Microsoft provides group policies for enterprise control of 'full-Chromium' Edge updates

IT admins will be able to use the policies to manage, deploy and update the new browser to their corporate workforce.

Abstract binary data overlays an eye containing a reflection of the Microsoft logo.
Thinkstock

Microsoft has published the template and documentation that will be required to manage updates of the not-yet-finalized "full-Chromium" Edge browser, making good on a promise of earlier this summer.

When Microsoft first pounded the Edge-for-enterprise drum in June, the Redmond, Wash. developer unveiled a preliminary catalog of group policies that IT administrators would use to deploy, customize and maintain the browser. Omitted, though, were GPOs (group policy objects) and an administrative template for wrangling updates.

"Policies for managing updates aren't included; those will be in a separate administrative template file," Sean Lyndersay, a group program manager on the Edge team, wrote in a June 14 post to a Microsoft blog.

Unlike previous Microsoft browsers - Internet Explorer (IE) and the original Edge, the latter powered by Microsoft's own technologies - the Edge built from the Google-dominated Chromium open-source project will be updated on a much faster six-to-eight-week cadence, just as is Chrome. Microsoft has severed the link between browser and OS feature updates. Enterprises that want to test and verify that each update works as expected need a way to block the native update mechanism.

That's where these new GPOs come into play.

The update-related group policies can be found in the full-Chromium Edge's online documentation. They require version 77 or later of Edge; the Dev 77 build was released last month, while Beta 77 launched this week.

The administrative template - msedgeupdate.admx - to manage Edge updates can be downloaded from this landing page; it is one of the two templates collected in the MicrosoftEdgePolicyTemplates.zip file.

(For those unfamiliar with using Windows' group policies, get-started instructions for the Edge templates can be found under the heading 1. Download and install the Microsoft Edge administrative template on this support page.)

Because an organization's administrators will probably want to restrict employees' browser choices - to, for instance, keep everyone on the same version for support reasons - the GPOs allow for blocking updates of specific builds, like Canary, Dev and Beta - as well as preventing workers from manually refreshing the browser. Other GPOs let IT set specific systems with an update override, so that, say, a piloting team has access to Dev and Beta when everyone else does not.

Still other GPOs set a value for the minimum number of minutes between automatic update checks - the default is 10 hours - and bar updates during office hours so as not to interrupt work.

The GPOs control how Edge's native update service operates - the service that deals out upgrades to unmanaged machines - but Microsoft pledged that enterprise-grade platforms would also be supported by the browser. Deployment and configuration integrations with Microsoft's Intune and System Center Configuration Manager (SCCM), for example, are on the roadmap, though sans timelines.

The browser will also be offered in MSI (for Windows) and PKG (macOS) installation formats for distribution by an organization's IT staff.

The list of all Edge GPOs as of July 22 (other than those for updates) can be found here, and the browser's in-enterprise guidance begins here.

edge update gpos Microsoft

Microsoft has posted the administrative template for managing Edge's updates using group policies configured by IT. If this policy were enabled, the target Windows PC would be able to receive Beta channel updates.

Copyright © 2019 IDG Communications, Inc.

It’s time to break the ChatGPT habit