Category Archives: Group Policy

Internet Explorer is Dead – Long live Internet Explorer Compatibility mode in Edge

Background
Microsoft Edge with Internet Explorer mode will replace the Internet Explorer 11 desktop app, which will be retired on June 15, 2022.
IE mode support follows the lifecycle of Windows client, Server, and IoT releases at least through 2029

If you have websites that require Internet Explorer 11 in your business still, you have some work to do before it will work in Edge. – This guide shows you how it works in an Domain Controlled Environment. Remote workstations and Laptops can use InTune as well if they have no Domain Controller.

Your Mileage may vary and this might not be the best practise at time of reading. – I read the Microsoft guides in Feb 2022 and based all this on them. This has been rolled out at my work and has worked so far correctly.

PreReqs

This article applies to Microsoft Edge version 77 or later.
To Download the latest version of Edge – visit https://www.microsoft.com/en-us/edge/business/download

How to deploy the Edge Policy in ActiveDirectory – Source https://docs.microsoft.com/en-us/deployedge/configure-microsoft-edge

The Policy template files are downloaded from the website – https://www.microsoft.com/en-us/edge/business/download

To take advantage of the benefits of .admx files, you must create a Central Store in the sysvol folder on a Windows domain controller.
The Central Store is a file location that is checked by the Group Policy tools by default.
The Group Policy tools use all .admx files that are in the Central Store. The files that are in the Central Store are replicated to all domain controllers in the domain.

To use ADMX files in Group Policy the following needs done on the Domain Controller

On the domain controller – Copy the PolicyDefinitions folder to your SYSVOL PolicyDefinitions Folder
Example – \\DOMAINCONTROLLER-NAME\SYSVOL\DOMAINNAME.LOCAL\Policies\

Create a Sites.xml – SiteList
To configure the sites list – Source : https://docs.microsoft.com/en-us/deployedge/edge-ie-mode-site-list-manager
The Enterprise Site List Manager is an in-browser version of the standalone Enterprise Mode Site List Manager tool that lets you create, edit, and export your organization’s site list.

Or Edit the XML file manually, very carefully as any mistakes invalidates the list

 Each Entry needs to be in the format :

  <site url=”website-name”>
<compat-mode>Default</compat-mode>
<open-in>IE11</open-in>
  </site>

Now open up Group Policy Management and Create a new Group Policy Object and Link it to root

Name this Internet Explorer Compatibility Mode – Edge

Configure the Group Policy – Source : https://docs.microsoft.com/en-gb/deployedge/edge-ie-mode-policies#configure-using-the-configure-the-enterprise-mode-site-list-policy

1.    Click User Configuration/Computer Configuration > Policies > Administrative Templates > Microsoft Edge.
2.    Double-click ‘Configure Internet Explorer integration.’
3.    Select Enabled.
4.    Under Options, set the dropdown value to Internet Explorer mode – Press Apply OK
5.    Double-click Configure the Enterprise Mode Site List.
5.    Select Enabled.
6.    Under Options, type the location of website list. You can use one of the following locations:
o    Set this too your domain share where you copied the sites.xml at the start – ie. \\DOMAINCONTROLLER-NAME\SYSVOL\DOMAINNAME.LOCAL\Policies\sites.xml
7.    Click OK or Apply to save these settings.
8.    Double-Click Configure the Enterprise Mode Cloud Site List (Only if you are using a Cloud Site List in Office 365)
9.    Click Not Configured
10.     Set the List option to your Cloud Site List ID
11.    Double-click Send all intranet sites to Internet Explorer
12.    Select Enabled
13.    Click OK or Apply to save these settings.


Create another group policy and name this Internet Explorer Compatibility Mode – Trusted Sites

  • Open the Group Policy – Internet Explorer Compatibility Mode – Trusted Sites.
  • Go to User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.
  • Select the Site to Zone Assignment List.
  • Select Enabled and click Show to edit the list. Refer to Figure 1 below. The zone values are as follows: 1 — intranet, 2 — trusted sites, 3 — internet zone, 4 — restricted sites.
  • Click OK.
  • Click Apply and OK.

Test your Policies

On a target client device, open Microsoft Edge and navigate to edge://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately. You may need to close and reopen Microsoft Edge if it was open while you were configuring policy settings.