Managing Microsoft Edge settings in a business environment with Microsoft 365
While I’m cautious about purchasing expensive licenses, for some businesses, the cheapest option, Business Basic for £4.90 per user per month, is more than enough!
Every now and then, I discover new “hidden” features that I can use with just a basic license, and this time was no different.
Setting up computers in businesses, I always default to Google Search. Frankly, Bing just hasn’t kept pace, despite the recent AI hype. For most users, Google’s familiarity boosts productivity, which is key in any business environment.
What I hate is that Microsoft, with every other Microsoft Edge update, forces Bing back as the default search engine.
This situation reminds me of this nonsense:
One day, this annoyed me so much that I wanted to find a way to make it stop.
However, I’m concerned when users disable browser settings or extensions I’ve installed for their own and the company’s safety. Ideally, I’d like the ability to prevent these changes.
Manually reverting user changes on every computer isn’t feasible. Therefore, I wanted to see if Microsoft 365 offered a way to enforce these settings without a license upgrade.
Within our organization, each user leverages their Microsoft account to log in to their operating system and Microsoft Edge. This seamless integration ensures company-wide synchronization and data accessibility.
The Microsoft Admin Portal offers a wealth of useful features. However, some additions may not have received the most thorough evaluation.
I recently found a new option related to Microsoft Edge in the Microsoft 365 Admin Portal. It’s unclear how long this feature has been available, as Microsoft doesn’t always effectively communicate these valuable additions to its paying users.
This section is used to set Policies for Microsoft Edge.
This might seem familiar to users who have experience with Group Policies on user computers. However, unlike Group Policies, this approach doesn’t require their deployment.
Through Policies for Microsoft Edge, you can configure a wide range of browser settings and even lock them to prevent user modifications. Additionally, you can deploy extensions centrally.
To ensure a consistent browsing experience across the business, I deploy Adblock Plus as a default extension on all computers. While users might occasionally disable it, frequent tinkering can disrupt security measures. Fortunately, Microsoft 365 policies allow me to enforce its activation and prevent unintended modifications.
However, the most crucial aspect for me was permanently establishing Google Search as the default engine across all computers. This ensures it remains unchanged even with future Microsoft updates.
Here is how I did this.
Important Note: These policies are currently only effective for users with Windows 10 and 11. macOS is not supported at this time, but this may change in the future.
Default Search Engine
Since there are no default policies configured yet, we’ll need to create one.
Heading to Configuration policies we need to hit the button Create policy.
Don’t worry about accidentally impacting users while configuring the policy. You can create and define the settings without affecting anyone. The policy only becomes active once you assign it to specific users or groups in the Assignment section.
The initial settings list can be extensive and less user-friendly compared to the browser interface itself.
Recognizing this potential challenge, Microsoft has helpfully included the following introductory text…
Search for a setting to configure and add to Microsoft Edge Policy. Browse the list of available policies here: Microsoft Edge Browser Policy Documentation | Microsoft Learn
Warning here!
While the Microsoft team deserves credit for the extensive documentation, its single, lengthy format presents a usability challenge.
The initial load can be quite heavy, potentially causing sluggish browser performance or even temporary resource strain on your computer.
Loading this page in a single tab pushed my computer’s RAM usage to 2.6GB before it became unresponsive (possibly due to impatience on my end).
This comprehensive page requires some initial loading time. Please be patient and avoid refreshing or navigating back and forth. Doing so can significantly slow down the loading process.
If you need to move between sections (headers), use the scroll bar to navigate back to where you were.
Once loaded, the page’s memory usage drops to a few megabytes, functioning smoothly thereafter.
Choose a descriptive name for your policy before clicking Create.
Let’s revisit the policy list. Click on the policy you just created to open the Manage settings for this Configuration policy section. This section will initially appear blank.
Clicking Add setting displays a list of configurable policy options for Microsoft Edge.
As mentioned before, configuring Microsoft 365 policies for Microsoft Edge isn’t as straightforward as using the browser settings. Setting the default search engine, for example, requires applying multiple settings instead of just making a single selection.
To configure Google Search as the default and only search engine (enforced), we’ll need to apply the following settings:
DefaultSearchProviderEnabled
Enable the default search providerAllow users to override: No (unticked)
DefaultSearchProviderName
Default search provider nameGoogleAllow users to override: No (unticked)
DefaultSearchProviderImageURL
Specifies the search-by-image feature for the default search provider{google:baseURL}searchbyimage/uploadAllow users to override: No (unticked)
DefaultSearchProviderImageURLPostParams
Parameters for an image URL that uses POSTencoded_image={google:imageThumbnail},image_url={google:imageURL},sbisrc={google:imageSearchSource},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight}Allow users to override: No (unticked)
DefaultSearchProviderSearchURL
Default search provider search URL{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}ie={inputEncoding}Allow users to override: No (unticked)
DefaultSearchProviderSuggestURL
Default search provider URL for suggestions{google:baseURL}complete/search?output=chrome&q={searchTerms}Allow users to override: No (unticked)
For those who wish to enable Google’s SafeSearch feature additionally, you can configure the following setting:
ForceGoogleSafeSearch
Enforce Google SafeSearchAllow users to override: No (unticked)
These settings cover the essentials. However, since Bing can also influence address bar searches, I’ve included an additional setting to address this.
NewTabPageSearchBox
Configure the new tab page search box experienceAddress barAllow users to override: No (unticked)
I additionally enabled the following settings:
ShowHomeButton
Show the Home button on the toolbarAllow users to override: Yes (ticked)
HomepageLocation
Configure the home page URLhttps://www.google.comAllow users to override: Yes (ticked)
Extensions
Within each Edge policy, you’ll find a dedicated Extensions section in addition to the Settings section.
This dedicated Extensions section allows you to deploy extensions to your users’ computers. You can also control whether users are allowed to modify or disable these extensions.
Setting the Installation setting to Force ensures pre-installation of the extension on all user computers and prevents them from disabling it.
In addition to the above settings, I also recommend adding the following:
ExtensionSettings
Configure extension management settingsUse the Extensions tab to manage this settingAllow users to override: No (unticked)
Organization branding
Accessing your Edge policy grants you control over various aspects. Look for the Customization Settings section, which includes the Organization branding option.
This section allows you to incorporate your organization’s custom branding elements, such as logos and color schemes.
While using custom branding is optional, I highly recommend at least modifying the Accent color. This simple change provides a visual cue, helping you quickly identify if a user’s browser is adhering to the policy.
Assignment
Once you’ve configured your policy settings, navigate to the Assignment section (accessible within your policy from Policies for Microsoft Edge) to deploy it to your users.
While assigning security groups is beyond the scope of this guide, selecting All Users from the Select group dropdown will deploy this policy to everyone in your organization.
Adding this group triggers the policy rollout to your users’ browsers. While not instantaneous, the policy will reach everyone within a reasonable timeframe.
How do you know it is working?
Implementing a policy and assigning it to a group doesn’t result in immediate application.
As with many Microsoft services, policy application might take some time to synchronize across all devices. In some cases, this could extend up to a day.
If you’ve enabled Organization branding, a customized Accent color will be the quickest way to confirm policy application. Look for this color change when you click the user icon in the top-left corner of your user’s browser.
Accessing Microsoft Edge settings (via the three-dot menu) reveals the message Managed by your organization at the bottom.
Upon entering the Settings section, a banner at the top clearly states: Your browser is managed by your organization.
Clicking the link within the banner redirects you to the edge://management section, which provides some basic policy details.
Proceeding further from the edge://management section, you can access edge://policy for a more detailed view. This section displays the currently applied settings and provides a Reload Policies option. This is useful if you’ve made changes to the policy and want them to take effect immediately on user browsers, bypassing the usual synchronization wait time.
Other suggested
Microsoft Edge policies offer a wide range of customization options to cater to specific business needs. The examples provided here represent just a few settings I found useful.
Apart from that, there are also a few that I would suggest:
StartupBoostEnabled
Enable startup boostAllow users to override: No (unticked)
BackgroundModeEnabled
Continue running background apps after Microsoft Edge closesAllow users to override: No (unticked)
SleepingTabsEnabled
Configure sleeping tabsAllow users to override: No (unticked)
SleepingTabsTimeout
Set the background tab inactivity timeout for sleeping tabs30 minutes of inactivityAllow users to override: Yes (ticked)
PasswordManagerEnabled
Enable saving passwords to the password managerAllow users to override: No (unticked)
By following these steps, you’ve successfully implemented custom Microsoft Edge settings across your organization’s user computers through specific policies.
