Deploy, manage and evaluate the new Microsoft Edge (Chromium) with enterprise capabilities
Introduction
Two days ago, Microsoft started providing the necessities for deploying and managing the new Microsoft Edge (Chromium) in the enterprise. This article will give a short introduction to Edge (Chromium) and demonstrate the enterprise capabilities.
Microsoft made quite a splash late last year when they announced that they were ceasing development on the previous app-based Microsoft Edge for Windows 10, and were developing a new alternative based on the Chromium Open Source Project, for all platforms. While it’s certainly a shame to see the development of Microsoft’s first and only UWP browser, and its accompanying rendering engine EdgeHTML terminated* after just under 5 years, Sysadmins around the world rejoiced for two reasons. The new project has the potential to provide them with deployment and management capabilities matching IE and Edge, while also giving users and developers what they know and expect, i.e. a fast and modern browsing experience that works with 99.9% of the web as we know it.
Like Chrome, it is a classic standalone application that runs on most platforms, including Windows 7, Windows Server, Mac and mobile operating systems.
Unlike Chrome, the proprietary bits from Google are all but absent in Edge (Chromium), with many of them replaced by Microsoft’s own services.
*Microsoft Edge (UWP) is currently a part of Windows 10 Semi-Annual Channel and as such will be supported until at least May 11, 2021. Its rendering engine EdgeHTML is embedded into the UWP platform and renders web content in modern (UWP) apps in Windows 10. As such, it will continue to function and be a part of the operating system.
In Enterprises depending on Microsoft’s technology, this could answer the question of which browser to deploy once and for all, as it would integrate with existing technology, maintain compatibility (IE Mode), ensure deployment and management capabilities, and provide a piece of software that falls under familiar privacy and support agreements with a vendor they already trust and do business with.
So, what do these deployment and management capabilities actually look like?
If you are not a sysadmin, and just want to see what a managed Edge (Chromium) browser could look like for your end users, enjoy this short video demonstration.
All others, read on.
Deploying and managing Microsoft Edge (Chromium)
On July 16th, Microsoft has released the preview and documentation of the Enterprise features for Edge (Chromium). ADMX templates, policy templates for Mac as well as MSI-Installers for the Dev Channel of Edge are provided on the new Edge Enterprise site.
Deploying with System Center Configuration Manager
We used the 64-bit version of the installer for the Dev Channel. Other, more “stable” channels are not yet available. That said, a few of us have been test driving Dev Channel since it was released, and have had a fast, stable and nearly issue-free experience.
Disclaimer: Microsoft Edge Dev is pre-release software, with no official support, and issues can occur. We do not recommend that you deploy Edge Dev into a production environment. However, we do encourage enterprises to test and evaluate the new browser and its capabilities in a pilot project.
It’s an MSI installer so deployment with Config Manager is fairly straightforward. Create an Application and fill in the information, the default installation command line works fine.
Distribute and deploy to a collection as required or available. If the latter is chosen, users will see a new application and can choose to install it.
The installation finishes within a few seconds. It can be uninstalled in the same way.
Managing with Group Policy
This will be straightforward as well. Download the templates and extract the folder contents to your hard drive. Locate the .admx file and the folder that contains the .adml files for your language.
If desired, also extract the msedgeupdate.admx and .adml files to manage the updater function of Edge (Chromium). These policies are only available in English at the moment.
If you are just testing on one PC using local group policy, copy everything to C:\Windows\PolicyDefinitions. If you want to manage PCs with Edge Dev in a domain, copy the files to the PolicyDefinitions folder of the Sysvol share in the domain.
Now, you can manage Edge (Chromium) with Group Policy.
Both user and machine policies are available. You can lock a setting, or set a default and allow users to change it later.
The policies themselves are almost identical to current Google Chrome group policies. You can set home pages, search providers, set do-not-track, and so forth. Administrators familiar with managing Chrome will feel right at home. That said, there are a couple of policies unique to Microsoft Edge (Chromium). We will try to point out a few interesting ones.
Domain Actions
Because this is a new browser that handles and looks mostly like Chrome, but isn’t Chrome, it has its own User Agent string that differs from the UA of Google Chrome. For this reason, some websites wrongly detect it as incompatible. Microsoft promises to keep track of these websites, and implement fixes automatically through this function.
Internet Explorer Integration
This is the big one. If this feature is implemented correctly, we can finally have the speed and productivity enhancements of modern browsers while maintaining full compatibility to legacy websites. With IE mode, it is already possible to open websites with Internet Explorer, inside a new browser tab in Edge (Chromium). Couple that with policies such as “open all intranet sites in Internet Explorer” or a well-configured Enterprise Mode Site list, and Microsoft will finally deliver the seamless experience that the duo of Edge (UWP) and IE never managed to fully achieve.
Then, enterprises will hopefully be able to move on from still deploying IE as the main browser (“it’s the only one that works with all our sites”), instead using IE mode for all legacy sites that require it and the new Edge (Chromium) for everything else.
Expect another blog article on IE integration features such as IE mode and Enterprise Site List with the new Edge, soon.
As you can see, deploying and managing the new Microsoft Edge (Chromium) is currently no different from deploying and managing with Chrome. For this reason, it’s possible that Microsoft will integrate Edge (Chromium) and make it a part of Windows, delivering updates via Windows Update, as they did with Edge (UWP). Or, it’s possible that they will keep it separate, to make sure that deployment paths are the same for all Windows platforms.
In the coming months and weeks, we will also see more features for enterprises. Windows insiders can already test biometrics support of the new browser in the form of Windows Hello integration. You can already sign in with your Microsoft Account to sync bookmarks and settings. This capability will be extended to allow users with Azure AD Accounts to sync and provide single-sign on experiences when the user is logged into Windows with an Azure AD account.