Edge Trusted Sites

Posted on by



  1. Microsoft Edge Trusted Sites
  2. Trusted Sites List Security Tab
  3. Add Trusted Sites To Windows 10

If you’re like me, you’re quite excited to roll-out the new version of Microsoft Edge. I’ve been using the beta version for around 4 months now, and it has been very smooth.

Jan 30, 2020 Internet Explorer and Legacy Edge use a system of five Zones and 88+ URLActions to make security decisions for web content, based on the host of a target site. Chromium (New Edge, Chrome) uses a system of Site Lists and permission checks to make security decisions for web content, based on the host of a target site. Mar 19, 2020 For Edge, a server is recognized as part of the local intranet security zone when the user specifies a URL with a fully qualified name that has been explicitly configured as a local intranet site in Edge (see instructions below). To add trusted site to group policy, we have to select number 2. 1: Intranet zone. 2: Trusted Sites zone. 3: Internet zone. 4: Restricted Sites zone. Step 5: Go back to Site to Zone Assignment List window, tap on Apply then OK. Step 6: When you finished the steps above, go to the desktop and check whether added successfully or not. Go to the Security tab and click on Trusted sites. Click the Sites button. You will be presented with a list of sites you have explicitly chosen to trust.

The new Chromium-based browser has a few distinct advantages over Google Chrome/Internet Explorer for Enterprise users;

  • Ability to sign in to Microsoft365 accounts and sync across devices.
  • Home page can essentially act as a front end for Office365 services. (Outlook, SharePoint, OneDrive)
  • Can search SharePoint via Edge search bar, including searching the people directory.
  • Internet Explorer compatibility mode – great for those legacy websites you can’t seem to get rid of.

If that interests you as much as it did me, it is certainly worth trying out. First, you’ll need to download it from the new Edge Enterprise landing page;

Second, you’ll need the new Policy files (admx) so you are able to apply the correct GPOs. Click ‘Get Policy Files’ to download these.

When setting up your new GPO for Microsoft Edge, I’d recommend first applying the recommended Security Baseline from Microsoft. You can find it here;

Baseline Settings: (as of 21/01/2020)

  • Allow users to proceed from the HTTPS warning page: Disabled
  • Enable site isolation for every site: Enabled
  • Minimum TLS version enabled: TLS 1.2
  • Default Adobe Flash setting Block the Adobe Flash plugin
  • Control which extensions cannot be installed: 1 = * (Will blacklist all extension by default. You can then only white-list the extensions that you actually use.)
  • Supported authentication schemes: ntlm,negotiate
  • Allow user-level native messaging hosts (installed without admin permissions): Disabled
  • Enable saving passwords to the password manager: Disabled
  • Configure Microsoft Defender SmartScreen: Enabled
  • Force Microsoft Defender SmartScreen checks on downloads from trusted sources: Disabled
  • Prevent bypassing Microsoft Defender SmartScreen prompts for sites: Enabled
  • Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads: Enabled

Next, here are the GPOs I would recommend setting for a better user (and administrative) experience;

  • Enable deleting browser and download history: Disabled
  • Automatically import another browser’s data and settings first run: 2; Automatically imports all supported datatypes and settings from Google Chrome (change according to which browser you currently use)
  • Browser sign-in settings: Force users to sign-in to user the browser (this will ensure that every user is signed in and syncing bookmarks etc.)
  • Configure Internet Explorer integration: Enabled (if you have any legacy sites which require this)
  • Configure the Enterprise Mode Site List: Link to path of Enteprise Site List xml file. See: https://go.microsoft.com/fwlink/?linkid=2094210ttps://go.microsoft.com/fwlink/?linkid=2094210 for more information.
  • Configure favourites: List of managed favourites – can be copied from existing Google Chrome GPO if relevant.
  • Restrict which accounts can be used as Microsoft Edge primary accounts: Enter your domain name used for Microsoft365 services, i.e. .*@contonso.com. If you do not do this, by default it will try to log-in with your DOMAINusername account, and you will not be able to sync bookmarks, tabs, history etc.

In Windows 10 Microsoft introduced its new default web-browser Microsoft Edge. Let’s try to figure out how to centrally manage Microsoft Edge GPO settings in the enterprise Active Directory domain environment.

If you open the Local Group Policy Editor console (gpedit.msc) on the current branch Windows 10 1903, then under section Computer Configuration > Administrative Template > Windows Components > Microsoft Edge (and User Settings > Administrative Template > Windows Components > Microsoft Edge) you can find 55 different Group Policy settings (in earlier Windows 10 RTM build there available only 10 policy settings for Edge). However, it is quite a small amount compared to almost 1500 different GPO settings for the Internet Explorer browser). The following policies are available to manage Microsoft Edge settings:

  • Allow Address bar drop-down list suggestions;
  • Configure Autofill;
  • Allow Microsoft Compatibility List;
  • Allow clearing browsing data on exit;
  • Allow configuration updates for the Books Library;
  • Allow Developer Tools;
  • Configure Do Not Track;
  • Allow Extensions;
  • Allow Adobe Flash;
  • Configure the Adobe Flash Click-to-Run setting;
  • Allow FullScreen Mode;
  • Allow InPrivate browsing;
  • For PDF files that have both landscape and portrait pages, print each in its own orientation;
  • Configure Password Manager;
  • Configure Pop-up Blocker;
  • Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed;
  • Allow printing;
  • Allow Saving History;
  • Allow search engine customization;
  • Configure search suggestions in Address bar;
  • Allow Sideloading of extension;
  • Configure Windows Defender SmartScreen;
  • Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed;
  • Allow web content on New Tab page;
  • Always show the Books Library in Microsoft Edge;
  • Configure additional search engines;
  • Configure Favorites Bar;
  • Configure Home Button;
  • Configure kiosk mode;
  • Configure kiosk reset after idle timeout;
  • Configure Open Microsoft Edge With;
  • Provision Favorites;
  • Configure cookies;
  • Disable lockdown of Start pages;
  • Allow extended telemetry for the Books tab;
  • Configure the Enterprise Mode Site List;
  • Configure Favorites;
  • Prevent using Localhost IP address for WebRTC;
  • Configure Start pages;
  • Prevent changes to Favorites on Microsoft Edge;
  • Prevent access to the about:flags page in Microsoft Edge;
  • Prevent certificate error overrides;
  • Prevent the First Run webpage from opening on Microsoft Edge;
  • Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start;
  • Prevent bypassing Windows Defender SmartScreen prompts for sites;
  • Prevent bypassing Windows Defender SmartScreen prompts for files;
  • Prevent turning off required extensions;
  • Send all intranet sites to Internet Explorer 11;
  • Set default search engine;
  • Set Home Button URL;
  • Set New Tab page URL;
  • Show message when opening sites in Internet Explorer;
  • Keep favorites in sync between Internet Explorer and Microsoft Edge;
  • Unlock Home Button;
  • Allow a shared Books folder.
EdgeREAD ALSOHow to Allow Saved Credentials for RDP Connection?

In the each next Windows 10 build, the number of Microsoft Edge settings that can be managed via Group Policy progressively increased.

Trusted

You can get the actual list of all available Microsoft Edge policies to manage your browser settings with the detailed description

Updating Microsoft Edge Group Policy Administrative Template

To get the later Edge group policies for your Windows 10, you need:

  • Download the latest version of registry-based Administrative Templates (.admx) for Windows 10 1903 (v3.0, 8/28/2019);
  • To install new .admx files, run the file Administrative Templates (.admx) for Windows 10 May 2019 Update v3.msi;
  • If you want to manage Microsoft Edge settings using local Group Policy, copy all content (or only two files: MicrosoftEdge.admx and en-USMicrosoftEdge.adml) from a folder C:Program Files (x86)Microsoft Group PolicyAdministrative Templates (.admx) for Windows 10 May 2019 Update v3Policy Definitions to the local directory C:WindowsPolicyDefinitions;
  • If you want to use new administrative templates to manage Edge settings on computers in the AD domain, copy the content of a local folder C:Program Files (x86)Microsoft Group PolicyAdministrative Templates (.admx) for Windows 10 May 2019 Update v3Policy Definitions to the Group Policy Central Store folder on the domain controller. Now you can create a new domain GPOs with Edge settings using Group Policy Management Console (GPMC).
READ ALSOUsing Fsutil Command to Manage and Repair File System in Windows

After installing new administrative templates under section Computer Configuration > Administrative Template > Windows Components > Microsoft Edge, you will get all currently available Edge policy settings.

Group Policies for Chromium-based Edge

Option

Microsoft recently released a preliminary version of local group policies to support the new Microsoft Edge based on the Chromium project. These administrative templates set that will allow administrators to manage certain browser features in a production environment.

You can download a preview of ADMX files for Chromium-based Edge

It’s interestingly enough that over 180 GPO settings were provided for the Chromium-based Edge version since the classical Edge had only about 60 policy parameters.

Microsoft Edge Trusted Sites

A full description of the Chromium-based Edge policies can be found in the microsoftedge_policy_list.html file in the archive with ADMX templates.

How to Enable/Disable History Saving in Microsoft Edge using GPO?

To disable browsing history in Microsoft Edge through Group Policy, use the following steps:

  1. Run the local (gpedit.msc) or domain group policy editor (gpmc.msc);
  2. Go to the GPO section Computer Configuration > Administrative Template > Windows Components > Microsoft Edge;
  3. Find a policy with the name Allow Saving History;
  4. Change its value from Not Configured to Disabled;
  5. Run the
READ ALSOCreate Wi-Fi Hotspot on Windows 10

How to Disable Microsoft Edge Pre-launch in Windows 10?

One of the features Microsoft is trying to draw attention to is the Edge browser’s ability to get started quickly. Immediately after the Windows 10 boot, you can click on the Edge icon and it will open almost instantly.

You can disable pre-launch of the Microsoft Edge browser in Windows 10 through GPO. This will help to reduce the consumption of RAM and CPU on the computer.

To disable Microsoft Edge pre-launch on Windows 10 1809 and later:

  1. Open the policy “Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed”. Set its value to Enabled;
  2. In the Configure pre-launching option, select Prevent pre-launching;
  3. Save the change and restart your computer to take effect.
AuthorRecent PostsCyril KardashevskyI enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.Latest posts by Cyril Kardashevsky (see all)

Trusted Sites List Security Tab

Add Trusted Sites To Windows 10