What do you need help with?

  1. Support
  2. Filter
  3. Best Practice

GPO Edge Extension Best Practices

Securly Admin
Updated

This article provides best practices for configuring Securly’s Microsoft Edge extensions using the Group Policy Editor.

All settings can be configured within your Group Policy Editor by following this path: (Computer Configuration or User Configuration) > Policies > Administrative Templates > Microsoft Edge > Extensions.

  • “Control which extensions cannot be installed” [ExtensionInstallBlocklist] may be used to block all other extensions (such as VPNs or proxies). Click to enable it, then use the “Show” button to bring up the value box and enter “*.”

  • Now, navigate back to: (Computer Configuration or User Configuration) > Policies > Administrative Templates > Microsoft Edge >
  • “Browser sign-in settings” [BrowserSignin] may be used to force users to sign in to the browser, this can help with other Office apps.  Click to enable it, then select "Force users to sign-in to use the browser (all profiles)".

  • “Block access to a list of URLs” should be enabled. Click "Show" to add the following list of URLs:
    • edge://addresses
    • edge://certificate-manager
    • edge://extensions
    • edge://flags
    • edge://hang
    • edge://inspect
    • edge://kill
    • edge://network
    • edge://serviceworker-internals
    • edge://settings/privacy
    • edge://settings/reset
    • edge://settings/signOut
    • edge://settings/system
    • edge://version
    • data://*
    • devtools://*
    • javascript://*

  • “Configure InPrivate mode availability” [InPrivateModeAvailability] should be enabled, and “InPrivate mode disabled” should be selected.

  • “Control where developer tools can be used” [DeveloperToolsAvailability] should be enabled, and ‘Don’t allow using the developer tools’ should be selected.

  • “Enable network prediction” should be enabled, and ‘Don’t predict network actions on any network connection’ should be selected.

  • “Hide the First-run experience and splash screen” [HideFirstRunExperience] may be enabled.

  • “Enable guest mode” [BrowserGuestModeEnabled] should be disabled.

  • “Enable ending processes in the Browser task manager” [TaskManagerEndProcessEnabled] should be disabled.

After making changes to any Group Policy, running the command “gpupdate /force” will propagate the changes you made.

Was this article helpful?
0 out of 0 found this helpful
Have more questions?
Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more