Microsoft has published the template and documentation that will be required to manage updates of the not-yet-finalized “full-Chromium” Edge browser, making good on a promise of earlier this summer.
When Microsoft first pounded the Edge-for-enterprise drum in June, the Redmond, Wash. developer unveiled a preliminary catalog of group policies that IT administrators would use to deploy, customize and maintain the browser. Omitted, though, were GPOs (group policy objects) and an administrative template for wrangling updates.
“Policies for managing updates aren’t included; those will be in a separate administrative template file,” Sean Lyndersay, a group program manager on the Edge team, wrote in a June 14 post to a Microsoft blog.
Unlike previous Microsoft browsers – Internet Explorer (IE) and the original Edge, the latter powered by Microsoft’s own technologies – the Edge built from the Google-dominated Chromium open-source project will be updated on a much faster six-to-eight-week cadence, just as is Chrome. Microsoft has severed the link between browser and OS feature updates. Enterprises that want to test and verify that each update works as expected need a way to block the native update mechanism.
That’s where these new GPOs come into play.
The update-related group policies can be found in the full-Chromium Edge’s online documentation. They require version 77 or later of Edge; the Dev 77 build was released last month, while Beta 77 launched this week.
The administrative template – msedgeupdate.admx – to manage Edge updates can be downloaded from this landing page; it is one of the two templates collected in the MicrosoftEdgePolicyTemplates.zip file.
(For those unfamiliar with using Windows’ group policies, get-started instructions for the Edge templates can be found under the heading 1. Download and install the Microsoft Edge administrative template on this support page.)
Because an organization’s administrators will probably want to restrict employees’ browser choices – to, for instance, keep everyone on the same version for support reasons – the GPOs allow for blocking updates of specific builds, like Canary, Dev and Beta – as well as preventing workers from manually refreshing the browser. Other GPOs let IT set specific systems with an update override, so that, say, a piloting team has access to Dev and Beta when everyone else does not.
Still other GPOs set a value for the minimum number of minutes between automatic update checks – the default is 10 hours – and bar updates during office hours so as not to interrupt work.
The GPOs control how Edge’s native update service operates – the service that deals out upgrades to unmanaged machines – but Microsoft pledged that enterprise-grade platforms would also be supported by the browser. Deployment and configuration integrations with Microsoft’s Intune and System Center Configuration Manager (SCCM), for example, are on the roadmap, though sans timelines.
The browser will also be offered in MSI (for Windows) and PKG (macOS) installation formats for distribution by an organization’s IT staff.