Intune Edge Extension Best Practices

This article provides best practices for configuring Securly’s Microsoft Edge extensions using Microsoft Intune.

Follow these steps to deploy the Securly Edge extension optimally via Intune.

1. Sign in to the Microsoft Endpoint Manager admin center

2. Select Devices > Windows > Configuration > Create New Policy. 

3. Select “Platform”, “Windows 10 and later”, and then select “Profile type”, “Settings catalog”.

Click on the “Create” button.

4. On the Basics tab, enter a descriptive name, such as "Manage Edge Extension", then select Next. 

5. In Configuration settings, select “+ Add settings”.

6. Search for “Edge” and select ‘Microsoft Edge\Extensions’ to see all the settings in this category. 

7. Select ‘Control which extensions cannot be installed' enable this setting and add “*”. This will prevent other extensions from installing in the Edge browser.

8. Now, search for “edge” in the settings picker section and select ‘Microsoft Edge’ to see all the settings in this category.

9. Select ‘Browser sign in settings’ for either user or device and set it to enabled.  Then, “Force users to sign-in to use the browser”.

10. Select ‘Block access to a list of URLs’ for either user or device and set it to enabled.  Then, enter the following list:

• edge://addresses
• edge://certificate-manager
• edge://extensions
• edge://flags
• edge://hang
• edge://inspect
• edge://kill
• edge://network
• edge://serviceworker-internals
• edge://settings/privacy
• edge://settings/reset
• edge://settings/signOut
• edge://settings/system
• edge://version
• data://*
• devtools://*
• javascript://*

11. Select ‘Configure InPrivate mode availability’ for either user or device and set it to enabled.  Then, “InPrivate mode disabled”.

12. Select ‘Control where Developer Tools can be used’ for either user or device and set it to enabled and “Don’t allow using the developer tools”.

13. Select ‘Enable network prediction’ for either user or device and enable it.  Then set it to “Do not predict network actions on any network connection”.

14. Select ‘Hide the First-run experience and splash screen’ for either user or device and enable it.

15. In the ‘Assignments’ section select the device/user groups you want to target. 

When the configuration policy is complete, it will take time for the settings to push out for the users. It will depend on the sync frequency between the Windows device and Intune.

If you have a testing device handy, you can find the device and force the sync. Learn more about that here.