-->
Applies to: Configuration Manager (Current Branch)
The all-new Microsoft Edge is ready for business. Starting in Configuration Manager version 1910, you can now deploy Microsoft Edge, version 77 and later to your users. A PowerShell script is used to install the Edge build selected. The script also turns off automatic updates for Edge so they can be managed with Configuration Manager.
Mar 05, 2021 Edge uses whatever DNS provider is set up by your ISP, unless you change it. For greater security or privacy, some people like to use an alternative DNS provider such as Google, OpenDNS,. Microsoft Edge doesn't currently have any settings or functions within its web browser that allow you to block specific websites. However, there's a workaround that you can exploit using the. Today Microsoft Edge helps you save time and effort while filling out forms and creating accounts online by auto filling your data like addresses, names, phone numbers, etc. Starting with Microsoft Edge version 89, we are adding support for another field that you can have saved and auto-filled - date of birth. Microsoft Edge kiosk mode with assigned access single app is currently available for testing with the latest Windows 10 Insider Preview Build, version 20215 or higher, and with the Microsoft Edge Beta Channel, version 89 or higher. How do I get the Windows Insiders preview?
Deploy Microsoft Edge
Admins can pick the Beta, Dev, or Stable channel, along with a version of the Microsoft Edge client to deploy. Each release incorporates learnings and improvements from our customers and community.
Prerequisites for deploying
For clients targeted with a Microsoft Edge deployment:
PowerShell Execution Policy can't be set to Restricted.
- PowerShell is executed to perform the installation.
The Microsoft Edge installer and CMPivot are signed with the Microsoft Code Signing certificate. If that certificate isn't listed in the Trusted Publishers store, you'll need to add it. Otherwise, the Microsoft Edge installer and CMPivot won’t run when the PowerShell execution policy is set to AllSigned.
The device running the Configuration Manager console needs access to the following endpoints for deploying Microsoft Edge:
| Location | Use |
|---|---|
https://aka.ms/cmedgeapi | Information about releases of Microsoft Edge |
https://edgeupdates.microsoft.com/api/products?view=enterprise | Information about releases of Microsoft Edge |
http://dl.delivery.mp.microsoft.com | Content for Microsoft Edge releases |
Verify Microsoft Edge update policies
Configuration Manager version 1910
In version 1910, when Microsoft Edge is deployed, the installation script turns off automatic updates for Microsoft Edge so they can be managed with Configuration Manager. You can change this behavior using Group Policy. For more information, see Plan your deployment of Microsoft Edge and Microsoft Edge update policies.
Configuration Manager version 2002 and later
Starting in version 2002, you can create a Microsoft Edge application that's set up to receive automatic updates rather than having automatic updates disabled. This change allows you to choose to manage updates for Microsoft Edge with Configuration Manager or allow Microsoft Edge to automatically update. When creating the application, select Allow Microsoft Edge to automatically update the version of the client on the end user's device on the Microsoft Edge Settings page. If you previously used Group Policy to change this behavior, Group Policy will overwrite the setting made by Configuration Manager during installation of Microsoft Edge.
Create a deployment
Create a Microsoft Edge application using the built-in application experience, which makes Microsoft Edge easier to manage:
In the console, under Software Library, there's a new node called Microsoft Edge Management.
Select Create Microsoft Edge Application from either the ribbon, or by right-clicking on the Microsoft Edge Management node.
On the Application Settings page of the wizard, specify a name, description, and location for the content for the app. Ensure the content location folder you specify is empty.
On the Microsoft Edge Settings page, select:
- The channel to deploy
- The version to deploy
- If you want to Allow Microsoft Edge to automatically update the version of the client on the end user's device (added in version 2002)
On the Deployment page, decide if you want to deploy the application. If you select Yes, you can specify your deployment settings for the application. For more information about deployment settings, see Deploy applications.
In Software Center on the client device, the user can see and install the application.
Log files for deployment
| Location | Log | Use |
|---|---|---|
| Site server | SMSProv.log | Shows details if the creation of the app or deployment fails. |
| Varies | PatchDownloader.log | Shows details if the content download fails |
| Client | AppEnforce.log | Shows installation information |
Update Microsoft Edge
Starting in Configuration Manager version 1910, you'll see a node called All Microsoft Edge updates under Microsoft Edge Management. This node helps you manage updates for all Microsoft Edge channels.
To get updates for Microsoft Edge, ensure you have the Updates classification and the Microsoft Edge product selected for synchronization.
In the Software Library workspace, expand Microsoft Edge Management and click on the All Microsoft Edge Updates node.
If needed, click Synchronize Software Updates in the ribbon to start a synchronization. For more information, see Synchronize software updates.
Manage and deploy Microsoft Edge updates like any other update, such as adding them to your automatic deployment rule. Some of the common updates tasks you can do from the All Microsoft Edge Updates node include:
Microsoft Edge Management dashboard
(Introduced in version 2002)
Starting in Configuration Manager 2002, the Microsoft Edge Management dashboard provides you insights on the usage of Microsoft Edge and other browsers. In this dashboard, you can:
- See how many of your devices have Microsoft Edge installed
- See how many clients have different versions of Microsoft Edge installed.
- This chart doesn't include Canary Channel.
- Have a view of the installed browsers across devices
- Have a view of preferred browser by device
- Currently for the 2002 release, this chart will be empty.
Prerequisites for the dashboard
Enable the following properties in the below hardware inventory classes for the Microsoft Edge Management dashboard:
Installed Software - Asset Intelligence (SMS_InstalledSoftware)
- Software Code
- Product Name
- Product Version
Default Browser (SMS_DefaultBrowser)
- Browser Program ID
Browser Usage (SMS_BrowserUsage)
- BrowserName
- UsagePercentage
View the dashboard
From the Software Library workspace, click Microsoft Edge Management to see the dashboard. Change the collection for the graph data by clicking Browse and choosing another collection. By default your five largest collections are in the drop-down list. When you select a collection that isn't in the list, the newly selected collection takes the bottom spot on your drop-down list.
Known issues
Hardware inventory may fail to process
Hardware inventory for devices might fail to process. Errors similar to the one below may be seen in the Dataldr.log file:
Mitigation: To work around this issue, disable the collection of the Browser Usage (SMS_BrowerUsage) hardware inventory class.
Next steps
-->This article describes how to configure Microsoft Edge kiosk mode options that you can pilot. There's also a roadmap of features we're targeting.
Note
This article applies to Microsoft Edge version 87 or later.
Important
Invoke Microsoft Edge kiosk mode features on Windows 10 using the command line arguments provided in Use kiosk mode features.
Overview
Microsoft Edge kiosk mode offers two lockdown experiences of the browser so organizations can create, manage, and provide the best experience for their customers. The following lockdown experiences are available:
- Digital/Interactive Signage experience - Displays a specific site in full-screen mode.
- Public-Browsing experience - Runs a limited multi-tab version of Microsoft Edge.
Ms Edge Insider Free
Both experiences are running a Microsoft Edge InPrivate session, which protects user data.
Set up Microsoft Edge kiosk mode
An initial set of kiosk mode features is available to test with Microsoft Edge Stable Channel, version 87. You can download the latest version from Microsoft Edge (Official Stable Channel).
Kiosk mode supported features
The following table lists the features supported by kiosk mode in Microsoft Edge and Microsoft Edge Legacy. Use this table as a guide to transitioning to Microsoft Edge by comparing how these features are supported in both versions of Microsoft Edge.
| Feature | DigitalInteractive Signage | Public browsing | Available with Microsoft Edge version (and higher) | Available with Microsoft Edge Legacy |
|---|---|---|---|---|
| InPrivate Navigation | Y | Y | 89 | Y |
| Reset on inactivity | Y | Y | 89 | Y |
| Read only address bar (policy) | N | Y | 89 | N |
| Delete downloads on exit (policy) | Y | Y | 89 | N |
| F11 blocked (enter/exit full-screen) | Y | Y | 89 | Y |
| F12 blocked (launch Developer Tools) | Y | Y | 89 | Y |
| Multi tab support | N | Y | 89 | Y |
| Allow URL support (policy) | Y | Y | 89 | N |
| Block URL support (policy) | Y | Y | 89 | N |
| Show home button (policy) | N | Y | 89 | Y |
| Manage favorites (policy) | N | Y | 89 | Y |
| Enable printer (policy) | Y | Y | 89 | Y |
| Configure the new tab page URL (policy) | N | Y | 89 | Y |
| End session button * | N | Y | 89 | Y |
| All internal Microsoft Edge URLs are blocked, except for edge://downloads and edge://print | N | Y | 89 | Y |
| CTRL+N blocked (open a new window) * | Y | Y | 89 | Y |
| CTRL+T blocked (open new tab) | Y | N | 89 | Y |
| Settings and more (...) will display only the required options | Y | Y | 89 | Y |
| Restrict the launch of other applications from the browser | Y | Y | 90 | Y |
| UI print settings lockdown | Y | Y | 90 | Y |
| Set the new tab page as the home page (policy) | N | Y | 90 | Y |
Note
Features followed by '*' are only enabled in an assigned access single app scenario.
Use kiosk mode features
Microsoft Edge kiosk mode features can be invoked with the following Windows 10 command line options for Digital/Interactive signage and Public browsing.
Kiosk mode Digital/Interactive signage
Kiosk mode Public browsing
Additional command line options
--no-first-run: Disable the first Microsoft Edge run experience.
--kiosk-idle-timeout-minutes=: Change the time (in minutes) from the last user activity before Microsoft Edge kiosk mode resets the user's session. Replace 'value' in the next example with the number of minutes.
The following 'values' are supported:
- Default values (in minutes)
- Full screen - 0 (turned off)
- Public browsing - 5 minutes
- Allowed values
- 0 - turns off the timer
- 1-1440 minutes for reset on idle timer
- Default values (in minutes)
Support policies for kiosk mode
Use any of the Microsoft Edge policies listed in the following table to enhance the kiosk experience for the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see Microsoft Edge – Browser policy reference.
Ms Edge Insider Trading
Note
Policy configuration isn't limited to the policies listed in the following table, however additional policies should be tested to ensure that kiosk mode functionality isn't negatively affected.
| Group policy | DigitalInteractive signage | Public browsing single-app |
|---|---|---|
| Printing | Y | Y |
| HomePageLocation | N | Y |
| ShowHomeButton | N | Y |
| NewTabPageLocation | N | Y |
| FavoritesBarEnabled | N | Y |
| URLAllowlist | Y | Y |
| URLBlocklist | Y | Y |
| ManagedSearchEngines | N | Y |
| UserFeedbackAllowed | N | Y |
| VerticalTabsAllowed | N | Y |
| SmartScreen settings | Y | Y |
| EdgeCollectionsEnabled | Y | Y |
Microsoft Edge with assigned access
Single app kiosk
Microsoft Edge currently supports a subset of the same Microsoft Edge Legacy kiosk mode types for single-app assigned access with the following lockdown experiences: Digital/Interactive signage, and Public-browsing.
Microsoft Edge kiosk mode with assigned access single app is currently available for testing with the latest Windows 10 Insider Preview Build, version 20215 or higher, and with the Microsoft Edge Beta Channel, version 89 or higher.
How do I get the Windows Insiders preview?
To install a Windows 10 Insider Preview Build on a PC, follow the instructions in Getting started with Windows 10 Insider Preview Builds.
Multi-app kiosk
Ms Edge Insider App
Microsoft Edge can be run with multi-app assigned access on Windows 10, which is the equivalent of Microsoft Edge Legacy 'Normal browsing' kiosk mode type. To configure Microsoft Edge with multi-app assigned access, follow the instructions on how to Set up a multi-app kiosk. (The AUMID for the Microsoft Edge Stable channel is MSEdge).
When using Microsoft Edge with multi-app assigned access, you can configure Microsoft Edge kiosk to use theMicrosoft Edge browser policies to configure the browsing experience to meet your unique requirements.
Configure using Windows Settings
Windows Settings is the simplest way to set up one or two single-app kiosk devices. Use the following steps to set up a single-app kiosk computer.
Ms Edge Insider Build
Install the latest Windows 10 Insider Preview, version 20215 or higher. Follow the instructions in Getting started with Windows 10 Insider Preview Builds.
To test the latest features, you can download the latest Microsoft Edge Beta channel, version 89 or higher.
On the kiosk computer, open Windows Settings, and type 'kiosk' in the search field. Select Set up a kiosk (assigned access), shown in the next screenshot to open the dialog for creating the kiosk.
On the Set up a kiosk page, click Get started.
Type a name to create a new kiosk account or choose an existing account from the populated dropdown list and then click Next.
On the Choose a kiosk app page, select Microsoft Edge and then click Next.
Note
This only applies to Microsoft Edge Dev, Beta, and Stable channels.
Pick one of the following options for how Microsoft Edge displays when running in kiosk mode:
- Digital/Interactive signage - Displays a specific site in full-screen mode, running Microsoft Edge.
- Public browser - Runs a limited multi-tab version of Microsoft Edge.
Select Next.
Type the URL to load when the kiosk launches.
Accept the default value of 5 minutes for the idle time or provide a value of your own.
Click Next.
Close the Settings window to save and apply your choices.
Sign out from the kiosk device and sign in with the local kiosk account to validate the configuration.
Functional limitations
With the release of this preview version of kiosk mode we're continuing work on improving the product and adding new features.
We currently don't support the following features and recommend that you turn off:
See also