Update Edge Chromium exclusively through WSUS

Humpix 21 Reputation points
2020-10-21T08:55:25.55+00:00

Is there a way to update Edge Chromium exclusively through WSUS? Currently we have not released certain updates in WSUS (because they cause errors). However, the clients still download them online directly from Microsoft.

For the "normal" Windows updates there is a GPO setting to prevent this. Windows updates currently only load from WSUS - but Edge Chromium ignores this setting.
With the new policy definitions there are GPO settings "Microsoft Edge-Update..." but here I only find settings to prevent updates completely. (Or only manually, or only automatically) But according to the policy description this does not solve my problem.

Does anybody have a hint?

Best regards!
Mathias

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,745 questions
{count} votes

10 answers

Sort by: Most helpful
  1. Rita Hu -MSFT 9,566 Reputation points
    2020-10-22T02:53:19.11+00:00

    Hi Mathias,

    Thanks for your posting on Q&A.

    I want to confirm whether you want to deploy the Microsoft Edge or update the Microsoft Edge.

    In my opinion, we could not deploy the Microsoft Edge by WSUS but we could deploy and update the Microsoft Edge by Configuration Manager. Here is a related picture for your reference:

    34125-1.png

    In addition, we could refer to this link to deploy and update the Microsoft Edge by Configuration Manager.

    Regards,
    Rita


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Humpix 21 Reputation points
    2020-10-22T05:49:46.667+00:00

    Hello, Rita,
    Thanks for your message!

    No, it is actually only about the current updates. I have already rolled out the new browser in the company.

    Windows updates work perfectly with WSUS and via GPO I also specify that they are only loaded by WSUS. (By the way, this GPO setting is also very well hidden)

    Now I want to prevent Edge from loading updates itself from the internet, like the Windows Updates, without bypassing WSUS. At the moment that's what's causing us a lot of problems - especially the IE mode seems to cause problems with every second update.

    BR,
    Mathias

    0 comments No comments

  3. Rita Hu -MSFT 9,566 Reputation points
    2020-10-22T06:27:40.02+00:00

    Hi Mathias,

    Thanks for your confirmation.

    Perhaps we could apply the below policy on the client to prevent the clients from the Internet:
    Policy: Do not allow update deferral policies to cause scans against Windows Update

    34177-snipaste-2020-10-22-14-25-04.png

    If there are any updates about this issue, please let me know.

    Regards,
    Rita


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  4. Humpix 21 Reputation points
    2020-10-22T06:34:48.623+00:00

    This is the setting we have already set for Windows Updates. It works with Windows updates but Edge Chromium seems to ignore this GPO...

    0 comments No comments

  5. Humpix 21 Reputation points
    2020-10-22T06:37:29.863+00:00

    Another idea - is there a specific update URL for Edge that I could block? The only other alternative I found is to completely disable updates via Edge GPO. I'm just not sure if Edge then will get the updates from WSUS via Windows Updates...

    0 comments No comments