed to reload unconfigured sites in Internet Explorer mode.

If you disable this policy, users aren't allowed to reload unconfigured sites in Internet Explorer mode.

Note that if you enable this policy, it takes precedence over how you configured the InternetExplorerIntegrationTestingAllowed policy, and that policy will be disabled.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2094210

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationReloadInIEModeAllowed
  • GP name: Allow unconfigured sites to be reloaded in Internet Explorer mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: InternetExplorerIntegrationReloadInIEModeAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

InternetExplorerIntegrationSiteList

Configure the Enterprise Mode Site List

Supported versions:

  • On Windows since 78 or later

Description

For guidance about configuring the optimal experience for Internet Explorer mode see https://go.microsoft.com/fwlink/?linkid=2094210

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationSiteList
  • GP name: Configure the Enterprise Mode Site List
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationSiteList
  • Value Type: REG_SZ
Example value:
"https://internal.contoso.com/sitelist.xml"

Back to top

InternetExplorerIntegrationSiteListRefreshInterval

Configure how frequently the Enterprise Mode Site List is refreshed

Supported versions:

  • On Windows since 93 or later

Description

This setting lets you specify a custom refresh interval for the Enterprise Mode Site List. The refresh interval is specified in minutes. The minimum refresh interval is 30 minutes.

This setting is applicable only when the InternetExplorerIntegrationSiteList or InternetExplorerIntegrationCloudSiteList setting is configured.

If you configure this policy, Microsoft Edge will attempt to retrieve an updated version of the configured Enterprise Mode Site List using the specified refresh interval.

If you disable or don't configure this policy, Microsoft Edge will use a default refresh interval, currently 120 minutes.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationSiteListRefreshInterval
  • GP name: Configure how frequently the Enterprise Mode Site List is refreshed
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationSiteListRefreshInterval
  • Value Type: REG_DWORD
Example value:
0x000000f0

Back to top

InternetExplorerIntegrationSiteRedirect

Specify how "in-page" navigations to unconfigured sites behave when started from Internet Explorer mode pages

Supported versions:

  • On Windows since 81 or later

Description

An "in-page" navigation is started from a link, a script, or a form on the current page. It can also be a server-side redirect of a previous "in-page" navigation attempt. Conversely, a user can start a navigation that isn't "in-page" that's independent of the current page in several ways by using the browser controls. For example, using the address bar, the back button, or a favorite link.

This setting lets you specify whether navigations from pages loaded in Internet Explorer mode to unconfigured sites (that are not configured in the Enterprise Mode Site List) switch back to Microsoft Edge or remain in Internet Explorer mode.

This setting works in conjunction with: InternetExplorerIntegrationLevel is set to 'IEMode' and InternetExplorerIntegrationSiteList policy where the list has at least one entry.

If you disable or don't configure this policy, only sites configured to open in Internet Explorer mode will open in that mode. Any site not configured to open in Internet Explorer mode will be redirected back to Microsoft Edge.

If you set this policy to 'Default', only sites configured to open in Internet Explorer mode will open in that mode. Any site not configured to open in Internet Explorer mode will be redirected back to Microsoft Edge.

If you set this policy to 'AutomaticNavigationsOnly', you get the default experience except that all automatic navigations (such as 302 redirects) to unconfigured sites will be kept in Internet Explorer mode.

If you set this policy to 'AllInPageNavigations', all navigations from pages loaded in IE mode to unconfigured sites are kept in Internet Explorer mode (Least Recommended).

If the InternetExplorerIntegrationReloadInIEModeAllowed policy allows users to reload sites in Internet Explorer mode, then all in-page navigations from unconfigured sites that users have chosen to reload in Internet Explorer mode will be kept in Internet Explorer mode, regardless of how this policy is configured.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2105106

Policy options mapping:

  • Default (0) = Default

  • AutomaticNavigationsOnly (1) = Keep only automatic navigations in Internet Explorer mode

  • AllInPageNavigations (2) = Keep all in-page navigations in Internet Explorer mode

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationSiteRedirect
  • GP name: Specify how "in-page" navigations to unconfigured sites behave when started from Internet Explorer mode pages
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationSiteRedirect
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

InternetExplorerIntegrationTestingAllowed

Allow Internet Explorer mode testing (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 94.

Supported versions:

  • On Windows since 86, until 94

Description

This policy is obsolete because it has been superseded by an improved feature. It doesn't work in Microsoft Edge after version 94. To allow users to open applications in Internet Explorer mode, use the InternetExplorerIntegrationReloadInIEModeAllowed policy instead. Alternatively, users can still use the --ie-mode-test flag.

This policy allows users to test applications in Internet Explorer mode by opening an Internet Explorer mode tab in Microsoft Edge.

Users can do so from within the "More tools" menu by selecting 'Open sites in Internet Explorer mode'.

Additionally, users can test their applications in a modern browser without removing applications from the site list using the option 'Open sites in Edge mode'.

This setting works in conjunction with: InternetExplorerIntegrationLevel is set to 'IEMode'.

If you enable this policy, the option to 'Open sites in Internet Explorer mode' will be visible under "More tools". Users can view their sites in Internet Explorer mode on this tab. Another option to 'Open sites in Edge mode' will also be visible under "More tools" to help testing sites in a modern browser without removing them from the site list. Note that if the InternetExplorerIntegrationReloadInIEModeAllowed policy is enabled, it takes precedence and these options will not be visible under "More tools".

If you disable or don't configure this policy, users can't see the options 'Open in Internet Explorer mode' and 'Open in Edge mode' under "More tools" menu. However, users can configure these options with the --ie-mode-test flag.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationTestingAllowed
  • GP name: Allow Internet Explorer mode testing (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationTestingAllowed
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

InternetExplorerIntegrationWindowOpenHeightAdjustment

Configure the pixel adjustment between window.open heights sourced from IE mode pages vs. Edge mode pages

Supported versions:

  • On Windows since 95 or later

Description

This setting lets you specify a custom adjustment to the height of popup windows generated via window.open from the Internet Explorer mode site.

If you configure this policy, Microsoft Edge will add the adjustment value to the height, in pixels. The exact difference depends on the UI configuration of both IE and Edge, but a typical difference is 5.

If you disable or don't configure this policy, Microsoft Edge will treat IE mode window.open the same as Edge mode window.open in window height calculations.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationWindowOpenHeightAdjustment
  • GP name: Configure the pixel adjustment between window.open heights sourced from IE mode pages vs. Edge mode pages
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationWindowOpenHeightAdjustment
  • Value Type: REG_DWORD
Example value:
0x00000005

Back to top

InternetExplorerIntegrationWindowOpenWidthAdjustment

Configure the pixel adjustment between window.open widths sourced from IE mode pages vs. Edge mode pages

Supported versions:

  • On Windows since 95 or later

Description

This setting lets you specify a custom adjustment to the width of popup windows generated via window.open from the Internet Explorer mode site.

If you configure this policy, Microsoft Edge will add the adjustment value to the width, in pixels. The exact difference depends on the UI configuration of both IE and Edge, but a typical difference is 4.

If you disable or don't configure this policy, Microsoft Edge will treat IE mode window.open the same as Edge mode window.open in window width calculations.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationWindowOpenWidthAdjustment
  • GP name: Configure the pixel adjustment between window.open widths sourced from IE mode pages vs. Edge mode pages
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationWindowOpenWidthAdjustment
  • Value Type: REG_DWORD
Example value:
0x00000004

Back to top

InternetExplorerIntegrationZoneIdentifierMhtFileAllowed

Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode

Supported versions:

  • On Windows since 117 or later

Description

This policy controls whether MHT or MHTML files that are downloaded from the web are automatically opened in Internet Explorer mode.

If you enable this policy, the MHT or MHTML files that are downloaded from the web can be opened in both Microsoft Edge and Internet Explorer mode to provide the best user experience.

If you disable or don't configure this policy, MHT or MHTML files that are downloaded from the web won't automatically open in Internet Explorer mode.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2094210

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerIntegrationZoneIdentifierMhtFileAllowed
  • GP name: Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerIntegrationZoneIdentifierMhtFileAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

InternetExplorerModeClearDataOnExitEnabled

Clear history for IE and IE mode every time you exit

Supported versions:

  • On Windows since 111 or later

Description

This policy controls whether browsing history is deleted from Internet Explorer and Internet Explorer mode every time Microsoft Edge is closed.

Users can configure this setting in the 'Clear browsing data for Internet Explorer' option in the Privacy, search, and services menu of Settings.

If you enable this policy, on browser exit Internet Explorer browsing history will be cleared.

If you disable or do not configure this policy, Internet Explorer browsing history will not be cleared on browser exit.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerModeClearDataOnExitEnabled
  • GP name: Clear history for IE and IE mode every time you exit
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerModeClearDataOnExitEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

InternetExplorerModeEnableSavePageAs

Allow Save page as in Internet Explorer mode

Supported versions:

  • On Windows since 101 or later

Description

This policy enables 'Save page as' functionality in Internet Explorer mode. Users can use this option to save the current page in the browser. When a user re-opens a saved page, it will be loaded in the default browser.

If you enable this policy, the "Save page as" option will be clickable in "More tools".

If you disable or don't configure this policy, users can't select the "Save page as" option in "More tools".

Note: To make the "Ctrl+S" shortcut work, users must enable the Internet Explorer policy, 'Enable extended hot key in Internet Explorer mode'.

To learn more about Internet Explorer mode, see https://go.microsoft.com/fwlink/?linkid=2094210

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerModeEnableSavePageAs
  • GP name: Allow Save page as in Internet Explorer mode
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerModeEnableSavePageAs
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

InternetExplorerModeTabInEdgeModeAllowed

Allow sites configured for Internet Explorer mode to open in Microsoft Edge

Supported versions:

  • On Windows since 97 or later

Description

This policy lets sites configured to open in Internet Explorer mode to be opened by Microsoft Edge for testing on a modern browser without removing them from the site list.

Users can configure this setting in the "More tools" menu by selecting 'Open sites in Microsoft Edge'.

If you enable this policy, the option to 'Open sites in Microsoft Edge' will be visible under "More tools". Users use this option to test IE mode sites on a modern browser.

If you disable or don't configure this policy, users can't see the option 'Open in Microsoft Edge' under the "More tools" menu. However, users can access this menu option with the --ie-mode-test flag.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerModeTabInEdgeModeAllowed
  • GP name: Allow sites configured for Internet Explorer mode to open in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerModeTabInEdgeModeAllowed
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

InternetExplorerModeToolbarButtonEnabled

Show the Reload in Internet Explorer mode button in the toolbar

Supported versions:

  • On Windows since 96 or later

Description

Set this policy to show the Reload in Internet Explorer mode button in the toolbar. Users can hide the button in the toolbar through edge://settings/appearance. The button will only be shown on the toolbar when the InternetExplorerIntegrationReloadInIEModeAllowed policy is enabled or if the user has chosen to enable "Allow sites to be reloaded in Internet Explorer mode".

If you enable this policy, the Reload in Internet mode button is pinned to the toolbar.

If you disable or don't configure this policy, the Reload in Internet Explorer mode button isn't shown in the toolbar by default. Users can toggle the Show Internet Explorer mode button in edge://settings/appearance.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerModeToolbarButtonEnabled
  • GP name: Show the Reload in Internet Explorer mode button in the toolbar
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: InternetExplorerModeToolbarButtonEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

InternetExplorerZoomDisplay

Display zoom in IE Mode tabs with DPI Scale included like it is in Internet Explorer

Supported versions:

  • On Windows since 103 or later

Description

Lets you display zoom in IE Mode tabs similar to how it was displayed in Internet Explorer, where the DPI scale of the display is factored in.

For example, if you have a page zoomed to 200% on a 100 DPI scale display and you change the display to 150 DPI, Microsoft Edge would still display the zoom as 200%. However, Internet Explorer factors in the DPI scale and displays 300%.

If you enable this policy, zoom values will be displayed with the DPI scale included for IE Mode tabs.

If you disable or don't configure this policy, zoom values will be displayed without DPI scale included for IE Mode tabs

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: InternetExplorerZoomDisplay
  • GP name: Display zoom in IE Mode tabs with DPI Scale included like it is in Internet Explorer
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: InternetExplorerZoomDisplay
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

IntranetRedirectBehavior

Intranet Redirection Behavior

Supported versions:

  • On Windows and macOS since 88 or later

Description

This policy configures behavior for intranet redirection via DNS interception checks. The checks attempt to discover whether the browser is behind a proxy that redirects unknown host names.

If this policy isn't configured, the browser will use the default behavior of DNS interception checks and intranet redirect suggestions. In M88, they are enabled by default but will be disabled by default in the future release.

DNSInterceptionChecksEnabled is a related policy that might also disable DNS interception checks. However, this policy is a more flexible version which might separately control intranet redirection infobars and might be expanded in the future. If either DNSInterceptionChecksEnabled or this policy make a request to disable interception checks, the checks will be disabled. If DNS interception checks are disabled by this policy but GoToIntranetSiteForSingleWordEntryInAddressBar is enabled, single word queries will still result in intranet navigations.

Policy options mapping:

  • Default (0) = Use default browser behavior.

  • DisableInterceptionChecksDisableInfobar (1) = Disable DNS interception checks and did-you-mean "http://intranetsite/" infobars.

  • DisableInterceptionChecksEnableInfobar (2) = Disable DNS interception checks; allow did-you-mean "http://intranetsite/" infobars.

  • EnableInterceptionChecksEnableInfobar (3) = Allow DNS interception checks and did-you-mean "http://intranetsite/" infobars.

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: IntranetRedirectBehavior
  • GP name: Intranet Redirection Behavior
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: IntranetRedirectBehavior
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: IntranetRedirectBehavior
  • Example value:
<integer>1</integer>

Back to top

IsolateOrigins

Enable site isolation for specific origins

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specify origins to run in an isolated process.

By default, Microsoft Edge isolates pages from each Site into its own process. This policy enables more granular isolation based on Origin rather than Site. For example, specifying https://subdomain.contoso.com/ will cause pages from https://subdomain.contoso.com/ to be isolated in a different process than pages from other Origins within the https://contoso.com/ Site.

If you enable this policy, each of the named origins in a comma-separated list will run in its own process.

If you disable or don't configure this policy, pages will be isolated on a per-Site basis.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: IsolateOrigins
  • GP name: Enable site isolation for specific origins
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: IsolateOrigins
  • Value Type: REG_SZ
Example value:
"https://contoso.com/,https://fabrikam.com/"

Mac information and settings

  • Preference Key Name: IsolateOrigins
  • Example value:
<string>https://contoso.com/,https://fabrikam.com/</string>

Back to top

LiveCaptionsAllowed

Live captions allowed

Supported versions:

  • On Windows since 103 or later

Description

Allow users to turn the Live captions feature on or off.

Live captions is an accessibility feature that converts speech from the audio that plays in Microsoft Edge in to text and shows this text in a separate window. The entire process happens on the device and no audio or caption text ever leaves the device.

If you enable or don't configure this policy, users can turn this feature on or off at edge://settings/accessibility.

If you disable this policy, users will not be able to turn this accessibility feature on. If speech recognition files have been downloaded previously, they will be deleted from the device in 30 days. We recommend avoiding this option unless it's needed in your environment.

If users choose to turn on Live captions, speech recognition files (approximately 100 megabytes) will be downloaded to the device on first run and then periodically to improve performance and accuracy. These files will be deleted after 30 days.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: LiveCaptionsAllowed
  • GP name: Live captions allowed
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: LiveCaptionsAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

LocalBrowserDataShareEnabled

Enable Windows to search local Microsoft Edge browsing data

Supported versions:

  • On Windows since 93 or later

Description

Enables Windows to index Microsoft Edge browsing data stored locally on the user's device and allows users to find and launch previously stored browsing data directly from Windows features such as the search box on the taskbar in Windows.

If you enable this policy or don't configure it, Microsoft Edge will publish local browsing data to the Windows Indexer.

If you disable this policy, Microsoft Edge will not share data to the Windows Indexer.

Note that if you disable this policy, Microsoft Edge will remove the data shared with Windows on the device and stop sharing any new browsing data.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: LocalBrowserDataShareEnabled
  • GP name: Enable Windows to search local Microsoft Edge browsing data
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: LocalBrowserDataShareEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

LocalProvidersEnabled

Allow suggestions from local providers

Supported versions:

  • On Windows and macOS since 83 or later

Description

Allow suggestions from suggestion providers on the device (local providers), for example, Favorites and Browsing History, in Microsoft Edge's Address Bar and Auto-Suggest List.

If you enable this policy, suggestions from local providers are used.

If you disable this policy, suggestions from local providers are never used. Local history and local favorites suggestions will not appear.

If you do not configure this policy, suggestions from local providers are allowed but the user can change that using the settings toggle.

Note that some features may not be available if a policy to disable this feature has been applied. For example, Browsing History suggestions will not be available if you enable the SavingBrowserHistoryDisabled policy.

This policy requires a browser restart to finish applying.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: LocalProvidersEnabled
  • GP name: Allow suggestions from local providers
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: LocalProvidersEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: LocalProvidersEnabled
  • Example value:
<false/>

Back to top

MAUEnabled

Always use Microsoft AutoUpdate as the updater for Microsoft Edge

Supported versions:

  • On macOS since 93 or later

Description

This policy lets you configure the updater that Microsoft Edge uses.

If you enable this policy, Microsoft Edge will only be updated by Microsoft AutoUpdate.

If you disable or don't configure this policy, Microsoft Edge will be updated by Microsoft Edge Update.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Mac information and settings

  • Preference Key Name: MAUEnabled
  • Example value:
<true/>

Back to top

MSAWebSiteSSOUsingThisProfileAllowed

Allow single sign-on for Microsoft personal sites using this profile

Supported versions:

  • On Windows and macOS since 93 or later

Description

'Allow single sign-on for Microsoft personal sites using this profile' option allows non-MSA profiles to be able to use single sign-on for Microsoft sites using MSA credentials present on the machine. This option shows up for end-users as a toggle in Settings -> Profiles -> Profile Preferences for non-MSA profiles only.

If you disable this policy, non-MSA profiles will not be able to use single sign-on for Microsoft sites using MSA credentials present on the machine.

If you enable this policy or don't configure it, users will be able to use the Settings option to ensure non-MSA profiles are able to use single sign-on for Microsoft sites using MSA credentials present on the machine provided only a single MSA account exists on the machine.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MSAWebSiteSSOUsingThisProfileAllowed
  • GP name: Allow single sign-on for Microsoft personal sites using this profile
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: MSAWebSiteSSOUsingThisProfileAllowed
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: MSAWebSiteSSOUsingThisProfileAllowed
  • Example value:
<false/>

Back to top

ManagedConfigurationPerOrigin

Sets managed configuration values for websites to specific origins

Supported versions:

  • On Windows and macOS since 90 or later

Description

Setting this policy defines the return value of Managed Configuration API for given origin.

Managed Configuration API is a key-value configuration that can be accessed via navigator.device.getManagedConfiguration() javascript call. This API is only available to origins which correspond to force-installed web applications via WebAppInstallForceList.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ManagedConfigurationPerOrigin
  • GP name: Sets managed configuration values for websites to specific origins
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ManagedConfigurationPerOrigin
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ManagedConfigurationPerOrigin = [
  {
    "managed_configuration_hash": "asd891jedasd12ue9h",
    "managed_configuration_url": "https://static.contoso.com/configuration.json",
    "origin": "https://www.contoso.com"
  },
  {
    "managed_configuration_hash": "djio12easd89u12aws",
    "managed_configuration_url": "https://static.contoso.com/configuration2.json",
    "origin": "https://www.example.com"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\ManagedConfigurationPerOrigin = [{"managed_configuration_hash": "asd891jedasd12ue9h", "managed_configuration_url": "https://static.contoso.com/configuration.json", "origin": "https://www.contoso.com"}, {"managed_configuration_hash": "djio12easd89u12aws", "managed_configuration_url": "https://static.contoso.com/configuration2.json", "origin": "https://www.example.com"}]

Mac information and settings

  • Preference Key Name: ManagedConfigurationPerOrigin
  • Example value:
<key>ManagedConfigurationPerOrigin</key>
<array>
  <dict>
    <key>managed_configuration_hash</key>
    <string>asd891jedasd12ue9h</string>
    <key>managed_configuration_url</key>
    <string>https://static.contoso.com/configuration.json</string>
    <key>origin</key>
    <string>https://www.contoso.com</string>
  </dict>
  <dict>
    <key>managed_configuration_hash</key>
    <string>djio12easd89u12aws</string>
    <key>managed_configuration_url</key>
    <string>https://static.contoso.com/configuration2.json</string>
    <key>origin</key>
    <string>https://www.example.com</string>
  </dict>
</array>

Back to top

ManagedFavorites

Configure favorites

Supported versions:

  • On Windows and macOS since 77 or later

Description

Configures a list of managed favorites.

The policy creates a list of favorites. Each favorite contains the keys "name" and "url," which hold the favorite's name and its target. You can configure a subfolder by defining a favorites without an "url" key but with an additional "children" key that contains a list of favorites as defined above (some of which may be folders again). Microsoft Edge amends incomplete URLs as if they were submitted via the Address Bar, for example "microsoft.com" becomes "https://microsoft.com/".

These favorites are placed in a folder that can't be modified by the user (but the user can choose to hide it from the favorites bar). By default the folder name is "Managed favorites" but you can change it by adding to the list of favorites a dictionary containing the key "toplevel_name" with the desired folder name as the value.

Managed favorites are not synced to the user account and can't be modified by extensions.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ManagedFavorites
  • GP name: Configure favorites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ManagedFavorites
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ManagedFavorites = [
  {
    "toplevel_name": "My managed favorites folder"
  },
  {
    "name": "Microsoft",
    "url": "microsoft.com"
  },
  {
    "name": "Bing",
    "url": "bing.com"
  },
  {
    "children": [
      {
        "name": "Microsoft Edge Insiders",
        "url": "www.microsoftedgeinsider.com"
      },
      {
        "name": "Microsoft Edge",
        "url": "www.microsoft.com/windows/microsoft-edge"
      }
    ],
    "name": "Microsoft Edge links"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\ManagedFavorites = [{"toplevel_name": "My managed favorites folder"}, {"name": "Microsoft", "url": "microsoft.com"}, {"name": "Bing", "url": "bing.com"}, {"children": [{"name": "Microsoft Edge Insiders", "url": "www.microsoftedgeinsider.com"}, {"name": "Microsoft Edge", "url": "www.microsoft.com/windows/microsoft-edge"}], "name": "Microsoft Edge links"}]

Mac information and settings

  • Preference Key Name: ManagedFavorites
  • Example value:
<key>ManagedFavorites</key>
<array>
  <dict>
    <key>toplevel_name</key>
    <string>My managed favorites folder</string>
  </dict>
  <dict>
    <key>name</key>
    <string>Microsoft</string>
    <key>url</key>
    <string>microsoft.com</string>
  </dict>
  <dict>
    <key>name</key>
    <string>Bing</string>
    <key>url</key>
    <string>bing.com</string>
  </dict>
  <dict>
    <key>children</key>
    <array>
      <dict>
        <key>name</key>
        <string>Microsoft Edge Insiders</string>
        <key>url</key>
        <string>www.microsoftedgeinsider.com</string>
      </dict>
      <dict>
        <key>name</key>
        <string>Microsoft Edge</string>
        <key>url</key>
        <string>www.microsoft.com/windows/microsoft-edge</string>
      </dict>
    </array>
    <key>name</key>
    <string>Microsoft Edge links</string>
  </dict>
</array>

Back to top

ManagedSearchEngines

Manage Search Engines

Supported versions:

  • On Windows and macOS since 77 or later

Description

Lets you configure a list of up to 10 search engines, one of which must be marked as the default search engine. Starting in Microsoft Edge version 100, you can configure up to 100 engines.

You do not need to specify the encoding. Starting in Microsoft Edge 80, the suggest_url and image_search_url parameters are optional. The optional parameter, image_search_post_params (consists of comma-separated name/value pairs), is available starting in Microsoft Edge 80.

Starting in Microsoft Edge 83, you can enable search engine discovery with the optional allow_search_engine_discovery parameter. This parameter must be the first item in the list. If allow_search_engine_discovery isn't specified, search engine discovery will be disabled by default. Starting in Microsoft Edge 84, you can set this policy as a recommended policy to allow search provider discovery. You don't need to add the optional allow_search_engine_discovery parameter. Starting in Microsoft Edge 100, setting this policy as a recommended policy will also allow users to manually add new search engines from their Microsoft Edge settings.

If you enable this policy, users can't add, remove, or change any search engine in the list. Users can set their default search engine to any search engine in the list.

If you disable or don't configure this policy, users can modify the search engines list as desired.

If the DefaultSearchProviderSearchURL policy is set, this policy (ManagedSearchEngines) is ignored. The user must restart their browser to finish applying this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ManagedSearchEngines
  • GP name: Manage Search Engines
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ManagedSearchEngines
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ManagedSearchEngines = [
  {
    "allow_search_engine_discovery": true
  },
  {
    "is_default": true,
    "keyword": "example1.com",
    "name": "Example1",
    "search_url": "https://www.example1.com/search?q={searchTerms}",
    "suggest_url": "https://www.example1.com/qbox?query={searchTerms}"
  },
  {
    "image_search_post_params": "content={imageThumbnail},url={imageURL},sbisrc={SearchSource}",
    "image_search_url": "https://www.example2.com/images/detail/search?iss=sbiupload",
    "keyword": "example2.com",
    "name": "Example2",
    "search_url": "https://www.example2.com/search?q={searchTerms}",
    "suggest_url": "https://www.example2.com/qbox?query={searchTerms}"
  },
  {
    "encoding": "UTF-8",
    "image_search_url": "https://www.example3.com/images/detail/search?iss=sbiupload",
    "keyword": "example3.com",
    "name": "Example3",
    "search_url": "https://www.example3.com/search?q={searchTerms}",
    "suggest_url": "https://www.example3.com/qbox?query={searchTerms}"
  },
  {
    "keyword": "example4.com",
    "name": "Example4",
    "search_url": "https://www.example4.com/search?q={searchTerms}"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\ManagedSearchEngines = [{"allow_search_engine_discovery": true}, {"is_default": true, "keyword": "example1.com", "name": "Example1", "search_url": "https://www.example1.com/search?q={searchTerms}", "suggest_url": "https://www.example1.com/qbox?query={searchTerms}"}, {"image_search_post_params": "content={imageThumbnail},url={imageURL},sbisrc={SearchSource}", "image_search_url": "https://www.example2.com/images/detail/search?iss=sbiupload", "keyword": "example2.com", "name": "Example2", "search_url": "https://www.example2.com/search?q={searchTerms}", "suggest_url": "https://www.example2.com/qbox?query={searchTerms}"}, {"encoding": "UTF-8", "image_search_url": "https://www.example3.com/images/detail/search?iss=sbiupload", "keyword": "example3.com", "name": "Example3", "search_url": "https://www.example3.com/search?q={searchTerms}", "suggest_url": "https://www.example3.com/qbox?query={searchTerms}"}, {"keyword": "example4.com", "name": "Example4", "search_url": "https://www.example4.com/search?q={searchTerms}"}]

Mac information and settings

  • Preference Key Name: ManagedSearchEngines
  • Example value:
<key>ManagedSearchEngines</key>
<array>
  <dict>
    <key>allow_search_engine_discovery</key>
    <true/>
  </dict>
  <dict>
    <key>is_default</key>
    <true/>
    <key>keyword</key>
    <string>example1.com</string>
    <key>name</key>
    <string>Example1</string>
    <key>search_url</key>
    <string>https://www.example1.com/search?q={searchTerms}</string>
    <key>suggest_url</key>
    <string>https://www.example1.com/qbox?query={searchTerms}</string>
  </dict>
  <dict>
    <key>image_search_post_params</key>
    <string>content={imageThumbnail},url={imageURL},sbisrc={SearchSource}</string>
    <key>image_search_url</key>
    <string>https://www.example2.com/images/detail/search?iss=sbiupload</string>
    <key>keyword</key>
    <string>example2.com</string>
    <key>name</key>
    <string>Example2</string>
    <key>search_url</key>
    <string>https://www.example2.com/search?q={searchTerms}</string>
    <key>suggest_url</key>
    <string>https://www.example2.com/qbox?query={searchTerms}</string>
  </dict>
  <dict>
    <key>encoding</key>
    <string>UTF-8</string>
    <key>image_search_url</key>
    <string>https://www.example3.com/images/detail/search?iss=sbiupload</string>
    <key>keyword</key>
    <string>example3.com</string>
    <key>name</key>
    <string>Example3</string>
    <key>search_url</key>
    <string>https://www.example3.com/search?q={searchTerms}</string>
    <key>suggest_url</key>
    <string>https://www.example3.com/qbox?query={searchTerms}</string>
  </dict>
  <dict>
    <key>keyword</key>
    <string>example4.com</string>
    <key>name</key>
    <string>Example4</string>
    <key>search_url</key>
    <string>https://www.example4.com/search?q={searchTerms}</string>
  </dict>
</array>

Back to top

MathSolverEnabled

Let users snip a Math problem and get the solution with a step-by-step explanation in Microsoft Edge

Supported versions:

  • On Windows and macOS since 91 or later

Description

This policy lets you manage whether users can use the Math Solver tool in Microsoft Edge or not.

If you enable or don't configure the policy, then a user can take a snip of the Math problem and get the solution including a step-by-step explanation of the solution in a Microsoft Edge side pane.

If you disable the policy, then the Math Solver tool will be disabled and users will not be able to use it.

Note: Setting the ComponentUpdatesEnabled policy to disabled will also disable the Math Solver component.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MathSolverEnabled
  • GP name: Let users snip a Math problem and get the solution with a step-by-step explanation in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: MathSolverEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: MathSolverEnabled
  • Example value:
<true/>

Back to top

MaxConnectionsPerProxy

Maximum number of concurrent connections to the proxy server

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies the maximum number of simultaneous connections to the proxy server.

Some proxy servers can't handle a high number of concurrent connections per client - you can solve this by setting this policy to a lower value.

The value of this policy should be lower than 100 and higher than 6. The default value is 32.

Some web apps are known to consume many connections with hanging GETs - lowering the maximum connections below 32 may lead to browser networking hangs if too many of these kind of web apps are open.

If you don't configure this policy, the default value (32) is used.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MaxConnectionsPerProxy
  • GP name: Maximum number of concurrent connections to the proxy server
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: MaxConnectionsPerProxy
  • Value Type: REG_DWORD
Example value:
0x00000020

Mac information and settings

  • Preference Key Name: MaxConnectionsPerProxy
  • Example value:
<integer>32</integer>

Back to top

MediaRouterCastAllowAllIPs

Allow Google Cast to connect to Cast devices on all IP addresses

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enable this policy to let Google Cast connect to Cast devices on all IP addresses, not just RFC1918/RFC4193 private addresses.

Disable this policy to restrict Google Cast to Cast devices on RFC1918/RFC4193 private addresses.

If you don't configure this policy, Google Cast connects to Cast devices on RFC1918/RFC4193 private addresses only, unless you enable the CastAllowAllIPs feature.

If the EnableMediaRouter policy is disabled, then this policy has no effect.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MediaRouterCastAllowAllIPs
  • GP name: Allow Google Cast to connect to Cast devices on all IP addresses
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: MediaRouterCastAllowAllIPs
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: MediaRouterCastAllowAllIPs
  • Example value:
<false/>

Back to top

MetricsReportingEnabled

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 88.

Supported versions:

  • On Windows and macOS since 77, until 88

Description

This policy is no longer supported. It is replaced by DiagnosticData (for Windows 7, Windows 8, and macOS) and Allow Telemetry on Win 10 (https://go.microsoft.com/fwlink/?linkid=2099569).

This policy enables reporting of usage and crash-related data about Microsoft Edge to Microsoft.

Enable this policy to send reporting of usage and crash-related data to Microsoft. Disable this policy to not send the data to Microsoft. In both cases, users can't change or override the setting.

On Windows 10, if you don't configure this policy, Microsoft Edge will default to the Windows diagnostic data setting. If you enable this policy, Microsoft Edge will only send usage data if the Windows Diagnostic data setting is set to Enhanced or Full. If you disable this policy, Microsoft Edge will not send usage data. Crash-related data is sent based on the Windows Diagnostic data setting. Learn more about Windows Diagnostic data settings at https://go.microsoft.com/fwlink/?linkid=2099569

On Windows 7, Windows 8, and macOS, this policy controls sending usage and crash-related data. If you don't configure this policy, Microsoft Edge will default to the user's preference.

To enable this policy,SendSiteInfoToImproveServices must be set to Enabled. If MetricsReportingEnabled or SendSiteInfoToImproveServices is Not Configured or Disabled, this data will not be sent to Microsoft.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MetricsReportingEnabled
  • GP name: Enable usage and crash-related data reporting (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: MetricsReportingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: MetricsReportingEnabled
  • Example value:
<true/>

Back to top

MicrosoftEdgeInsiderPromotionEnabled

Microsoft Edge Insider Promotion Enabled

Supported versions:

  • On Windows and macOS since 98 or later

Description

Shows content promoting the Microsoft Edge Insider channels on the About Microsoft Edge settings page.

If you enable or don't configure this policy, the Microsoft Edge Insider promotion content will be shown on the About Microsoft Edge page.

If you disable this policy, the Microsoft Edge Insider promotion content will not be shown on the About Microsoft Edge page.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MicrosoftEdgeInsiderPromotionEnabled
  • GP name: Microsoft Edge Insider Promotion Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: MicrosoftEdgeInsiderPromotionEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: MicrosoftEdgeInsiderPromotionEnabled
  • Example value:
<true/>

Back to top

MicrosoftEditorProofingEnabled

Spell checking provided by Microsoft Editor

Supported versions:

  • On Windows and macOS since 105 or later

Description

The Microsoft Editor service provides enhanced spell and grammar checking for editable text fields on web pages.

If you enable or don't configure this policy, Microsoft Editor spell check can be used for eligible text fields.

If you disable this policy, spell check can only be provided by local engines that use platform or Hunspell services. The results from these engines might be less informative than the results Microsoft Editor can provide.

If the SpellcheckEnabled policy is set to disabled, or the user disables spell checking in the settings page, this policy will have no effect.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MicrosoftEditorProofingEnabled
  • GP name: Spell checking provided by Microsoft Editor
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: MicrosoftEditorProofingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: MicrosoftEditorProofingEnabled
  • Example value:
<false/>

Back to top

MicrosoftEditorSynonymsEnabled

Synonyms are provided when using Microsoft Editor spell checker

Supported versions:

  • On Windows and macOS since 105 or later

Description

The Microsoft Editor service provides enhanced spell and grammar checking for editable text fields on web pages, and synonyms can be suggested as an integrated feature.

If you enable this policy, Microsoft Editor spell checker will provide synonyms for suggestions for misspelled words.

If you disable or don't configure this policy, Microsoft Editor spell checker will not provide synonyms for suggestions for misspelled words.

If the SpellcheckEnabled policy or the MicrosoftEditorProofingEnabled policy are set to disabled, or the user disables spell checking or chooses not to use Microsoft Editor spell checker in the settings page, this policy will have no effect.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MicrosoftEditorSynonymsEnabled
  • GP name: Synonyms are provided when using Microsoft Editor spell checker
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: MicrosoftEditorSynonymsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: MicrosoftEditorSynonymsEnabled
  • Example value:
<false/>

Back to top

MicrosoftOfficeMenuEnabled

Allow users to access the Microsoft Office menu (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 100 or later

Description

This policy is deprecated because it's been replaced by the Microsoft Edge sidebar. Microsoft Office applications are now available in the sidebar, which can be managed by HubsSidebarEnabled policy.

When users can access the Microsoft Office menu, they can get access to Office applications such as Microsoft Word and Microsoft Excel.

If you enable or don't configure this policy, users can open the Microsoft Office menu.

If you disable this policy, users won't be able to access the Microsoft Office menu.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MicrosoftOfficeMenuEnabled
  • GP name: Allow users to access the Microsoft Office menu (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: MicrosoftOfficeMenuEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: MicrosoftOfficeMenuEnabled
  • Example value:
<false/>

Back to top

MicrosoftRootStoreEnabled

Determines whether the Microsoft Root Store and built-in certificate verifier will be used to verify server certificates (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 109, until 114

Description

When this policy is set to enabled, Microsoft Edge will perform verification of server certificates using the built-in certificate verifier with the Microsoft Root Store as the source of public trust.

When this policy is set to disabled, Microsoft Edge will use the system certificate verifier and system root certificates.

When this policy is not set, the Microsoft Root Store or system provided roots may be used.

This policy is planned to be removed in Microsoft Edge version 121 for Android devices when support for using the platform supplied roots is planned to be removed.

This policy was removed in Microsoft Edge version 115 for Microsoft® Windows® and macOS, when support for using the platform supplied certificate verifier and roots was removed.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MicrosoftRootStoreEnabled
  • GP name: Determines whether the Microsoft Root Store and built-in certificate verifier will be used to verify server certificates (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: MicrosoftRootStoreEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: MicrosoftRootStoreEnabled
  • Example value:
<false/>

Back to top

MouseGestureEnabled

Mouse Gesture Enabled

Supported versions:

  • On Windows since 112 or later

Description

This policy lets you configure the Mouse Gesture feature in Microsoft Edge.

This feature provides an easy way for users to complete tasks like scroll forward or backward, open new tab, refresh page, etc. They can finish a task by pressing and holding the mouse right button to draw certain patterns on a webpage, instead of clicking the buttons or using keyboard shortcuts.

If you enable or don't configure this policy, you can use the Mouse Gesture feature on Microsoft Edge to start using this feature.

If you disable this policy, you can't use the Mouse Gesture feature in Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: MouseGestureEnabled
  • GP name: Mouse Gesture Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: MouseGestureEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

NativeHostsExecutablesLaunchDirectly

Force Windows executable Native Messaging hosts to launch directly

Supported versions:

  • On Windows since 121 or later

Description

This policy controls whether native host executables launch directly on Windows.

If you enable this policy, Microsoft Edge is forced to launch native messaging hosts implemented as executables directly.

If you disable this policy, Microsoft Edge will launch hosts using cmd.exe as an intermediary process.

If you don't configure this policy, Microsoft Edge will decide which approach to use based on a progressive rollout from the legacy behavior to the Launch Directly behavior, guided by ecosystem compatibility.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NativeHostsExecutablesLaunchDirectly
  • GP name: Force Windows executable Native Messaging hosts to launch directly
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NativeHostsExecutablesLaunchDirectly
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

NativeWindowOcclusionEnabled

Enable Native Window Occlusion (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows since 84 or later

Description

This policy is deprecated, use the 'WindowOcclusionEnabled' policy instead. It won't work in Microsoft Edge version 92.

Enables native window occlusion in Microsoft Edge.

If you enable this setting, to reduce CPU and power consumption Microsoft Edge will detect when a window is covered by other windows, and will suspend work painting pixels.

If you disable this setting Microsoft Edge will not detect when a window is covered by other windows.

If this policy is left not set, occlusion detection will be enabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NativeWindowOcclusionEnabled
  • GP name: Enable Native Window Occlusion (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NativeWindowOcclusionEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

Set a timeout for delay of tab navigation for the Enterprise Mode Site List

Supported versions:

  • On Windows since 84 or later

Description

Allows you to set a timeout, in seconds, for Microsoft Edge tabs waiting to navigate until the browser has downloaded the initial Enterprise Mode Site List.

This setting works in conjunction with: InternetExplorerIntegrationLevel is set to 'IEMode' and InternetExplorerIntegrationSiteList policy where the list has at least one entry and DelayNavigationsForInitialSiteListDownload is set to "All eligible navigations" (1).

Tabs will not wait longer than this timeout for the Enterprise Mode Site List to download. If the browser has not finished downloading the Enterprise Mode Site List when the timeout expires, Microsoft Edge tabs will continue navigating anyway. The value of the timeout should be no greater than 20 seconds and no fewer than 1 second.

If you set the timeout in this policy to a value greater than the default of 2 seconds, an information bar is shown to the user after 2 seconds. The information bar contains a button that allows the user to quit waiting for the Enterprise Mode Site List download to complete.

If you don't configure this policy, the default timeout of 2 seconds is used. This default is subject to change in the future.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NavigationDelayForInitialSiteListDownloadTimeout
  • GP name: Set a timeout for delay of tab navigation for the Enterprise Mode Site List
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NavigationDelayForInitialSiteListDownloadTimeout
  • Value Type: REG_DWORD
Example value:
0x0000000a

Back to top

NetworkPredictionOptions

Enable network prediction

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enables network prediction and prevents users from changing this setting.

This controls DNS prefetching, TCP and SSL preconnection, and prerendering of web pages.

If you don't configure this policy, network prediction is enabled but the user can change it.

Policy options mapping:

  • NetworkPredictionAlways (0) = Predict network actions on any network connection

  • NetworkPredictionWifiOnly (1) = Not supported, if this value is used it will be treated as if 'Predict network actions on any network connection' (0) was set

  • NetworkPredictionNever (2) = Don't predict network actions on any network connection

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NetworkPredictionOptions
  • GP name: Enable network prediction
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: NetworkPredictionOptions
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: NetworkPredictionOptions
  • Example value:
<integer>2</integer>

Back to top

NetworkServiceSandboxEnabled

Enable the network service sandbox

Supported versions:

  • On Windows since 102 or later

Description

This policy controls whether or not the network service process runs sandboxed. If this policy is enabled, the network service process will run sandboxed. If this policy is disabled, the network service process will run unsandboxed. This leaves users open to additional security risks related to running the network service unsandboxed. If this policy is not set, the default configuration for the network sandbox will be used. This may vary depending on Microsoft Edge release, currently running field trials, and platform. This policy is intended to give enterprises flexibility to disable the network sandbox if they use third party software that interferes with the network service sandbox.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NetworkServiceSandboxEnabled
  • GP name: Enable the network service sandbox
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NetworkServiceSandboxEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

NewBaseUrlInheritanceBehaviorAllowed

Allows enabling the feature NewBaseUrlInheritanceBehavior

Supported versions:

  • On Windows and macOS since 123 or later

Description

NewBaseUrlInheritanceBehavior is a Microsoft Edge feature that causes about:blank and about:srcdoc frames to consistently inherit their base url values via snapshots of their initiator's base url.

If you disable this policy, it prevents users or Microsoft Edge variations from enabling NewBaseUrlInheritanceBehavior, in case compatibility issues are discovered.

If you enable or don't configure this policy, it allows enabling NewBaseUrlInheritanceBehavior.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewBaseUrlInheritanceBehaviorAllowed
  • GP name: Allows enabling the feature NewBaseUrlInheritanceBehavior
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NewBaseUrlInheritanceBehaviorAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: NewBaseUrlInheritanceBehaviorAllowed
  • Example value:
<true/>

Back to top

NewPDFReaderEnabled

Microsoft Edge built-in PDF reader powered by Adobe Acrobat enabled

Supported versions:

  • On Windows and macOS since 111 or later

Description

The policy lets Microsoft Edge launch the new version of the built-in PDF reader that's powered by Adobe Acrobat's PDF rendering engine. The new PDF reader ensures that there's no loss of functionality and delivers an enhanced PDF experience. This experience includes richer rendering, improved performance, strong security for PDF handling, and greater accessibility.

If you enable this policy, Microsoft Edge will use the new Adobe Acrobat powered built-in PDF reader to open all PDF files.

If you disable or don't configure this policy, Microsoft Edge will use the existing PDF reader to open all PDF files.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NewPDFReaderEnabled
  • GP name: Microsoft Edge built-in PDF reader powered by Adobe Acrobat enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: NewPDFReaderEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: NewPDFReaderEnabled
  • Example value:
<true/>

Back to top

NonRemovableProfileEnabled

Configure whether a user always has a default profile automatically signed in with their work or school account

Supported versions:

  • On Windows since 78 or later

Description

This policy determines if a user can remove the Microsoft Edge profile automatically signed in with a user's work or school account.

If you enable this policy, a non-removable profile will be created with the user's work or school account on Windows. This profile can't be signed out or removed. The profile will be non-removable only if profile is signed-in with either on-premises account or Azure AD account that matches OS sign-in account.

If you disable or don't configure this policy, the profile automatically signed in with a user's work or school account on Windows can be signed out or removed by the user.

If you want to configure browser sign in, use the BrowserSignin policy.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management.

From Microsoft Edge 89 onwards, if there is an existing on-premises profile with sync disabled and machine is hybrid joined, it will auto-upgrade the on-premises profile to Azure AD profile and make it non-removable instead of creating a new non-removable Azure AD profile.

From Microsoft Edge 93 onwards, if policy ImplicitSignInEnabled is disabled, this policy will not take any effect.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: NonRemovableProfileEnabled
  • GP name: Configure whether a user always has a default profile automatically signed in with their work or school account
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: NonRemovableProfileEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

OrganizationLogoOverlayOnAppIconEnabled

Allow your organization's logo from Microsoft Entra to be overlaid on the Microsoft Edge app icon of a work profile

Supported versions:

  • On Windows and macOS since 120 or later

Description

Allow your organization's logo from Entra, if any, to be overlaid on the Microsoft Edge app icon of a profile that's signed in with an Entra ID (formerly known as Azure Active Directory) account. This requires a browser restart to take effect.

If you enable this policy, your organization's logo from Entra will be used.

If you disable or don't configure this policy, your organization's logo from Entra won't be used.

For more information about configuring your organization's logo on Entra, please visit https://go.microsoft.com/fwlink/?linkid=2254514.

Supported features:

  • Can be mandatory: No
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: OrganizationLogoOverlayOnAppIconEnabled
  • GP name: Allow your organization's logo from Microsoft Entra to be overlaid on the Microsoft Edge app icon of a work profile
  • GP path (Mandatory): N/A
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): N/A
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: OrganizationLogoOverlayOnAppIconEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: OrganizationLogoOverlayOnAppIconEnabled
  • Example value:
<true/>

Back to top

OrganizationalBrandingOnWorkProfileUIEnabled

Supported versions:

  • On Windows and macOS since 119 or later

Description

Allow the use of your organization's branding assets from Entra, if any, on the profile-related UI of a profile that's signed in with an Entra ID (formerly known as Azure Active Directory) account. This requires a browser restart to take effect.

If you enable this policy, your organization's branding assets from Entra will be used.

If you disable or don't configure this policy, your organization's branding assets from Entra won't be used.

For more information about configuring your organization's branding assets on Entra, please visit https://go.microsoft.com/fwlink/?linkid=2254514.

Supported features:

  • Can be mandatory: No
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: OrganizationalBrandingOnWorkProfileUIEnabled
  • GP name: Allow the use of your organization's branding assets from Microsoft Entra on the profile-related UI of a work profile
  • GP path (Mandatory): N/A
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): N/A
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: OrganizationalBrandingOnWorkProfileUIEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: OrganizationalBrandingOnWorkProfileUIEnabled
  • Example value:
<true/>

Back to top

OriginAgentClusterDefaultEnabled

Origin-keyed agent clustering enabled by default

Supported versions:

  • On Windows and macOS since 103 or later

Description

The Origin-Agent-Cluster: HTTP header controls whether a document is isolated in an origin-keyed agent cluster or in a site-keyed agent cluster. This has security implications because an origin-keyed agent cluster allows isolating documents by origin. The consequence of this for developers is that the document.domain accessor can no longer be set when origin-keyed agent clustering is enabled.

If you enable or don't configure this policy, documents without the Origin-Agent-Cluster: header will be assigned to origin-keyed agent clustering by default. On these documents, the document.domain accessor will not be settable.

If you disable this policy, documents without the Origin-Agent-Cluster: header will be assigned to site-keyed agent clusters by default. On these documents, the document.domain accessor will be settable.

See https://go.microsoft.com/fwlink/?linkid=2191896 for additional details.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: OriginAgentClusterDefaultEnabled
  • GP name: Origin-keyed agent clustering enabled by default
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: OriginAgentClusterDefaultEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: OriginAgentClusterDefaultEnabled
  • Example value:
<false/>

Back to top

OutlookHubMenuEnabled

Allow users to access the Outlook menu (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 105.

Supported versions:

  • On Windows and macOS since 102, until 105

Description

This policy doesn't work because the Outlook menu is now contained within the Edge Sidebar and can be managed using the HubsSidebarEnabled policy.

This policy is used to manage access to the Outlook menu from Microsoft Edge.

If you enable or don't configure this policy, users can access the Outlook menu. If you disable this policy, users can't access the Outlook menu.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: OutlookHubMenuEnabled
  • GP name: Allow users to access the Outlook menu (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: OutlookHubMenuEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: OutlookHubMenuEnabled
  • Example value:
<false/>

Back to top

OverrideSecurityRestrictionsOnInsecureOrigin

Control where security restrictions on insecure origins apply

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies a list of origins (URLs) or hostname patterns (like "*.contoso.com") for which security restrictions on insecure origins don't apply.

This policy lets you specify allowed origins for legacy applications that can't deploy TLS or set up a staging server for internal web development so that developers can test out features requiring secure contexts without having to deploy TLS on the staging server. This policy also prevents the origin from being labeled "Not Secure" in the omnibox.

Setting a list of URLs in this policy has the same effect as setting the command-line flag '--unsafely-treat-insecure-origin-as-secure' to a comma-separated list of the same URLs. If you enable this policy, it overrides the command-line flag.

For more information on secure contexts, see https://www.w3.org/TR/secure-contexts/.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: OverrideSecurityRestrictionsOnInsecureOrigin
  • GP name: Control where security restrictions on insecure origins apply
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\OverrideSecurityRestrictionsOnInsecureOrigin
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\OverrideSecurityRestrictionsOnInsecureOrigin\1 = "http://testserver.contoso.com/"
SOFTWARE\Policies\Microsoft\Edge\OverrideSecurityRestrictionsOnInsecureOrigin\2 = "*.contoso.com"

Mac information and settings

  • Preference Key Name: OverrideSecurityRestrictionsOnInsecureOrigin
  • Example value:
<array>
  <string>http://testserver.contoso.com/</string>
  <string>*.contoso.com</string>
</array>

Back to top

PDFSecureMode

Secure mode and Certificate-based Digital Signature validation in native PDF reader

Supported versions:

  • On Windows and macOS since 100 or later

Description

The policy enables Digital Signature validation for PDF files in a secure environment, which shows the correct validation status of the signatures.

If you enable this policy, PDF files with Certificate-based digital signatures are opened with an option to view and verify the validity of the signatures with high security.

If you disable or don't configure this policy, the capability to view and verify the signature will not be available.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PDFSecureMode
  • GP name: Secure mode and Certificate-based Digital Signature validation in native PDF reader
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PDFSecureMode
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PDFSecureMode
  • Example value:
<true/>

Back to top

PDFXFAEnabled

XFA support in native PDF reader enabled

Supported versions:

  • On Windows and macOS since 104 or later

Description

Lets the Microsoft Edge browser enable XFA (XML Forms Architecture) support in the native PDF reader and allows users to open XFA PDF files in the browser.

If you enable this policy, XFA support in the native PDF reader will be enabled.

If you disable or don't configure this policy, Microsoft Edge will not enable XFA support in the native PDF reader.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PDFXFAEnabled
  • GP name: XFA support in native PDF reader enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PDFXFAEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PDFXFAEnabled
  • Example value:
<true/>

Back to top

PaymentMethodQueryEnabled

Allow websites to query for available payment methods

Supported versions:

  • On Windows and macOS since 80 or later

Description

Allows you to set whether websites can check if the user has payment methods saved.

If you disable this policy, websites that use PaymentRequest.canMakePayment or PaymentRequest.hasEnrolledInstrument API will be informed that no payment methods are available.

If you enable this policy or don't set this policy, websites can check if the user has payment methods saved.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PaymentMethodQueryEnabled
  • GP name: Allow websites to query for available payment methods
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PaymentMethodQueryEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PaymentMethodQueryEnabled
  • Example value:
<true/>

Back to top

PersonalizationReportingEnabled

Allow personalization of ads, Microsoft Edge, search, news and other Microsoft services by sending browsing history, favorites and collections, usage and other browsing data to Microsoft

Supported versions:

  • On Windows and macOS since 80 or later

Description

This policy prevents Microsoft from collecting a user's Microsoft Edge browsing history, favorites and collections, usage, and other browsing data to be used for personalizing advertising, search, news, Microsoft Edge and other Microsoft services.

This setting is not available for child accounts or enterprise accounts.

If you disable this policy, users can't change or override the setting. If this policy is enabled or not configured, Microsoft Edge will default to the user's preference.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PersonalizationReportingEnabled
  • GP name: Allow personalization of ads, Microsoft Edge, search, news and other Microsoft services by sending browsing history, favorites and collections, usage and other browsing data to Microsoft
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PersonalizationReportingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PersonalizationReportingEnabled
  • Example value:
<true/>

Back to top

PictureInPictureOverlayEnabled

Enable Picture in Picture overlay feature on supported webpages in Microsoft Edge

Supported versions:

  • On Windows and macOS since 118 or later

Description

This policy lets you configure the Picture in Picture floating overlay button in Microsoft Edge.

The Picture in Picture floating overlay button lets user to watch videos in a floating window on top of other windows.

If you enable or don't configure this policy, you can use the Picture in Picture floating overlay button in Microsoft Edge.

If you disable this policy, you can't use the Picture in Picture floating overlay button in Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PictureInPictureOverlayEnabled
  • GP name: Enable Picture in Picture overlay feature on supported webpages in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PictureInPictureOverlayEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PictureInPictureOverlayEnabled
  • Example value:
<true/>

Back to top

PinningWizardAllowed

Allow Pin to taskbar wizard

Supported versions:

  • On Windows since 80 or later

Description

Microsoft Edge uses the Pin to taskbar wizard to help users pin suggested sites to the taskbar. The Pin to taskbar wizard feature is enabled by default and accessible to the user through the Settings and more menu.

If you enable this policy or don't configure it, users can call the Pin to taskbar wizard from the Settings and More menu. The wizard can also be called via a protocol launch.

If you disable this policy, the Pin to taskbar wizard is disabled in the menu and cannot be called via a protocol launch.

User settings to enable or disable the Pin to taskbar wizard aren't available.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PinningWizardAllowed
  • GP name: Allow Pin to taskbar wizard
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PinningWizardAllowed
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

PostQuantumKeyAgreementEnabled

Enable post-quantum key agreement for TLS

Supported versions:

  • On Windows and macOS since 120 or later

Description

This policy configures whether Microsoft Edge will offer Kyber, a post-quantum key agreement algorithm, in TLS. This lets supporting servers protect user traffic from being decrypted by quantum computers.

If you enable this policy, Microsoft Edge will offer Kyber in TLS connections. TLS connections will be protected with Kyber key agreement when communicating with compatible servers that select Kyber during the TLS handshake.

If this disable this policy, Microsoft Edge will not offer Kyber in TLS connections. User traffic will be unprotected from decryption by quantum computers.

If you don't configure this policy, Microsoft Edge will follow the default rollout process for offering Kyber.

Offering Kyber is backwards-compatible. Existing TLS servers and networking middleware are expected to ignore the new option and continue selecting previous options.

However, devices that don't implement TLS correctly may malfunction when offered the new option. For example, they might disconnect in response to unrecognized options or the resulting larger messages. These devices are not post-quantum-ready and will interfere with an enterprise's post-quantum transition. If this issue is encountered, administrators should contact the vendor for a fix.

This policy is a temporary measure and will be removed in future versions of Microsoft Edge. You can enable it to test for issues and you can disable it while you resolve issues.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PostQuantumKeyAgreementEnabled
  • GP name: Enable post-quantum key agreement for TLS
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PostQuantumKeyAgreementEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PostQuantumKeyAgreementEnabled
  • Example value:
<true/>

Back to top

ProactiveAuthEnabled

Enable Proactive Authentication (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 90.

Supported versions:

  • On Windows and macOS since 77, until 90

Description

This policy is obsolete because it does not work independently of browser sign in. It does not work in Microsoft Edge after version 90. If you want to configure browser sign in, use the BrowserSignin policy.

Lets you configure whether to turn on Proactive Authentication in Microsoft Edge.

If you enable this policy, Microsoft Edge tries to seamlessly authenticate to websites and services using the account which is signed-in to the browser.

If you disable this policy, Microsoft Edge does not try to authenticate with websites or services using single sign-on (SSO). Authenticated experiences like the Enterprise New Tab Page will not work (e.g. recent and recommended Office documents will not be available).

If you don't configure this policy, Proactive Authentication is turned on.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ProactiveAuthEnabled
  • GP name: Enable Proactive Authentication (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ProactiveAuthEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ProactiveAuthEnabled
  • Example value:
<true/>

Back to top

PromotionalTabsEnabled

Enable full-tab promotional content

Supported versions:

  • On Windows and macOS since 77 or later

Description

Control the presentation of full-tab promotional or educational content. This setting controls the presentation of welcome pages that help users sign into Microsoft Edge, choose their default browser, or learn about product features.

If you enable this policy (set it true) or don't configure it, Microsoft Edge can show full-tab content to users to provide product information.

If you disable (set to false) this policy, Microsoft Edge can't show full-tab content to users.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PromotionalTabsEnabled
  • GP name: Enable full-tab promotional content
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PromotionalTabsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: PromotionalTabsEnabled
  • Example value:
<false/>

Back to top

PromptForDownloadLocation

Ask where to save downloaded files

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set whether to ask where to save a file before downloading it.

If you enable this policy, the user is asked where to save each file before downloading; if you don't configure it, files are saved automatically to the default location, without asking the user.

If you don't configure this policy, the user will be able to change this setting.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PromptForDownloadLocation
  • GP name: Ask where to save downloaded files
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PromptForDownloadLocation
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: PromptForDownloadLocation
  • Example value:
<false/>

Back to top

PromptOnMultipleMatchingCertificates

Prompt the user to select a certificate when multiple certificates match

Supported versions:

  • On Windows and macOS since 100 or later

Description

This policy controls whether the user is prompted to select a client certificate when more than one certificate matches AutoSelectCertificateForUrls. If this policy is set to True, the user is prompted to select a client certificate whenever the auto-selection policy matches multiple certificates. If this policy is set to False or not set, the user may only be prompted when no certificate matches the auto-selection.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: PromptOnMultipleMatchingCertificates
  • GP name: Prompt the user to select a certificate when multiple certificates match
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: PromptOnMultipleMatchingCertificates
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: PromptOnMultipleMatchingCertificates
  • Example value:
<true/>

Back to top

QuicAllowed

Allow QUIC protocol

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows use of the QUIC protocol in Microsoft Edge.

If you enable this policy or don't configure it, the QUIC protocol is allowed.

If you disable this policy, the QUIC protocol is blocked.

QUIC is a transport layer network protocol that can improve performance of web applications that currently use TCP.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: QuicAllowed
  • GP name: Allow QUIC protocol
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: QuicAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: QuicAllowed
  • Example value:
<true/>

Back to top

QuickSearchShowMiniMenu

Enables Microsoft Edge mini menu

Supported versions:

  • On Windows and macOS since 104 or later

Description

Enables Microsoft Edge mini menu on websites and PDFs. The mini menu is triggered on text selection and has basic actions like copy and smart actions like definitions.

If you enable or don't config this policy, selecting text on websites and PDFs will show the Microsoft Edge mini menu.

If you disable this policy, the Microsoft Edge mini menu will not be shown when text on websites and PDFs is selected.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: QuickSearchShowMiniMenu
  • GP name: Enables Microsoft Edge mini menu
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: QuickSearchShowMiniMenu
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: QuickSearchShowMiniMenu
  • Example value:
<true/>

Back to top

QuickViewOfficeFilesEnabled

Manage QuickView Office files capability in Microsoft Edge

Supported versions:

  • On Windows and macOS since 90 or later

Description

Allows you to set whether users can view publicly accessible Office files on the web that aren't on OneDrive or SharePoint. (For example: Word documents, PowerPoint presentations, and Excel spreadsheets)

If you enable or don't configure this policy, these files can be viewed in Microsoft Edge using Office Viewer instead of downloading the files.

If you disable this policy, these files will be downloaded to be viewed.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: QuickViewOfficeFilesEnabled
  • GP name: Manage QuickView Office files capability in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: QuickViewOfficeFilesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: QuickViewOfficeFilesEnabled
  • Example value:
<true/>

Back to top

RSAKeyUsageForLocalAnchorsEnabled

Check RSA key usage for server certificates issued by local trust anchors

Supported versions:

  • On Windows and macOS since 123 or later

Description

The X.509 key usage extension declares how the key in a certificate can be used. These instructions ensure certificates aren't used in an unintended context, which protects against a class of cross-protocol attacks on HTTPS and other protocols. HTTPS clients must verify that server certificates match the connection's TLS parameters.

If this policy is enabled, Microsoft Edge will perform this key check. This helps prevent attacks where an attacker manipulates the browser into interpreting a key in ways that the certificate owner did not intend.

If this policy is set to disabled or not configured, Microsoft Edge will skip this key check in HTTPS connections that negotiate TLS 1.2 and use an RSA certificate that chains to a local trust anchor. Examples of local trust anchors include policy-provided or user-installed root certificates. In all other cases, the check is performed independent of this policy's setting.

This policy is available for administrators to preview the behavior of a future release, which will enable this check by default. At that point, this policy will remain temporarily available for administrators that need more time to update their certificates to meet the new RSA key usage requirements.

Connections that fail this check will fail with the error ERR_SSL_KEY_USAGE_INCOMPATIBLE. Sites that fail with this error likely have a misconfigured certificate. Modern ECDHE_RSA cipher suites use the "digitalSignature" key usage option, while legacy RSA decryption cipher suites use the "keyEncipherment" key usage option. If uncertain, administrators should include both in RSA certificates meant for HTTPS.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RSAKeyUsageForLocalAnchorsEnabled
  • GP name: Check RSA key usage for server certificates issued by local trust anchors
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RSAKeyUsageForLocalAnchorsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: RSAKeyUsageForLocalAnchorsEnabled
  • Example value:
<true/>

Back to top

ReadAloudEnabled

Enable Read Aloud feature in Microsoft Edge

Supported versions:

  • On Windows and macOS since 113 or later

Description

Enables the Read Aloud feature within Microsoft Edge. Using this feature, users can listen to the content on the web page. This enables users to multi-task or improve their reading comprehension by hearing content at their own pace.

If you enable this policy or don't configure it, the Read Aloud option shows up in the address bar, right click context menu, more menu, on the PDF toolbar, and within Immersive Reader. If you disable this policy, users can't access the Read Aloud feature from the address bar, right click context menu, more menu, on the PDF toolbar, and within Immersive Reader.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ReadAloudEnabled
  • GP name: Enable Read Aloud feature in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ReadAloudEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ReadAloudEnabled
  • Example value:
<true/>

Back to top

RedirectSitesFromInternetExplorerPreventBHOInstall

Prevent install of the BHO to redirect incompatible sites from Internet Explorer to Microsoft Edge

Supported versions:

  • On Windows since 87 or later

Description

This setting lets you specify whether to block the install of the Browser Helper Object (BHO) that enables redirecting incompatible sites from Internet Explorer to Microsoft Edge for sites that require a modern browser.

If you enable this policy, the BHO will not be installed. If it is already installed it will be uninstalled on the next Microsoft Edge update.

If this policy is not configured or is disabled, the BHO will be installed.

The BHO is required for incompatible site redirection to occur, however whether redirection occurs or not is also controlled by RedirectSitesFromInternetExplorerRedirectMode.

For more information about this policy see https://go.microsoft.com/fwlink/?linkid=2141715

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RedirectSitesFromInternetExplorerPreventBHOInstall
  • GP name: Prevent install of the BHO to redirect incompatible sites from Internet Explorer to Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RedirectSitesFromInternetExplorerPreventBHOInstall
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

RedirectSitesFromInternetExplorerRedirectMode

Redirect incompatible sites from Internet Explorer to Microsoft Edge

Supported versions:

  • On Windows since 87 or later

Description

This setting lets you specify whether Internet Explorer will redirect navigations to sites that require a modern browser to Microsoft Edge. If you set this policy to 'Disable' ('Prevent redirection', value 0), Internet Explorer will not redirect any traffic to Microsoft Edge.

If you set this policy to 'Sitelist', starting with Microsoft Edge major release 87 , Internet Explorer (IE) will redirect sites that require a modern browser to Microsoft Edge. (Note: The Sitelist setting is 'Redirect sites based on the incompatible sites sitelist', value 1).

When a site is redirected from Internet Explorer to Microsoft Edge, the Internet Explorer tab that started loading the site is closed if it had no prior content. Otherwise, the user is taken to a Microsoft help page that explains why the site was redirected to Microsoft Edge. When Microsoft Edge is launched to load an IE site, an information bar explains that the site works best in a modern browser.

If you want to redirect all navigations, you can configure the Disable Internet Explorer 11 policy, which redirects all navigations from IE11 to Microsoft Edge. It also hides the IE11 app icon from the user after the first launch.

If don't configure this policy:

  • Starting with Microsoft Edge major release 87, you will have the same experience as setting the policy to 'Sitelist': Internet Explorer will redirect sites that require a modern browser to Microsoft Edge.
  • In the future, the default for your organization might change to automatically redirect all navigations. If you don't want automatic redirection, set this policy to 'Disable' or 'Sitelist'.

For more information about this policy see https://go.microsoft.com/fwlink/?linkid=2141715

Policy options mapping:

  • Disable (0) = Prevent redirection

  • Sitelist (1) = Redirect sites based on the incompatible sites sitelist

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RedirectSitesFromInternetExplorerRedirectMode
  • GP name: Redirect incompatible sites from Internet Explorer to Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: RedirectSitesFromInternetExplorerRedirectMode
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

RelatedMatchesCloudServiceEnabled

Supported versions:

  • On Windows and macOS since 99 or later

Description

Specifies how the user receives related matches in Find on Page, which provides spellcheck, synonyms, and Q&A results in Microsoft Edge.

If you enable or don't configure this policy, users can receive related matches in Find on Page on all sites. The results are processed in a cloud service.

If you disable this policy, users can receive related matches in Find on Page on limited sites. The results are processed on the user's device.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RelatedMatchesCloudServiceEnabled
  • GP name: Configure Related Matches in Find on Page
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RelatedMatchesCloudServiceEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: RelatedMatchesCloudServiceEnabled
  • Example value:
<true/>

Back to top

RelaunchNotification

Supported versions:

  • On Windows and macOS since 77 or later

Description

Notify users that they need to restart Microsoft Edge to apply a pending update.

If you don't configure this policy, Microsoft Edge adds a recycle icon at the far right of the top menu bar to prompt users to restart the browser to apply the update.

If you enable this policy and set it to 'Recommended', a recurring warning prompts users that a restart is recommended. Users can dismiss this warning and defer the restart.

If you set the policy to 'Required', a recurring warning prompts users that the browser will be restarted automatically as soon as a notification period passes. The default period is seven days. You can configure this period with the RelaunchNotificationPeriod policy.

The user's session is restored when the browser restarts.

Policy options mapping:

  • Recommended (1) = Recommended - Show a recurring prompt to the user indicating that a restart is recommended

  • Required (2) = Required - Show a recurring prompt to the user indicating that a restart is required

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RelaunchNotification
  • GP name: Notify a user that a browser restart is recommended or required for pending updates
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RelaunchNotification
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: RelaunchNotification
  • Example value:
<integer>1</integer>

Back to top

RelaunchNotificationPeriod

Set the time period for update notifications

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows you to set the time period, in milliseconds, over which users are notified that Microsoft Edge must be relaunched to apply a pending update.

Over this time period, the user will be repeatedly informed of the need for an update. In Microsoft Edge the app menu changes to indicate that a relaunch is needed once one third of the notification period passes. This notification changes color once two thirds of the notification period passes, and again once the full notification period has passed. The additional notifications enabled by the RelaunchNotification policy follow this same schedule.

If not set, the default period of 604800000 milliseconds (one week) is used.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RelaunchNotificationPeriod
  • GP name: Set the time period for update notifications
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RelaunchNotificationPeriod
  • Value Type: REG_DWORD
Example value:
0x240c8400

Mac information and settings

  • Preference Key Name: RelaunchNotificationPeriod
  • Example value:
<integer>604800000</integer>

Back to top

RelaunchWindow

Set the time interval for relaunch

Supported versions:

  • On Windows and macOS since 93 or later

Description

Specifies a target time window for the end of the relaunch notification period.

Users are notified of the need for a browser relaunch or device restart based on the RelaunchNotification and RelaunchNotificationPeriod policy settings. Browsers and devices are forcibly restarted at the end of the notification period when the RelaunchNotification policy is set to 'Required'. This RelaunchWindow policy can be used to defer the end of the notification period so that it falls within a specific time window.

If you don't configure this policy, the default target time window is the whole day (i.e., the end of the notification period is never deferred).

Note: Though the policy can accept multiple items in entries, all but the first item are ignored. Warning: Setting this policy may delay application of software updates.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Dictionary

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RelaunchWindow
  • GP name: Set the time interval for relaunch
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RelaunchWindow
  • Value Type: REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\RelaunchWindow = {
  "entries": [
    {
      "duration_mins": 240,
      "start": {
        "hour": 2,
        "minute": 15
      }
    }
  ]
}
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\RelaunchWindow = {"entries": [{"duration_mins": 240, "start": {"hour": 2, "minute": 15}}]}

Mac information and settings

  • Preference Key Name: RelaunchWindow
  • Example value:
<key>RelaunchWindow</key>
<dict>
  <key>entries</key>
  <array>
    <dict>
      <key>duration_mins</key>
      <integer>240</integer>
      <key>start</key>
      <dict>
        <key>hour</key>
        <integer>2</integer>
        <key>minute</key>
        <integer>15</integer>
      </dict>
    </dict>
  </array>
</dict>

Back to top

RemoteDebuggingAllowed

Allow remote debugging

Supported versions:

  • On Windows and macOS since 93 or later

Description

Controls whether users may use remote debugging.

If you enable or don't configure this policy, users may use remote debugging by specifying --remote-debug-port and --remote-debugging-pipe command line switches.

If you disable this policy, users are not allowed to use remote debugging.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RemoteDebuggingAllowed
  • GP name: Allow remote debugging
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RemoteDebuggingAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: RemoteDebuggingAllowed
  • Example value:
<true/>

Back to top

RendererAppContainerEnabled

Enable renderer in app container

Supported versions:

  • On Windows since 96 or later

Description

Launches Renderer processes into an App Container for additional security benefits.

If you don't configure this policy, Microsoft Edge will launch the renderer process in an app container in a future update.

If you enable this policy, Microsoft Edge will launch the renderer process in an app container.

If you disable this policy, Microsoft Edge will not launch the renderer process in an app container.

Only turn off the policy if there are compatibility issues with third-party software that must run inside Microsoft Edge's renderer processes.

This policy will only take effect on Windows 10 RS5 and above.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RendererAppContainerEnabled
  • GP name: Enable renderer in app container
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RendererAppContainerEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

RendererCodeIntegrityEnabled

Enable renderer code integrity (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows since 78 or later

Description

Setting the policy to Enabled or leaving it unset turns Renderer Code Integrity on. Setting the policy to Disabled has a detrimental effect on Microsoft Edge's security and stability as unknown and potentially hostile code can load inside Microsoft Edge's renderer processes. Only turn off the policy if there are compatibility issues with third-party software that must run inside Microsoft Edge's renderer processes.

This policy will be removed in Edge 119 and will be ignored if set.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RendererCodeIntegrityEnabled
  • GP name: Enable renderer code integrity (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RendererCodeIntegrityEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

RequireOnlineRevocationChecksForLocalAnchors

Specify if online OCSP/CRL checks are required for local trust anchors

Supported versions:

  • On Windows since 123 or later

Description

Control whether online revocation checks (OCSP/CRL checks) are required. If Microsoft Edge can't get revocation status information, these certificates are treated as revoked ("hard-fail").

If you enable this policy, Microsoft Edge always performs revocation checking for server certificates that successfully validate and are signed by locally-installed CA certificates.

If you don't configure or disable this policy, then Microsoft Edge uses the existing online revocation checking settings.

On macOS, this policy has no effect if the MicrosoftRootStoreEnabled policy is set to False.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RequireOnlineRevocationChecksForLocalAnchors
  • GP name: Specify if online OCSP/CRL checks are required for local trust anchors
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RequireOnlineRevocationChecksForLocalAnchors
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

ResolveNavigationErrorsUseWebService

Enable resolution of navigation errors using a web service

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allow Microsoft Edge to issue a dataless connection to a web service to probe networks for connectivity in cases like hotel and airport Wi-Fi.

If you enable this policy, a web service is used for network connectivity tests.

If you disable this policy, Microsoft Edge uses native APIs to try to resolve network connectivity and navigation issues.

Note: Except on Windows 8 and later versions of Windows, Microsoft Edge always uses native APIs to resolve connectivity issues.

If you don't configure this policy, Microsoft Edge respects the user preference that's set under Services at edge://settings/privacy. Specifically, there's a Use a web service to help resolve navigation errors toggle, which the user can switch on or off. Be aware that if you have enabled this policy (ResolveNavigationErrorsUseWebService), the Use a web service to help resolve navigation errors setting is turned on, but the user can't change the setting by using the toggle. If you have disabled this policy, the Use a web service to help resolve navigation errors setting is turned off, and the user can't change the setting by using the toggle.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ResolveNavigationErrorsUseWebService
  • GP name: Enable resolution of navigation errors using a web service
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ResolveNavigationErrorsUseWebService
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ResolveNavigationErrorsUseWebService
  • Example value:
<true/>

Back to top

RestorePdfView

Restore PDF view

Supported versions:

  • On Windows and macOS since 113 or later

Description

Enables PDF View Recovery in Microsoft Edge.

If you enable or don't configure this policy Microsoft Edge will recover the last state of PDF view and land users to the section where they ended reading in the last session.

If you disable this policy Microsoft Edge will recover the last state of PDF view and land users at the start of the PDF file.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RestorePdfView
  • GP name: Restore PDF view
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RestorePdfView
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: RestorePdfView
  • Example value:
<true/>

Back to top

RestrictSigninToPattern

Restrict which accounts can be used to sign in to Microsoft Edge

Supported versions:

  • On Windows and macOS since 77 or later

Description

Determines which accounts can be used to sign in to the Microsoft Edge account that's chosen during the Sync opt-in flow.

You can configure this policy to match multiple accounts using a Perl style regular expression for the pattern. If a user tries to sign in to the browser with an account whose username doesn't match this pattern, they are blocked and will get the appropriate error message. Note that pattern matches are case sensitive. For more information about the regular expression rules that are used, refer to https://go.microsoft.com/fwlink/p/?linkid=2133903.

If you don't configure this policy or leave it blank, users can use any account to sign in to Microsoft Edge.

Note that signed-in profiles with a username that doesn't match this pattern will be signed out after this policy is enabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RestrictSigninToPattern
  • GP name: Restrict which accounts can be used to sign in to Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RestrictSigninToPattern
  • Value Type: REG_SZ
Example value:
".*@contoso.com"

Mac information and settings

  • Preference Key Name: RestrictSigninToPattern
  • Example value:
<string>.*@contoso.com</string>

Back to top

RoamingProfileLocation

Set the roaming profile directory

Supported versions:

  • On Windows since 85 or later

Description

Configures the directory to use to store the roaming copy of profiles.

If you enable this policy, Microsoft Edge uses the provided directory to store a roaming copy of the profiles, as long as you've also enabled the RoamingProfileSupportEnabled policy. If you disable the RoamingProfileSupportEnabled policy or don't configure it, the value stored in this policy isn't used.

See https://go.microsoft.com/fwlink/?linkid=2095041 for a list of variables you can use.

If you don't configure this policy, the default roaming profile path is used.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RoamingProfileLocation
  • GP name: Set the roaming profile directory
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RoamingProfileLocation
  • Value Type: REG_SZ
Example value:
"${roaming_app_data}\\edge-profile"

Back to top

RoamingProfileSupportEnabled

Enable using roaming copies for Microsoft Edge profile data

Supported versions:

  • On Windows since 85 or later

Description

Enable this policy to use roaming profiles on Windows. The settings stored in Microsoft Edge profiles (favorites and preferences) are also saved to a file stored in the Roaming user profile folder (or the location specified by the administrator through the RoamingProfileLocation policy).

If you disable this policy or don't configure it, only the regular local profiles are used.

The SyncDisabled only disables cloud synchronization and has no impact on this policy.

See https://go.microsoft.com/fwlink/?linkid=2150058 for more information on using roaming user profiles.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RoamingProfileSupportEnabled
  • GP name: Enable using roaming copies for Microsoft Edge profile data
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RoamingProfileSupportEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

RunAllFlashInAllowMode

Extend Adobe Flash content setting to all content (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 88.

Supported versions:

  • On Windows and macOS since 77, until 88

Description

This policy doesn't work because Flash is no longer supported by Microsoft Edge.

If you enable this policy, all Adobe Flash content embedded in websites that are set to allow Adobe Flash in the content settings -- either by the user or by enterprise policy -- will run. This includes content from other origins and/or small content.

To control which websites are allowed to run Adobe Flash, see the specifications in the DefaultPluginsSetting, PluginsAllowedForUrls, and PluginsBlockedForUrls policies.

If you disable this policy or don't configure it, Adobe Flash content from other origins (from sites that aren't specified in the three policies mentioned immediately above) or small content might be blocked.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: RunAllFlashInAllowMode
  • GP name: Extend Adobe Flash content setting to all content (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: RunAllFlashInAllowMode
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: RunAllFlashInAllowMode
  • Example value:
<true/>

Back to top

SSLErrorOverrideAllowed

Allow users to proceed from the HTTPS warning page

Supported versions:

  • On Windows and macOS since 77 or later

Description

Microsoft Edge shows a warning page when users visit sites that have SSL errors.

If you enable or don't configure (default) this policy, users can click through these warning pages.

If you disable this policy, users are blocked from clicking through any warning page.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SSLErrorOverrideAllowed
  • GP name: Allow users to proceed from the HTTPS warning page
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SSLErrorOverrideAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SSLErrorOverrideAllowed
  • Example value:
<true/>

Back to top

SSLErrorOverrideAllowedForOrigins

Allow users to proceed from the HTTPS warning page for specific origins

Supported versions:

  • On Windows and macOS since 90 or later

Description

Microsoft Edge shows a warning page when users visit sites that have SSL errors.

If you enable or don't configure the SSLErrorOverrideAllowed policy, this policy does nothing.

If you disable the SSLErrorOverrideAllowed policy, configuring this policy lets you configure a list of origin patterns for sites where users can continue to click through SSL error pages. Users can't click through SSL error pages on origins that are not on this list.

If you don't configure this policy, the SSLErrorOverrideAllowed policy applies for all sites.

For detailed information about valid origin patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy. This policy only matches based on origin, so any path or query in the URL pattern is ignored.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SSLErrorOverrideAllowedForOrigins
  • GP name: Allow users to proceed from the HTTPS warning page for specific origins
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SSLErrorOverrideAllowedForOrigins
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SSLErrorOverrideAllowedForOrigins\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\SSLErrorOverrideAllowedForOrigins\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: SSLErrorOverrideAllowedForOrigins
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

SSLVersionMin

Minimum TLS version enabled (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 97.

Supported versions:

  • On Windows and macOS since 77, until 97

Description

This policy was removed in Microsoft Edge 98 and is ignored if configured. Sets the minimum supported version of TLS.

If you set this policy to 'tls1.2', Microsoft Edge will show an error for TLS 1.0 and TLS 1.1 and the user will not be able to bypass the error.

If you don't configure this policy, Microsoft Edge will still show an error for TLS 1.0 and TLS 1.1 but the user will be able to bypass it.

Support for suppressing the TLS 1.0/1.1 warning was removed from Microsoft Edge starting in version 91. The 'tls1' and 'tls1.1' values are no longer supported.

Policy options mapping:

  • TLSv1 (tls1) = TLS 1.0

  • TLSv1.1 (tls1.1) = TLS 1.1

  • TLSv1.2 (tls1.2) = TLS 1.2

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SSLVersionMin
  • GP name: Minimum TLS version enabled (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SSLVersionMin
  • Value Type: REG_SZ
Example value:
"tls1"

Mac information and settings

  • Preference Key Name: SSLVersionMin
  • Example value:
<string>tls1</string>

Back to top

SandboxExternalProtocolBlocked

Allow Microsoft Edge to block navigations to external protocols in a sandboxed iframe

Supported versions:

  • On Windows and macOS since 99 or later

Description

Microsoft Edge will block navigations to external protocols inside a sandboxed iframe.

If you enable or don't configure this policy, Microsoft Edge will block those navigations.

If you disable this policy, Microsoft Edge will not block those navigations.

This can be used by administrators who need more time to update their internal website affected by this new restriction. This Enterprise policy is temporary; it's intended to be removed after Microsoft Edge version 117.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SandboxExternalProtocolBlocked
  • GP name: Allow Microsoft Edge to block navigations to external protocols in a sandboxed iframe
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SandboxExternalProtocolBlocked
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SandboxExternalProtocolBlocked
  • Example value:
<true/>

Back to top

SaveCookiesOnExit

Save cookies when Microsoft Edge closes

Supported versions:

  • On Windows and macOS since 86 or later

Description

When this policy is enabled, the specified set of cookies is exempt from deletion when the browser closes. This policy is only effective when:

  • The 'Cookies and other site data' toggle is configured in Settings/Privacy and services/Clear browsing data on close or
  • The policy ClearBrowsingDataOnExit is enabled or
  • The policy DefaultCookiesSetting is set to 'Keep cookies for the duration of the session'.

You can define a list of sites, based on URL patterns, that will have their cookies preserved across sessions.

Note: Users can still edit the cookie site list to add or remove URLs. However, they can't remove URLs that have been added by an Admin.

If you enable this policy, the list of cookies won't be cleared when the browser closes.

If you disable or don't configure this policy, the user's personal configuration is used.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SaveCookiesOnExit
  • GP name: Save cookies when Microsoft Edge closes
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SaveCookiesOnExit
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SaveCookiesOnExit\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\SaveCookiesOnExit\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: SaveCookiesOnExit
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

SavingBrowserHistoryDisabled

Disable saving browser history

Supported versions:

  • On Windows and macOS since 77 or later

Description

Disables saving browser history and prevents users from changing this setting.

If you enable this policy, browsing history isn't saved. This also disables tab syncing.

If you disable this policy or don't configure it, browsing history is saved.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SavingBrowserHistoryDisabled
  • GP name: Disable saving browser history
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SavingBrowserHistoryDisabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SavingBrowserHistoryDisabled
  • Example value:
<true/>

Back to top

ScreenCaptureAllowed

Allow or deny screen capture

Supported versions:

  • On Windows and macOS since 83 or later

Description

If you enable this policy, or don't configure this policy, a web page can use screen-share APIs (for example, getDisplayMedia() or the Desktop Capture extension API) for a screen capture. If you disable this policy, calls to screen-share APIs will fail. For example, if you're using a web-based online meeting, video or screen sharing will not work. However, this policy is not considered (and a site will be allowed to use screen-share APIs) if the site matches an origin pattern in any of the following policies: ScreenCaptureAllowedByOrigins, WindowCaptureAllowedByOrigins, TabCaptureAllowedByOrigins, SameOriginTabCaptureAllowedByOrigins.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ScreenCaptureAllowed
  • GP name: Allow or deny screen capture
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ScreenCaptureAllowed
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ScreenCaptureAllowed
  • Example value:
<false/>

Back to top

ScreenCaptureWithoutGestureAllowedForOrigins

Allow screen capture without prior user gesture

Supported versions:

  • On Windows and macOS since 123 or later

Description

For security reasons, the getDisplayMedia() web API requires a prior user gesture ("transient activation") to be called or the API will fail.

When this policy is configured, admins can specify origins on which this API can be called without prior user gesture.

For detailed information on valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. Note: * is not an accepted value for this policy.

If this policy is not configured, all origins require a prior user gesture to call this API.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ScreenCaptureWithoutGestureAllowedForOrigins
  • GP name: Allow screen capture without prior user gesture
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\ScreenCaptureWithoutGestureAllowedForOrigins
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\ScreenCaptureWithoutGestureAllowedForOrigins\1 = "https://www.example.com"
SOFTWARE\Policies\Microsoft\Edge\ScreenCaptureWithoutGestureAllowedForOrigins\2 = "[*.]example.edu"

Mac information and settings

  • Preference Key Name: ScreenCaptureWithoutGestureAllowedForOrigins
  • Example value:
<array>
  <string>https://www.example.com</string>
  <string>[*.]example.edu</string>
</array>

Back to top

ScrollToTextFragmentEnabled

Enable scrolling to text specified in URL fragments

Supported versions:

  • On Windows and macOS since 83 or later

Description

This feature lets hyperlink and address bar URL navigations target specific text on a web page, which will be scrolled to after the web page finishes loading.

If you enable or don't configure this policy, web page scrolling to specific text fragments via a URL will be enabled.

If you disable this policy, web page scrolling to specific text fragments via a URL will be disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ScrollToTextFragmentEnabled
  • GP name: Enable scrolling to text specified in URL fragments
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ScrollToTextFragmentEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ScrollToTextFragmentEnabled
  • Example value:
<false/>

Back to top

SearchFiltersEnabled

Search Filters Enabled

Supported versions:

  • On Windows and macOS since 109 or later

Description

Lets you filter your autosuggestions by selecting a filter from the search filters ribbon. For example, if you select the "Favorites" filter, only favorites suggestions will be shown.

If you enable or don't configure this policy, the autosuggestion dropdown defaults to displaying the ribbon of available filters.

If you disable this policy, the autosuggestion dropdown won't display the ribbon of available filters.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SearchFiltersEnabled
  • GP name: Search Filters Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: SearchFiltersEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SearchFiltersEnabled
  • Example value:
<true/>

Back to top

SearchForImageEnabled

Search for image enabled

Supported versions:

  • On Windows and macOS since 115 or later

Description

This policy lets you configure the Image Search feature in the right-click context menu.

If you enable or don't configure this policy, then the "Search the web for image" option will be visible in the context menu.

If you disable this policy, then the "Search the web for image" will not be visible in the context menu.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SearchForImageEnabled
  • GP name: Search for image enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SearchForImageEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SearchForImageEnabled
  • Example value:
<true/>

Back to top

SearchInSidebarEnabled

Search in Sidebar enabled

Supported versions:

  • On Windows and macOS since 110 or later

Description

Search in Sidebar allows users to open search result in sidebar (including sidebar search for Progressive Web Apps).

If you configure this policy to 'EnableSearchInSidebar' or don't configure it, Search in sidebar will be enabled.

If you configure this policy to 'DisableSearchInSidebarForKidsMode', Search in sidebar will be disabled when in Kids mode. Some methods that would normally invoke sidebar search will invoke a traditional search instead.

If you configure this policy to 'DisableSearchInSidebar', Search in sidebar will be disabled. Some methods that would normally invoke sidebar search will invoke a traditional search instead.

Policy options mapping:

  • EnableSearchInSidebar (0) = Enable search in sidebar

  • DisableSearchInSidebarForKidsMode (1) = Disable search in sidebar for Kids Mode

  • DisableSearchInSidebar (2) = Disable search in sidebar

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SearchInSidebarEnabled
  • GP name: Search in Sidebar enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SearchInSidebarEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: SearchInSidebarEnabled
  • Example value:
<integer>0</integer>

Back to top

SearchSuggestEnabled

Enable search suggestions

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enables web search suggestions in Microsoft Edge's Address Bar and Auto-Suggest List and prevents users from changing this policy.

If you enable this policy, web search suggestions are used.

If you disable this policy, web search suggestions are never used, however local history and local favorites suggestions still appear. If you disable this policy, neither the typed characters, nor the URLs visited will be included in telemetry to Microsoft.

If this policy is left not set, search suggestions are enabled but the user can change that.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SearchSuggestEnabled
  • GP name: Enable search suggestions
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: SearchSuggestEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SearchSuggestEnabled
  • Example value:
<true/>

Back to top

SearchbarAllowed

Supported versions:

  • On Windows since 117 or later

Description

Enables the search bar. When enabled, users can use the search bar to search the web from their desktop or from an application. The search bar provides a search box, powered by Edge default search engine, that shows web suggestions and opens all web searches in Microsoft Edge. The search bar can be launched from the "More tools" menu or jump list in Microsoft Edge.

If you enable or don't configure this policy: The search bar will be automatically enabled for all profiles. The option to enable the search bar at startup will be toggled on if the SearchbarIsEnabledOnStartup policy is enabled. If the SearchbarIsEnabledOnStartup is disabled or not configured, the option to enable the search bar at startup will be toggled off. Users will see the menu item to launch the search bar from the Microsoft Edge "More tools" menu. Users can launch the search bar from "More tools". Users will see the menu item to launch the search bar from the Microsoft Edge jump list menu. Users can launch the search bar from the Microsoft Edge jump list menu. The search bar can be turned off by the "Quit" option in the System tray or by closing the search bar from the 3 dot menu. The search bar will be restarted on system reboot if auto-start is enabled.

If you disable this policy: The search bar will be disabled for all profiles. The option to launch the search bar from Microsoft Edge "More tools" menu will be disabled. The option to launch the search bar from Microsoft Edge jump list menu will be disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SearchbarAllowed
  • GP name: Enable the Search bar
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SearchbarAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

SearchbarIsEnabledOnStartup

Allow the Search bar at Windows startup

Supported versions:

  • On Windows since 117 or later

Description

Allows the Search bar to start running at Windows startup.

If you enable: The Search bar will start running at Windows startup by default. If the Search bar is disabled via SearchbarAllowed policy, this policy will not start the Search bar on Windows startup.

If you disable this policy: The Search bar will not start at Windows startup for all profiles. The option to start the search bar at Windows startup will be disabled and toggled off in search bar settings.

If you don't configure the policy: The Search bar will not start at Windows startup for all profiles. The option to start the search bar at Windows startup will be toggled off in search bar settings.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SearchbarIsEnabledOnStartup
  • GP name: Allow the Search bar at Windows startup
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SearchbarIsEnabledOnStartup
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

SecurityKeyPermitAttestation

Websites or domains that don't need permission to use direct Security Key attestation

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specifies the WebAuthn RP IDs that don't need explicit user permission when attestation certificates from security keys are requested. Additionally, a signal is sent to the security key indicating that it can use enterprise attestation. Without this policy, users are prompted each time a site requests attestation of security keys.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SecurityKeyPermitAttestation
  • GP name: Websites or domains that don't need permission to use direct Security Key attestation
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SecurityKeyPermitAttestation
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SecurityKeyPermitAttestation\1 = "contoso.com"

Mac information and settings

  • Preference Key Name: SecurityKeyPermitAttestation
  • Example value:
<array>
  <string>contoso.com</string>
</array>

Back to top

SendIntranetToInternetExplorer

Send all intranet sites to Internet Explorer

Supported versions:

  • On Windows since 77 or later

Description

For guidance about configuring the optimal experience for Internet Explorer mode see https://go.microsoft.com/fwlink/?linkid=2094210

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SendIntranetToInternetExplorer
  • GP name: Send all intranet sites to Internet Explorer
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SendIntranetToInternetExplorer
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

SendMouseEventsDisabledFormControlsEnabled

Control the new behavior for event dispatching on disabled form controls (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 120.

Supported versions:

  • On Windows and macOS since 109, until 120

Description

Event dispatching on disabled form controls is being changed in Edge to improve compatibility with other browsers and to improve the developer experience.

With this change, MouseEvents get dispatched on disabled form control elements. Exceptions for this behavior are click, mouseup, and mousedown. Some examples of the new events are mousemove, mouseenter, and mouseleave.

This change also truncates the event path of click, mouseup, and mousedown when they're dispatched on children of disabled form controls. These events aren't dispatched on the disabled form control or any of its ancestors.

Note: This new behavior might break some websites.

If this policy is enabled or left not set, the new behavior will be used.

If this policy is disabled, the old behavior will be used.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SendMouseEventsDisabledFormControlsEnabled
  • GP name: Control the new behavior for event dispatching on disabled form controls (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SendMouseEventsDisabledFormControlsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SendMouseEventsDisabledFormControlsEnabled
  • Example value:
<true/>

Back to top

SendSiteInfoToImproveServices

Send site information to improve Microsoft services (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 88.

Supported versions:

  • On Windows and macOS since 77, until 88

Description

This policy is no longer supported. It is replaced by DiagnosticData (for Windows 7, Windows 8, and macOS) and Allow Telemetry on Win 10 (https://go.microsoft.com/fwlink/?linkid=2099569).

This policy enables sending info about websites visited in Microsoft Edge to Microsoft to improve services like search.

Enable this policy to send info about websites visited in Microsoft Edge to Microsoft. Disable this policy to not send info about websites visited in Microsoft Edge to Microsoft. In both cases, users can't change or override the setting.

On Windows 10, if you don't configure this policy, Microsoft Edge will default to the Windows diagnostic data setting. If this policy is enabled Microsoft Edge will only send info about websites visited in Microsoft Edge if the Windows Diagnostic data setting is set to Full. If this policy is disabled Microsoft Edge will not send info about websites visited. Learn more about Windows Diagnostic data settings: https://go.microsoft.com/fwlink/?linkid=2099569

On Windows 7, windows 8, and macOS this policy controls sending info about websites visited. If you don't configure this policy, Microsoft Edge will default to the user's preference.

To enable this policy, MetricsReportingEnabled must be set to Enabled. If SendSiteInfoToImproveServices or MetricsReportingEnabled is Not Configured or Disabled, this data will not be sent to Microsoft.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SendSiteInfoToImproveServices
  • GP name: Send site information to improve Microsoft services (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SendSiteInfoToImproveServices
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: SendSiteInfoToImproveServices
  • Example value:
<false/>

Back to top

SensorsAllowedForUrls

Allow access to sensors on specific sites

Supported versions:

  • On Windows and macOS since 86 or later

Description

Define a list of sites, based on URL patterns, that can access and use sensors such as motion and light sensors.

If you don't configure this policy, the global default value from the DefaultSensorsSetting policy (if set) or the user's personal configuration is used for all sites.

For URL patterns that don't match this policy, the following order of precedence is used: The SensorsBlockedForUrls policy (if there is a match), the DefaultSensorsSetting policy (if set), or the user's personal settings.

The URL patterns defined in this policy can't conflict with those configured in the SensorsBlockedForUrls policy. You can't allow and block a URL.

For detailed information about valid URL patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SensorsAllowedForUrls
  • GP name: Allow access to sensors on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SensorsAllowedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SensorsAllowedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\SensorsAllowedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: SensorsAllowedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

SensorsBlockedForUrls

Block access to sensors on specific sites

Supported versions:

  • On Windows and macOS since 86 or later

Description

Define a list of sites, based on URL patterns, that can't access sensors such as motion and light sensors.

If you don't configure this policy, the global default value from the DefaultSensorsSetting policy (if set) or the user's personal configuration is used for all sites.

For URL patterns that don't match this policy, the following order of precedence is used: The SensorsAllowedForUrls policy (if there is a match), the DefaultSensorsSetting policy (if set), or the user's personal settings.

The URL patterns defined in this policy can't conflict with those configured in the SensorsAllowedForUrls policy. You can't allow and block a URL.

For detailed information about valid URL patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SensorsBlockedForUrls
  • GP name: Block access to sensors on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SensorsBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SensorsBlockedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\SensorsBlockedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: SensorsBlockedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

SerialAskForUrls

Allow the Serial API on specific sites

Supported versions:

  • On Windows and macOS since 86 or later

Description

Define a list of sites, based on URL patterns, that can ask the user for access to a serial port.

If you don't configure this policy, the global default value from the DefaultSerialGuardSetting policy (if set) or the user's personal configuration is used for all sites.

For URL patterns that don't match this policy, the following order of precedence is used: The SerialBlockedForUrls policy (if there is a match), the DefaultSerialGuardSetting policy (if set), or the user's personal settings.

The URL patterns defined in this policy can't conflict with those configured in the SerialBlockedForUrls policy. You can't allow and block a URL.

For detailed information about valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SerialAskForUrls
  • GP name: Allow the Serial API on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SerialAskForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SerialAskForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\SerialAskForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: SerialAskForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

SerialBlockedForUrls

Block the Serial API on specific sites

Supported versions:

  • On Windows and macOS since 86 or later

Description

Define a list of sites, based on URL patterns, that can't ask the user to grant them access to a serial port.

If you don't configure this policy, the global default value from the DefaultSerialGuardSetting policy (if set) or the user's personal configuration is used for all sites.

For URL patterns that don't match this policy, the following order of precedence is used: The SerialAskForUrls policy (if there is a match), the DefaultSerialGuardSetting policy (if set), or the user's personal settings.

The URL patterns in this policy can't conflict with those configured in the SerialAskForUrls policy. You can't allow and block a URL.

For detailed information about valid URL patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SerialBlockedForUrls
  • GP name: Block the Serial API on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SerialBlockedForUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SerialBlockedForUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\SerialBlockedForUrls\2 = "[*.]contoso.edu"

Mac information and settings

  • Preference Key Name: SerialBlockedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Back to top

SetTimeoutWithout1MsClampEnabled

Control Javascript setTimeout() function minimum timeout (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 101, until 109

Description

This policy is obsolete and doesn't work in Microsoft Edge after version 109. This policy was only provided temporarily to allow Enterprises to adapt to the new clamping behavior.

When the policy is set to Enabled, the Javascript setTimeout() with a timeout of 0ms will no longer be fixed to 1ms to schedule timer-based callbacks. When the policy is set to Disabled, the Javascript setTimeout() with a timeout of 0ms will be fixed to 1ms to schedule timer-based callbacks. When the policy is unset, use the browser's default behavior for setTimeout() function.

This is a web standards compliancy feature, but it may change task ordering on a web page, leading to unexpected behavior on sites that are dependent on a certain ordering. It also may affect sites with a lot of setTimeout()s with a timeout of 0ms usage. For example, increasing CPU load.

For users where this policy is unset, Microsoft Edge Stable will roll out the change gradually on the stable channel.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SetTimeoutWithout1MsClampEnabled
  • GP name: Control Javascript setTimeout() function minimum timeout (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SetTimeoutWithout1MsClampEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SetTimeoutWithout1MsClampEnabled
  • Example value:
<true/>

Back to top

ShadowStackCrashRollbackBehavior

Configure ShadowStack crash rollback behavior (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 109.

Supported versions:

  • On Windows since 95, until 109

Description

This policy is deprecated because it's intended to serve only as a short-term mechanism to give enterprises more time to update their environments and report issues if they are found to be incompatible with Hardware-enforced Stack Protection. It won't work in Microsoft Edge as soon as version 109.

Microsoft Edge includes a Hardware-enforced Stack Protection security feature. This feature may result in the browser crashing unexpectedly in cases that do not represent an attempt to compromise the browser's security.

Using this policy, you may control the behavior of the Hardware-enforced Stack Protection feature after a crash triggered by this feature is encountered.

Set this policy to 'Disable' to disable the feature.

Set this policy to 'DisableUntilUpdate' to disable the feature until Microsoft Edge updates next time.

Set this policy to 'Enable' to keep the feature enabled.

Policy options mapping:

  • Disable (0) = Disable Hardware-enforced Stack Protection

  • DisableUntilUpdate (1) = Disable Hardware-enforced Stack Protection until the next Microsoft Edge update

  • Enable (2) = Enable Hardware-enforced Stack Protection

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ShadowStackCrashRollbackBehavior
  • GP name: Configure ShadowStack crash rollback behavior (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ShadowStackCrashRollbackBehavior
  • Value Type: REG_DWORD
Example value:
0x00000000

Back to top

SharedArrayBufferUnrestrictedAccessAllowed

Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context

Supported versions:

  • On Windows and macOS since 92 or later

Description

Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context. A SharedArrayBuffer is a binary data buffer that can be used to create views on shared memory. SharedArrayBuffers have a memory access vulnerability in several popular CPUs.

If you enable this policy, sites are allowed to use SharedArrayBuffers with no restrictions.

If you disable or don't configure this policy, sites are allowed to use SharedArrayBuffers only when cross-origin isolated.

Microsoft Edge will require cross-origin isolation when using SharedArrayBuffers from Microsoft Edge 91 onward for Web Compatibility reasons.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SharedArrayBufferUnrestrictedAccessAllowed
  • GP name: Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SharedArrayBufferUnrestrictedAccessAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SharedArrayBufferUnrestrictedAccessAllowed
  • Example value:
<true/>

Back to top

SharedLinksEnabled

Supported versions:

  • On Windows and macOS since 96 or later

Description

Allows Microsoft Edge to display links recently shared by or shared with the user from Microsoft 365 apps in History.

If you enable or don't configure this policy, Microsoft Edge displays links recently shared by or shared with the user from Microsoft 365 apps in History.

If you disable this policy, Microsoft Edge does not display links recently shared by or shared with the user from Microsoft 365 apps in History. The control in Microsoft Edge settings is disabled and set to off.

This policy only applies for Microsoft Edge local user profiles and profiles signed in using Azure Active Directory.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SharedLinksEnabled
  • GP name: Show links shared from Microsoft 365 apps in History
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SharedLinksEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SharedLinksEnabled
  • Example value:
<true/>

Back to top

ShowAcrobatSubscriptionButton

Shows button on native PDF viewer in Microsoft Edge that allows users to sign up for Adobe Acrobat subscription

Supported versions:

  • On Windows and macOS since 111 or later

Description

This policy lets the native PDF viewer in Microsoft Edge show a button that lets a user looking for advanced digital document features to discover and subscribe to premium offerings. This is done via the Acrobat extension.

If you enable or don't configure this policy, the button will show up on the native PDF viewer in Microsoft Edge. A user will be able to buy Adobe subscription to access their premium offerings.

If you disable this policy, the button won't be visible on the native PDF viewer in Microsoft Edge. A user won't be able to discover Adobe's advanced PDF tools or buy their subscriptions.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ShowAcrobatSubscriptionButton
  • GP name: Shows button on native PDF viewer in Microsoft Edge that allows users to sign up for Adobe Acrobat subscription
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ShowAcrobatSubscriptionButton
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ShowAcrobatSubscriptionButton
  • Example value:
<true/>

Back to top

ShowDownloadsToolbarButton

Show Downloads button on the toolbar

Supported versions:

  • On Windows and macOS since 114 or later

Description

Set this policy to always show the Downloads button on the toolbar.

If you enable this policy, the Downloads button is pinned to the toolbar.

If you disable or don't configure the policy, the Downloads button isn't shown on the toolbar by default. Users can toggle the Downloads button in edge://settings/appearance.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ShowDownloadsToolbarButton
  • GP name: Show Downloads button on the toolbar
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ShowDownloadsToolbarButton
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ShowDownloadsToolbarButton
  • Example value:
<true/>

Back to top

ShowHistoryThumbnails

Show thumbnail images for browsing history

Supported versions:

  • On Windows and macOS since 117 or later

Description

This policy lets you configure whether the history thumbnail feature collects and saves images for the sites you visit. When enabled, this feature makes it easier to identify sites when you hover over your history results. If you don't configure this policy, the thumbnail feature is turned on after a user visits the history hub twice in the past 7 days. If you enable this policy, the history thumbnail collects and saves images for visited sites. If you disable this policy, the history thumbnail doesn't collect and save images for visited sites. When the feature is disabled, existing images are deleted on a per user basis, and the feature no longer collects or saves images when a site is visited.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ShowHistoryThumbnails
  • GP name: Show thumbnail images for browsing history
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ShowHistoryThumbnails
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ShowHistoryThumbnails
  • Example value:
<true/>

Back to top

ShowMicrosoftRewards

Show Microsoft Rewards experiences

Supported versions:

  • On Windows and macOS since 88 or later

Description

Show Microsoft Rewards experience and notifications. If you enable this policy:

  • Microsoft account users (excludes Azure AD accounts) in search, new tab page, and earn markets will see the Microsoft Rewards experience in their Microsoft Edge user profile.
  • The setting to enable Microsoft Rewards in Microsoft Edge settings will be enabled and toggled on.

If you disable this policy:

  • Microsoft account users (excludes Azure AD accounts) in search, new tab page, and earn markets will not see the Microsoft Rewards experience in their Microsoft Edge user profile.
  • The setting to enable Microsoft Rewards in Microsoft Edge settings will be disabled and toggled off.

If you don't configure this policy:

  • Microsoft account users (excludes Azure AD accounts) in search, new tab page, and earn markets will see the Microsoft Rewards experience in their Microsoft Edge user profile.
  • The setting to enable Microsoft Rewards in Microsoft Edge settings will be enabled and toggled on.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ShowMicrosoftRewards
  • GP name: Show Microsoft Rewards experiences
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: ShowMicrosoftRewards
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ShowMicrosoftRewards
  • Example value:
<false/>

Back to top

ShowOfficeShortcutInFavoritesBar

Show Microsoft Office shortcut in favorites bar (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 77 or later

Description

This policy didn't work as expected due to changes in operational requirements. Therefore it's deprecated and should not be used.

Specifies whether to include a shortcut to Office.com in the favorites bar. For users signed into Microsoft Edge the shortcut takes users to their Microsoft Office apps and docs. If you enable or don't configure this policy, users can choose whether to see the shortcut by changing the toggle in the favorites bar context menu. If you disable this policy, the shortcut isn't shown.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ShowOfficeShortcutInFavoritesBar
  • GP name: Show Microsoft Office shortcut in favorites bar (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ShowOfficeShortcutInFavoritesBar
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: ShowOfficeShortcutInFavoritesBar
  • Example value:
<false/>

Back to top

ShowRecommendationsEnabled

Allow feature recommendations and browser assistance notifications from Microsoft Edge

Supported versions:

  • On Windows and macOS since 89 or later

Description

This setting controls the in-browser assistance notifications which are intended to help users get the most out of Microsoft Edge. This is done by recommending features and by helping them use browser features. These notifications take the form of dialog boxes, flyouts, coach marks and banners in the browser. An example of an assistance notification would be when a user has many tabs opened in the browser. In this instance Microsoft Edge may prompt the user to try out the vertical tabs feature which is designed to give better browser tab management.

Disabling this policy will stop this message from appearing again even if the user has too many tabs open. Any features that have been disabled by a management policy are not suggested to users. If you enable or don't configure this setting, users will receive recommendations or notifications from Microsoft Edge. If you disable this setting, users will not receive any recommendations or notifications from Microsoft Edge

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ShowRecommendationsEnabled
  • GP name: Allow feature recommendations and browser assistance notifications from Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ShowRecommendationsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ShowRecommendationsEnabled
  • Example value:
<true/>

Back to top

SignedHTTPExchangeEnabled

Enable Signed HTTP Exchange (SXG) support

Supported versions:

  • On Windows and macOS since 78 or later

Description

Enable support for Signed HTTP Exchange (SXG).

If this policy isn't set or enabled, Microsoft Edge will accept web contents served as Signed HTTP Exchanges.

If this policy is set to disabled, Signed HTTP Exchanges can't be loaded.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SignedHTTPExchangeEnabled
  • GP name: Enable Signed HTTP Exchange (SXG) support
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SignedHTTPExchangeEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SignedHTTPExchangeEnabled
  • Example value:
<true/>

Back to top

SitePerProcess

Enable site isolation for every site

Supported versions:

  • On Windows and macOS since 77 or later

Description

The 'SitePerProcess' policy can be used to prevent users from opting out of the default behavior of isolating all sites. Note that you can also use the IsolateOrigins policy to isolate additional, finer-grained origins.

If you enable this policy, users can't opt out of the default behavior where each site runs in its own process.

If you disable or don't configure this policy, a user can opt out of site isolation. (For example, by using "Disable site isolation" entry in edge://flags.) Disabling the policy or not configuring the policy doesn't turn off Site Isolation.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SitePerProcess
  • GP name: Enable site isolation for every site
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SitePerProcess
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SitePerProcess
  • Example value:
<true/>

Back to top

SiteSafetyServicesEnabled

Allow users to configure Site safety services

Supported versions:

  • On Windows and macOS since 101 or later

Description

This policy disables site safety services from showing top site info in the page info dialog.

If you enable this policy or don't configure it, the top site info will be shown.

If you disable this policy, the top site info will not be shown.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SiteSafetyServicesEnabled
  • GP name: Allow users to configure Site safety services
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: SiteSafetyServicesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SiteSafetyServicesEnabled
  • Example value:
<true/>

Back to top

SmartActionsBlockList

Block smart actions for a list of services

Supported versions:

  • On Windows and macOS since 89 or later

Description

List specific services, such as PDFs, and websites that don't show smart actions. (Smart actions are actions like "define" which are available in full and mini context menus in Microsoft Edge.)

If you enable the policy:

  • The smart action in the mini and full context menu will be disabled for all profiles for services that match the given list.
  • Users will not see the smart action in the mini and full context menu on text selection for services that match the given list.
  • In Microsoft Edge settings, the smart action in the mini and full context menu will be disabled for services that match the given list.

If you disable or don't configure this policy:

  • The smart action in the mini and full context menu will be enabled for all profiles.
  • Users will see the smart action in the mini and full context menu on text selection.
  • In Microsoft Edge settings, the smart action in the mini and full context menu will be enabled.

Policy options mapping:

  • smart_actions (smart_actions) = Smart actions in pdfs and on websites

  • smart_actions_website (smart_actions_website) = Smart actions on websites

  • smart_actions_pdf (smart_actions_pdf) = Smart actions in PDF

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SmartActionsBlockList
  • GP name: Block smart actions for a list of services
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SmartActionsBlockList
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended\SmartActionsBlockList
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SmartActionsBlockList\1 = "smart_actions"
SOFTWARE\Policies\Microsoft\Edge\SmartActionsBlockList\2 = "smart_actions_website"
SOFTWARE\Policies\Microsoft\Edge\SmartActionsBlockList\3 = "smart_actions_pdf"

Mac information and settings

  • Preference Key Name: SmartActionsBlockList
  • Example value:
<array>
  <string>smart_actions</string>
  <string>smart_actions_website</string>
  <string>smart_actions_pdf</string>
</array>

Back to top

SpeechRecognitionEnabled

Configure Speech Recognition

Supported versions:

  • On Windows and macOS since 87 or later

Description

Set whether websites can use the W3C Web Speech API to recognize speech from the user. The Microsoft Edge implementation of the Web Speech API uses Azure Cognitive Services, so voice data will leave the machine.

If you enable or don't configure this policy, web-based applications that use the Web Speech API can use Speech Recognition.

If you disable this policy, Speech Recognition is not available through the Web Speech API.

Read more about this feature here: SpeechRecognition API: https://go.microsoft.com/fwlink/?linkid=2143388 Cognitive Services: https://go.microsoft.com/fwlink/?linkid=2143680

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SpeechRecognitionEnabled
  • GP name: Configure Speech Recognition
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SpeechRecognitionEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SpeechRecognitionEnabled
  • Example value:
<true/>

Back to top

SpellcheckEnabled

Enable spellcheck

Supported versions:

  • On Windows and macOS since 77 or later

Description

If you enable or don't configure this policy, the user can use spellcheck.

If you disable this policy, the user can't use spellcheck and the SpellcheckLanguage and SpellcheckLanguageBlocklist policies are also disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SpellcheckEnabled
  • GP name: Enable spellcheck
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SpellcheckEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: SpellcheckEnabled
  • Example value:
<false/>

Back to top

SpellcheckLanguage

Enable specific spellcheck languages

Supported versions:

  • On Windows since 77 or later

Description

Enables different languages for spellcheck. Any language that you specify that isn't recognized is ignored.

If you enable this policy, spellcheck is enabled for the languages specified, as well as any languages the user has enabled.

If you don't configure or disable this policy, there's no change to the user's spellcheck preferences.

If the SpellcheckEnabled policy is disabled, this policy will have no effect.

If a language is included in both the 'SpellcheckLanguage' and the SpellcheckLanguageBlocklist policy, the spellcheck language is enabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SpellcheckLanguage
  • GP name: Enable specific spellcheck languages
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SpellcheckLanguage
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SpellcheckLanguage\1 = "fr"
SOFTWARE\Policies\Microsoft\Edge\SpellcheckLanguage\2 = "es"

Back to top

SpellcheckLanguageBlocklist

Force disable spellcheck languages

Supported versions:

  • On Windows since 78 or later

Description

Force-disables spellcheck languages. Unrecognized languages in that list will be ignored.

If you enable this policy, spellcheck will be disabled for the languages specified. The user can still enable or disable spellcheck for languages not in the list.

If you do not set this policy, or disable it, there will be no change to the user's spellcheck preferences.

If the SpellcheckEnabled policy is set to disabled, this policy will have no effect.

If a language is included in both the SpellcheckLanguage and the 'SpellcheckLanguageBlocklist' policy, the spellcheck language is enabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SpellcheckLanguageBlocklist
  • GP name: Force disable spellcheck languages
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SpellcheckLanguageBlocklist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SpellcheckLanguageBlocklist\1 = "fr"
SOFTWARE\Policies\Microsoft\Edge\SpellcheckLanguageBlocklist\2 = "es"

Back to top

SplitScreenEnabled

Enable split screen feature in Microsoft Edge

Supported versions:

  • On Windows and macOS since 117 or later

Description

This policy lets you configure the split screen feature in Microsoft Edge. This feature lets a user open two web pages in one tab.

If you enable or don't configure this policy, users can use the split screen feature in Microsoft Edge.

If you disable this policy, users can't use the split screen feature in Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SplitScreenEnabled
  • GP name: Enable split screen feature in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SplitScreenEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SplitScreenEnabled
  • Example value:
<true/>

Back to top

StandaloneHubsSidebarEnabled

Standalone Sidebar Enabled

Supported versions:

  • On Windows since 114 or later

Description

Standalone Sidebar is an optional mode for the Sidebar in Microsoft Edge. When this mode is activated by a user, the Sidebar appears in a fixed position on the Microsoft Windows desktop, and is hidden from the browser application frame.

If you enable or don't configure this policy, users will have the ability to activate the Standalone Sidebar. If you disable this policy, options to activate Standalone Sidebar will be hidden or made unavailable. Note that blocking HubsSidebarEnabled will also prevent users from accessing Standalone Sidebar.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: StandaloneHubsSidebarEnabled
  • GP name: Standalone Sidebar Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: StandaloneHubsSidebarEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

StricterMixedContentTreatmentEnabled

Enable stricter treatment for mixed content (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 84.

Supported versions:

  • On Windows and macOS since 81, until 84

Description

This policy doesn't work because it was only intended to be a short-term mechanism to give enterprises more time to update their web content if it was found to be incompatible with stricter mixed content treatment.

This policy controls the treatment for mixed content (HTTP content in HTTPS sites) in the browser.

If you set this policy to true or not set, audio and video mixed content will be automatically upgraded to HTTPS (that is, the URL will be rewritten as HTTPS, without a fallback if the resource isn't available over HTTPS) and a 'Not Secure' warning will be shown in the URL bar for image mixed content.

If you set the policy to false, auto upgrades will be disabled for audio and video, and no warning will be shown for images.

This policy does not affect other types of mixed content other than audio, video, and images.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: StricterMixedContentTreatmentEnabled
  • GP name: Enable stricter treatment for mixed content (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: StricterMixedContentTreatmentEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: StricterMixedContentTreatmentEnabled
  • Example value:
<true/>

Back to top

SuperDragDropEnabled

Super Drag Drop Enabled

Supported versions:

  • On Windows since 122 or later

Description

This policy lets you configure the Super Drag Drop feature in Microsoft Edge.

In this feature, users can drag a link, or text on a webpage. And drop it on the same page, then make the url opened in a new tab or search the text by default search engine.

If you enable or don't configure this policy, you can use the Super Drag Drop feature on Microsoft Edge.

If you disable this policy, you can't use the Super Drag Drop feature in Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SuperDragDropEnabled
  • GP name: Super Drag Drop Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SuperDragDropEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

SuppressUnsupportedOSWarning

Suppress the unsupported OS warning

Supported versions:

  • On Windows and macOS since 77 or later

Description

Suppresses the warning that appears when Microsoft Edge is running on a computer or operating system that is no longer supported.

If this policy is false or unset, the warnings will appear on such unsupported computers or operating systems.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SuppressUnsupportedOSWarning
  • GP name: Suppress the unsupported OS warning
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: SuppressUnsupportedOSWarning
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SuppressUnsupportedOSWarning
  • Example value:
<true/>

Back to top

SyncDisabled

Disable synchronization of data using Microsoft sync services

Supported versions:

  • On Windows and macOS since 77 or later

Description

Disables data synchronization in Microsoft Edge. This policy also prevents the sync consent prompt from appearing.

This policy disables cloud synchronization only and has no impact on the RoamingProfileSupportEnabled policy.

If you don't set this policy or apply it as recommended, users will be able to turn sync on or off. If you apply this policy as mandatory, users will not be able to turn sync on.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SyncDisabled
  • GP name: Disable synchronization of data using Microsoft sync services
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: SyncDisabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: SyncDisabled
  • Example value:
<true/>

Back to top

SyncTypesListDisabled

Configure the list of types that are excluded from synchronization

Supported versions:

  • On Windows and macOS since 83 or later

Description

If you enable this policy all the specified data types will be excluded from synchronization. This policy can be used to limit the type of data uploaded to the Microsoft Edge synchronization service.

You can provide one of the following data types for this policy: "favorites", "settings", "passwords", "addressesAndMore", "extensions", "history", "openTabs", "edgeWallet", and "collections". The "apps" data type will be supported starting in Microsoft Edge version 100. Note that these data type names are case sensitive.

Users will not be able to override the disabled data types.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: SyncTypesListDisabled
  • GP name: Configure the list of types that are excluded from synchronization
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SyncTypesListDisabled
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\SyncTypesListDisabled\1 = "favorites"

Mac information and settings

  • Preference Key Name: SyncTypesListDisabled
  • Example value:
<array>
  <string>favorites</string>
</array>

Back to top

TLS13HardeningForLocalAnchorsEnabled

Enable a TLS 1.3 security feature for local trust anchors (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 85.

Supported versions:

  • On Windows and macOS since 81, until 85

Description

This policy doesn't work because it was only intended to be a short-term mechanism to give enterprises more time to upgrade affected proxies.

This policy controls a security feature in TLS 1.3 that protects connections against downgrade attacks. It is backwards-compatible and will not affect connections to compliant TLS 1.2 servers or proxies. However, older versions of some TLS-intercepting proxies have an implementation flaw which causes them to be incompatible.

If you enable this policy or don't set it, Microsoft Edge will enable these security protections for all connections.

If you disable this policy, Microsoft Edge will disable these security protections for connections authenticated with locally-installed CA certificates. These protections are always enabled for connections authenticated with publicly-trusted CA certificates.

This policy can be used to test for any affected proxies and upgrade them. Affected proxies are expected to fail connections with an error code of ERR_TLS13_DOWNGRADE_DETECTED.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TLS13HardeningForLocalAnchorsEnabled
  • GP name: Enable a TLS 1.3 security feature for local trust anchors (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: TLS13HardeningForLocalAnchorsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: TLS13HardeningForLocalAnchorsEnabled
  • Example value:
<true/>

Back to top

TLSCipherSuiteDenyList

Specify the TLS cipher suites to disable

Supported versions:

  • On Windows and macOS since 85 or later

Description

Configure the list of cipher suites that are disabled for TLS connections.

If you configure this policy, the list of configured cipher suites will not be used when establishing TLS connections.

If you don't configure this policy, the browser will choose which TLS cipher suites to use.

Cipher suite values to be disabled are specified as 16-bit hexadecimal values. The values are assigned by the Internet Assigned Numbers Authority (IANA) registry.

The TLS 1.3 cipher suite TLS_AES_128_GCM_SHA256 (0x1301) is required for TLS 1.3 and can't be disabled by this policy.

This policy does not affect QUIC-based connections. QUIC can be turned off via the QuicAllowed policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TLSCipherSuiteDenyList
  • GP name: Specify the TLS cipher suites to disable
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList\1 = "0x1303"
SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList\2 = "0xcca8"
SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList\3 = "0xcca9"

Mac information and settings

  • Preference Key Name: TLSCipherSuiteDenyList
  • Example value:
<array>
  <string>0x1303</string>
  <string>0xcca8</string>
  <string>0xcca9</string>
</array>

Back to top

TabFreezingEnabled

Allow freezing of background tabs (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 86.

Supported versions:

  • On Windows and macOS since 79, until 86

Description

This policy doesn't work, use SleepingTabsEnabled instead.

Controls whether Microsoft Edge can freeze tabs that are in the background for at least 5 minutes.

Tab freezing reduces CPU, battery, and memory usage. Microsoft Edge uses heuristics to avoid freezing tabs that do useful work in the background, such as display notifications, play sound, and stream video.

If you enable or don't configure this policy, tabs that have been in the background for at least 5 minutes might be frozen.

If you disable this policy, no tabs will be frozen.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TabFreezingEnabled
  • GP name: Allow freezing of background tabs (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: TabFreezingEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: TabFreezingEnabled
  • Example value:
<false/>

Back to top

TabServicesEnabled

Enable tab organization suggestions

Supported versions:

  • On Windows and macOS since 113 or later

Description

This policy controls whether Microsoft Edge can use its tab organization service to help name or suggest tab groups to increase productivity.

If you enable or don't configure this policy, when a user creates a tab group or activates certain "Group Similar Tabs" features Microsoft Edge sends tab data to its tab organization service. This data includes URLs, page titles, and existing group information. The service uses this data to return suggestions for better groupings and group names.

If you disable this policy, no data will be sent to the tab organization service. Microsoft Edge won't suggest group names when a group is created and certain "Group Similar Tabs" features that rely on the service won't be available.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TabServicesEnabled
  • GP name: Enable tab organization suggestions
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: TabServicesEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: TabServicesEnabled
  • Example value:
<true/>

Back to top

TargetBlankImpliesNoOpener

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 102.

Supported versions:

  • On Windows and macOS since 88, until 102

Description

If you enable this policy or leave it unset, the window.opener property is set to null unless the anchor specifies rel="opener".

If you disable this policy, popups that target _blank are permitted to access (via JavaScript) the page that requested to open the popup.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TargetBlankImpliesNoOpener
  • GP name: Do not set window.opener for links targeting _blank (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: TargetBlankImpliesNoOpener
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: TargetBlankImpliesNoOpener
  • Example value:
<false/>

Back to top

TaskManagerEndProcessEnabled

Enable ending processes in the Browser task manager

Supported versions:

  • On Windows and macOS since 77 or later

Description

If you enable or don't configure this policy, users can end processes in the Browser task manager. If you disable it, users can't end processes, and the End process button is disabled in the Browser task manager.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TaskManagerEndProcessEnabled
  • GP name: Enable ending processes in the Browser task manager
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: TaskManagerEndProcessEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: TaskManagerEndProcessEnabled
  • Example value:
<true/>

Back to top

TextPredictionEnabled

Text prediction enabled by default

Supported versions:

  • On Windows and macOS since 104 or later

Description

The Microsoft Turing service uses natural language processing to generate predictions for long-form editable text fields on web pages.

If you enable or don't configure this policy, text predictions will be provided for eligible text fields.

If you disable this policy, text predictions will not be provided in eligible text fields. Sites may still provide their own text predictions.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TextPredictionEnabled
  • GP name: Text prediction enabled by default
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: TextPredictionEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: TextPredictionEnabled
  • Example value:
<false/>

Back to top

ThrottleNonVisibleCrossOriginIframesAllowed

Allows enabling throttling of non-visible, cross-origin iframes

Supported versions:

  • On Windows and macOS since 116 or later

Description

Throttling of cross-origin frames that are display:none and non-visible is a feature designed to make cross-process and same-process cross-origin iframes consistent in their rendering behavior. For more details on cross-process vs. same-process throttling, refer to https://go.microsoft.com/fwlink/?linkid=2239564.

This enterprise policy exists to allow administrators to control whether their users are able to turn the additional throttling on or not.

If you enable or don't configure this policy, users can opt-in to throttling.

If you disable this policy, users can't enable throttling.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: ThrottleNonVisibleCrossOriginIframesAllowed
  • GP name: Allows enabling throttling of non-visible, cross-origin iframes
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: ThrottleNonVisibleCrossOriginIframesAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: ThrottleNonVisibleCrossOriginIframesAllowed
  • Example value:
<true/>

Back to top

TotalMemoryLimitMb

Set limit on megabytes of memory a single Microsoft Edge instance can use

Supported versions:

  • On Windows and macOS since 80 or later

Description

Configures the amount of memory that a single Microsoft Edge instance can use before tabs start getting discarded to save memory. The memory used by the tab will be freed and the tab will have to be reloaded when switched to.

If you enable this policy, the browser will start to discard tabs to save memory once the limitation is exceeded. However, there is no guarantee that the browser is always running under the limit. Any value under 1024 will be rounded up to 1024.

If you don't set this policy, the browser will only attempt to save memory when it has detected that the amount of physical memory on its machine is low.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TotalMemoryLimitMb
  • GP name: Set limit on megabytes of memory a single Microsoft Edge instance can use
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: TotalMemoryLimitMb
  • Value Type: REG_DWORD
Example value:
0x00000800

Mac information and settings

  • Preference Key Name: TotalMemoryLimitMb
  • Example value:
<integer>2048</integer>

Back to top

TrackingPrevention

Block tracking of users' web-browsing activity

Supported versions:

  • On Windows and macOS since 78 or later

Description

Lets you decide whether to block websites from tracking users' web-browsing activity.

If you disable this policy or don't configure it, users can set their own level of tracking prevention.

Policy options mapping:

  • TrackingPreventionOff (0) = Off (no tracking prevention)

  • TrackingPreventionBasic (1) = Basic (blocks harmful trackers, content and ads will be personalized)

  • TrackingPreventionBalanced (2) = Balanced (blocks harmful trackers and trackers from sites user has not visited; content and ads will be less personalized)

  • TrackingPreventionStrict (3) = Strict (blocks harmful trackers and majority of trackers from all sites; content and ads will have minimal personalization. Some parts of sites might not work)

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TrackingPrevention
  • GP name: Block tracking of users' web-browsing activity
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: TrackingPrevention
  • Value Type: REG_DWORD
Example value:
0x00000002

Mac information and settings

  • Preference Key Name: TrackingPrevention
  • Example value:
<integer>2</integer>

Back to top

TranslateEnabled

Enable Translate

Supported versions:

  • On Windows and macOS since 77 or later

Description

Enables the integrated Microsoft translation service on Microsoft Edge.

If you enable this policy, Microsoft Edge offers to translate a webpage by showing an integrated translate flyout when the language detected on a webpage isn't listed under preferred languages. A translate option is available on the right-click context menu.

Users can also translate selected text on a webpage via the right-click context menu, or on a PDF via the PDF toolbar and the right-click context menu.

If you don't configure this policy, the policy is enabled by default. Users can choose whether to use the translation functionality or not.

You can disable this policy to disable all built-in translate features.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TranslateEnabled
  • GP name: Enable Translate
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: TranslateEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: TranslateEnabled
  • Example value:
<true/>

Back to top

TravelAssistanceEnabled

Enable travel assistance (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 105.

Supported versions:

  • On Windows and macOS since 93, until 105

Description

This policy is obsolete as the feature is now contained within the Edge Sidebar and can be managed using the HubsSidebarEnabled policy. It doesn't work in Microsoft Edge after version 105. Configure this policy to allow/disallow travel assistance.

The travel assistance feature gives helpful and relevant information to a user who performs Travel related task within the browser. This feature provides trusted and validated suggestions / information to the users from across sources gathered by Microsoft.

If you enable or don't configure this setting, travel assistance will be enabled for the users when they are performing travel related tasks.

If you disable this setting, travel assistance will be disabled and users will not be able to see any travel related recommendations.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TravelAssistanceEnabled
  • GP name: Enable travel assistance (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: TravelAssistanceEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: TravelAssistanceEnabled
  • Example value:
<true/>

Back to top

TripleDESEnabled

Enable 3DES cipher suites in TLS (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 96.

Supported versions:

  • On Windows and macOS since 93, until 96

Description

'This policy was removed in version 97 after 3DES was removed from Microsoft Edge.

If the policy is set to true, then 3DES cipher suites in TLS will be enabled. If it is set to false, they will be disabled. If the policy is unset, 3DES cipher suites are disabled by default. This policy may be used to temporarily retain compatibility with an outdated server. This is a stopgap measure and the server should be reconfigured.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: TripleDESEnabled
  • GP name: Enable 3DES cipher suites in TLS (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: TripleDESEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: TripleDESEnabled
  • Example value:
<false/>

Back to top

U2fSecurityKeyApiEnabled

Allow using the deprecated U2F Security Key API (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 103.

Supported versions:

  • On Windows and macOS since 98, until 103

Description

This policy is obsolete because it was intended to be a short-term mechanism to give enterprises more time to update their web content when it's found to be incompatible with the change to remove the U2F Security Key API. It doesn't work in Microsoft Edge after version 103.

If you enable this policy, the deprecated U2F Security Key API can be used and the deprecation reminder prompt shown for U2F API requests is suppressed.

If you disable this policy or don't configure it, the U2F Security Key API is disabled by default and can only be used by sites that register for and use the U2FSecurityKeyAPI origin trial which ended after Microsoft Edge version 103.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: U2fSecurityKeyApiEnabled
  • GP name: Allow using the deprecated U2F Security Key API (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: U2fSecurityKeyApiEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: U2fSecurityKeyApiEnabled
  • Example value:
<true/>

Back to top

URLAllowlist

Define a list of allowed URLs

Supported versions:

  • On Windows and macOS since 77 or later

Description

Setting the policy provides access to the listed URLs, as exceptions to URLBlocklist.

Format the URL pattern according to https://go.microsoft.com/fwlink/?linkid=2095322.

You can use this policy to open exceptions to restrictive block lists. For example, you can include '*' in the block list to block all requests, and then use this policy to allow access to a limited list of URLs. You can use this policy to open exceptions to certain schemes, subdomains of other domains, ports, or specific paths.

The most specific filter determines if a URL is blocked or allowed. The allowed list takes precedence over the block list.

This policy is limited to 1000 entries; subsequent entries are ignored.

This policy also allows the browser to automatically invoke external applications registered as protocol handlers for protocols like "tel:" or "ssh:".

If you don't configure this policy, there are no exceptions to the block list in the URLBlocklist policy.

This policy does not work as expected with file://* wildcards.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: URLAllowlist
  • GP name: Define a list of allowed URLs
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\URLAllowlist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\URLAllowlist\1 = "contoso.com"
SOFTWARE\Policies\Microsoft\Edge\URLAllowlist\2 = "https://ssl.server.com"
SOFTWARE\Policies\Microsoft\Edge\URLAllowlist\3 = "hosting.com/good_path"
SOFTWARE\Policies\Microsoft\Edge\URLAllowlist\4 = "https://server:8080/path"
SOFTWARE\Policies\Microsoft\Edge\URLAllowlist\5 = ".exact.hostname.com"

Mac information and settings

  • Preference Key Name: URLAllowlist
  • Example value:
<array>
  <string>contoso.com</string>
  <string>https://ssl.server.com</string>
  <string>hosting.com/good_path</string>
  <string>https://server:8080/path</string>
  <string>.exact.hostname.com</string>
</array>

Back to top

URLBlocklist

Block access to a list of URLs

Supported versions:

  • On Windows and macOS since 77 or later

Description

Define a list of sites, based on URL patterns, that are blocked (your users can't load them).

Format the URL pattern according to https://go.microsoft.com/fwlink/?linkid=2095322.

You can define exceptions in the URLAllowlist policy. These policies are limited to 1000 entries; subsequent entries are ignored.

Note that blocking internal 'edge://*' URLs isn't recommended - this may lead to unexpected errors.

This policy doesn't prevent the page from updating dynamically through JavaScript. For example, if you block 'contoso.com/abc', users might still be able to visit 'contoso.com' and click on a link to visit 'contoso.com/abc', as long as the page doesn't refresh.

If you don't configure this policy, no URLs are blocked.

This policy does not work as expected with file://* wildcards.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: URLBlocklist
  • GP name: Block access to a list of URLs
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\URLBlocklist
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\URLBlocklist\1 = "contoso.com"
SOFTWARE\Policies\Microsoft\Edge\URLBlocklist\2 = "https://ssl.server.com"
SOFTWARE\Policies\Microsoft\Edge\URLBlocklist\3 = "hosting.com/bad_path"
SOFTWARE\Policies\Microsoft\Edge\URLBlocklist\4 = "https://server:8080/path"
SOFTWARE\Policies\Microsoft\Edge\URLBlocklist\5 = ".exact.hostname.com"
SOFTWARE\Policies\Microsoft\Edge\URLBlocklist\6 = "custom_scheme:*"
SOFTWARE\Policies\Microsoft\Edge\URLBlocklist\7 = "*"

Mac information and settings

  • Preference Key Name: URLBlocklist
  • Example value:
<array>
  <string>contoso.com</string>
  <string>https://ssl.server.com</string>
  <string>hosting.com/bad_path</string>
  <string>https://server:8080/path</string>
  <string>.exact.hostname.com</string>
  <string>custom_scheme:*</string>
  <string>*</string>
</array>

Back to top

UnthrottledNestedTimeoutEnabled

JavaScript setTimeout will not be clamped until a higher nesting threshold is set (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows and macOS since 105 or later

Description

This policy is deprecated because it is a temporary policy for web standards compliance. It won't work in Microsoft Edge as soon as version 107. If you enable this policy, the JavaScript setTimeout and setInterval, with an interval smaller than 4ms, will not be clamped. This improves short horizon performance, but websites abusing the API will still eventually have their setTimeout usages clamped. If you disable or don't configure policy, the JavaScript setTimeout and setInterval, with an interval smaller than 4ms, will be clamped.

This is a web standards compliancy feature that may change task ordering on a web page, leading to unexpected behavior on sites that are dependent on a certain ordering. It also may affect sites with a lot of usage of a timeout of 0ms for setTimeout. For example, increasing CPU load.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: UnthrottledNestedTimeoutEnabled
  • GP name: JavaScript setTimeout will not be clamped until a higher nesting threshold is set (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: UnthrottledNestedTimeoutEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: UnthrottledNestedTimeoutEnabled
  • Example value:
<true/>

Back to top

UpdatePolicyOverride

Specifies how Microsoft Edge Update handles available updates from Microsoft Edge

Supported versions:

  • On macOS since 89 or later

Description

If you enable this policy, Microsoft Edge Update handles Microsoft Edge updates according to how you configure the following options:

  • Automatic silent updates only: Updates are applied only when they're found by the periodic update check.

  • Manual updates only: Updates are applied only when the user runs a manual update check. (Not all apps provide an interface for this option.)

If you select manual updates, make sure you periodically check for updates by using Microsoft Autoupdate.

If you don't enable and configure this policy, Microsoft Edge Update automatically checks for updates.

Policy options mapping:

  • automatic-silent-only (automatic-silent-only) = Updates are applied only when they're found by the periodic update check.

  • manual-only (manual-only) = Updates are applied only when the user runs a manual update check. (Not all apps provide an interface for this option.)

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Mac information and settings

  • Preference Key Name: UpdatePolicyOverride
  • Example value:
<string>automatic-silent-only</string>

Back to top

UploadFromPhoneEnabled

Enable upload files from mobile in Microsoft Edge desktop

Supported versions:

  • On Windows since 117 or later
  • On macOS since 118 or later

Description

This policy lets you configure the "Upload from mobile" feature in Microsoft Edge.

Upload from mobile lets users select file from mobile devices to desktop when user upload file in a webpage in Microsoft Edge.

If you enable or don't configure this policy, you can use the Upload from mobile feature in Microsoft Edge.

If you disable this policy, you can't use the Upload from mobile feature in Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: UploadFromPhoneEnabled
  • GP name: Enable upload files from mobile in Microsoft Edge desktop
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: UploadFromPhoneEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: UploadFromPhoneEnabled
  • Example value:
<true/>

Back to top

UrlDiagnosticDataEnabled

URL reporting in Edge diagnostic data enabled

Supported versions:

  • On Windows and macOS since 122 or later

Description

Controls sending URLs of pages visited and per-page usage in the Microsoft Edge optional diagnostics data to Microsoft to help make browsing and search better. This also includes identifiers and usage diagnostics of other browser components that can modify or provide content, such as extensions.

This policy is applicable only if the DiagnosticData setting is set to 'OptionalData'. See the description of DiagnosticData for more information on how Microsoft Edge diagnostic data levels are set.

If you enable or don't configure this setting, URLs are provided in optional diagnostic data.

If you disable this setting, URLs are not reported in optional diagnostic data.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: UrlDiagnosticDataEnabled
  • GP name: URL reporting in Edge diagnostic data enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: UrlDiagnosticDataEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: UrlDiagnosticDataEnabled
  • Example value:
<true/>

Back to top

UserAgentClientHintsEnabled

Enable the User-Agent Client Hints feature (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 93.

Supported versions:

  • On Windows and macOS since 86, until 93

Description

This policy is obsolete because it was intended for short-term adaptation purposes only. It doesn't work in Microsoft Edge after version 93.

When enabled the User-Agent Client Hints feature sends granular request headers that provide information about the user browser (for example, the browser version) and environment (for example, the system architecture).

This is an additive feature, but the new headers may break some websites that restrict the characters that requests may contain.

If you enable or don't configure this policy, the User-Agent Client Hints feature is enabled. If you disable this policy, this feature is unavailable.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: UserAgentClientHintsEnabled
  • GP name: Enable the User-Agent Client Hints feature (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: UserAgentClientHintsEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: UserAgentClientHintsEnabled
  • Example value:
<true/>

Back to top

UserAgentClientHintsGREASEUpdateEnabled

Control the User-Agent Client Hints GREASE Update feature

Supported versions:

  • On Windows and macOS since 102 or later

Description

The User-Agent GREASE specification recommends the inclusion of additional GREASE characters beyond the current semicolon and space, and recommends that the arbitrary version number be varied over time.

When enabled, the User-Agent Client Hints GREASE Update feature aligns the User-Agent GREASE algorithm with the latest version from the specification. The updated specification may break some websites that restrict the characters that requests may contain. For more information, see the following specification: https://wicg.github.io/ua-client-hints/#grease

If this policy is enabled or not configured, the User-Agent GREASE algorithm from the specification will be used. If the policy is disabled, the prior User-Agent GREASE algorithm will be used.

This policy is a temporary measure and will be removed in a future release.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: UserAgentClientHintsGREASEUpdateEnabled
  • GP name: Control the User-Agent Client Hints GREASE Update feature
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: UserAgentClientHintsGREASEUpdateEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: UserAgentClientHintsGREASEUpdateEnabled
  • Example value:
<true/>

Back to top

UserAgentReduction

Enable or disable the User-Agent Reduction

Supported versions:

  • On Windows and macOS since 99 or later

Description

The User-Agent HTTP request header is scheduled to be reduced. To facilitate testing and compatibility, this policy can enable the reduction feature for all websites, or disable the ability for origin trials, or field trials to enable the feature.

If you don't configure this policy or set it to Default, User-Agent will be controlled by experimentation.

Set this policy to 'ForceEnabled' to force the reduced version of the User-Agent request header.

Set this policy to 'ForceDisabled' to force the full version of the User-Agent request header.

To learn more about the User-Agent string, read here:

https://go.microsoft.com/fwlink/?linkid=2186267

Policy options mapping:

  • Default (0) = User-Agent reduction will be controllable via Experimentation

  • ForceDisabled (1) = User-Agent reduction diabled, and not enabled by Experimentation

  • ForceEnabled (2) = User-Agent reduction will be enabled for all origins

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: UserAgentReduction
  • GP name: Enable or disable the User-Agent Reduction
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: UserAgentReduction
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: UserAgentReduction
  • Example value:
<integer>0</integer>

Back to top

UserDataDir

Set the user data directory

Supported versions:

  • On Windows and macOS since 77 or later

Description

Set the directory to use for storing user data.

If you enable this policy, Microsoft Edge uses the specified directory regardless of whether the user has set the '--user-data-dir' command-line flag.

If you don't enable this policy, the default profile path is used, but the user can override it by using the '--user-data-dir' flag. Users can find the directory for the profile at edge://version/ under profile path.

To avoid data loss or other errors, don't configure this policy to a volume's root directory or to a directory that's used for other purposes, because Microsoft Edge manages its contents.

See https://go.microsoft.com/fwlink/?linkid=2095041 for a list of variables that can be used.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: UserDataDir
  • GP name: Set the user data directory
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: UserDataDir
  • Value Type: REG_SZ
Example value:
"${users}/${user_name}/Edge"

Mac information and settings

  • Preference Key Name: UserDataDir
  • Example value:
<string>${users}/${user_name}/Edge</string>

Back to top

UserDataSnapshotRetentionLimit

Limits the number of user data snapshots retained for use in case of emergency rollback

Supported versions:

  • On Windows since 86 or later

Description

Following each major version update, Microsoft Edge will create a snapshot of parts of the user's browsing data to use in case of a later emergency that requires a temporary version rollback. If a temporary rollback is performed to a version for which a user has a corresponding snapshot, the data in the snapshot is restored. This lets users keep settings such as bookmarks and autofill data.

If you don't set this policy, the default value of 3 snapshots is used.

If you set this policy, old snapshots are deleted as needed to respect the limit you set. If you set this policy to 0, no snapshots are taken.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Integer

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: UserDataSnapshotRetentionLimit
  • GP name: Limits the number of user data snapshots retained for use in case of emergency rollback
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: UserDataSnapshotRetentionLimit
  • Value Type: REG_DWORD
Example value:
0x00000003

Back to top

UserFeedbackAllowed

Allow user feedback

Supported versions:

  • On Windows and macOS since 77 or later

Description

Microsoft Edge uses the Edge Feedback feature (enabled by default) to allow users to send feedback, suggestions or customer surveys and to report any issues with the browser. Also, by default, users can't disable (turn off) the Edge Feedback feature.

Starting in Microsoft Edge 105, if the user is signed into Microsoft Edge with their work or school account, their feedback is associated with their account and organization.

If you enable this policy or don't configure it, users can invoke Edge Feedback.

If you disable this policy, users can't invoke Edge Feedback.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: UserFeedbackAllowed
  • GP name: Allow user feedback
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: UserFeedbackAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: UserFeedbackAllowed
  • Example value:
<true/>

Back to top

VerticalTabsAllowed

Configures availability of a vertical layout for tabs on the side of the browser

Supported versions:

  • On Windows and macOS since 88 or later

Description

Configures whether a user can access an alternative layout where tabs are vertically aligned on the side of the browser instead of at the top. When there are several tabs open, this layout provides better tab viewing and management. There's better visibility of the site titles, it's easier to scan aligned icons, and there's more space to manage and close tabs.

If you disable this policy, then the vertical tab layout will not be available as an option for users.

If you enable or don't configure this policy, the tab layout will still be at the top, but a user has the option to turn on vertical tabs on the side.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: VerticalTabsAllowed
  • GP name: Configures availability of a vertical layout for tabs on the side of the browser
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: VerticalTabsAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: VerticalTabsAllowed
  • Example value:
<true/>

Back to top

VideoCaptureAllowed

Allow or block video capture

Supported versions:

  • On Windows and macOS since 77 or later

Description

Control whether sites can capture video.

If enabled or not configured (default), the user will be asked about video capture access for all sites except those with URLs configured in the VideoCaptureAllowedUrls policy list, which will be granted access without prompting.

If you disable this policy, the user isn't prompted, and video capture is only available to URLs configured in VideoCaptureAllowedUrls policy.

This policy affects all types of video inputs, not only the built-in camera.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: VideoCaptureAllowed
  • GP name: Allow or block video capture
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: VideoCaptureAllowed
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: VideoCaptureAllowed
  • Example value:
<false/>

Back to top

VideoCaptureAllowedUrls

Sites that can access video capture devices without requesting permission

Supported versions:

  • On Windows and macOS since 77 or later

Description

Specify websites, based on URL patterns, that can use video capture devices without asking the user for permission. Patterns in this list are matched against the security origin of the requesting URL. If they match, the site is automatically granted access to video capture devices.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: VideoCaptureAllowedUrls
  • GP name: Sites that can access video capture devices without requesting permission
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\VideoCaptureAllowedUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\VideoCaptureAllowedUrls\1 = "https://www.contoso.com/"
SOFTWARE\Policies\Microsoft\Edge\VideoCaptureAllowedUrls\2 = "https://[*.]contoso.edu/"

Mac information and settings

  • Preference Key Name: VideoCaptureAllowedUrls
  • Example value:
<array>
  <string>https://www.contoso.com/</string>
  <string>https://[*.]contoso.edu/</string>
</array>

Back to top

VisualSearchEnabled

Visual search enabled

Supported versions:

  • On Windows since 95 or later
  • On macOS since 114 or later

Description

Visual search lets you quickly explore more related content about entities in an image.

If you enable or don't configure this policy, visual search will be enabled via image hover, context menu, and search in sidebar.

If you disable this policy, visual search will be disabled and you won't be able to get more info about images via hover, context menu, and search in sidebar.

Note: Visual Search in Web Capture is still managed by WebCaptureEnabled policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: VisualSearchEnabled
  • GP name: Visual search enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: VisualSearchEnabled
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: VisualSearchEnabled
  • Example value:
<false/>

Back to top

WPADQuickCheckEnabled

Set WPAD optimization

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows you to turn off WPAD (Web Proxy Auto-Discovery) optimization in Microsoft Edge.

If you disable this policy, WPAD optimization is disabled, which makes the browser wait longer for DNS-based WPAD servers.

If you enable or don't configure the policy, WPAD optimization is enabled.

Independent of whether or how this policy is enabled, the WPAD optimization setting cannot be changed by users.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WPADQuickCheckEnabled
  • GP name: Set WPAD optimization
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WPADQuickCheckEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: WPADQuickCheckEnabled
  • Example value:
<true/>

Back to top

WalletDonationEnabled

Wallet Donation Enabled

Supported versions:

  • On Windows and macOS since 115 or later

Description

The Wallet Donation feature in Microsoft Edge allows users to view their donation summary, explore Nonprofit organizations (NPOs), donate to an NPO, manage their monthly donations, and view their donation history.

If you enable or don't configure this policy, users can use the Wallet Donation feature.

If you disable this policy, users can't use the Wallet Donation feature.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: Yes
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WalletDonationEnabled
  • GP name: Wallet Donation Enabled
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): Administrative Templates/Microsoft Edge - Default Settings (users can override)/
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): SOFTWARE\Policies\Microsoft\Edge\Recommended
  • Value Name: WalletDonationEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: WalletDonationEnabled
  • Example value:
<true/>

Back to top

WebAppInstallForceList

Configure list of force-installed Web Apps

Supported versions:

  • On Windows and macOS since 80 or later

Description

Setting the policy specifies a list of web apps that install silently, without user interaction, and which users can't uninstall or turn off.

Each list item of the policy is an object with a mandatory member: url (the URL of the web app to install)

and 6 optional members:

  • default_launch_container (for how the web app opens—a new tab is the default)

  • create_desktop_shortcut (True if you want to create Linux and Microsoft Windows desktop shortcuts).

  • fallback_app_name (Starting with Microsoft Edge version 90, allows you to override the app name if it is not a Progressive Web App (PWA), or the app name that is temporarily installed if it is a PWA but authentication is required before the installation can be completed. If both custom_name and fallback_app_name are provided, the latter will be ignored.)

  • custom_name (Starting with Microsoft Edge version 112 on all desktop platforms, allows you to permanently override the app name for all web apps and PWAs.)

  • custom_icon (Starting with Microsoft Edge version 112 on all desktop platforms, allows you to override the app icon of installed apps. The icons have to be square, maximal 1 MB in size, and in one of the following formats: jpeg, png, gif, webp, ico. The hash value has to be the SHA256 hash of the icon file.)

  • install_as_shortcut (Starting with Microsoft Edge version 107). If enabled the given url will be installed as a shortcut, as if done via the "Create Shortcut..." option in the desktop browser GUI. Note that when installed as a shortcut it won't be updated if the manifest in url changes. If disabled or unset, the web app at the given url will be installed normally. (Not currently supported in Microsoft Edge.)

    Supported features:

    • Can be mandatory: Yes
    • Can be recommended: No
    • Dynamic Policy Refresh: Yes
    • Per Profile: Yes
    • Applies to a profile that is signed in with a Microsoft account: No

    Data Type:

    • Dictionary

    Windows information and settings

    Group Policy (ADMX) info
    • GP unique name: WebAppInstallForceList
    • GP name: Configure list of force-installed Web Apps
    • GP path (Mandatory): Administrative Templates/Microsoft Edge/
    • GP path (Recommended): N/A
    • GP ADMX file name: MSEdge.admx
    Windows Registry Settings
    • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
    • Path (Recommended): N/A
    • Value Name: WebAppInstallForceList
    • Value Type: REG_SZ
    Example value:
SOFTWARE\Policies\Microsoft\Edge\WebAppInstallForceList = [
  {
    "create_desktop_shortcut": true,
    "default_launch_container": "window",
    "url": "https://www.contoso.com/maps"
  },
  {
    "default_launch_container": "tab",
    "url": "https://app.contoso.edu"
  },
  {
    "default_launch_container": "window",
    "fallback_app_name": "Editor",
    "url": "https://app.contoso.edu/editor"
  },
  {
    "custom_name": "Spreadsheets",
    "default_launch_container": "window",
    "install_as_shortcut": true,
    "url": "https://app.contoso.edu/sheets"
  },
  {
    "custom_icon": {
      "hash": "c28f469c450e9ab2b86ea47038d2b324c6ad3b1e9a4bd8960da13214afd0ca38",
      "url": "https://mydomain.example.com/sunny_icon.png"
    },
    "url": "https://weather.example.com"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\WebAppInstallForceList = [{"create_desktop_shortcut": true, "default_launch_container": "window", "url": "https://www.contoso.com/maps"}, {"default_launch_container": "tab", "url": "https://app.contoso.edu"}, {"default_launch_container": "window", "fallback_app_name": "Editor", "url": "https://app.contoso.edu/editor"}, {"custom_name": "Spreadsheets", "default_launch_container": "window", "install_as_shortcut": true, "url": "https://app.contoso.edu/sheets"}, {"custom_icon": {"hash": "c28f469c450e9ab2b86ea47038d2b324c6ad3b1e9a4bd8960da13214afd0ca38", "url": "https://mydomain.example.com/sunny_icon.png"}, "url": "https://weather.example.com"}]

Mac information and settings

  • Preference Key Name: WebAppInstallForceList
  • Example value:
<key>WebAppInstallForceList</key>
<array>
  <dict>
    <key>create_desktop_shortcut</key>
    <true/>
    <key>default_launch_container</key>
    <string>window</string>
    <key>url</key>
    <string>https://www.contoso.com/maps</string>
  </dict>
  <dict>
    <key>default_launch_container</key>
    <string>tab</string>
    <key>url</key>
    <string>https://app.contoso.edu</string>
  </dict>
  <dict>
    <key>default_launch_container</key>
    <string>window</string>
    <key>fallback_app_name</key>
    <string>Editor</string>
    <key>url</key>
    <string>https://app.contoso.edu/editor</string>
  </dict>
  <dict>
    <key>custom_name</key>
    <string>Spreadsheets</string>
    <key>default_launch_container</key>
    <string>window</string>
    <key>install_as_shortcut</key>
    <true/>
    <key>url</key>
    <string>https://app.contoso.edu/sheets</string>
  </dict>
  <dict>
    <key>custom_icon</key>
    <dict>
      <key>hash</key>
      <string>c28f469c450e9ab2b86ea47038d2b324c6ad3b1e9a4bd8960da13214afd0ca38</string>
      <key>url</key>
      <string>https://mydomain.example.com/sunny_icon.png</string>
    </dict>
    <key>url</key>
    <string>https://weather.example.com</string>
  </dict>
</array>

Back to top

WebAppSettings

Web App management settings

Supported versions:

  • On Windows and macOS since 120 or later

Description

This policy allows an admin to specify settings for installed web apps. This policy maps a Web App ID to its specific setting. A default configuration can be set using the special ID *, which applies to all web apps without a custom configuration in this policy.

  • The manifest_id field is the Manifest ID for the Web App. See https://developer.chrome.com/blog/pwa-manifest-id/ for instructions on how to determine the Manifest ID for an installed web app.

  • The run_on_os_login field specifies if a web app can be run during OS login. If this field is set to blocked, the web app will not run during OS login and the user will not be able to enable this later. If this field is set to run_windowed, the web app will run during OS login and the user won't be able to disable this later. If this field is set to allowed, the user will be able to configure the web app to run at OS login. The default policy configuration only allows the allowed and blocked values.

  • (Starting with Microsoft Edge version 120) The prevent_close_after_run_on_os_login field specifies if a web app can be prevented from closing in any way. For example, by the user, by task manager, or by web APIs. This behavior can only be enabled if run_on_os_login is set to run_windowed. If the app is already running, this setting will only take effect after the app is restarted. If this field isn't defined, users can close the app. (This is currently not supported in Microsoft Edge.)

  • (Since version 118) The force_unregister_os_integration field specifies if all OS integration for a web app, that is, shortcuts, file handlers, protocol handlers and so on will be removed or not. If an app is already running, this property will come into effect after the app restarts. This should be used with caution, since it can override any OS integration that is set automatically during the startup of the web applications system. This currently only works on Windows, Mac and Linux platforms.

    Supported features:

    • Can be mandatory: Yes
    • Can be recommended: No
    • Dynamic Policy Refresh: Yes
    • Per Profile: Yes
    • Applies to a profile that is signed in with a Microsoft account: No

    Data Type:

    • Dictionary

    Windows information and settings

    Group Policy (ADMX) info
    • GP unique name: WebAppSettings
    • GP name: Web App management settings
    • GP path (Mandatory): Administrative Templates/Microsoft Edge/
    • GP path (Recommended): N/A
    • GP ADMX file name: MSEdge.admx
    Windows Registry Settings
    • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
    • Path (Recommended): N/A
    • Value Name: WebAppSettings
    • Value Type: REG_SZ
    Example value:
SOFTWARE\Policies\Microsoft\Edge\WebAppSettings = [
  {
    "manifest_id": "https://foo.example/index.html",
    "run_on_os_login": "allowed"
  },
  {
    "manifest_id": "https://bar.example/index.html",
    "run_on_os_login": "allowed"
  },
  {
    "manifest_id": "https://foobar.example/index.html",
    "prevent_close_after_run_on_os_login": true,
    "run_on_os_login": "run_windowed"
  },
  {
    "manifest_id": "*",
    "run_on_os_login": "blocked"
  },
  {
    "force_unregister_os_integration": true,
    "manifest_id": "https://foo.example/index.html"
  }
]
Compact example value:
SOFTWARE\Policies\Microsoft\Edge\WebAppSettings = [{"manifest_id": "https://foo.example/index.html", "run_on_os_login": "allowed"}, {"manifest_id": "https://bar.example/index.html", "run_on_os_login": "allowed"}, {"manifest_id": "https://foobar.example/index.html", "prevent_close_after_run_on_os_login": true, "run_on_os_login": "run_windowed"}, {"manifest_id": "*", "run_on_os_login": "blocked"}, {"force_unregister_os_integration": true, "manifest_id": "https://foo.example/index.html"}]

Mac information and settings

  • Preference Key Name: WebAppSettings
  • Example value:
<key>WebAppSettings</key>
<array>
  <dict>
    <key>manifest_id</key>
    <string>https://foo.example/index.html</string>
    <key>run_on_os_login</key>
    <string>allowed</string>
  </dict>
  <dict>
    <key>manifest_id</key>
    <string>https://bar.example/index.html</string>
    <key>run_on_os_login</key>
    <string>allowed</string>
  </dict>
  <dict>
    <key>manifest_id</key>
    <string>https://foobar.example/index.html</string>
    <key>prevent_close_after_run_on_os_login</key>
    <true/>
    <key>run_on_os_login</key>
    <string>run_windowed</string>
  </dict>
  <dict>
    <key>manifest_id</key>
    <string>*</string>
    <key>run_on_os_login</key>
    <string>blocked</string>
  </dict>
  <dict>
    <key>force_unregister_os_integration</key>
    <true/>
    <key>manifest_id</key>
    <string>https://foo.example/index.html</string>
  </dict>
</array>

Back to top

WebCaptureEnabled

Enable the Screenshot (previously named Web Capture) feature in Microsoft Edge

Supported versions:

  • On Windows and macOS since 87 or later

Description

Note: The web capture feature is rebranded to "Screenshot".

Enables the Screenshot feature in Microsoft Edge. This feature lets users capture web and PDF content, and annotate captures using inking tools. Users can also do a visual image search based on the captured content.

If you enable or don't configure this policy, the Screenshot option appears in the context menu, the Settings and more menu, and by using the keyboard shortcut, CTRL+SHIFT+S.

If you disable this policy, users can't access this feature in Microsoft Edge.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebCaptureEnabled
  • GP name: Enable the Screenshot (previously named Web Capture) feature in Microsoft Edge
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebCaptureEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: WebCaptureEnabled
  • Example value:
<true/>

Back to top

WebComponentsV0Enabled

Re-enable Web Components v0 API until M84 (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 84.

Supported versions:

  • On Windows and macOS since 80, until 84

Description

This policy doesn't work because this policy allowed these features to be selectively re-enabled until Microsoft Edge version 85. The Web Components v0 APIs (Shadow DOM v0, Custom Elements v0, and HTML Imports) were deprecated in 2018, and have been disabled by default starting in Microsoft Edge version 80.

If you set this policy is set to True, the Web Components v0 features will be enabled for all sites.

If you set this policy to False or don't set this policy, the Web Components v0 features will be disabled by default, starting in Microsoft Edge version 80.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebComponentsV0Enabled
  • GP name: Re-enable Web Components v0 API until M84 (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebComponentsV0Enabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: WebComponentsV0Enabled
  • Example value:
<true/>

Back to top

WebDriverOverridesIncompatiblePolicies

Allow WebDriver to Override Incompatible Policies (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 84.

Supported versions:

  • On Windows and macOS since 77, until 84

Description

This policy doesn't work because WebDriver is now compatible with all existing policies.

This policy allows users of the WebDriver feature to override policies which can interfere with its operation.

Currently this policy disables SitePerProcess and IsolateOrigins policies.

If the policy is enabled, WebDriver will be able to override incomaptible policies. If the policy is disabled or not configured, WebDriver will not be allowed to override incompatible policies.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebDriverOverridesIncompatiblePolicies
  • GP name: Allow WebDriver to Override Incompatible Policies (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebDriverOverridesIncompatiblePolicies
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: WebDriverOverridesIncompatiblePolicies
  • Example value:
<true/>

Back to top

WebRtcAllowLegacyTLSProtocols

Allow legacy TLS/DTLS downgrade in WebRTC (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 120.

Supported versions:

  • On Windows and macOS since 88, until 120

Description

If you enable this policy, WebRTC peer connections can downgrade to obsolete versions of the TLS/DTLS (DTLS 1.0, TLS 1.0 and TLS 1.1) protocols. If you disable or don't set this policy, these TLS/DTLS versions are disabled.

This policy was removed in Microsoft Edge 121 and is ignored if set.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebRtcAllowLegacyTLSProtocols
  • GP name: Allow legacy TLS/DTLS downgrade in WebRTC (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebRtcAllowLegacyTLSProtocols
  • Value Type: REG_DWORD
Example value:
0x00000000

Mac information and settings

  • Preference Key Name: WebRtcAllowLegacyTLSProtocols
  • Example value:
<false/>

Back to top

WebRtcLocalIpsAllowedUrls

Manage exposure of local IP addressess by WebRTC

Supported versions:

  • On Windows and macOS since 80 or later

Description

Specifies a list of origins (URLs) or hostname patterns (like "contoso.com") for which local IP address should be exposed by WebRTC.

If you enable this policy and set a list of origins (URLs) or hostname patterns, when edge://flags/#enable-webrtc-hide-local-ips-with-mdns is Enabled, WebRTC will expose the local IP address for cases that match patterns in the list.

If you disable or don't configure this policy, and edge://flags/#enable-webrtc-hide-local-ips-with-mdns is Enabled, WebRTC will not expose local IP addresses. The local IP address is concealed with an mDNS hostname.

If you enable, disable, or don't configure this policy, and edge://flags/#enable-webrtc-hide-local-ips-with-mdns is Disabled, WebRTC will expose local IP addresses.

Please note that this policy weakens the protection of local IP addresses that might be needed by administrators.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • List of strings

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebRtcLocalIpsAllowedUrls
  • GP name: Manage exposure of local IP addressess by WebRTC
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\WebRtcLocalIpsAllowedUrls
  • Path (Recommended): N/A
  • Value Name: 1, 2, 3, ...
  • Value Type: list of REG_SZ
Example value:
SOFTWARE\Policies\Microsoft\Edge\WebRtcLocalIpsAllowedUrls\1 = "https://www.contoso.com"
SOFTWARE\Policies\Microsoft\Edge\WebRtcLocalIpsAllowedUrls\2 = "*contoso.com*"

Mac information and settings

  • Preference Key Name: WebRtcLocalIpsAllowedUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>*contoso.com*</string>
</array>

Back to top

WebRtcLocalhostIpHandling

Restrict exposure of local IP address by WebRTC

Supported versions:

  • On Windows and macOS since 77 or later

Description

Allows you to set whether or not WebRTC exposes the user's local IP address.

If you set this policy to "AllowAllInterfaces" or "AllowPublicAndPrivateInterfaces", WebRTC exposes the local IP address.

If you set this policy to "AllowPublicInterfaceOnly" or "DisableNonProxiedUdp", WebRTC doesn't expose the local IP address.

If you don't set this policy, or if you disable it, WebRTC exposes the local IP address.

Note: This policy does not provide an option to exclude specific domains.

Policy options mapping:

  • AllowAllInterfaces (default) = Allow all interfaces. This exposes the local IP address

  • AllowPublicAndPrivateInterfaces (default_public_and_private_interfaces) = Allow public and private interfaces over http default route. This exposes the local IP address

  • AllowPublicInterfaceOnly (default_public_interface_only) = Allow public interface over http default route. This doesn't expose the local IP address

  • DisableNonProxiedUdp (disable_non_proxied_udp) = Use TCP unless proxy server supports UDP. This doesn't expose the local IP address

Use the preceding information when configuring this policy.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebRtcLocalhostIpHandling
  • GP name: Restrict exposure of local IP address by WebRTC
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebRtcLocalhostIpHandling
  • Value Type: REG_SZ
Example value:
"default"

Mac information and settings

  • Preference Key Name: WebRtcLocalhostIpHandling
  • Example value:
<string>default</string>

Back to top

WebRtcRespectOsRoutingTableEnabled

Enable support for Windows OS routing table rules when making peer to peer connections via WebRTC

Supported versions:

  • On Windows since 94 or later

Description

Controls whether WebRTC will respect the Windows OS routing table rules when making peer to peer connections, thus enabling split tunnel VPNs.

If you disable this policy or don't configure it, WebRTC will not consider the routing table and may make peer to peer connections over any available network.

If you enable this policy, WebRTC will prefer to make peer to peer connections using the indicated network interface for the remote address as indicated in the routing table.

This policy is only available on Windows.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebRtcRespectOsRoutingTableEnabled
  • GP name: Enable support for Windows OS routing table rules when making peer to peer connections via WebRTC
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebRtcRespectOsRoutingTableEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

WebRtcUdpPortRange

Restrict the range of local UDP ports used by WebRTC

Supported versions:

  • On Windows and macOS since 77 or later

Description

Restricts the UDP port range used by WebRTC to a specified port interval (endpoints included).

By configuring this policy, you specify the range of local UDP ports that WebRTC can use.

If you don't configure this policy, or if you set it to an empty string or invalid port range, WebRTC can use any available local UDP port.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • String

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebRtcUdpPortRange
  • GP name: Restrict the range of local UDP ports used by WebRTC
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebRtcUdpPortRange
  • Value Type: REG_SZ
Example value:
"10000-11999"

Mac information and settings

  • Preference Key Name: WebRtcUdpPortRange
  • Example value:
<string>10000-11999</string>

Back to top

WebSQLAccess

Force WebSQL to be enabled (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 123.

Supported versions:

  • On Windows and macOS since 107, until 123

Description

This policy was removed in Microsoft Edge 124 and is ignored if set.

WebSQL is on by default as of Microsoft Edge version 101, but can be disabled via a Microsoft Edge flag. If you enable this policy, WebSQL cannot be disabled. If you disable or don't configure this policy, WebSQL can be disabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebSQLAccess
  • GP name: Force WebSQL to be enabled (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebSQLAccess
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: WebSQLAccess
  • Example value:
<true/>

Back to top

WebSQLInThirdPartyContextEnabled

Force WebSQL in third-party contexts to be re-enabled (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 100.

Supported versions:

  • On Windows and macOS since 97, until 100

Description

This policy is obsolete because it was intended to be a short-term mechanism to give enterprises more time to update their web content when it's found to be incompatible with the change to disable WebSQL in third-party contexts. It doesn't work in Microsoft Edge after version 100.

WebSQL in third-party contexts (for example, cross-site iframes) is off by default as of Microsoft Edge version 97 and was fully removed in version 101.

If you enable this policy, WebSQL in third-party contexts will be re-enabled.

If you disable this policy or don't configure it, WebSQL in third-party contexts will stay off.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebSQLInThirdPartyContextEnabled
  • GP name: Force WebSQL in third-party contexts to be re-enabled (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebSQLInThirdPartyContextEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: WebSQLInThirdPartyContextEnabled
  • Example value:
<true/>

Back to top

WebSQLNonSecureContextEnabled

Force WebSQL in non-secure contexts to be enabled (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 112.

Supported versions:

  • On Windows and macOS since 107, until 112

Description

This policy doesn't work because WebSQL in non-secure contexts is on by default as of Microsoft Edge 105. If you enable this policy, WebSQL in non-secure contexts will be enabled. If you disable or don't configure this policy, WebSQL in non-secure contexts will follow the default settings of the browser.

This policy was removed in Microsoft Edge 113 and is ignored if configured.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebSQLNonSecureContextEnabled
  • GP name: Force WebSQL in non-secure contexts to be enabled (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebSQLNonSecureContextEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: WebSQLNonSecureContextEnabled
  • Example value:
<true/>

Back to top

WebSelectEnabled

Web Select Enabled (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 116.

Supported versions:

  • On Windows and macOS since 107, until 116

Description

This policy is obsoleted because Web Select is part of Web Capture and can be controlled by WebCaptureEnabled. This policy won't work in Microsoft Edge version 117. If Web Capture is disabled by WebCaptureEnabled, Web select will not be available in Web Capture.

Web select lets users select and copy web content while preserving its formatting when pasted in most cases. It also allows more targeted selection on some web elements, such as copying a single column in a table.

If you enable or don't configure this policy, Web select is available in Web Capture and can be accessed directly using the CTRL+SHIFT+X keyboard shortcut.

If you disable this policy, Web select will not be available in Web Capture and the CTRL+SHIFT+X keyboard shortcut will also not work.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebSelectEnabled
  • GP name: Web Select Enabled (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebSelectEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Mac information and settings

  • Preference Key Name: WebSelectEnabled
  • Example value:
<true/>

Back to top

WebWidgetAllowed

Enable the Search bar (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows since 88 or later

Description

Enables the search bar. When enabled, users can use the search bar to search the web from their desktop or from an application. The search bar provides a search box that shows web suggestions and opens all web searches in Microsoft Edge. The search box provides search (powered by Bing) and URL suggestions. The search bar can be launched from the "More tools" menu or jump list in Microsoft Edge.

If you enable or don't configure this policy: The search bar will be automatically enabled for all profiles. The option to enable the search bar at startup will be toggled on if the WebWidgetIsEnabledOnStartup policy is enabled. If the WebWidgetIsEnabledOnStartup is disabled or not configured, the option to enable the search bar at startup will be toggled off. Users will see the menu item to launch the search bar from the Microsoft Edge "More tools" menu. Users can launch the search bar from "More tools". Users will see the menu item to launch the search bar from the Microsoft Edge jump list menu. Users can launch the search bar from the Microsoft Edge jump list menu. The search bar can be turned off by the "Quit" option in the System tray or by closing the search bar from the 3 dot menu. The search bar will be restarted on system reboot if auto-start is enabled.

If you disable this policy: The search bar will be disabled for all profiles. The option to launch the search bar from Microsoft Edge "More tools" menu will be disabled. The option to launch the search bar from Microsoft Edge jump list menu will be disabled.

This policy is deprecated due to the deprecation of the Web widget's vertical layout. This policy will be made obsolete in 119 release.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebWidgetAllowed
  • GP name: Enable the Search bar (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebWidgetAllowed
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

WebWidgetIsEnabledOnStartup

Allow the Search bar at Windows startup (deprecated)

DEPRECATED: This policy is deprecated. It is currently supported but will become obsolete in a future release.

Supported versions:

  • On Windows since 88 or later

Description

Allows the Search bar to start running at Windows startup.

   If you enable:
     The Search bar will start running at Windows startup by default.
     If the Search bar is disabled via [WebWidgetAllowed](#webwidgetallowed) policy, this policy will not start the Search bar on Windows startup.

   If you disable this policy:
     The Search bar will not start at Windows startup for all profiles.
     The option to start the Edge bar at Windows startup will be disabled and toggled off in Microsoft Edge settings.

   If you don't configure the policy:
     The Search bar will not start at Windows startup for all profiles.
     The option to start the Edge bar at Windows startup will be toggled off in Microsoft Edge settings.

This policy is deprecated due to the deprecation of the Web widget's vertical layout. This policy will be made obsolete in 119 release.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WebWidgetIsEnabledOnStartup
  • GP name: Allow the Search bar at Windows startup (deprecated)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WebWidgetIsEnabledOnStartup
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

WinHttpProxyResolverEnabled

Use Windows proxy resolver

Supported versions:

  • On Windows since 84 or later

Description

This policy will be superseded by a similar feature in a future release. For more information, see https://crbug.com/1032820.

Use Windows to resolve proxies for all browser networking instead of the proxy resolver built into Microsoft Edge. The Windows proxy resolver enables Windows proxy features such as DirectAccess/NRPT.

This policy comes with the problems described by https://crbug.com/644030. It causes PAC files to be fetched and executed by Windows code, including PAC files set via the ProxyPacUrl policy. Since Network Fetches for the PAC file happen via Windows instead of Microsoft Edge code, network policies such as DnsOverHttpsMode will not apply to network fetches for a PAC file.

If you enable this policy, the Windows proxy resolver will be used.

If you disable or don't configure this policy, the Microsoft Edge proxy resolver will be used.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: No - Requires browser restart
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WinHttpProxyResolverEnabled
  • GP name: Use Windows proxy resolver
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WinHttpProxyResolverEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

WindowOcclusionEnabled

Enable Window Occlusion

Supported versions:

  • On Windows since 89 or later

Description

Enables window occlusion in Microsoft Edge.

If you enable this setting, to reduce CPU and power consumption Microsoft Edge will detect when a window is covered by other windows, and will suspend work painting pixels.

If you disable this setting Microsoft Edge will not detect when a window is covered by other windows.

If this policy is left not set, window hiding detection will be enabled.

Supported features:

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data Type:

  • Boolean

Windows information and settings

Group Policy (ADMX) info
  • GP unique name: WindowOcclusionEnabled
  • GP name: Enable Window Occlusion
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx
Windows Registry Settings
  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value Name: WindowOcclusionEnabled
  • Value Type: REG_DWORD
Example value:
0x00000001

Back to top

See also