Microsoft Edge: All available Policies for the latest version of Microsoft Edge

Microsoft Edge policies

Microsoft Edge is a cross-platform web browser developed by Microsoft. It was first released for Windows 10 and Xbox One in 2015, then for Android and iOS in 2017, and for macOS in 201. See this article also for all Group Policies (GPO) available to configure Microsoft Edge settings.

The new Microsoft Edge, powered by the same open source technology as Google Chrome, offers top-notch web and extension compatibility. Microsoft Edge optimizes Windows 10 and syncs passwords, favorites, and settings across multiple devices.

The latest version of Microsoft Edge includes the following policies. You can use these policies to configure how Microsoft Edge runs in your organization. To learn more about controlling Microsoft Edge updates, continue reading this document.

See the related articles for guides on configuring these policies in Microsoft Edge. Group Policies (GPO) available to configure Microsoft Edge Settings, how to configure a new tab page URL in Microsoft Edge via GPO, how to configure favorites on Microsoft Edge via Group Policy, How to forcefully remove Microsoft Edge Browser the hard way from your device and how to configure static page in Microsoft Edge browser via Local Group Policy. For a list of configurations relating to Microsoft Edge, see this link.

Enhance Edge Security with the Microsoft Security Compliance Toolkit

If you want to utilize the Microsoft Security Compliance Toolkit for Microsoft Edge’s recommended security settings, download it from the provided link.

Available policies: These tables list all of the browser-related group policies available in this release of Microsoft Edge. Use the links in the table to get more details about specific policies.

Application Guard settingsCast
Content settingsDefault search provider
ExtensionsHTTP authentication
Kiosk Mode settingsNative Messaging
Password manager and protectionPrinting
Proxy serverSmartScreen settings
Startup, home page and new tab pageAdditional

For Application Guard settings

Policy NameCaption
ApplicationGuardContainerProxyApplication Guard Container Proxy

For Cast

Policy NameCaption
EnableMediaRouterEnable Google Cast
ShowCastIconInToolbarShow the cast icon in the toolbar

For Content settings

Policy NameCaption
AutoSelectCertificateForUrlsAutomatically select client certificates for these sites
CookiesAllowedForUrlsAllow cookies on specific sites
CookiesBlockedForUrlsBlock cookies on specific sites
CookiesSessionOnlyForUrlsLimit cookies from specific websites to the current session
DefaultCookiesSettingConfigure cookies
DefaultFileSystemReadGuardSettingControl use of the File System API for reading
DefaultFileSystemWriteGuardSettingControl use of the File System API for writing
DefaultGeolocationSettingDefault geolocation setting
DefaultImagesSettingDefault images setting
DefaultInsecureContentSettingControl use of insecure content exceptions
DefaultJavaScriptSettingDefault JavaScript setting
DefaultNotificationsSettingDefault notification setting
DefaultPluginsSettingDefault Adobe Flash setting
DefaultPopupsSettingDefault pop-up window setting
DefaultWebBluetoothGuardSettingControl use of the Web Bluetooth API
DefaultWebUsbGuardSettingControl use of the WebUSB API
FileSystemReadAskForUrlsAllow read access via the File System API on these sites
FileSystemReadBlockedForUrlsBlock read access via the File System API on these sites
FileSystemWriteAskForUrlsAllow write access to files and directories on these sites
FileSystemWriteBlockedForUrlsBlock write access to files and directories on these sites
ImagesAllowedForUrlsAllow images on these sites
ImagesBlockedForUrlsBlock images on specific sites
InsecureContentAllowedForUrlsAllow insecure content on specified sites
InsecureContentBlockedForUrlsBlock insecure content on specified sites
JavaScriptAllowedForUrlsAllow JavaScript on specific sites
JavaScriptBlockedForUrlsBlock JavaScript on specific sites
LegacySameSiteCookieBehaviorEnabledEnable default legacy SameSite cookie behavior setting
LegacySameSiteCookieBehaviorEnabledForDomainListRevert to legacy SameSite behavior for cookies on specified sites
NotificationsAllowedForUrlsAllow notifications on specific sites
NotificationsBlockedForUrlsBlock notifications on specific sites
PluginsAllowedForUrlsAllow the Adobe Flash plug-in on specific sites
PluginsBlockedForUrlsBlock the Adobe Flash plug-in on specific sites
PopupsAllowedForUrlsAllow pop-up windows on specific sites
PopupsBlockedForUrlsBlock pop-up windows on specific sites
RegisteredProtocolHandlersRegister protocol handlers
SpotlightExperiencesAndRecommendationsEnabledChoose whether users can receive customized background images and text, suggestions, notifications,
WebUsbAllowDevicesForUrlsGrant access to specific sites to connect to specific USB devices
WebUsbAskForUrlsAllow WebUSB on specific sites
WebUsbBlockedForUrlsBlock WebUSB on specific sites

For Default search provider

Policy NameCaption
DefaultSearchProviderEnabledEnable the default search provider
DefaultSearchProviderEncodingsDefault search provider encodings
DefaultSearchProviderImageURLSpecifies the search-by-image feature for the default search provider
DefaultSearchProviderImageURLPostParamsParameters for an image URL that uses POST
DefaultSearchProviderKeywordDefault search provider keyword
DefaultSearchProviderNameDefault search provider name
DefaultSearchProviderSearchURLDefault search provider search URL
DefaultSearchProviderSuggestURLDefault search provider URL for suggestions
NewTabPageSearchBoxConfigure the new tab page search box experience

For Extensions

Policy NameCaption
ExtensionAllowedTypesConfigure allowed extension types
ExtensionInstallAllowlistAllow specific extensions to be installed
ExtensionInstallBlocklistControl which extensions cannot be installed
ExtensionInstallForcelistControl which extensions are installed silently
ExtensionInstallSourcesConfigure extension and user script install sources
ExtensionSettingsConfigure extension management settings

For HTTP Authentication

Policy NameCaption
AllowCrossOriginAuthPromptAllow cross-origin HTTP Authentication prompts
AuthNegotiateDelegateAllowlistSpecifies a list of servers that Microsoft Edge can delegate user credentials to
AuthSchemesSupported authentication schemes
AuthServerAllowlistConfigure list of allowed authentication servers
DisableAuthNegotiateCnameLookupDisable CNAME lookup when negotiating Kerberos authentication
EnableAuthNegotiatePortInclude non-standard port in Kerberos SPN
NtlmV2EnabledControl whether NTLMv2 authentication is enabled

For Kiosk Mode Settings:

Policy NameCaption
KioskDeleteDownloadsOnExitDelete files downloaded as part of Kiosk session when Microsoft Edge closes

For Native Messaging

Policy NameCaption
NativeMessagingAllowlistControl which native messaging hosts users can use
NativeMessagingBlocklistConfigure native messaging block list
NativeMessagingUserLevelHostsAllow user-level native messaging hosts (installed without admin permissions)

For Password manager and protection

Policy NameCaption
PasswordManagerEnabledEnable saving passwords to the password manager
PasswordMonitorAllowedAllow users to be alerted if their passwords are found to be unsafe
PasswordProtectionChangePasswordURLConfigure the change password URL
PasswordProtectionLoginURLsConfigure the list of enterprise login URLs where the password protection service should capture salted hashes of a password
PasswordProtectionWarningTriggerConfigure password protection warning trigger

For Printing:

Policy NameCaption
DefaultPrinterSelectionDefault printer selection rules
PrintHeaderFooterPrint headers and footers
PrintPreviewUseSystemDefaultPrinterSet the system default printer as the default printer
PrintingEnabledEnable printing
PrintingPaperSizeDefaultDefault printing page size
UseSystemPrintDialogPrint using system print dialog

For Proxy Servers

Policy NameCaption
ProxyBypassListConfigure proxy bypass rules
ProxyModeConfigure proxy server settings
ProxyPacUrlSet the proxy .pac file URL
ProxyServerConfigure address or URL of proxy server
ProxySettingsProxy settings

For Smart Settings

Policy NameCaption
PreventSmartScreenPromptOverridePrevent bypassing Microsoft Defender SmartScreen prompts for sites
PreventSmartScreenPromptOverrideForFilesPrevent bypassing of Microsoft Defender SmartScreen warnings about downloads
SmartScreenAllowListDomainsConfigure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings
SmartScreenEnabledConfigure Microsoft Defender SmartScreen
SmartScreenForTrustedDownloadsEnabledForce Microsoft Defender SmartScreen checks on downloads from trusted sources
SmartScreenPuaEnabledConfigure Microsoft Defender SmartScreen to block potentially unwanted apps

For Startup, home page and new tab page

Policy NameCaption
HomepageIsNewTabPageSet the new tab page as the home page
HomepageLocationConfigure the home page URL
NewTabPageAllowedBackgroundTypesConfigure the background types allowed for the new tab page layout
NewTabPageCompanyLogoSet new tab page company logo (obsolete)
NewTabPageHideDefaultTopSitesHide the default top sites from the new tab page
NewTabPageLocationConfigure the new tab page URL
NewTabPageManagedQuickLinksSet new tab page quick links
NewTabPagePrerenderEnabledEnable preload of the new tab page for faster rendering
NewTabPageSetFeedTypeConfigure the Microsoft Edge new tab page experience
RestoreOnStartupAction to take on startup
RestoreOnStartupURLsSites to open when the browser starts
ShowHomeButtonShow Home button on toolbar

For additional settings that can be made on Microsoft Edge

Policy NameCaption
AddressBarMicrosoftSearchInBingProviderEnabledEnable Microsoft Search in Bing suggestions in the address bar
AdsSettingForIntrusiveAdsSitesAds setting for sites with intrusive ads
AllowDeletingBrowserHistoryEnable deleting browser and download history
AllowFileSelectionDialogsAllow file selection dialogs
AllowPopupsDuringPageUnloadAllows a page to show popups during its unloading
AllowSurfGameAllow surf game
AllowSyncXHRInPageDismissalAllow pages to send synchronous XHR requests during page dismissal (deprecated)
AllowTokenBindingForUrlsConfigure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with
AllowTrackingForUrlsConfigure tracking prevention exceptions for specific sites
AlternateErrorPagesEnabledSuggest similar pages when a webpage can’t be found
AlwaysOpenPdfExternallyAlways open PDF files externally
AmbientAuthenticationInPrivateModesEnabledEnable Ambient Authentication for InPrivate and Guest profiles
AppCacheForceEnabledAllows the AppCache feature to be re-enabled, even if it’s turned off by default
ApplicationLocaleValueSet application locale
AudioCaptureAllowedAllow or block audio capture
AudioCaptureAllowedUrlsSites that can access audio capture devices without requesting permission
AudioSandboxEnabledAllow the audio sandbox to run
AutoImportAtFirstRunAutomatically import another browser’s data and settings at first run
AutoLaunchProtocolsFromOriginsDefine a list of protocols that can launch an external application from listed origins without prompting the user
AutoOpenAllowedForURLsURLs where AutoOpenFileTypes can apply
AutoOpenFileTypesList of file types that should be automatically opened on download
AutofillAddressEnabledEnable AutoFill for addresses
AutofillCreditCardEnabledEnable AutoFill for credit cards
AutoplayAllowedAllow media autoplay for websites
BackgroundModeEnabledContinue running background apps after Microsoft Edge closes
BackgroundTemplateListUpdatesEnabledEnables background updates to the list of available templates for Collections and other features that use templates
BingAdsSuppressionBlock all ads on Bing search results
BlockThirdPartyCookiesBlock third party cookies
BrowserAddProfileEnabledEnable profile creation from the Identity flyout menu or the Settings page
BrowserGuestModeEnabledEnable guest mode
BrowserNetworkTimeQueriesEnabledAllow queries to a Browser Network Time service
BrowserSigninBrowser sign-in settings
BuiltInDnsClientEnabledUse built-in DNS client
BuiltinCertificateVerifierEnabledDetermines whether the built-in certificate verifier will be used to verify server certificates (deprecated)
CertificateTransparencyEnforcementDisabledForCasDisable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
CertificateTransparencyEnforcementDisabledForLegacyCasDisable Certificate Transparency enforcement for a list of legacy certificate authorities
CertificateTransparencyEnforcementDisabledForUrlsDisable Certificate Transparency enforcement for specific URLs
ClearBrowsingDataOnExitClear browsing data when Microsoft Edge closes
ClearCachedImagesAndFilesOnExitClear cached images and files when Microsoft Edge closes
ClickOnceEnabledAllow users to open files using the ClickOnce protocol
CollectionsServicesAndExportsBlockListBlock access to a specified list of services and export targets in Collections
CommandLineFlagSecurityWarningsEnabledEnable security warnings for command-line flags
ComponentUpdatesEnabledEnable component updates in Microsoft Edge
ConfigureDoNotTrackConfigure Do Not Track
ConfigureOnPremisesAccountAutoSignInConfigure automatic sign in with an Active Directory domain account when there is no Azure AD domain account
ConfigureOnlineTextToSpeechConfigure Online Text To Speech
ConfigureShareConfigure the Share experience
CustomHelpLinkSpecify custom help link
DNSInterceptionChecksEnabledDNS interception checks enabled
DefaultBrowserSettingEnabledSet Microsoft Edge as default browser
DefaultSearchProviderContextMenuAccessAllowedAllow default search provider context menu search access
DefaultSensorsSettingDefault sensors setting
DefaultSerialGuardSettingControl use of the Serial API
DelayNavigationsForInitialSiteListDownloadRequire that the Enterprise Mode Site List is available before tab navigation
DeleteDataOnMigrationDelete old browser data on migration
DeveloperToolsAvailabilityControl where developer tools can be used
DiagnosticDataSend required and optional diagnostic data about browser usage
DirectInvokeEnabledAllow users to open files using the DirectInvoke protocol
Disable3DAPIsDisable support for 3D graphics APIs
DisableScreenshotsDisable taking screenshots
DiskCacheDirSet disk cache directory
DiskCacheSizeSet disk cache size, in bytes
DnsOverHttpsModeControl the mode of DNS-over-HTTPS
DnsOverHttpsTemplatesSpecify URI template of desired DNS-over-HTTPS resolver
DownloadDirectorySet download directory
DownloadRestrictionsAllow download restrictions
EdgeCollectionsEnabledEnable the Collections feature
EditFavoritesEnabledAllows users to edit favorites
EnableDeprecatedWebPlatformFeaturesRe-enable deprecated web platform features for a limited time (obsolete)
EnableDomainActionsDownloadEnable Domain Actions Download from Microsoft (obsolete)
EnableOnlineRevocationChecksEnable online OCSP/CRL checks
EnableSha1ForLocalAnchorsAllow certificates signed using SHA-1 when issued by local trust anchors (deprecated)
EnterpriseHardwarePlatformAPIEnabledAllow managed extensions to use the Enterprise Hardware Platform API
EnterpriseModeSiteListManagerAllowedAllow access to the Enterprise Mode Site List Manager tool
ExemptDomainFileTypePairsFromFileTypeDownloadWarningsDisable download file type extension-based warnings for specified file types on domains
ExperimentationAndConfigurationServiceControlControl communication with the Experimentation and Configuration Service
ExternalProtocolDialogShowAlwaysOpenCheckboxShow an “Always open” checkbox in external protocol dialog
FamilySafetySettingsEnabledAllow users to configure Family safety
FavoritesBarEnabledEnable favorites bar
ForceBingSafeSearchEnforce Bing SafeSearch
ForceCertificatePromptsOnMultipleMatchesConfigure whether Microsoft Edge should automatically select a certificate when there are multiple certificate matches for a site configured with “AutoSelectCertificateForUrls”
ForceEphemeralProfilesEnable use of ephemeral profiles
ForceGoogleSafeSearchEnforce Google SafeSearch
ForceLegacyDefaultReferrerPolicyUse a default referrer policy of no-referrer-when-downgrade (deprecated)
ForceNetworkInProcessForce networking code to run in the browser process (obsolete)
ForceSyncForce synchronization of browser data and do not show the sync consent prompt
ForceYouTubeRestrictForce minimum YouTube Restricted Mode
FullscreenAllowedAllow full screen mode
GloballyScopeHTTPAuthCacheEnabledEnable globally scoped HTTP auth cache
GoToIntranetSiteForSingleWordEntryInAddressBarForce direct intranet site navigation instead of searching on single word entries in the Address Bar
HSTSPolicyBypassListConfigure the list of names that will bypass the HSTS policy check
HardwareAccelerationModeEnabledUse hardware acceleration when available
HideFirstRunExperienceHide the First-run experience and splash screen
ImportAutofillFormDataAllow importing of autofill form data
ImportBrowserSettingsAllow importing of browser settings
ImportCookiesAllow importing of Cookies
ImportExtensionsAllow importing of extensions
ImportFavoritesAllow importing of favorites
ImportHistoryAllow importing of browsing history
ImportHomepageAllow importing of home page settings
ImportOpenTabsAllow importing of open tabs
ImportPaymentInfoAllow importing of payment info
ImportSavedPasswordsAllow importing of saved passwords
ImportSearchEngineAllow importing of search engine settings
ImportShortcutsAllow importing of shortcuts
InPrivateModeAvailabilityConfigure InPrivate mode availability
InsecureFormsWarningsEnabledEnable warnings for insecure forms
IntensiveWakeUpThrottlingEnabledControl the IntensiveWakeUpThrottling feature
InternetExplorerIntegrationEnhancedHangDetectionConfigure enhanced hang detection for Internet Explorer mode
InternetExplorerIntegrationLevelConfigure Internet Explorer integration
InternetExplorerIntegrationSiteListConfigure the Enterprise Mode Site List
InternetExplorerIntegrationSiteRedirectSpecify how “in-page” navigations to unconfigured sites behave when started from Internet Explorer mode pages
InternetExplorerIntegrationTestingAllowedAllow Internet Explorer mode testing
IsolateOriginsEnable site isolation for specific origins
LocalProvidersEnabledAllow suggestions from local providers
ManagedFavoritesConfigure favorites
ManagedSearchEnginesManage Search Engines
MaxConnectionsPerProxyMaximum number of concurrent connections to the proxy server
MediaRouterCastAllowAllIPsAllow Google Cast to connect to Cast devices on all IP addresses
MetricsReportingEnabledEnable usage and crash-related data reporting (deprecated)
NativeWindowOcclusionEnabledEnable Native Window Occlusion
NavigationDelayForInitialSiteListDownloadTimeoutSet a timeout for delay of tab navigation for the Enterprise Mode Site List
NetworkPredictionOptionsEnable network prediction
NonRemovableProfileEnabledConfigure whether a user always has a default profile automatically signed in with their work or school account
OverrideSecurityRestrictionsOnInsecureOriginControl where security restrictions on insecure origins apply
PaymentMethodQueryEnabledAllow websites to query for available payment methods
PersonalizationReportingEnabledAllow personalization of ads, search and news by sending browsing history to Microsoft
PinningWizardAllowedAllow Pin to taskbar wizard
ProactiveAuthEnabledEnable Proactive Authentication
PromotionalTabsEnabledEnable full-tab promotional content
PromptForDownloadLocationAsk where to save downloaded files
QuicAllowedAllow QUIC protocol
RelaunchNotificationNotify a user that a browser restart is recommended or required for pending updates
RelaunchNotificationPeriodSet the time period for update notifications
RendererCodeIntegrityEnabledEnable renderer code integrity
RequireOnlineRevocationChecksForLocalAnchorsSpecify if online OCSP/CRL checks are required for local trust anchors
ResolveNavigationErrorsUseWebServiceEnable resolution of navigation errors using a web service
RestrictSigninToPatternRestrict which accounts can be used as Microsoft Edge primary accounts
RoamingProfileLocationSet the roaming profile directory
RoamingProfileSupportEnabledEnable using roaming copies for Microsoft Edge profile data
RunAllFlashInAllowModeExtend Adobe Flash content setting to all content
SSLErrorOverrideAllowedAllow users to proceed from the HTTPS warning page
SSLVersionMinMinimum TLS version enabled
SaveCookiesOnExitSave cookies when Microsoft Edge closes
SavingBrowserHistoryDisabledDisable saving browser history
ScreenCaptureAllowedAllow or deny screen capture
ScrollToTextFragmentEnabledEnable scrolling to text specified in URL fragments
SearchSuggestEnabledEnable search suggestions
SecurityKeyPermitAttestationWebsites or domains that don’t need permission to use direct Security Key attestation
SendIntranetToInternetExplorerSend all intranet sites to Internet Explorer
SendSiteInfoToImproveServicesSend site information to improve Microsoft services (deprecated)
SensorsAllowedForUrlsAllow access to sensors on specific sites
SensorsBlockedForUrlsBlock access to sensors on specific sites
SerialAskForUrlsAllow the Serial API on specific sites
SerialBlockedForUrlsBlock the Serial API on specific sites
ShowOfficeShortcutInFavoritesBarShow Microsoft Office shortcut in favorites bar (deprecated)
SignedHTTPExchangeEnabledEnable Signed HTTP Exchange (SXG) support
SitePerProcessEnable site isolation for every site
SpeechRecognitionEnabledConfigure Speech Recognition
SpellcheckEnabledEnable spellcheck
SpellcheckLanguageEnable specific spellcheck languages
SpellcheckLanguageBlocklistForce disable spellcheck languages
StricterMixedContentTreatmentEnabledEnable stricter treatment for mixed content (deprecated)
SuppressUnsupportedOSWarningSuppress the unsupported OS warning
SyncDisabledDisable synchronization of data using Microsoft sync services
SyncTypesListDisabledConfigure the list of types that are excluded from synchronization
TLS13HardeningForLocalAnchorsEnabledEnable a TLS 1.3 security feature for local trust anchors (obsolete)
TLSCipherSuiteDenyListSpecify the TLS cipher suites to disable
TabFreezingEnabledAllow freezing of background tabs
TaskManagerEndProcessEnabledEnable ending processes in the Browser task manager
TotalMemoryLimitMbSet limit on megabytes of memory a single Microsoft Edge instance can use
TrackingPreventionBlock tracking of users’ web-browsing activity
TranslateEnabledEnable Translate
URLAllowlistDefine a list of allowed URLs
URLBlocklistBlock access to a list of URLs
UserAgentClientHintsEnabledEnable the User-Agent Client Hints feature (deprecated)
UserDataDirSet the user data directory
UserDataSnapshotRetentionLimitLimits the number of user data snapshots retained for use in case of emergency rollback
UserFeedbackAllowedAllow user feedback
VideoCaptureAllowedAllow or block video capture
VideoCaptureAllowedUrlsSites that can access video capture devices without requesting permission
WPADQuickCheckEnabledSet WPAD optimization
WebAppInstallForceListConfigure list of force-installed Web Apps
WebComponentsV0EnabledRe-enable Web Components v0 API until M84 (obsolete)
WebDriverOverridesIncompatiblePoliciesAllow WebDriver to Override Incompatible Policies (obsolete)
WebRtcLocalIpsAllowedUrlsManage exposure of local IP addressess by WebRTC
WebRtcLocalhostIpHandlingRestrict exposure of local IP address by WebRTC
WebRtcUdpPortRangeRestrict the range of local UDP ports used by WebRTC
WinHttpProxyResolverEnabledUse Windows proxy resolver (deprecated)

If you require additional information on how to Configure Microsoft Edge Settings, kindly let me know via the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x