One of the handy things that Microsoft has now enabled is the ability to control the modern Edge browser (i.e. the one based on Chromium) via policy and services like Intune. In fact, if you visit Intune and look for Security Baseline you’ll find a new Microsoft Edge Baseline policy as shown above.
There are lots of great settings you can enforce by using this baseline to create a policy as you can see above.
I enabled the policy without making any changes initially so I could determine the impact, if any. It turns out that the default baseline actually disables any and all existing browser extensions you may have and also prevents you from adding new extensions.
I understand that this approach makes your environment more secure but I really can’t live with both the Lastpass and GetPocket extensions.
Unfortunately, by default with the baseline policy, these got blocked as you see above. This meant that I needed to adjust the policy.
As it turned out, you need to set the option:
Control which extensions can be installed = Not Configured
Just disabling and removing other options didn’t seem to do the trick.
After making that change and forcing the updated policy to sync to the workstation, I was back in business as you see above. I didn’t need to do anything in the browser, the previously disabled extensions were re-enabled automatically.
Enabling extensions is the only change I have made to the default baseline policy so far and now everything is working as expected and is more secure which I like.
I’d like the option to select ‘approved’ extensions so the baseline policy could be applied in total. Hopefully, that feature will make an appearance in the policy soon as I thing many will want it. However, this is quick and easy way to lock down the new Edge browser and another reason that, like me, it is my primary browser.
CIAOPS 