New Group Policies in Edge Chromium 80
With a new version of Edge Chromium there is of course new setting we can do = new ADMX/AMDL files. It is important for admin to keep up so even if we allow auto-update of Edge Chromium there is still work that needs to be done for every new release.
This is the new Group policy settings I found that is new for Edge Chromium 80 and 81.
New Group Policy settings in Edge Chromium 80 and later
| Setting | Description |
| DefaultInsecureContentSetting | Control use of insecure content exceptions |
| InsecureContentAllowedForUrls | Allow insecure content on specified sites |
| InsecureContentBlockedForUrls | Control use of insecure content exceptions |
| LegacySameSiteCookieBehaviorEnabled | Enable default legacy SameSite cookie behavior setting |
| LegacySameSiteCookieBehaviorEnabledForDomainList | Revert to legacy SameSite behavior for cookies on specified sites |
| SmartScreenPuaEnabled | Configure Microsoft Defender SmartScreen to block potentially unwanted apps |
| AlternateErrorPagesEnabled | Suggest similar pages when a webpage can’t be found |
| DNSInterceptionChecksEnabled | DNS interception checks enabled |
| HideFirstRunExperience | Hide the First-run experience and splash screen |
| PaymentMethodQueryEnabled | Allow websites to query for available payment methods |
| PersonalizationReportingEnabled | Allow personalization of ads, search and news by sending browsing history to Microsoft |
| PinningWizardAllowed | Allow Pin to taskbar wizard |
| TotalMemoryLimitMb | Set limit on megabytes of memory a single Microsoft Edge instance can use. |
| WebAppInstallForceLisl | Configure list of force-installed Web Apps |
| WebRtcLocalIpsAllowedUrls | Manage exposure of local IP addressess by WebRTC |
New Group Policy settings in Edge Chromium 81 and later
| Setting | Description |
| GloballyScopeHTTPAuthCacheEnabled | Enable globally scoped HTTP auth cache |
| AmbientAuthenticationInPrivateModesEnabled | Enable Ambient Authentication for InPrivate and Guest profiles |
| AudioSandboxEnabled | Allow the audio sandbox to run |
| ImportCookies | Allow importing of Cookies |
| ImportExtensions | Allow importing of extensions |
| ImportShortcuts | Allow importing of shortcuts |
| InternetExplorerIntegrationSiteRedirect | Specify how “in-page” navigations to unconfigured sites behave when started from Internet Explorer mode pages |
| OmniboxMSBProviderEnabled | Enable Microsoft Search for Business provider in omnibox |
| StricterMixedContentTreatmentEnabled | Enable stricter treatment for mixed content |
| TLS13HardeningForLocalAnchorsEnabled | Enable a TLS 1.3 security feature for local trust anchors |
Deprecated – removed in future releases
| Setting | Description |
| ForceLegacyDefaultReferrerPolicy | Use a default referrer policy of no-referrer-when-downgrade. |
| WebComponentsV0Enabled | Re-enable Web Components v0 API until M84. |
This one is really nice,”Hide the First-run experience and splash screen” no more first-run experience and splash screen!
“Configure Microsoft Defender SmartScreen to block potentially unwanted apps” is a great addition.
Lesson learned, admin need to keep track and update the .ADMX/ADML for every new release and keep an eye on deprecated settings as well.
Reference = https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies
Removing/blocking the Connect app in Windows 10 1607
Customizing the Taskbar in Windows 10 during OSD
Enable App-V and UE-V during OSD in Windows 10 1607
About Author
