
Microsoft Edge is a cross-platform web browser developed by Microsoft. It was first released for Windows 10 and Xbox One in 2015, then for Android and iOS in 2017, and for macOS in 201. See this article also for all Group Policies (GPO) available to configure Microsoft Edge settings.
The new Microsoft Edge, powered by the same open source technology as Google Chrome, offers top-notch web and extension compatibility. Microsoft Edge optimizes Windows 10 and syncs passwords, favorites, and settings across multiple devices.
The latest version of Microsoft Edge includes the following policies. You can use these policies to configure how Microsoft Edge runs in your organization. To learn more about controlling Microsoft Edge updates, continue reading this document.
See the related articles for guides on configuring these policies in Microsoft Edge. Group Policies (GPO) available to configure Microsoft Edge Settings, how to configure a new tab page URL in Microsoft Edge via GPO, how to configure favorites on Microsoft Edge via Group Policy, How to forcefully remove Microsoft Edge Browser the hard way from your device and how to configure static page in Microsoft Edge browser via Local Group Policy. For a list of configurations relating to Microsoft Edge, see this link.
Enhance Edge Security with the Microsoft Security Compliance Toolkit
If you want to utilize the Microsoft Security Compliance Toolkit for Microsoft Edge’s recommended security settings, download it from the provided link. https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#roamingprofilesupportenabled
Available policies: These tables list all of the browser-related group policies available in this release of Microsoft Edge. Use the links in the table to get more details about specific policies.
Application Guard settings | Cast |
Content settings | Default search provider |
Extensions | HTTP authentication |
Kiosk Mode settings | Native Messaging |
Password manager and protection | Printing |
Proxy server | SmartScreen settings |
Startup, home page and new tab page | Additional |
For Application Guard settings
Policy Name | Caption |
---|---|
ApplicationGuardContainerProxy | Application Guard Container Proxy |
For Cast
Policy Name | Caption |
---|---|
EnableMediaRouter | Enable Google Cast |
ShowCastIconInToolbar | Show the cast icon in the toolbar |
For Content settings
Policy Name | Caption |
---|---|
AutoSelectCertificateForUrls | Automatically select client certificates for these sites |
CookiesAllowedForUrls | Allow cookies on specific sites |
CookiesBlockedForUrls | Block cookies on specific sites |
CookiesSessionOnlyForUrls | Limit cookies from specific websites to the current session |
DefaultCookiesSetting | Configure cookies |
DefaultFileSystemReadGuardSetting | Control use of the File System API for reading |
DefaultFileSystemWriteGuardSetting | Control use of the File System API for writing |
DefaultGeolocationSetting | Default geolocation setting |
DefaultImagesSetting | Default images setting |
DefaultInsecureContentSetting | Control use of insecure content exceptions |
DefaultJavaScriptSetting | Default JavaScript setting |
DefaultNotificationsSetting | Default notification setting |
DefaultPluginsSetting | Default Adobe Flash setting |
DefaultPopupsSetting | Default pop-up window setting |
DefaultWebBluetoothGuardSetting | Control use of the Web Bluetooth API |
DefaultWebUsbGuardSetting | Control use of the WebUSB API |
FileSystemReadAskForUrls | Allow read access via the File System API on these sites |
FileSystemReadBlockedForUrls | Block read access via the File System API on these sites |
FileSystemWriteAskForUrls | Allow write access to files and directories on these sites |
FileSystemWriteBlockedForUrls | Block write access to files and directories on these sites |
ImagesAllowedForUrls | Allow images on these sites |
ImagesBlockedForUrls | Block images on specific sites |
InsecureContentAllowedForUrls | Allow insecure content on specified sites |
InsecureContentBlockedForUrls | Block insecure content on specified sites |
JavaScriptAllowedForUrls | Allow JavaScript on specific sites |
JavaScriptBlockedForUrls | Block JavaScript on specific sites |
LegacySameSiteCookieBehaviorEnabled | Enable default legacy SameSite cookie behavior setting |
LegacySameSiteCookieBehaviorEnabledForDomainList | Revert to legacy SameSite behavior for cookies on specified sites |
NotificationsAllowedForUrls | Allow notifications on specific sites |
NotificationsBlockedForUrls | Block notifications on specific sites |
PluginsAllowedForUrls | Allow the Adobe Flash plug-in on specific sites |
PluginsBlockedForUrls | Block the Adobe Flash plug-in on specific sites |
PopupsAllowedForUrls | Allow pop-up windows on specific sites |
PopupsBlockedForUrls | Block pop-up windows on specific sites |
RegisteredProtocolHandlers | Register protocol handlers |
SpotlightExperiencesAndRecommendationsEnabled | Choose whether users can receive customized background images and text, suggestions, notifications, |
WebUsbAllowDevicesForUrls | Grant access to specific sites to connect to specific USB devices |
WebUsbAskForUrls | Allow WebUSB on specific sites |
WebUsbBlockedForUrls | Block WebUSB on specific sites |
For Default search provider
Policy Name | Caption |
---|---|
DefaultSearchProviderEnabled | Enable the default search provider |
DefaultSearchProviderEncodings | Default search provider encodings |
DefaultSearchProviderImageURL | Specifies the search-by-image feature for the default search provider |
DefaultSearchProviderImageURLPostParams | Parameters for an image URL that uses POST |
DefaultSearchProviderKeyword | Default search provider keyword |
DefaultSearchProviderName | Default search provider name |
DefaultSearchProviderSearchURL | Default search provider search URL |
DefaultSearchProviderSuggestURL | Default search provider URL for suggestions |
NewTabPageSearchBox | Configure the new tab page search box experience |
For Extensions
Policy Name | Caption |
---|---|
ExtensionAllowedTypes | Configure allowed extension types |
ExtensionInstallAllowlist | Allow specific extensions to be installed |
ExtensionInstallBlocklist | Control which extensions cannot be installed |
ExtensionInstallForcelist | Control which extensions are installed silently |
ExtensionInstallSources | Configure extension and user script install sources |
ExtensionSettings | Configure extension management settings |
For HTTP Authentication
Policy Name | Caption |
---|---|
AllowCrossOriginAuthPrompt | Allow cross-origin HTTP Authentication prompts |
AuthNegotiateDelegateAllowlist | Specifies a list of servers that Microsoft Edge can delegate user credentials to |
AuthSchemes | Supported authentication schemes |
AuthServerAllowlist | Configure list of allowed authentication servers |
DisableAuthNegotiateCnameLookup | Disable CNAME lookup when negotiating Kerberos authentication |
EnableAuthNegotiatePort | Include non-standard port in Kerberos SPN |
NtlmV2Enabled | Control whether NTLMv2 authentication is enabled |
For Kiosk Mode Settings:
Policy Name | Caption |
---|---|
KioskDeleteDownloadsOnExit | Delete files downloaded as part of Kiosk session when Microsoft Edge closes |
For Native Messaging
Policy Name | Caption |
---|---|
NativeMessagingAllowlist | Control which native messaging hosts users can use |
NativeMessagingBlocklist | Configure native messaging block list |
NativeMessagingUserLevelHosts | Allow user-level native messaging hosts (installed without admin permissions) |
For Password manager and protection
Policy Name | Caption |
---|---|
PasswordManagerEnabled | Enable saving passwords to the password manager |
PasswordMonitorAllowed | Allow users to be alerted if their passwords are found to be unsafe |
PasswordProtectionChangePasswordURL | Configure the change password URL |
PasswordProtectionLoginURLs | Configure the list of enterprise login URLs where the password protection service should capture salted hashes of a password |
PasswordProtectionWarningTrigger | Configure password protection warning trigger |
For Printing:
Policy Name | Caption |
---|---|
DefaultPrinterSelection | Default printer selection rules |
PrintHeaderFooter | Print headers and footers |
PrintPreviewUseSystemDefaultPrinter | Set the system default printer as the default printer |
PrintingEnabled | Enable printing |
PrintingPaperSizeDefault | Default printing page size |
UseSystemPrintDialog | Print using system print dialog |
For Proxy Servers
Policy Name | Caption |
---|---|
ProxyBypassList | Configure proxy bypass rules |
ProxyMode | Configure proxy server settings |
ProxyPacUrl | Set the proxy .pac file URL |
ProxyServer | Configure address or URL of proxy server |
ProxySettings | Proxy settings |
For Smart Settings
Policy Name | Caption |
---|---|
PreventSmartScreenPromptOverride | Prevent bypassing Microsoft Defender SmartScreen prompts for sites |
PreventSmartScreenPromptOverrideForFiles | Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads |
SmartScreenAllowListDomains | Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings |
SmartScreenEnabled | Configure Microsoft Defender SmartScreen |
SmartScreenForTrustedDownloadsEnabled | Force Microsoft Defender SmartScreen checks on downloads from trusted sources |
SmartScreenPuaEnabled | Configure Microsoft Defender SmartScreen to block potentially unwanted apps |
For Startup, home page and new tab page
Policy Name | Caption |
---|---|
HomepageIsNewTabPage | Set the new tab page as the home page |
HomepageLocation | Configure the home page URL |
NewTabPageAllowedBackgroundTypes | Configure the background types allowed for the new tab page layout |
NewTabPageCompanyLogo | Set new tab page company logo (obsolete) |
NewTabPageHideDefaultTopSites | Hide the default top sites from the new tab page |
NewTabPageLocation | Configure the new tab page URL |
NewTabPageManagedQuickLinks | Set new tab page quick links |
NewTabPagePrerenderEnabled | Enable preload of the new tab page for faster rendering |
NewTabPageSetFeedType | Configure the Microsoft Edge new tab page experience |
RestoreOnStartup | Action to take on startup |
RestoreOnStartupURLs | Sites to open when the browser starts |
ShowHomeButton | Show Home button on toolbar |
For additional settings that can be made on Microsoft Edge
Policy Name | Caption |
---|---|
AddressBarMicrosoftSearchInBingProviderEnabled | Enable Microsoft Search in Bing suggestions in the address bar |
AdsSettingForIntrusiveAdsSites | Ads setting for sites with intrusive ads |
AllowDeletingBrowserHistory | Enable deleting browser and download history |
AllowFileSelectionDialogs | Allow file selection dialogs |
AllowPopupsDuringPageUnload | Allows a page to show popups during its unloading |
AllowSurfGame | Allow surf game |
AllowSyncXHRInPageDismissal | Allow pages to send synchronous XHR requests during page dismissal (deprecated) |
AllowTokenBindingForUrls | Configure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with |
AllowTrackingForUrls | Configure tracking prevention exceptions for specific sites |
AlternateErrorPagesEnabled | Suggest similar pages when a webpage can’t be found |
AlwaysOpenPdfExternally | Always open PDF files externally |
AmbientAuthenticationInPrivateModesEnabled | Enable Ambient Authentication for InPrivate and Guest profiles |
AppCacheForceEnabled | Allows the AppCache feature to be re-enabled, even if it’s turned off by default |
ApplicationLocaleValue | Set application locale |
AudioCaptureAllowed | Allow or block audio capture |
AudioCaptureAllowedUrls | Sites that can access audio capture devices without requesting permission |
AudioSandboxEnabled | Allow the audio sandbox to run |
AutoImportAtFirstRun | Automatically import another browser’s data and settings at first run |
AutoLaunchProtocolsFromOrigins | Define a list of protocols that can launch an external application from listed origins without prompting the user |
AutoOpenAllowedForURLs | URLs where AutoOpenFileTypes can apply |
AutoOpenFileTypes | List of file types that should be automatically opened on download |
AutofillAddressEnabled | Enable AutoFill for addresses |
AutofillCreditCardEnabled | Enable AutoFill for credit cards |
AutoplayAllowed | Allow media autoplay for websites |
BackgroundModeEnabled | Continue running background apps after Microsoft Edge closes |
BackgroundTemplateListUpdatesEnabled | Enables background updates to the list of available templates for Collections and other features that use templates |
BingAdsSuppression | Block all ads on Bing search results |
BlockThirdPartyCookies | Block third party cookies |
BrowserAddProfileEnabled | Enable profile creation from the Identity flyout menu or the Settings page |
BrowserGuestModeEnabled | Enable guest mode |
BrowserNetworkTimeQueriesEnabled | Allow queries to a Browser Network Time service |
BrowserSignin | Browser sign-in settings |
BuiltInDnsClientEnabled | Use built-in DNS client |
BuiltinCertificateVerifierEnabled | Determines whether the built-in certificate verifier will be used to verify server certificates (deprecated) |
CertificateTransparencyEnforcementDisabledForCas | Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes |
CertificateTransparencyEnforcementDisabledForLegacyCas | Disable Certificate Transparency enforcement for a list of legacy certificate authorities |
CertificateTransparencyEnforcementDisabledForUrls | Disable Certificate Transparency enforcement for specific URLs |
ClearBrowsingDataOnExit | Clear browsing data when Microsoft Edge closes |
ClearCachedImagesAndFilesOnExit | Clear cached images and files when Microsoft Edge closes |
ClickOnceEnabled | Allow users to open files using the ClickOnce protocol |
CollectionsServicesAndExportsBlockList | Block access to a specified list of services and export targets in Collections |
CommandLineFlagSecurityWarningsEnabled | Enable security warnings for command-line flags |
ComponentUpdatesEnabled | Enable component updates in Microsoft Edge |
ConfigureDoNotTrack | Configure Do Not Track |
ConfigureOnPremisesAccountAutoSignIn | Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account |
ConfigureOnlineTextToSpeech | Configure Online Text To Speech |
ConfigureShare | Configure the Share experience |
CustomHelpLink | Specify custom help link |
DNSInterceptionChecksEnabled | DNS interception checks enabled |
DefaultBrowserSettingEnabled | Set Microsoft Edge as default browser |
DefaultSearchProviderContextMenuAccessAllowed | Allow default search provider context menu search access |
DefaultSensorsSetting | Default sensors setting |
DefaultSerialGuardSetting | Control use of the Serial API |
DelayNavigationsForInitialSiteListDownload | Require that the Enterprise Mode Site List is available before tab navigation |
DeleteDataOnMigration | Delete old browser data on migration |
DeveloperToolsAvailability | Control where developer tools can be used |
DiagnosticData | Send required and optional diagnostic data about browser usage |
DirectInvokeEnabled | Allow users to open files using the DirectInvoke protocol |
Disable3DAPIs | Disable support for 3D graphics APIs |
DisableScreenshots | Disable taking screenshots |
DiskCacheDir | Set disk cache directory |
DiskCacheSize | Set disk cache size, in bytes |
DnsOverHttpsMode | Control the mode of DNS-over-HTTPS |
DnsOverHttpsTemplates | Specify URI template of desired DNS-over-HTTPS resolver |
DownloadDirectory | Set download directory |
DownloadRestrictions | Allow download restrictions |
EdgeCollectionsEnabled | Enable the Collections feature |
EditFavoritesEnabled | Allows users to edit favorites |
EnableDeprecatedWebPlatformFeatures | Re-enable deprecated web platform features for a limited time (obsolete) |
EnableDomainActionsDownload | Enable Domain Actions Download from Microsoft (obsolete) |
EnableOnlineRevocationChecks | Enable online OCSP/CRL checks |
EnableSha1ForLocalAnchors | Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated) |
EnterpriseHardwarePlatformAPIEnabled | Allow managed extensions to use the Enterprise Hardware Platform API |
EnterpriseModeSiteListManagerAllowed | Allow access to the Enterprise Mode Site List Manager tool |
ExemptDomainFileTypePairsFromFileTypeDownloadWarnings | Disable download file type extension-based warnings for specified file types on domains |
ExperimentationAndConfigurationServiceControl | Control communication with the Experimentation and Configuration Service |
ExternalProtocolDialogShowAlwaysOpenCheckbox | Show an “Always open” checkbox in external protocol dialog |
FamilySafetySettingsEnabled | Allow users to configure Family safety |
FavoritesBarEnabled | Enable favorites bar |
ForceBingSafeSearch | Enforce Bing SafeSearch |
ForceCertificatePromptsOnMultipleMatches | Configure whether Microsoft Edge should automatically select a certificate when there are multiple certificate matches for a site configured with “AutoSelectCertificateForUrls” |
ForceEphemeralProfiles | Enable use of ephemeral profiles |
ForceGoogleSafeSearch | Enforce Google SafeSearch |
ForceLegacyDefaultReferrerPolicy | Use a default referrer policy of no-referrer-when-downgrade (deprecated) |
ForceNetworkInProcess | Force networking code to run in the browser process (obsolete) |
ForceSync | Force synchronization of browser data and do not show the sync consent prompt |
ForceYouTubeRestrict | Force minimum YouTube Restricted Mode |
FullscreenAllowed | Allow full screen mode |
GloballyScopeHTTPAuthCacheEnabled | Enable globally scoped HTTP auth cache |
GoToIntranetSiteForSingleWordEntryInAddressBar | Force direct intranet site navigation instead of searching on single word entries in the Address Bar |
HSTSPolicyBypassList | Configure the list of names that will bypass the HSTS policy check |
HardwareAccelerationModeEnabled | Use hardware acceleration when available |
HideFirstRunExperience | Hide the First-run experience and splash screen |
ImportAutofillFormData | Allow importing of autofill form data |
ImportBrowserSettings | Allow importing of browser settings |
ImportCookies | Allow importing of Cookies |
ImportExtensions | Allow importing of extensions |
ImportFavorites | Allow importing of favorites |
ImportHistory | Allow importing of browsing history |
ImportHomepage | Allow importing of home page settings |
ImportOpenTabs | Allow importing of open tabs |
ImportPaymentInfo | Allow importing of payment info |
ImportSavedPasswords | Allow importing of saved passwords |
ImportSearchEngine | Allow importing of search engine settings |
ImportShortcuts | Allow importing of shortcuts |
InPrivateModeAvailability | Configure InPrivate mode availability |
InsecureFormsWarningsEnabled | Enable warnings for insecure forms |
IntensiveWakeUpThrottlingEnabled | Control the IntensiveWakeUpThrottling feature |
InternetExplorerIntegrationEnhancedHangDetection | Configure enhanced hang detection for Internet Explorer mode |
InternetExplorerIntegrationLevel | Configure Internet Explorer integration |
InternetExplorerIntegrationSiteList | Configure the Enterprise Mode Site List |
InternetExplorerIntegrationSiteRedirect | Specify how “in-page” navigations to unconfigured sites behave when started from Internet Explorer mode pages |
InternetExplorerIntegrationTestingAllowed | Allow Internet Explorer mode testing |
IsolateOrigins | Enable site isolation for specific origins |
LocalProvidersEnabled | Allow suggestions from local providers |
ManagedFavorites | Configure favorites |
ManagedSearchEngines | Manage Search Engines |
MaxConnectionsPerProxy | Maximum number of concurrent connections to the proxy server |
MediaRouterCastAllowAllIPs | Allow Google Cast to connect to Cast devices on all IP addresses |
MetricsReportingEnabled | Enable usage and crash-related data reporting (deprecated) |
NativeWindowOcclusionEnabled | Enable Native Window Occlusion |
NavigationDelayForInitialSiteListDownloadTimeout | Set a timeout for delay of tab navigation for the Enterprise Mode Site List |
NetworkPredictionOptions | Enable network prediction |
NonRemovableProfileEnabled | Configure whether a user always has a default profile automatically signed in with their work or school account |
OverrideSecurityRestrictionsOnInsecureOrigin | Control where security restrictions on insecure origins apply |
PaymentMethodQueryEnabled | Allow websites to query for available payment methods |
PersonalizationReportingEnabled | Allow personalization of ads, search and news by sending browsing history to Microsoft |
PinningWizardAllowed | Allow Pin to taskbar wizard |
ProactiveAuthEnabled | Enable Proactive Authentication |
PromotionalTabsEnabled | Enable full-tab promotional content |
PromptForDownloadLocation | Ask where to save downloaded files |
QuicAllowed | Allow QUIC protocol |
RelaunchNotification | Notify a user that a browser restart is recommended or required for pending updates |
RelaunchNotificationPeriod | Set the time period for update notifications |
RendererCodeIntegrityEnabled | Enable renderer code integrity |
RequireOnlineRevocationChecksForLocalAnchors | Specify if online OCSP/CRL checks are required for local trust anchors |
ResolveNavigationErrorsUseWebService | Enable resolution of navigation errors using a web service |
RestrictSigninToPattern | Restrict which accounts can be used as Microsoft Edge primary accounts |
RoamingProfileLocation | Set the roaming profile directory |
RoamingProfileSupportEnabled | Enable using roaming copies for Microsoft Edge profile data |
RunAllFlashInAllowMode | Extend Adobe Flash content setting to all content |
SSLErrorOverrideAllowed | Allow users to proceed from the HTTPS warning page |
SSLVersionMin | Minimum TLS version enabled |
SaveCookiesOnExit | Save cookies when Microsoft Edge closes |
SavingBrowserHistoryDisabled | Disable saving browser history |
ScreenCaptureAllowed | Allow or deny screen capture |
ScrollToTextFragmentEnabled | Enable scrolling to text specified in URL fragments |
SearchSuggestEnabled | Enable search suggestions |
SecurityKeyPermitAttestation | Websites or domains that don’t need permission to use direct Security Key attestation |
SendIntranetToInternetExplorer | Send all intranet sites to Internet Explorer |
SendSiteInfoToImproveServices | Send site information to improve Microsoft services (deprecated) |
SensorsAllowedForUrls | Allow access to sensors on specific sites |
SensorsBlockedForUrls | Block access to sensors on specific sites |
SerialAskForUrls | Allow the Serial API on specific sites |
SerialBlockedForUrls | Block the Serial API on specific sites |
ShowOfficeShortcutInFavoritesBar | Show Microsoft Office shortcut in favorites bar (deprecated) |
SignedHTTPExchangeEnabled | Enable Signed HTTP Exchange (SXG) support |
SitePerProcess | Enable site isolation for every site |
SpeechRecognitionEnabled | Configure Speech Recognition |
SpellcheckEnabled | Enable spellcheck |
SpellcheckLanguage | Enable specific spellcheck languages |
SpellcheckLanguageBlocklist | Force disable spellcheck languages |
StricterMixedContentTreatmentEnabled | Enable stricter treatment for mixed content (deprecated) |
SuppressUnsupportedOSWarning | Suppress the unsupported OS warning |
SyncDisabled | Disable synchronization of data using Microsoft sync services |
SyncTypesListDisabled | Configure the list of types that are excluded from synchronization |
TLS13HardeningForLocalAnchorsEnabled | Enable a TLS 1.3 security feature for local trust anchors (obsolete) |
TLSCipherSuiteDenyList | Specify the TLS cipher suites to disable |
TabFreezingEnabled | Allow freezing of background tabs |
TaskManagerEndProcessEnabled | Enable ending processes in the Browser task manager |
TotalMemoryLimitMb | Set limit on megabytes of memory a single Microsoft Edge instance can use |
TrackingPrevention | Block tracking of users’ web-browsing activity |
TranslateEnabled | Enable Translate |
URLAllowlist | Define a list of allowed URLs |
URLBlocklist | Block access to a list of URLs |
UserAgentClientHintsEnabled | Enable the User-Agent Client Hints feature (deprecated) |
UserDataDir | Set the user data directory |
UserDataSnapshotRetentionLimit | Limits the number of user data snapshots retained for use in case of emergency rollback |
UserFeedbackAllowed | Allow user feedback |
VideoCaptureAllowed | Allow or block video capture |
VideoCaptureAllowedUrls | Sites that can access video capture devices without requesting permission |
WPADQuickCheckEnabled | Set WPAD optimization |
WebAppInstallForceList | Configure list of force-installed Web Apps |
WebComponentsV0Enabled | Re-enable Web Components v0 API until M84 (obsolete) |
WebDriverOverridesIncompatiblePolicies | Allow WebDriver to Override Incompatible Policies (obsolete) |
WebRtcLocalIpsAllowedUrls | Manage exposure of local IP addressess by WebRTC |
WebRtcLocalhostIpHandling | Restrict exposure of local IP address by WebRTC |
WebRtcUdpPortRange | Restrict the range of local UDP ports used by WebRTC |
WinHttpProxyResolverEnabled | Use Windows proxy resolver (deprecated) |
If you require additional information on how to Configure Microsoft Edge Settings, kindly let me know via the comment session.