Skip to content

Instantly share code, notes, and snippets.

@MagerValp

MagerValp/policy_manifest.json

Created December 11, 2024 09:51
Show Gist options
  • Save MagerValp/be1a40e4e65ba32058f2797327fb75d9 to your computer and use it in GitHub Desktop.
Save MagerValp/be1a40e4e65ba32058f2797327fb75d9 to your computer and use it in GitHub Desktop.
Download ZIP
MS Edge 131.x json schema
Raw
policy_manifest.json
{
"title": "com.microsoft.Edge",
"description": "Preference Domain: com.microsoft.Edge, Application: Microsoft Edge, Documentation Link: https://docs.microsoft.com/deployedge/microsoft-edge-policies",
"__version": "131",
"__feedback": "[email protected]",
"type": "object",
"options": {
"remove_empty_properties": true
},
"definitions": {
"policy_group": {
"type": "object",
"format": "grid",
"options": {
"collapsed": true,
"disable_properties": true
}
}
},
"properties": {
"AADWebSiteSSOUsingThisProfileEnabled": {
"title": "AADWebSiteSSOUsingThisProfileEnabled - Single sign-on for work or school sites using this profile enabled",
"description": "'Allow single sign-on for work or school sites using this profile' option allows non-AAD profiles to be able to use single sign-on for work or school sites using work or school credentials present on the machine. This option shows up for end-users as a toggle in Settings -> Profiles -> Profile Preferences for non-AAD profiles only.\n\nIf you enable or disable this policy, 'Intelligent enablement of Single sign-on (SSO) for all Windows Azure Active Directory (Azure AD) accounts for users with a single non-Azure AD Microsoft Edge profile' will be turned off.\n\nIf you don't configure this policy, users can control whether to use SSO using other credentials present on the machine in edge://settings/profiles/multiProfileSettings.",
"property_order": 10,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AADWebSiteSSOUsingThisProfileEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#aadwebsitessousingthisprofileenabled"
}]
},
"AIGenThemesEnabled": {
"title": "AIGenThemesEnabled - Enables DALL-E themes generation",
"description": "This policy lets you generate browser themes using DALL-E and apply them to Microsoft Edge.\n\nIf you enable or don't configure this policy, the AI generated themes will be enabled.\n\nIf you disable this policy, the AI generated themes will be disabled for your organization.",
"property_order": 15,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AIGenThemesEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#aigenthemesenabled"
}]
},
"AccessControlAllowMethodsInCORSPreflightSpecConformant": {
"title": "AccessControlAllowMethodsInCORSPreflightSpecConformant - Make Access-Control-Allow-Methods matching in CORS preflight spec conformant",
"description": "This policy controls whether request methods are uppercased when matching with Access-Control-Allow-Methods response headers in CORS preflight.\n\nIf you disable this policy, request methods are uppercased. This is the behavior on or before Microsoft Edge 108.\n\nIf you enable or don't configure this policy, request methods are not uppercased, unless matching case-insensitively with DELETE, GET, HEAD, OPTIONS, POST, or PUT.\n\nThis would reject fetch(url, {method: 'Foo'}) + \"Access-Control-Allow-Methods: FOO\" response header,\nand would accept fetch(url, {method: 'Foo'}) + \"Access-Control-Allow-Methods: Foo\" response header.\n\nNote: request methods \"post\" and \"put\" are not affected, while \"patch\" is affected.\n\nThis policy is intended to be temporary and will be removed in the future.",
"property_order": 20,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AccessControlAllowMethodsInCORSPreflightSpecConformant"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#accesscontrolallowmethodsincorspreflightspecconformant"
}]
},
"AccessibilityImageLabelsEnabled": {
"title": "AccessibilityImageLabelsEnabled - Let screen reader users get image descriptions from Microsoft",
"description": "Lets screen reader users get descriptions of unlabeled images on the web.\n\nIf you enable or don't configure this policy, users have the option of using an anonymous Microsoft service. This service provides automatic descriptions for unlabeled images users encounter on the web when they're using a screen reader.\n\nIf you disable this policy, users can't enable the Get Image Descriptions from Microsoft feature.\n\nWhen this feature is enabled, the content of images that need a generated description is sent to Microsoft servers to generate a description.\n\nNo cookies or other user data is sent to Microsoft, and Microsoft doesn't save or log any image content.",
"property_order": 25,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AccessibilityImageLabelsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#accessibilityimagelabelsenabled"
}]
},
"AdditionalSearchBoxEnabled": {
"title": "AdditionalSearchBoxEnabled - Enable additional search box in browser",
"description": "A search box is an additional text input field located next to the address bar in a web browser. It allows users to perform web searches directly from the browser interface.\n\nIf you enable or don't configure this policy, the search box will be visible and available for use.\nUsers can toggle the search box in Edge Settings page edge://settings/appearance#SearchBoxInToolbar.\n\nIf you disable this policy, search box will not be visible, and users will have to use the address bar or navigate to a search engine to perform web searches.",
"property_order": 30,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AdditionalSearchBoxEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#additionalsearchboxenabled"
}]
},
"AddressBarEditingEnabled": {
"title": "AddressBarEditingEnabled - Configure address bar editing",
"description": "If you enable or don't configure this policy, users can change the URL in the address bar.\n\nIf you disable this policy, it prevents users from changing the URL in the address bar.\n\nNote: This policy doesn't prevent the browser from navigating to any URL. Users can still navigate to any URL by using the search option in the default New Tab Page, or using any link that leads to a web search engine. To ensure that users can only go to sites you expect, consider configuring the following policies in addition to this policy:\n\n- \"NewTabPageLocation\"\n\n- \"HomepageLocation\"\n\n- \"HomepageIsNewTabPage\"\n\n- \"URLBlocklist\" and \"URLAllowlist\" to scope the pages that browser can navigate to.",
"property_order": 35,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AddressBarEditingEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#addressbareditingenabled"
}]
},
"AddressBarMicrosoftSearchInBingProviderEnabled": {
"title": "AddressBarMicrosoftSearchInBingProviderEnabled - Enable Microsoft Search in Bing suggestions in the address bar",
"description": "Enables the display of relevant Microsoft Search in Bing suggestions in the address bar's suggestion list when the user types a search string in the address bar. If you enable or don't configure this policy, users can see internal results powered by Microsoft Search in Bing in the Microsoft Edge address bar suggestion list. To see the Microsoft Search in Bing results, the user must be signed into Microsoft Edge with their Azure AD account for that organization.\nIf you disable this policy, users can't see internal results in the Microsoft Edge address bar suggestion list.\nStarting with Microsoft Edge version 89, Microsoft Search in Bing suggestions will be available even if Bing isn't the user's default search provider.",
"property_order": 40,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AddressBarMicrosoftSearchInBingProviderEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#addressbarmicrosoftsearchinbingproviderenabled"
}]
},
"AdsSettingForIntrusiveAdsSites": {
"title": "AdsSettingForIntrusiveAdsSites - Ads setting for sites with intrusive ads",
"description": "Controls whether ads are blocked on sites with intrusive ads.\n\nPolicy options mapping:\n\n* AllowAds (1) = Allow ads on all sites\n\n* BlockAds (2) = Block ads on sites with intrusive ads. (Default value)\n\nUse the preceding information when configuring this policy.",
"property_order": 45,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AllowAds - Allow ads on all sites", "BlockAds - Block ads on sites with intrusive ads. (Default value)"]
},
"enum": [1, 2]
}
],
"options": {
"infoText": "AdsSettingForIntrusiveAdsSites"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#adssettingforintrusiveadssites"
}]
},
"AdsTransparencyEnabled": {
"title": "AdsTransparencyEnabled - Configure if the ads transparency feature is enabled",
"description": "Lets you decide whether the ads transparency feature is enabled. This behavior only applies to the \"balanced\" mode of tracking prevention, and does not impact \"basic\" or \"strict\" modes. Your users' tracking prevention level can be configured using the \"TrackingPrevention\" policy. AdsTransparencyEnabled will only have an effect if \"TrackingPrevention\" is set to TrackingPreventionBalanced or is not configured.\n\nIf you enable or don't configure this policy, transparency metadata provided by ads will be available to the user when the feature is active.\n\nWhen the feature is enabled, Tracking Prevention will enable exceptions for the associated ad providers that have met Microsoft's privacy standards.\n\nIf you disable this policy, Tracking Prevention will not adjust its behavior even when transparency metadata is provided by ads.",
"property_order": 50,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AdsTransparencyEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#adstransparencyenabled"
}]
},
"AllHttpAuthSchemesAllowedForOrigins": {
"title": "AllHttpAuthSchemesAllowedForOrigins - List of origins that allow all HTTP authentication",
"description": "Set this policy to specify which origins allow all the HTTP authentication schemes Microsoft Edge supports regardless of the \"AuthSchemes\" policy.\n\nFormat the origin pattern according to this format (https://www.chromium.org/administrators/url-blocklist-filter-format). Up to 1,000 exceptions can be defined in \"AllHttpAuthSchemesAllowedForOrigins\".\nWildcards are allowed for the whole origin or parts of the origin. Parts include the scheme, host, or port.",
"property_order": 55,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "AllHttpAuthSchemesAllowedForOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#allhttpauthschemesallowedfororigins"
}]
},
"AllowBackForwardCacheForCacheControlNoStorePageEnabled": {
"title": "AllowBackForwardCacheForCacheControlNoStorePageEnabled - Allow pages with Cache-Control: no-store header to enter back/forward cache",
"description": "This policy controls if a page with Cache-Control: no-store header can be stored in back/forward cache. The website setting this header may not expect the page to be restored from back/forward cache since some sensitive information could still be displayed after the restoration even if it is no longer accessible.\n\nIf you enable or don't configure this policy, the page with Cache-Control: no-store header might be restored from back/forward cache unless the cache eviction is triggered (e.g. when there is HTTP-only cookie change to the site).\n\nIf you disable this policy, the page with Cache-Control: no-store header will not be stored in back/forward cache.",
"property_order": 60,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AllowBackForwardCacheForCacheControlNoStorePageEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#allowbackforwardcacheforcachecontrolnostorepageenabled"
}]
},
"AllowCrossOriginAuthPrompt": {
"title": "AllowCrossOriginAuthPrompt - Allow cross-origin HTTP Authentication prompts",
"description": "Controls whether third-party images on a page can show an authentication prompt.\n\nTypically, this is disabled as a phishing defense. If you don't configure this policy, it's disabled and third-party images can't show an authentication prompt.",
"property_order": 65,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AllowCrossOriginAuthPrompt"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#allowcrossoriginauthprompt"
}]
},
"AllowDeletingBrowserHistory": {
"title": "AllowDeletingBrowserHistory - Enable deleting browser and download history",
"description": "Enables deleting browser history and download history and prevents users from changing this setting.\n\nNote that even with this policy is disabled, the browsing and download history aren't guaranteed to be retained: users can edit or delete the history database files directly, and the browser itself may remove (based on expiration period) or archive any or all history items at any time.\n\nIf you enable this policy or don't configure it, users can delete the browsing and download history.\n\nIf you disable this policy, users can't delete browsing and download history. Disabling this policy will disable history sync and open tab sync.\n\nIf you enable this policy, don't enable the \"ClearBrowsingDataOnExit\" policy, because they both deal with deleting data. If you enable both, the \"ClearBrowsingDataOnExit\" policy takes precedence and deletes all data when Microsoft Edge closes, regardless of how this policy is configured.",
"property_order": 70,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AllowDeletingBrowserHistory"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#allowdeletingbrowserhistory"
}]
},
"AllowFileSelectionDialogs": {
"title": "AllowFileSelectionDialogs - Allow file selection dialogs",
"description": "Allow access to local files by letting Microsoft Edge display file selection dialogs.\n\nIf you enable or don't configure this policy, users can open file selection dialogs as normal.\n\nIf you disable this policy, whenever the user performs an action that triggers a file selection dialog (like importing favorites, uploading files, or saving links), a message is displayed instead, and the user is assumed to have clicked Cancel on the file selection dialog.",
"property_order": 75,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AllowFileSelectionDialogs"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#allowfileselectiondialogs"
}]
},
"AllowGamesMenu": {
"title": "AllowGamesMenu - Allow users to access the games menu (deprecated)",
"description": "This policy is deprecated because it can be managed using the \"HubsSidebarEnabled\" policy.\n\nIf you enable or don't configure this policy, users can access the games menu.\n\nIf you disable this policy, users won't be able to access the games menu.",
"property_order": 80,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AllowGamesMenu"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#allowgamesmenu"
}]
},
"AllowSurfGame": {
"title": "AllowSurfGame - Allow surf game",
"description": "If you disable this policy, users won't be able to play the surf game when the device is offline or if the user navigates to edge://surf.\n\nIf you enable or don't configure this policy, users can play the surf game.",
"property_order": 85,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AllowSurfGame"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#allowsurfgame"
}]
},
"AllowTrackingForUrls": {
"title": "AllowTrackingForUrls - Configure tracking prevention exceptions for specific sites",
"description": "Configure the list of URL patterns that are excluded from tracking prevention.\n\nIf you configure this policy, the list of configured URL patterns is excluded from tracking prevention.\n\nIf you don't configure this policy, the global default value from the \"Block tracking of users' web-browsing activity\" policy (if set) or the user's personal configuration is used for all sites.",
"property_order": 90,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "AllowTrackingForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#allowtrackingforurls"
}]
},
"AllowWebAuthnWithBrokenTlsCerts": {
"title": "AllowWebAuthnWithBrokenTlsCerts - Allow Web Authentication requests on sites with broken TLS certificates.",
"description": "If you enable this policy, Microsoft Edge will allow Web Authentication requests on websites that have TLS certificates with errors (i.e. websites considered not secure).\n\nIf you disable or don't configure this policy, the default behavior of blocking such requests will apply.",
"property_order": 95,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AllowWebAuthnWithBrokenTlsCerts"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#allowwebauthnwithbrokentlscerts"
}]
},
"AllowedDomainsForApps": {
"title": "AllowedDomainsForApps - Define domains allowed to access Google Workspace",
"description": "Setting the policy on Microsoft Edge turns on the restricted sign-in feature in Google Workspace and prevents users from changing this setting. Users can only access Google tools using accounts from the specified domains. To allow gmail or googlemail accounts, add consumer_accounts to the list of domains. This policy is based on the Chrome policy of the same name.\n\nIf you don't provide a domain name or leave this policy unset, users can access Google Workspace with any account.\n\nUsers cannot change or override this setting.\n\nNote: This policy causes the X-GoogApps-Allowed-Domains header to be appended to all HTTP and HTTPS requests to all google.com domains, as described in https://go.microsoft.com/fwlink/?linkid=2197973.",
"property_order": 100,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "AllowedDomainsForApps"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#alloweddomainsforapps"
}]
},
"AlternateErrorPagesEnabled": {
"title": "AlternateErrorPagesEnabled - Suggest similar pages when a webpage can't be found",
"description": "Allow Microsoft Edge to issue a connection to a web service to generate URL and search suggestions for connectivity issues such as DNS errors.\n\nIf you enable this policy, a web service is used to generate url and search suggestions for network errors.\n\nIf you disable this policy, no calls to the web service are made and a standard error page is shown.\n\nIf you don't configure this policy, Microsoft Edge respects the user preference that's set under Services at edge://settings/privacy.\nSpecifically, there's a **Suggest similar pages when a webpage can't be found** toggle, which the user can switch on or off. Note that if you have enable this policy (AlternateErrorPagesEnabled), the Suggest similar pages when a webpage can't be found setting is turned on, but the user can't change the setting by using the toggle. If you disable this policy, the Suggest similar pages when a webpage can't be found setting is turned off, and the user can't change the setting by using the toggle.",
"property_order": 105,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AlternateErrorPagesEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#alternateerrorpagesenabled"
}]
},
"AlwaysOpenPdfExternally": {
"title": "AlwaysOpenPdfExternally - Always open PDF files externally",
"description": "Disables the internal PDF viewer in Microsoft Edge.\n\nIf you enable this policy Microsoft Edge treats PDF files as downloads and lets users open them with the default application.\n\nIf Microsoft Edge is the default PDF reader, PDF files aren't downloaded and will continue to open in Microsoft Edge.\n\nIf you don't configure this policy or disable it, Microsoft Edge will open PDF files (unless the user disables it).",
"property_order": 110,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AlwaysOpenPdfExternally"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#alwaysopenpdfexternally"
}]
},
"AmbientAuthenticationInPrivateModesEnabled": {
"title": "AmbientAuthenticationInPrivateModesEnabled - Enable Ambient Authentication for InPrivate and Guest profiles",
"description": "Configure this policy to allow/disallow ambient authentication for InPrivate and Guest profiles in Microsoft Edge.\n\nAmbient Authentication is http authentication with default credentials when explicit credentials aren't provided via NTLM/Kerberos/Negotiate challenge/response schemes.\n\nIf you set the policy to 'RegularOnly', it allows ambient authentication for Regular sessions only. InPrivate and Guest sessions won't be allowed to ambiently authenticate.\n\nIf you set the policy to 'InPrivateAndRegular', it allows ambient authentication for InPrivate and Regular sessions. Guest sessions won't be allowed to ambiently authenticate.\n\nIf you set the policy to 'GuestAndRegular', it allows ambient authentication for Guest and Regular sessions. InPrivate sessions won't be allowed to ambiently authenticate\n\nIf you set the policy to 'All', it allows ambient authentication for all sessions.\n\nNote that ambient authentication is always allowed on regular profiles.\n\nIn Microsoft Edge version 81 and later, if the policy is left not set, ambient authentication will be enabled in regular sessions only.\n\nPolicy options mapping:\n\n* RegularOnly (0) = Enable ambient authentication in regular sessions only\n\n* InPrivateAndRegular (1) = Enable ambient authentication in InPrivate and regular sessions\n\n* GuestAndRegular (2) = Enable ambient authentication in guest and regular sessions\n\n* All (3) = Enable ambient authentication in regular, InPrivate and guest sessions\n\nUse the preceding information when configuring this policy.",
"property_order": 115,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["RegularOnly - Enable ambient authentication in regular sessions only", "InPrivateAndRegular - Enable ambient authentication in InPrivate and regular sessions", "GuestAndRegular - Enable ambient authentication in guest and regular sessions", "All - Enable ambient authentication in regular, InPrivate and guest sessions"]
},
"enum": [0, 1, 2, 3]
}
],
"options": {
"infoText": "AmbientAuthenticationInPrivateModesEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#ambientauthenticationinprivatemodesenabled"
}]
},
"AskBeforeCloseEnabled": {
"title": "AskBeforeCloseEnabled - Get user confirmation before closing a browser window with multiple tabs",
"description": "This policy lets you configure whether users see a confirmation dialog before closing a browser window with multiple tabs. This dialog asks users to confirm that the browser window can be closed.\n\nIf you enable this policy, users will be presented with a confirmation dialog when closing a browser window with multiple tabs.\n\nIf you disable or don't configure this policy, a browser window with multiple tabs will close immediately without user confirmation.",
"property_order": 120,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AskBeforeCloseEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#askbeforecloseenabled"
}]
},
"AudioCaptureAllowed": {
"title": "AudioCaptureAllowed - Allow or block audio capture",
"description": "Allows you to set whether a user is prompted to grant a website access to their audio capture device. This policy applies to all URLs except for those configured in the \"AudioCaptureAllowedUrls\" list.\n\nIf you enable this policy or don't configure it (the default setting), the user is prompted for audio capture access except from the URLs in the \"AudioCaptureAllowedUrls\" list. These listed URLs are granted access without prompting.\n\nIf you disable this policy, the user is not prompted, and audio capture is accessible only to the URLs configured in \"AudioCaptureAllowedUrls\".\n\nThis policy affects all types of audio inputs, not only the built-in microphone.",
"property_order": 125,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AudioCaptureAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#audiocaptureallowed"
}]
},
"AudioCaptureAllowedUrls": {
"title": "AudioCaptureAllowedUrls - Sites that can access audio capture devices without requesting permission",
"description": "Specify websites, based on URL patterns, that can use audio capture devices without asking the user for permission. Patterns in this list are matched against the security origin of the requesting URL. If they match, the site is automatically granted access to audio capture devices. Note, however, that the pattern \"*\", which matches any URL, is not supported by this policy.",
"property_order": 130,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "AudioCaptureAllowedUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#audiocaptureallowedurls"
}]
},
"AudioSandboxEnabled": {
"title": "AudioSandboxEnabled - Allow the audio sandbox to run",
"description": "This policy controls the audio process sandbox.\n\nIf you enable this policy, the audio process will run sandboxed.\n\nIf you disable this policy, the audio process will run unsandboxed and the WebRTC audio-processing module will run in the renderer process.\nThis leaves users open to security risks related to running the audio subsystem unsandboxed.\n\nIf you don't configure this policy, the default configuration for the audio sandbox will be used, which might differ based on the platform.\n\nThis policy is intended to give enterprises flexibility to disable the audio sandbox if they use security software setups that interfere with the sandbox.",
"property_order": 135,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AudioSandboxEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#audiosandboxenabled"
}]
},
"AuthNegotiateDelegateAllowlist": {
"title": "AuthNegotiateDelegateAllowlist - Specifies a list of servers that Microsoft Edge can delegate user credentials to",
"description": "Configure the list of servers that Microsoft Edge can delegate to.\n\nSeparate multiple server names with commas. Wildcards (*) are allowed.\n\nIf you don't configure this policy Microsoft Edge won't delegate user credentials even if a server is detected as Intranet.",
"property_order": 140,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "AuthNegotiateDelegateAllowlist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#authnegotiatedelegateallowlist"
}]
},
"AuthSchemes": {
"title": "AuthSchemes - Supported authentication schemes",
"description": "Specifies which HTTP authentication schemes are supported.\n\nYou can configure the policy by using these values: 'basic', 'digest', 'ntlm', and 'negotiate'. Separate multiple values with commas.\n\nNote: All values for this policy are case sensitive.\n\nIf you don't configure this policy, all four schemes are used.",
"property_order": 145,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "AuthSchemes"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#authschemes"
}]
},
"AuthServerAllowlist": {
"title": "AuthServerAllowlist - Configure list of allowed authentication servers",
"description": "Specifies which servers to enable for integrated authentication. Integrated authentication is only enabled when Microsoft Edge receives an authentication challenge from a proxy or from a server in this list.\n\nSeparate multiple server names with commas. Wildcards (*) are allowed.\n\nIf you don't configure this policy, Microsoft Edge tries to detect if a server is on the intranet - only then will it respond to IWA requests. If the server is on the internet, IWA requests from it are ignored by Microsoft Edge.",
"property_order": 150,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "AuthServerAllowlist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#authserverallowlist"
}]
},
"AutoDiscardSleepingTabsEnabled": {
"title": "AutoDiscardSleepingTabsEnabled - Configure auto discard sleeping tabs",
"description": "Setting this policy enables inactive (sleeping) tabs to be automatically discarded after 1.5 days of inactivity. This is done to save memory. When the user switches back to a discarded tab, the tab will need to be reloaded.\n\nIf the \"SleepingTabsEnabled\" policy is enabled, then this feature will be enabled by default.\n\nIf the \"SleepingTabsEnabled\" is disabled, then this feature will be disabled by default and cannot be enabled.\n\nIf enabled, idle background tabs will be discarded after 1.5 days.\n\nIf disabled, idle background tab will not be discarded after 1.5 days. Tabs can still be discarded for other reasons if this policy is disabled.",
"property_order": 155,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AutoDiscardSleepingTabsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autodiscardsleepingtabsenabled"
}]
},
"AutoImportAtFirstRun": {
"title": "AutoImportAtFirstRun - Automatically import another browser's data and settings at first run",
"description": "If you enable this policy, all supported datatypes and settings from the specified browser will be silently and automatically imported at first run. During the First Run Experience, the import section will also be skipped.\n\nThe browser data from Microsoft Edge Legacy will always be silently migrated at the first run, irrespective of the value of this policy.\n\nIf this policy is set to 'FromDefaultBrowser', then the datatypes corresponding to the default browser on the managed device will be imported.\n\nIf the browser specified as the value of this policy is not present in the managed device, Microsoft Edge will simply skip the import without any notification to the user.\n\nIf you set this policy to 'DisabledAutoImport', the import section of the first-run experience is skipped entirely and Microsoft Edge doesn't import browser data and settings automatically.\n\nIf this policy is set to the value of 'FromInternetExplorer', the following datatypes will be imported from Internet Explorer:\n1. Favorites or bookmarks\n2. Saved passwords\n3. Search engines\n4. Browsing history\n5. Home page\n\nIf this policy is set to the value of 'FromGoogleChrome', the following datatypes will be imported from Google Chrome:\n1. Favorites\n2. Saved passwords\n3. Addresses and more\n4. Payment info\n5. Browsing history\n6. Settings\n7. Pinned and Open tabs\n8. Extensions\n9. Cookies\n\nNote: For more details on what is imported from Google Chrome, please see https://go.microsoft.com/fwlink/?linkid=2120835\n\nIf this policy is set to the value of 'FromSafari', user data is no longer imported into Microsoft Edge. This is due to the way Full Disk Access works on Mac.\nOn macOS Mojave and above, it's no longer possible to have automated and unattended import of Safari data into Microsoft Edge.\n\nStarting with Microsoft Edge version 83, if this policy is set to the value of 'FromMozillaFirefox', the following datatypes will be imported from Mozilla Firefox:\n1. Favorites or bookmarks\n2. Saved passwords\n3. Addresses and more\n4. Browsing History\n\nIf you want to restrict specific datatypes from getting imported on the managed devices, you can use this policy with other policies such as \"ImportAutofillFormData\", \"ImportBrowserSettings\", \"ImportFavorites\", and etc.\n\nPolicy options mapping:\n\n* FromDefaultBrowser (0) = Automatically imports all supported datatypes and settings from the default browser\n\n* FromInternetExplorer (1) = Automatically imports all supported datatypes and settings from Internet Explorer\n\n* FromGoogleChrome (2) = Automatically imports all supported datatypes and settings from Google Chrome\n\n* FromSafari (3) = Automatically imports all supported datatypes and settings from Safari\n\n* DisabledAutoImport (4) = Disables automatic import, and the import section of the first-run experience is skipped\n\n* FromMozillaFirefox (5) = Automatically imports all supported datatypes and settings from Mozilla Firefox\n\nUse the preceding information when configuring this policy.",
"property_order": 160,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["FromDefaultBrowser - Automatically imports all supported datatypes and settings from the default browser", "FromInternetExplorer - Automatically imports all supported datatypes and settings from Internet Explorer", "FromGoogleChrome - Automatically imports all supported datatypes and settings from Google Chrome", "FromSafari - Automatically imports all supported datatypes and settings from Safari", "DisabledAutoImport - Disables automatic import, and the import section of the first-run experience is skipped", "FromMozillaFirefox - Automatically imports all supported datatypes and settings from Mozilla Firefox"]
},
"enum": [0, 1, 2, 3, 4, 5]
}
],
"options": {
"infoText": "AutoImportAtFirstRun"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autoimportatfirstrun"
}]
},
"AutoLaunchProtocolsComponentEnabled": {
"title": "AutoLaunchProtocolsComponentEnabled - AutoLaunch Protocols Component Enabled",
"description": "Specifies whether the AutoLaunch Protocols component should be enabled. This component allows Microsoft to provide a list similar to that of the \"AutoLaunchProtocolsFromOrigins\" policy, allowing certain external protocols to launch without prompt or blocking certain protocols (on specified origins). By default, this component is enabled.\n\nIf you enable or don't configure this policy, the AutoLaunch Protocols component is enabled.\n\nIf you disable this policy, the AutoLaunch Protocols component is disabled.",
"property_order": 165,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AutoLaunchProtocolsComponentEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autolaunchprotocolscomponentenabled"
}]
},
"AutoLaunchProtocolsFromOrigins": {
"title": "AutoLaunchProtocolsFromOrigins - not configurable in UI, please craft plist",
"description": "Allows you to set a list of protocols, and for each protocol an associated list of allowed origin patterns, that can launch an external application without prompting the user. The trailing separator should not be included when listing the protocol and the protocol should be all lower case. For example, list \"skype\" instead of \"skype:\", \"skype://\" or \"Skype\".\n\nIf you configure this policy, a protocol will only be permitted to launch an external application without prompting by policy if:\n\n- the protocol is listed\n\n- the origin of the site trying to launch the protocol matches one of the origin patterns in that protocol's allowed_origins list.\n\nIf either condition is false, the external protocol launch prompt will not be omitted by policy.\n\nIf you don't configure this policy, no protocols can launch without a prompt. Users can opt out of prompts on a per-protocol/per-site basis unless the \"ExternalProtocolDialogShowAlwaysOpenCheckbox\" policy is set to Disabled. This policy has no impact on per-protocol/per-site prompt exemptions set by users.\n\nThe origin matching patterns use a similar format to those for the \"URLBlocklist\" policy, which are documented at https://go.microsoft.com/fwlink/?linkid=2095322.\n\nHowever, origin matching patterns for this policy cannot contain \"/path\" or \"@query\" elements. Any pattern that does contain a \"/path\" or \"@query\" element will be ignored.\n\nThis policy does not work as expected with file://* wildcards.",
"property_order": 170,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "AutoLaunchProtocolsFromOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autolaunchprotocolsfromorigins"
}]
},
"AutoOpenAllowedForURLs": {
"title": "AutoOpenAllowedForURLs - URLs where AutoOpenFileTypes can apply",
"description": "A list of URLs to which \"AutoOpenFileTypes\" will apply to. This policy has no impact on automatically open values set by users via the download shelf ... > \"Always open files of this type\" menu entry.\n\nIf you set URLs in this policy, files will only automatically open by policy if the URL is part of this set and the file type is listed in \"AutoOpenFileTypes\". If either condition is false, the download won't automatically open by policy.\n\nIf you don't set this policy, all downloads where the file type is in \"AutoOpenFileTypes\" will automatically open.\n\nA URL pattern has to be formatted according to https://go.microsoft.com/fwlink/?linkid=2095322.\n\nThis policy does not work as expected with file://* wildcards.",
"property_order": 175,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "AutoOpenAllowedForURLs"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autoopenallowedforurls"
}]
},
"AutoOpenFileTypes": {
"title": "AutoOpenFileTypes - List of file types that should be automatically opened on download",
"description": "This policy sets a list of file types that should be automatically opened on download. Note: The leading separator should not be included when listing the file type, so list \"txt\" instead of \".txt\".\n\nBy default, these file types will be automatically opened on all URLs. You can use the \"AutoOpenAllowedForURLs\" policy to restrict the URLs for which these file types will be automatically opened on.\n\nFiles with types that should be automatically opened will still be subject to the enabled Microsoft Defender SmartScreen checks and won't be opened if they fail those checks.\n\nFile types that a user has already specified to automatically be opened will continue to do so when downloaded. The user will continue to be able to specify other file types to be automatically opened.\n\nIf you don't set this policy, only file types that a user has already specified to automatically be opened will do so when downloaded.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory or instances that enrolled for device management.",
"property_order": 180,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "AutoOpenFileTypes"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autoopenfiletypes"
}]
},
"AutoSelectCertificateForUrls": {
"title": "AutoSelectCertificateForUrls - Automatically select client certificates for these sites",
"description": "Setting the policy lets you make a list of URL patterns that specify sites for which Microsoft Edge can automatically select a client certificate. The value is an array of stringified JSON dictionaries, each with the form { \"pattern\": \"$URL_PATTERN\", \"filter\" : $FILTER }, where $URL_PATTERN is a content setting pattern. $FILTER restricts the client certificates the browser automatically selects from. Independent of the filter, only certificates that match the server's certificate request are selected.\n\nExamples for the usage of the $FILTER section:\n\n* When $FILTER is set to { \"ISSUER\": { \"CN\": \"$ISSUER_CN\" } }, only client certificates issued by a certificate with the CommonName $ISSUER_CN are selected.\n\n* When $FILTER contains both the \"ISSUER\" and the \"SUBJECT\" sections, only client certificates that satisfy both conditions are selected.\n\n* When $FILTER contains a \"SUBJECT\" section with the \"O\" value, a certificate needs at least one organization matching the specified value to be selected.\n\n* When $FILTER contains a \"SUBJECT\" section with a \"OU\" value, a certificate needs at least one organizational unit matching the specified value to be selected.\n\n* When $FILTER is set to {}, the selection of client certificates is not additionally restricted. Note that filters provided by the web server still apply.\n\nIf you leave the policy unset, there's no autoselection for any site.",
"property_order": 185,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "AutoSelectCertificateForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autoselectcertificateforurls"
}]
},
"AutofillAddressEnabled": {
"title": "AutofillAddressEnabled - Enable AutoFill for addresses",
"description": "Enables the AutoFill feature and allows users to auto-complete address information in web forms using previously stored information.\n\nIf you disable this policy, AutoFill never suggests or fills in address information, nor does it save additional address information that the user might submit while browsing the web.\n\nIf you enable this policy or don't configure it, users can control AutoFill for addresses in the user interface.\n\nNote that if you disable this policy you also stop all activity for all web forms, except payment and password forms. No further entries are saved, and Microsoft Edge won't suggest or AutoFill any previous entries.",
"property_order": 190,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AutofillAddressEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autofilladdressenabled"
}]
},
"AutofillCreditCardEnabled": {
"title": "AutofillCreditCardEnabled - Enable AutoFill for payment instruments",
"description": "Enables Microsoft Edge's AutoFill feature and lets users auto complete payment instruments like credit or debit cards in web forms using previously stored information. This includes suggesting new payment instruments like Buy Now Pay Later (BNPL) in web forms and Express Checkout.\n\nIf you enable this policy or don't configure it, users can control AutoFill for payment instruments.\n\nIf you disable this policy, AutoFill never suggests, fills, or recommends new payment Instruments. Additionally, it won't save any payment instrument information that users submit while browsing the web.",
"property_order": 195,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AutofillCreditCardEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autofillcreditcardenabled"
}]
},
"AutofillMembershipsEnabled": {
"title": "AutofillMembershipsEnabled - Save and fill memberships",
"description": "This policy lets you decide whether users can have their membership info (for example, program name and membership number) automatically saved and used to fill form fields while using Microsoft Edge. By default, users can choose whether to enable it or not.\n\nIf you enable this policy, users can only have their membership info automatically saved and used to fill form fields while using Microsoft Edge.\n\nIf you don't configure this policy, users can choose whether to have their membership info automatically saved and used to fill form fields while using Microsoft Edge.\n\nIf you disable this policy, users can't have their membership info automatically saved and used to fill form fields while using Microsoft Edge.",
"property_order": 200,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AutofillMembershipsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autofillmembershipsenabled"
}]
},
"AutomaticDownloadsAllowedForUrls": {
"title": "AutomaticDownloadsAllowedForUrls - Allow multiple automatic downloads in quick succession on specific sites",
"description": "Define a list of sites, based on URL patterns, that are allowed to perform multiple successive automatic downloads.\nIf you don't configure this policy, \"DefaultAutomaticDownloadsSetting\" applies for all sites, if it's set. If it isn't set, then the user's personal setting applies.\nFor more detailed information about valid URL patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.",
"property_order": 205,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "AutomaticDownloadsAllowedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#automaticdownloadsallowedforurls"
}]
},
"AutomaticDownloadsBlockedForUrls": {
"title": "AutomaticDownloadsBlockedForUrls - Block multiple automatic downloads in quick succession on specific sites",
"description": "Define a list of sites, based on URL patterns, where multiple successive automatic downloads aren't allowed.\nIf you don't configure this policy, \"DefaultAutomaticDownloadsSetting\" applies for all sites, if it's set. If it isn't set, then the user's personal setting applies.\nFor more detailed information about valid URL patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.",
"property_order": 210,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "AutomaticDownloadsBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#automaticdownloadsblockedforurls"
}]
},
"AutomaticHttpsDefault": {
"title": "AutomaticHttpsDefault - Configure Automatic HTTPS",
"description": "This policy lets you manage settings for \"AutomaticHttpsDefault\", which switches connections from HTTP to HTTPS.\n\nThis feature helps protect against man-in-the-middle attacks by enforcing more secure connections, but users might experience more connection errors.\n\nMicrosoft Edge attempts to upgrade some navigations from HTTP to HTTPS, when possible. This policy can be used to disable this behavior. If set to \"AlwaysUpgrade\" or left unset, this feature will be enabled by default.\n\nThe separate HttpAllowlist policy can be used to exempt specific hostnames or hostname patterns from being upgraded to HTTPS by this feature.\n\nStarting in Microsoft Edge 111, \"UpgradePossibleDomains\" is deprecated and is treated the same as \"DisableAutomaticHttps\". It won't work in Microsoft Edge version 114.\n\nPolicy options mapping:\n\n* DisableAutomaticHttps (0) = Automatic HTTPS functionality is disabled.\n\n* UpgradeCapableDomains (1) = (Deprecated) Navigations delivered over HTTP are switched to HTTPS, only on domains likely to support HTTPS.\n\n* AlwaysUpgrade (2) = All navigations delivered over HTTP are switched to HTTPS. Connection errors might occur more often.\n\nUse the preceding information when configuring this policy.",
"property_order": 215,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["DisableAutomaticHttps - Automatic HTTPS functionality is disabled.", "UpgradeCapableDomains - (Deprecated) Navigations delivered over HTTP are switched to HTTPS, only on domains likely to support HTTPS.", "AlwaysUpgrade - All navigations delivered over HTTP are switched to HTTPS. Connection errors might occur more often."]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "AutomaticHttpsDefault"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#automatichttpsdefault"
}]
},
"AutomaticProfileSwitchingSiteList": {
"title": "AutomaticProfileSwitchingSiteList - not configurable in UI, please craft plist",
"description": "Set this policy to control which profiles Microsoft Edge will use to open sites in. Switching configurations for sites listed in this policy take precedence over other heuristics Microsoft Edge uses for switching sites but note that sites not listed on this policy are still subject to switching by those heuristics. If this policy is not configured, Microsoft Edge will continue using its heuristics to automatically switch sites.\n\nThis policy maps a URL hostname to a profile that it should be opened in.\n\nThe 'site' field should take the form of a URL hostname.\n\nThe 'profile' field can take one of the following values:\n- 'Work': The most recently used Microsoft Entra signed-in profile will be used to open 'site'.\n- 'Personal': The most recently used MSA signed-in profile will be used to open 'site'.\n- 'No preference': The currently used profile will be used to open 'site'.\n- Wildcard email address: This takes the form of '*@contoso.com'. A profile whose username ends with the contents following the '*' will be used to open 'site'.",
"property_order": 220,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "AutomaticProfileSwitchingSiteList"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#automaticprofileswitchingsitelist"
}]
},
"AutoplayAllowed": {
"title": "AutoplayAllowed - Allow media autoplay for websites",
"description": "This policy sets the media autoplay policy for websites.\n\nThe default setting, \"Not configured\" respects the current media autoplay settings and lets users configure their autoplay settings.\n\nSetting to \"Enabled\" sets media autoplay to \"Allow\". All websites are allowed to autoplay media. Users can't override this policy.\n\nSetting to \"Disabled\" sets media autoplay to \"Limit\". This limits websites that are allowed to autoplay media to webpages with high media engagement and active WebRTC streams. Prior to Microsoft Edge version 92, this would set media autoplay to \"Block\". Users can't override this policy.\n\nA tab will need to be closed and re-opened for this policy to take effect.",
"property_order": 225,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "AutoplayAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autoplayallowed"
}]
},
"AutoplayAllowlist": {
"title": "AutoplayAllowlist - Allow media autoplay on specific sites",
"description": "Define a list of sites, based on URL patterns, that are allowed to autoplay media.\n\nIf you don't configure this policy, the global default value from the \"AutoplayAllowed\" policy (if set) or the user's personal configuration is used for all sites.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.\n\nNote: * is not an accepted value for this policy.",
"property_order": 230,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "AutoplayAllowlist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#autoplayallowlist"
}]
},
"BackgroundTemplateListUpdatesEnabled": {
"title": "BackgroundTemplateListUpdatesEnabled - Enables background updates to the list of available templates for Collections and other features that use templates (deprecated)",
"description": "This policy is deprecated because we are moving to a new policy. It won't work in Microsoft Edge as soon as version 104. The new policy to use is \"EdgeAssetDeliveryServiceEnabled\".\n\nLets you enable or disable background updates to the list of available templates for Collections and other features that use templates. Templates are used to extract rich metadata from a webpage when the page is saved to a collection.\n\nIf you enable this setting or the setting is unconfigured, the list of available templates will be downloaded in the background from a Microsoft service every 24 hours.\n\nIf you disable this setting the list of available templates will be downloaded on demand. This type of download might result in small performance penalties for Collections and other features.",
"property_order": 235,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "BackgroundTemplateListUpdatesEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#backgroundtemplatelistupdatesenabled"
}]
},
"BasicAuthOverHttpEnabled": {
"title": "BasicAuthOverHttpEnabled - Allow Basic authentication for HTTP",
"description": "If you enable this policy or leave it unset, Basic authentication challenges received over non-secure HTTP will be allowed.\n\nIf you disable this policy, non-secure HTTP requests from the Basic authentication scheme are blocked, and only secure HTTPS is allowed.\n\nThis policy setting is ignored (and Basic is always forbidden) if the \"AuthSchemes\" policy is set and does not include Basic.",
"property_order": 240,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "BasicAuthOverHttpEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#basicauthoverhttpenabled"
}]
},
"BingAdsSuppression": {
"title": "BingAdsSuppression - Block all ads on Bing search results",
"description": "Enables an ad-free search experience on Bing.com\n\nIf you enable this policy, then a user can search on bing.com and have an ad-free search experience. At the same time, the SafeSearch setting will be set to 'Strict' and can't be changed by the user.\n\nIf you don't configure this policy, then the default experience will have ads in the search results on bing.com. SafeSearch will be set to 'Moderate' by default and can be changed by the user.\n\nThis policy is only available for K-12 SKUs that are identified as EDU tenants by Microsoft.\n\nPlease refer to https://go.microsoft.com/fwlink/?linkid=2119711 to learn more about this policy or if the following scenarios apply to you:\n\n* You have an EDU tenant, but the policy doesn't work.\n\n* You had your IP allowlisted for having an ad free search experience.\n\n* You were experiencing an ad-free search experience on Microsoft Edge Legacy and want to upgrade to the new version of Microsoft Edge.",
"property_order": 245,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "BingAdsSuppression"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#bingadssuppression"
}]
},
"BlockExternalExtensions": {
"title": "BlockExternalExtensions - Blocks external extensions from being installed",
"description": "Control the installation of external extensions.\n\nIf you enable this setting, external extensions are blocked from being installed.\n\nIf you disable this setting or leave it unset, external extensions are allowed to be installed.\n\nExternal extensions and their installation are documented at [Alternate extension distribution methods](/microsoft-edge/extensions-chromium/developer-guide/alternate-distribution-options).",
"property_order": 250,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "BlockExternalExtensions"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#blockexternalextensions"
}]
},
"BlockThirdPartyCookies": {
"title": "BlockThirdPartyCookies - Block third party cookies",
"description": "Block web page elements that aren't from the domain that's in the address bar from setting cookies.\n\nIf you enable this policy, web page elements that are not from the domain that is in the address bar can't set cookies\n\nIf you disable this policy, web page elements from domains other than in the address bar can set cookies.\n\nIf you don't configure this policy, third-party cookies are enabled but users can change this setting.",
"property_order": 255,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "BlockThirdPartyCookies"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#blockthirdpartycookies"
}]
},
"BlockTruncatedCookies": {
"title": "BlockTruncatedCookies - Block truncated cookies",
"description": "This policy provides a temporary opt-out for changes to how Microsoft Edge handles cookies set via JavaScript that contain certain control characters (NULL, carriage return, and line feed).\nPreviously, the presence of any of these characters in a cookie string would cause it to be truncated but still set.\nNow, the presence of these characters will cause the whole cookie string to be ignored.\n\nIf you enable or don't configure this policy, the new behavior is enabled.\n\nIf you disable this policy, the old behavior is enabled.",
"property_order": 260,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "BlockTruncatedCookies"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#blocktruncatedcookies"
}]
},
"FavoritesBarEnabled": {
"title": "FavoritesBarEnabled - Enable favorites bar",
"description": "Enables or disables the favorites bar.\n\nIf you enable this policy, users will see the favorites bar.\n\nIf you disable this policy, users won't see the favorites bar.\n\nIf this policy is not configured, then the user can decide to use the favorites bar or not.",
"property_order": 265,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "FavoritesBarEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#favoritesbarenabled"
}]
},
"BrowserAddProfileEnabled": {
"title": "BrowserAddProfileEnabled - Enable profile creation from the Identity flyout menu or the Settings page",
"description": "Allows users to create new profiles, using the **Add profile** option.\nIf you enable this policy or don't configure it, Microsoft Edge allows users to use **Add profile** on the Identity flyout menu or the Settings page to create new profiles.\n\nIf you disable this policy, users cannot add new profiles from the Identity flyout menu or the Settings page.",
"property_order": 270,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "BrowserAddProfileEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#browseraddprofileenabled"
}]
},
"BrowserGuestModeEnabled": {
"title": "BrowserGuestModeEnabled - Enable guest mode",
"description": "Enable the option to allow the use of guest profiles in Microsoft Edge. In a guest profile, the browser doesn't import browsing data from existing profiles, and it deletes browsing data when all guest profiles are closed.\n\nIf you enable this policy or don't configure it, Microsoft Edge lets users browse in guest profiles.\n\nIf you disable this policy, Microsoft Edge doesn't let users browse in guest profiles.",
"property_order": 275,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "BrowserGuestModeEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#browserguestmodeenabled"
}]
},
"BrowserNetworkTimeQueriesEnabled": {
"title": "BrowserNetworkTimeQueriesEnabled - Allow queries to a Browser Network Time service",
"description": "Prevents Microsoft Edge from occasionally sending queries to a browser network time service to retrieve an accurate timestamp.\n\nIf you disable this policy, Microsoft Edge will stop sending queries to a browser network time service.\n\nIf you enable this policy or don't configure it, Microsoft Edge will occasionally send queries to a browser network time service.",
"property_order": 280,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "BrowserNetworkTimeQueriesEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#browsernetworktimequeriesenabled"
}]
},
"BrowserSignin": {
"title": "BrowserSignin - Browser sign-in settings",
"description": "Specify whether a user can sign into Microsoft Edge with their account and use account-related services like sync and single sign on. To control the availability of sync, use the \"SyncDisabled\" policy instead.\n\nIf you set this policy to 'Disable', make sure that you also set the \"NonRemovableProfileEnabled\" policy to disabled because \"NonRemovableProfileEnabled\" disables the creation of an automatically signed in browser profile. If both policies are set, Microsoft Edge will use the 'Disable browser sign-in' policy and behave as if \"NonRemovableProfileEnabled\" is set to disabled.\n\nIf you set this policy to 'Enable', users can sign into the browser. Signing into the browser doesn't mean that sync is turned on by default; the user must separately opt-in to use this feature.\n\nIf you set this policy to 'Force', users must sign into a profile to use the browser. By default, this will allow the user to choose whether they want to sync to their account, unless sync is disabled by the domain admin or with the \"SyncDisabled\" policy. The default value of \"BrowserGuestModeEnabled\" policy is set to false.\n\nIf you don't configure this policy users can decide if they want to enable the browser sign-in option and use it as they see fit.\n\nPolicy options mapping:\n\n* Disable (0) = Disable browser sign-in\n\n* Enable (1) = Enable browser sign-in\n\n* Force (2) = Force users to sign-in to use the browser (all profiles)\n\nUse the preceding information when configuring this policy.",
"property_order": 285,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["Disable - Disable browser sign-in", "Enable - Enable browser sign-in", "Force - Force users to sign-in to use the browser (all profiles)"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "BrowserSignin"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#browsersignin"
}]
},
"BrowsingDataLifetime": {
"title": "BrowsingDataLifetime - not configurable in UI, please craft plist",
"description": "Configures browsing data lifetime settings for Microsoft Edge.\nThis policy controls the lifetime of selected browsing data. This policy has no effect if Sync is enabled.\nThe available data types are the 'browsing_history', 'download_history', 'cookies_and_other_site_data', 'cached_images_and_files', 'password_signin', 'autofill', 'site_settings' and 'hosted_app_data'.\nMicrosoft Edge will regularly remove data of selected types that is older than 'time_to_live_in_hours'. The deletion of expired data will happen 15 seconds after the browser starts then every hour while the browser is running.",
"property_order": 290,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "BrowsingDataLifetime"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#browsingdatalifetime"
}]
},
"BuiltInDnsClientEnabled": {
"title": "BuiltInDnsClientEnabled - Use built-in DNS client",
"description": "Controls whether to use the built-in DNS client.\n\nThis policy controls which software stack is used to communicate with the DNS server: the operating system DNS client, or Microsoft Edge's built-in DNS client. This policy does not affect which DNS servers are used: if, for example, the operating system is configured to use an enterprise DNS server, that same server would be used by the built-in DNS client. It also does not control if DNS-over-HTTPS is used; Microsoft Edge always uses the built-in resolver for DNS-over-HTTPS requests. Please see the \"DnsOverHttpsMode\" policy for information on controlling DNS-over-HTTPS.\n\nIf you enable this policy or you don't configure this policy, the built-in DNS client is used.\n\nIf you disable this policy, the built-in DNS client is only used when DNS-over-HTTPS is in use.",
"property_order": 295,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "BuiltInDnsClientEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#builtindnsclientenabled"
}]
},
"CORSNonWildcardRequestHeadersSupport": {
"title": "CORSNonWildcardRequestHeadersSupport - CORS non-wildcard request header support enabled",
"description": "This policy lets you configure support of CORS non-wildcard request headers.\n\nMicrosoft Edge version 97 introduces support for CORS non-wildcard request headers. When a script makes a cross-origin network request via fetch() and XMLHttpRequest with a script-added Authorization header, the header must be explicitly allowed by the Access-Control-Allow-Headers header in the CORS preflight response. \"Explicitly\" here means that the wild card symbol \"*\" doesn't cover the Authorization header. See https://go.microsoft.com/fwlink/?linkid=2180022 for more detail.\n\nIf you enable or don't configure the policy, Microsoft Edge will support the CORS non-wildcard request headers and behave as previously described.\n\nIf you disable this policy, Microsoft Edge will allow the wildcard symbol (\"*\") in the Access-Control-Allow-Headers header in the CORS preflight response to cover the Authorization header.\n\nThis policy is a temporary workaround for the new CORS non-wildcard request header feature. It's intended to be removed in the future.",
"property_order": 300,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "CORSNonWildcardRequestHeadersSupport"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#corsnonwildcardrequestheaderssupport"
}]
},
"CSSCustomStateDeprecatedSyntaxEnabled": {
"title": "CSSCustomStateDeprecatedSyntaxEnabled - Controls whether the deprecated :--foo syntax for CSS custom state is enabled",
"description": "The :--foo syntax for the CSS custom state feature is being changed to :state(foo) in Microsoft Edge in order to comply with changes that have been made in Firefox and Safari. This policy lets the deprecated syntax to be used until Stable 133.\n\nThis deprecation might break some Microsoft Edge-only websites that use the deprecated :--foo syntax.\n\nIf you enable this policy, the deprecated syntax will be enabled.\n\nIf you disable this policy or don't set it, the deprecated syntax will be disabled.",
"property_order": 305,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "CSSCustomStateDeprecatedSyntaxEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#csscustomstatedeprecatedsyntaxenabled"
}]
},
"CertificateTransparencyEnforcementDisabledForCas": {
"title": "CertificateTransparencyEnforcementDisabledForCas - Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes",
"description": "Disables enforcement of Certificate Transparency requirements for a list of subjectPublicKeyInfo hashes.\n\nThis policy lets you disable Certificate Transparency disclosure requirements for certificate chains that contain certificates with one of the specified subjectPublicKeyInfo hashes. This allows certificates that would otherwise be untrusted because they were not properly publicly disclosed to still be used for Enterprise hosts.\n\nTo disable Certificate Transparency enforcement when this policy is set, one of the following sets of conditions must be met:\n1. The hash is of the server certificate's subjectPublicKeyInfo.\n2. The hash is of a subjectPublicKeyInfo that appears in a CA certificate in the certificate chain, that CA certificate is constrained via the X.509v3 nameConstraints extension, one or more directoryName nameConstraints are present in the permittedSubtrees, and the directoryName contains an organizationName attribute.\n3. The hash is of a subjectPublicKeyInfo that appears in a CA certificate in the certificate chain, the CA certificate has one or more organizationName attributes in the certificate Subject, and the server's certificate contains the same number of organizationName attributes, in the same order, and with byte-for-byte identical values.\n\nA subjectPublicKeyInfo hash is specified by concatenating the hash algorithm name, the \"/\" character, and the Base64 encoding of that hash algorithm applied to the DER-encoded subjectPublicKeyInfo of the specified certificate. This Base64 encoding is the same format as an SPKI Fingerprint, as defined in RFC 7469, Section 2.4. Unrecognized hash algorithms are ignored. The only supported hash algorithm at this time is \"sha256\".\n\nIf you disable this policy or don't configure it, any certificate that's required to be disclosed via Certificate Transparency will be treated as untrusted if it's not disclosed according to the Certificate Transparency policy.",
"property_order": 310,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "CertificateTransparencyEnforcementDisabledForCas"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#certificatetransparencyenforcementdisabledforcas"
}]
},
"CertificateTransparencyEnforcementDisabledForLegacyCas": {
"title": "CertificateTransparencyEnforcementDisabledForLegacyCas - Disable Certificate Transparency enforcement for a list of legacy certificate authorities",
"description": "Disables enforcing Certificate Transparency requirements for a list of legacy certificate authorities (Cas).\n\nThis policy lets you disable Certificate Transparency disclosure requirements for certificate chains that contain certificates with one of the specified subjectPublicKeyInfo hashes. This allows certificates that would otherwise be untrusted because they were not properly publicly disclosed, continue to be used for enterprise hosts.\n\nIn order for Certificate Transparency enforcement to be disabled, you must set the hash to a subjectPublicKeyInfo appearing in a CA certificate that is recognized as a legacy certificate authority (CA). A legacy CA is a CA that has been publicly trusted by default by one or more operating systems supported by Microsoft Edge.\n\nYou specify a subjectPublicKeyInfo hash by concatenating the hash algorithm name, the \"/\" character, and the Base64 encoding of that hash algorithm applied to the DER-encoded subjectPublicKeyInfo of the specified certificate. This Base64 encoding is the same format as an SPKI Fingerprint, as defined in RFC 7469, Section 2.4. Unrecognized hash algorithms are ignored. The only supported hash algorithm at this time is \"sha256\".\n\nIf you don't configure this policy, any certificate that's required to be disclosed via Certificate Transparency will be treated as untrusted if it isn't disclosed according to the Certificate Transparency policy.",
"property_order": 315,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "CertificateTransparencyEnforcementDisabledForLegacyCas"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#certificatetransparencyenforcementdisabledforlegacycas"
}]
},
"CertificateTransparencyEnforcementDisabledForUrls": {
"title": "CertificateTransparencyEnforcementDisabledForUrls - Disable Certificate Transparency enforcement for specific URLs",
"description": "Disables enforcing Certificate Transparency requirements for the listed URLs.\n\nThis policy lets you not disclose certificates for the hostnames in the specified URLs via Certificate Transparency. This lets you use certificates that would otherwise be untrusted, because they weren't properly publicly disclosed, but it makes it harder to detect mis-issued certificates for those hosts.\n\nForm your URL pattern according to https://go.microsoft.com/fwlink/?linkid=2095322. Because certificates are valid for a given hostname, independent of the scheme, port, or path, only the hostname part of the URL is considered. Wildcard hosts are not supported.\n\nIf you don't configure this policy, any certificate that should be disclosed via Certificate Transparency is treated as untrusted if it's not disclosed.\n\nThis policy does not work as expected with file://* wildcards.",
"property_order": 320,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "CertificateTransparencyEnforcementDisabledForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#certificatetransparencyenforcementdisabledforurls"
}]
},
"ClearBrowsingDataOnExit": {
"title": "ClearBrowsingDataOnExit - Clear browsing data when Microsoft Edge closes",
"description": "Microsoft Edge doesn't clear the browsing data by default when it closes. Browsing data includes information entered in forms, passwords, and even the websites visited.\n\nIf you enable this policy, all browsing data is deleted each time Microsoft Edge closes. Note that if you enable this policy, it takes precedence over how you configured \"DefaultCookiesSetting\"\n\nIf you disable or don't configure this policy, users can configure the Clear browsing data option in Settings.\n\nIf you enable this policy, don't configure the \"AllowDeletingBrowserHistory\" or the \"ClearCachedImagesAndFilesOnExit\" policy, because they all deal with deleting browsing data. If you configure the preceding policies and this policy, all browsing data is deleted when Microsoft Edge closes, regardless of how you configured \"AllowDeletingBrowserHistory\" or \"ClearCachedImagesAndFilesOnExit\".\n\nTo exclude cookies from being deleted on exit, configure the \"SaveCookiesOnExit\" policy.\nTo exclude passwords from being deleted on exit, configure the \"PasswordDeleteOnBrowserCloseEnabled\" policy.",
"property_order": 325,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ClearBrowsingDataOnExit"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#clearbrowsingdataonexit"
}]
},
"ClearCachedImagesAndFilesOnExit": {
"title": "ClearCachedImagesAndFilesOnExit - Clear cached images and files when Microsoft Edge closes",
"description": "Microsoft Edge doesn't clear cached images and files by default when it closes.\n\nIf you enable this policy, cached images and files will be deleted each time Microsoft Edge closes.\n\nIf you disable this policy, users cannot configure the cached images and files option in edge://settings/clearBrowsingDataOnClose.\n\nIf you don't configure this policy, users can choose whether cached images and files are cleared on exit.\n\nIf you disable this policy, don't enable the \"ClearBrowsingDataOnExit\" policy, because they both deal with deleting data. If you configure both, the \"ClearBrowsingDataOnExit\" policy takes precedence and deletes all data when Microsoft Edge closes, regardless of how you configured \"ClearCachedImagesAndFilesOnExit\".",
"property_order": 330,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ClearCachedImagesAndFilesOnExit"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#clearcachedimagesandfilesonexit"
}]
},
"ClipboardAllowedForUrls": {
"title": "ClipboardAllowedForUrls - Allow clipboard use on specific sites",
"description": "Configure the list of URL patterns that specify which sites can use the clipboard site permission.\n\nSetting the policy lets you create a list of URL patterns that specify which sites can use the clipboard site permission. This doesn't include all clipboard operations on origins that match the patterns. For example, users will still be able to paste using keyboard shortcuts because this isn't controlled by the clipboard site permission.\n\nLeaving the policy unset means \"DefaultClipboardSetting\" applies for all sites if it's set. If it isn't set, the user's personal setting applies.\n\nFor more information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards, *, are allowed.",
"property_order": 335,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ClipboardAllowedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#clipboardallowedforurls"
}]
},
"ClipboardBlockedForUrls": {
"title": "ClipboardBlockedForUrls - Block clipboard use on specific sites",
"description": "Configure the list of URL patterns that specify which sites can use the clipboard site permission.\n\nSetting the policy lets you create a list of URL patterns that specify sites that can't use the clipboard site permission. This doesn't include all clipboard operations on origins that match the patterns. For example, users will still be able to paste using keyboard shortcuts because this isn't controlled by the clipboard site permission.\n\nLeaving the policy unset means \"DefaultClipboardSetting\" applies for all sites if it's set. If it isn't set, the user's personal setting applies.\n\nFor more information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards, *, are allowed.",
"property_order": 340,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ClipboardBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#clipboardblockedforurls"
}]
},
"EdgeManagementPolicyOverridesPlatformPolicy": {
"title": "EdgeManagementPolicyOverridesPlatformPolicy - Microsoft Edge management service policy overrides platform policy.",
"description": "If you enable this policy, the cloud-based Microsoft Edge management service policy takes precedence if it conflicts with platform policy.\n\nIf you disable or don't configure this policy, platform policy takes precedence if it conflicts with the cloud-based Microsoft Edge management service policy.\n\nThis mandatory policy affects machine scope cloud-based Microsoft Edge management policies.\n\nMachine policies apply to all edge browser instances regardless of the user who is logged in.",
"property_order": 345,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeManagementPolicyOverridesPlatformPolicy"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgemanagementpolicyoverridesplatformpolicy"
}]
},
"EdgeManagementUserPolicyOverridesCloudMachinePolicy": {
"title": "EdgeManagementUserPolicyOverridesCloudMachinePolicy - Allow cloud-based Microsoft Edge management service user policies to override local user policies.",
"description": "If you enable this policy, cloud-based Microsoft Edge management service user policies takes precedence if it conflicts with local user policy.\n\nIf you disable or don't configure this policy, Microsoft Edge management service user policies will take precedence.\n\nThe policy can be combined with \"EdgeManagementPolicyOverridesPlatformPolicy\". If both policies are enabled, all cloud-based Microsoft Edge management service policies will take precedence over conflicting local service policies.",
"property_order": 350,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeManagementUserPolicyOverridesCloudMachinePolicy"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgemanagementuserpolicyoverridescloudmachinepolicy"
}]
},
"CollectionsServicesAndExportsBlockList": {
"title": "CollectionsServicesAndExportsBlockList - Block access to a specified list of services and export targets in Collections",
"description": "List specific services and export targets that users can't access in the Collections feature in Microsoft Edge. This includes displaying additional data from Bing and exporting collections to Microsoft products or external partners.\n\nIf you enable this policy, services and export targets that match the given list are blocked.\n\nIf you don't configure this policy, no restrictions on the acceptable services and export targets are enforced.\n\nPolicy options mapping:\n\n* pinterest_suggestions (pinterest_suggestions) = Pinterest suggestions\n\n* collections_share (collections_share) = Sharing of Collections\n\n* local_pdf (local_pdf) = Save local PDFs in Collections to OneDrive\n\n* send_word (send_word) = Send collection to Microsoft Word\n\n* send_excel (send_excel) = Send collection to Microsoft Excel\n\n* send_onenote (send_onenote) = Send collection to Microsoft OneNote\n\n* send_pinterest (send_pinterest) = Send collection to Pinterest\n\nUse the preceding information when configuring this policy.",
"property_order": 355,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "CollectionsServicesAndExportsBlockList"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#collectionsservicesandexportsblocklist"
}]
},
"CommandLineFlagSecurityWarningsEnabled": {
"title": "CommandLineFlagSecurityWarningsEnabled - Enable security warnings for command-line flags",
"description": "If disabled, this policy prevents security warnings from appearing when Microsoft Edge is launched with potentially dangerous command-line flags.\n\nIf enabled or unset, security warnings are displayed when these command-line flags are used to launch Microsoft Edge.\n\nFor example, the --disable-gpu-sandbox flag generates this warning: You're using an unsupported command-line flag: --disable-gpu-sandbox. This poses stability and security risks.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.",
"property_order": 360,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "CommandLineFlagSecurityWarningsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#commandlineflagsecuritywarningsenabled"
}]
},
"ComponentUpdatesEnabled": {
"title": "ComponentUpdatesEnabled - Enable component updates in Microsoft Edge",
"description": "If you enable or don't configure this policy, component updates are enabled in Microsoft Edge.\n\nIf you disable this policy or set it to false, component updates are disabled for all components in Microsoft Edge.\n\nHowever, some components are exempt from this policy. This includes any component that doesn't contain executable code, that doesn't significantly alter the behavior of the browser, or that's critical for security. That is, updates that are deemed \"critical for security\" are still applied even if you disable this policy.\n\nExamples of such components include the certificate revocation lists and security lists like tracking prevention lists.\n\nPlease note that disabling this policy can potentially prevent the Microsoft Edge developers from providing critical security fixes in a timely manner and is thus not recommended.",
"property_order": 365,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ComponentUpdatesEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#componentupdatesenabled"
}]
},
"ComposeInlineEnabled": {
"title": "ComposeInlineEnabled - Compose is enabled for writing on the web",
"description": "This policy lets you configure Compose in Microsoft Edge. Compose provides help for writing with AI-generated text, which lets the user get ideas for writing. This includes elaborating on text, re-writing, changing tone, formatting the text, and more.\n\nIf you enable or don't configure this policy, Compose can provide text generation for eligible fields, which are text editable and don't have an autocomplete attribute.\n\nIf you disable this policy, Compose will not be able to provide text generation for eligible fields. Compose will still be available for prompt-based text generation through the sidebar and must be managed with either \"EdgeDiscoverEnabled\" policy or \"HubsSidebarEnabled\" policy.",
"property_order": 370,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ComposeInlineEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#composeinlineenabled"
}]
},
"CompressionDictionaryTransportEnabled": {
"title": "CompressionDictionaryTransportEnabled - Enable compression dictionary transport support",
"description": "This feature enables the use of dictionary-specific content encodings in the Accept-Encoding request header (\"sbr\" and \"zst-d\") when dictionaries are available for use.\n\nIf you enable this policy or don't configure it, Microsoft Edge will accept web contents using the compression dictionary transport feature.\n\nIf you disable this policy, Microsoft Edge will turn off the compression dictionary transport feature.",
"property_order": 375,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "CompressionDictionaryTransportEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#compressiondictionarytransportenabled"
}]
},
"ConfigureDoNotTrack": {
"title": "ConfigureDoNotTrack - Configure Do Not Track",
"description": "Specify whether to send Do Not Track requests to websites that ask for tracking info. Do Not Track requests let the websites you visit know that you don't want your browsing activity to be tracked. By default, Microsoft Edge doesn't send Do Not Track requests, but users can turn on this feature to send them.\n\nIf you enable this policy, Do Not Track requests are always sent to websites asking for tracking info.\n\nIf you disable this policy, requests are never sent.\n\nIf you don't configure this policy, users can choose whether to send these requests.",
"property_order": 380,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ConfigureDoNotTrack"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#configuredonottrack"
}]
},
"ConfigureFriendlyURLFormat": {
"title": "ConfigureFriendlyURLFormat - Configure the default paste format of URLs copied from Microsoft Edge, and determine if additional formats will be available to users",
"description": "If FriendlyURLs are enabled, Microsoft Edge will compute additional representations of the URL and place them on the clipboard.\n\nThis policy configures what format will be pasted when the user pastes in external applications, or inside Microsoft Edge without the 'Paste as' context menu item.\n\nIf configured, this policy makes a choice on behalf of the user. The options in edge://settings/shareCopyPaste will be grayed out, and the options in the 'Paste As' context menu will not be available.\n\n* Not configured = The user will be able to choose their preferred paste format. By default, this is set to the friendly URL format. The 'Paste As' menu will be available in Microsoft Edge.\n\n* 1 = No additional formats will be stored on the clipboard. There will be no 'Paste as' context menu item in Microsoft Edge and the only format available to paste will be the plain text URL format. Effectively, the friendly URL feature will be disabled.\n\n* 3 = The user will get a friendly URL whenever they paste into surfaces that accept rich text. The plain URL will still be available for non-rich surfaces. There will be no 'Paste As' menu in Microsoft Edge.\n\n* 4 = (Not currently used)\n\nThe richer formats may not be well-supported in some paste destinations and/or websites. In these scenarios, the plain URL option is recommended when configuring this policy.\n\nThe recommended policy is available in Microsoft Edge 105 or later.\n\nPolicy options mapping:\n\n* PlainText (1) = The plain URL without any extra information, such as the page's title. This is the recommended option when this policy is configured. For more information, see the description.\n\n* TitledHyperlink (3) = Titled Hyperlink: A hyperlink that points to the copied URL, but whose visible text is the title of the destination page. This is the Friendly URL format.\n\n* WebPreview (4) = Coming soon. If set, behaves the same as 'Plain URL'.\n\nUse the preceding information when configuring this policy.",
"property_order": 385,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["PlainText - The plain URL without any extra information, such as the page's title. This is the recommended option when this policy is configured. For more information, see the description.", "TitledHyperlink - Titled Hyperlink: A hyperlink that points to the copied URL, but whose visible text is the title of the destination page. This is the Friendly URL format.", "WebPreview - Coming soon. If set, behaves the same as 'Plain URL'."]
},
"enum": [1, 3, 4]
}
],
"options": {
"infoText": "ConfigureFriendlyURLFormat"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#configurefriendlyurlformat"
}]
},
"ConfigureOnlineTextToSpeech": {
"title": "ConfigureOnlineTextToSpeech - Configure Online Text To Speech",
"description": "Set whether the browser can leverage Online Text to Speech voice fonts, part of Azure Cognitive Services. These voice fonts are higher quality than the pre-installed system voice fonts.\n\nIf you enable or don't configure this policy, web-based applications that use the SpeechSynthesis API can use Online Text to Speech voice fonts.\n\nIf you disable this policy, the voice fonts aren't available.\n\nRead more about this feature here:\nSpeechSynthesis API: https://go.microsoft.com/fwlink/?linkid=2110038\nCognitive Services: https://go.microsoft.com/fwlink/?linkid=2110141",
"property_order": 390,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ConfigureOnlineTextToSpeech"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#configureonlinetexttospeech"
}]
},
"ConfigureShare": {
"title": "ConfigureShare - Configure the Share experience",
"description": "If you set this policy to 'ShareAllowed' (the default), users will be able to access the Share experience from the Settings and More Menu in Microsoft Edge to share with other apps on the system.\n\nIf you set this policy to 'ShareDisallowed', users won't be able to access the Share experience. If the Share button is on the toolbar, it will also be hidden.\n\nPolicy options mapping:\n\n* ShareAllowed (0) = Allow using the Share experience\n\n* ShareDisallowed (1) = Don't allow using the Share experience\n\nUse the preceding information when configuring this policy.",
"property_order": 395,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["ShareAllowed - Allow using the Share experience", "ShareDisallowed - Don't allow using the Share experience"]
},
"enum": [0, 1]
}
],
"options": {
"infoText": "ConfigureShare"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#configureshare"
}]
},
"ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled": {
"title": "ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled - Configure default state of Allow extensions from other stores setting",
"description": "This policy allows you to control the default state of the Allow extensions from other stores setting.\nThis policy can't be used to stop installation of extensions from other stores such as Chrome Web Store.\nTo stop installation of extensions from other stores, use the Extension Settings policy: https://go.microsoft.com/fwlink/?linkid=2187098.\n\nWhen enabled, Allow extensions from other stores will be turned on. So, users won't have to turn on the flag manually\nwhile installing extensions from other supported stores such as Chrome Web Store. However a user can override this setting.\nIf the user has already turned on the setting and then turned it off, this setting may not work.\nIf the Admin first sets the policy as Enabled, but then changes it to not configured or disabled, it will have no impact on\nuser settings and the setting will remain as it is.\n\nWhen disabled or not configured, the user can manage the Allow extensions from other store setting.",
"property_order": 400,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#controldefaultstateofallowextensionfromotherstoressettingenabled"
}]
},
"CookiesAllowedForUrls": {
"title": "CookiesAllowedForUrls - Allow cookies on specific sites",
"description": "Define a list of sites, based on URL patterns, that are allowed to set cookies.\n\nIf you don't configure this policy, the global default value from the \"DefaultCookiesSetting\" policy (if set) or the user's personal configuration is used for all sites.\n\nSee the \"CookiesBlockedForUrls\" and \"CookiesSessionOnlyForUrls\" policies for more information.\n\nNote there cannot be conflicting URL patterns set between these three policies:\n\n- \"CookiesBlockedForUrls\"\n\n- CookiesAllowedForUrls\n\n- \"CookiesSessionOnlyForUrls\"\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.\n\nTo allow third-party cookies to be set, specify a pair of URL patterns delimited by a comma. The first value in the pair specifies the third-party site that should be allowed to use cookies. The second value in the pair specifies the top-level site that the first value should be applied on. The first value in the pair supports * but the second value does not.\n\nTo exclude cookies from being deleted on exit, configure the \"SaveCookiesOnExit\" policy.",
"property_order": 405,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "CookiesAllowedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#cookiesallowedforurls"
}]
},
"CookiesBlockedForUrls": {
"title": "CookiesBlockedForUrls - Block cookies on specific sites",
"description": "Define a list of sites, based on URL patterns, that can't set cookies.\n\nIf you don't configure this policy, the global default value from the \"DefaultCookiesSetting\" policy (if set) or the user's personal configuration is used for all sites.\n\nSee the \"CookiesAllowedForUrls\" and \"CookiesSessionOnlyForUrls\" policies for more information.\n\nNote there cannot be conflicting URL patterns set between these three policies:\n\n- CookiesBlockedForUrls\n\n- \"CookiesAllowedForUrls\"\n\n- \"CookiesSessionOnlyForUrls\"\n\nFor detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.",
"property_order": 410,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "CookiesBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#cookiesblockedforurls"
}]
},
"CookiesSessionOnlyForUrls": {
"title": "CookiesSessionOnlyForUrls - Limit cookies from specific websites to the current session",
"description": "Cookies created by websites that match a URL pattern you define are deleted when the session ends (when the window closes).\n\nCookies created by websites that don't match the pattern are controlled by the \"DefaultCookiesSetting\" policy (if set) or by the user's personal configuration. This is also the default behavior if you don't configure this policy.\n\nYou can also use the \"CookiesAllowedForUrls\" and \"CookiesBlockedForUrls\" policies to control which websites can create cookies.\n\nNote there cannot be conflicting URL patterns set between these three policies:\n\n- \"CookiesBlockedForUrls\"\n\n- \"CookiesAllowedForUrls\"\n\n- CookiesSessionOnlyForUrls\n\nFor detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.\n\nIf you set the \"RestoreOnStartup\" policy to restore URLs from previous sessions, this policy is ignored, and cookies are stored permanently for those sites.",
"property_order": 415,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "CookiesSessionOnlyForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#cookiessessiononlyforurls"
}]
},
"CopilotCDPPageContext": {
"title": "CopilotCDPPageContext - Control Copilot with Commercial Data Protection access to page context for Microsoft Entra ID profiles (deprecated)",
"description": "Instead of this deprecated policy, we recommend using \"EdgeEntraCopilotPageContext\".\n\nThis policy controls access to page contents for Copilot with Commercial Data Protection in the Edge sidebar. This policy applies only to Microsoft Entra ID profiles. To summarize pages and interact with text selections, it needs to be able to access the page contents. This policy does not apply to MSA profiles. This policy doesn't control access for Copilot without Commercial Data Protection. Access for Copilot without Commercial Data Protection is controlled by the policy CopilotPageContext.\n\nIf you enable this policy, Copilot with Commercial Data Protection will have access to page context.\n\nIf you don't configure this policy, a user can enable access to page context for Copilot with Commercial Data Protection using the setting toggle in Edge.\n\nIf you disable this policy, Copilot with Commercial Data Protection will not be able to access page context.",
"property_order": 420,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "CopilotCDPPageContext"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#copilotcdppagecontext"
}]
},
"CopilotPageContext": {
"title": "CopilotPageContext - Control Copilot access to page context for Microsoft Entra ID profiles",
"description": "This policy controls access to page contents for Copilot in the Microsoft Edge sidebar when users are logged into their MSA Copilot account. This policy applies only to Microsoft Entra ID Microsoft Edge profiles. To summarize pages and interact with text selections, it needs to be able to access the page contents. This policy does not apply to MSA Microsoft Edge profiles. This policy doesn't control access for Copilot with enterprise data protection (EDP). Access for Copilot with enterprise data protection (EDP) is controlled by the \"EdgeEntraCopilotPageContext\" policy.\n\nIf you enable this policy, Copilot will have access to page content when logged in with Entra ID.\n\nIf this policy is not configured, the default behavior for non-EU countries is that access is initially enabled. For EU countries, the default behavior is that access is initially disabled. In both cases, if the policy is not configured, users can enable or disable Copilot's access to page content using the setting toggle in Microsoft Edge.\n\nIf you disable this policy, Copilot will not be able to access page context.",
"property_order": 425,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "CopilotPageContext"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#copilotpagecontext"
}]
},
"CustomHelpLink": {
"title": "CustomHelpLink - Specify custom help link",
"description": "Specify a link for the Help menu or the F1 key.\n\nIf you enable this policy, an admin can specify a link for the Help menu or the F1 key.\n\nIf you disable or don't configure this policy, the default link for the Help menu or the F1 key is used.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.",
"property_order": 430,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "CustomHelpLink"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#customhelplink"
}]
},
"DNSInterceptionChecksEnabled": {
"title": "DNSInterceptionChecksEnabled - DNS interception checks enabled",
"description": "This policy configures a local switch that can be used to disable DNS interception checks. These checks attempt to discover whether the browser is behind a proxy that redirects unknown host names.\n\nThis detection might not be necessary in an enterprise environment where the network configuration is known. It can be disabled to avoid additional DNS and HTTP traffic on start-up and each DNS configuration change.\n\nIf you enable or don't set this policy, the DNS interception checks are performed.\n\nIf you disable this policy, DNS interception checks aren't performed.",
"property_order": 435,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "DNSInterceptionChecksEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#dnsinterceptionchecksenabled"
}]
},
"DataUrlInSvgUseEnabled": {
"title": "DataUrlInSvgUseEnabled - Data URL support for SVGUseElement",
"description": "This policy enables Data URL support for SVGUseElement, which will be disabled\nby default starting in Edge stable version 119.\nIf this policy is Enabled, Data URLs will keep working in SVGUseElement.\nIf this policy is Disabled or left not set, Data URLs won't work in SVGUseElement.",
"property_order": 440,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "DataUrlInSvgUseEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#dataurlinsvguseenabled"
}]
},
"DefaultAutomaticDownloadsSetting": {
"title": "DefaultAutomaticDownloadsSetting - Default automatic downloads setting",
"description": "Set whether websites can perform multiple downloads successively without user interaction. You can enable it for all sites (AllowAutomaticDownloads) or block it for all sites (BlockAutomaticDownloads).\nIf you don't configure this policy, multiple automatic downloads can be performed in all sites, and the user can change this setting.\n\nPolicy options mapping:\n\n* AllowAutomaticDownloads (1) = Allow all websites to perform automatic downloads\n\n* BlockAutomaticDownloads (2) = Don't allow any website to perform automatic downloads\n\nUse the preceding information when configuring this policy.",
"property_order": 445,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AllowAutomaticDownloads - Allow all websites to perform automatic downloads", "BlockAutomaticDownloads - Don't allow any website to perform automatic downloads"]
},
"enum": [1, 2]
}
],
"options": {
"infoText": "DefaultAutomaticDownloadsSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultautomaticdownloadssetting"
}]
},
"DefaultBrowserSettingEnabled": {
"title": "DefaultBrowserSettingEnabled - Set Microsoft Edge as default browser",
"description": "If you set this policy to True, Microsoft Edge always checks whether it's the default browser on startup and, if possible, automatically registers itself.\n\nIf you set this policy to False, Microsoft Edge is stopped from ever checking if it's the default and turns user controls off for this option.\n\nIf you don't set this policy, Microsoft Edge lets users control whether it's the default and, if not, whether user notifications should appear.\n\nNote for Windows administrators: This policy only works for PCs running Windows 7. For later versions of Windows, you have to deploy a \"default application associations\" file that makes Microsoft Edge the handler for the https and http protocols (and, optionally, the ftp protocol and file formats such as .html, .htm, .pdf, .svg, .webp). See https://go.microsoft.com/fwlink/?linkid=2094932 for more information.",
"property_order": 450,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "DefaultBrowserSettingEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultbrowsersettingenabled"
}]
},
"DefaultClipboardSetting": {
"title": "DefaultClipboardSetting - Default clipboard site permission",
"description": "This policy controls the default value for the clipboard site permission.\n\nSetting the policy to 2 blocks sites from using the clipboard site permission.\n\nSetting the policy to 3 or leaving it unset lets the user change the setting and decide if the clipboard APIs are available when a site wants to use an API.\n\nThis policy can be overridden for specific URL patterns using the \"ClipboardAllowedForUrls\" and \"ClipboardBlockedForUrls\" policies.\n\nThis policy only affects clipboard operations controlled by the clipboard site permission and doesn't affect sanitized clipboard writes or trusted copy and paste operations.\n\nPolicy options mapping:\n\n* BlockClipboard (2) = Do not allow any site to use the clipboard site permission\n\n* AskClipboard (3) = Allow sites to ask the user to grant the clipboard site permission\n\nUse the preceding information when configuring this policy.",
"property_order": 455,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["BlockClipboard - Do not allow any site to use the clipboard site permission", "AskClipboard - Allow sites to ask the user to grant the clipboard site permission"]
},
"enum": [2, 3]
}
],
"options": {
"infoText": "DefaultClipboardSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultclipboardsetting"
}]
},
"DefaultCookiesSetting": {
"title": "DefaultCookiesSetting - Configure cookies",
"description": "Control whether websites can create cookies on the user's device. This policy is all or nothing - you can let all websites create cookies, or no websites create cookies. You can't use this policy to enable cookies from specific websites.\n\nSet the policy to 'SessionOnly' to clear cookies when the session closes.\n\nIf you don't configure this policy, the default 'AllowCookies' is used, and users can change this setting in Microsoft Edge Settings. (If you don't want users to be able to change this setting, set the policy.)\n\nPolicy options mapping:\n\n* AllowCookies (1) = Let all sites create cookies\n\n* BlockCookies (2) = Don't let any site create cookies\n\n* SessionOnly (4) = Keep cookies for the duration of the session, except ones listed in \"SaveCookiesOnExit\"\n\nUse the preceding information when configuring this policy.",
"property_order": 460,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AllowCookies - Let all sites create cookies", "BlockCookies - Don't let any site create cookies", "SessionOnly - Keep cookies for the duration of the session, except ones listed in \"SaveCookiesOnExit\""]
},
"enum": [1, 2, 4]
}
],
"options": {
"infoText": "DefaultCookiesSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultcookiessetting"
}]
},
"DefaultFileSystemReadGuardSetting": {
"title": "DefaultFileSystemReadGuardSetting - Control use of the File System API for reading",
"description": "If you set this policy to 3, websites can ask for read access to the host operating system's filesystem using the File System API. If you set this policy to 2, access is denied.\n\nIf you don't set this policy, websites can ask for access. Users can change this setting.\n\nPolicy options mapping:\n\n* BlockFileSystemRead (2) = Don't allow any site to request read access to files and directories via the File System API\n\n* AskFileSystemRead (3) = Allow sites to ask the user to grant read access to files and directories via the File System API\n\nUse the preceding information when configuring this policy.",
"property_order": 465,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["BlockFileSystemRead - Don't allow any site to request read access to files and directories via the File System API", "AskFileSystemRead - Allow sites to ask the user to grant read access to files and directories via the File System API"]
},
"enum": [2, 3]
}
],
"options": {
"infoText": "DefaultFileSystemReadGuardSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultfilesystemreadguardsetting"
}]
},
"DefaultFileSystemWriteGuardSetting": {
"title": "DefaultFileSystemWriteGuardSetting - Control use of the File System API for writing",
"description": "If you set this policy to 3, websites can ask for write access to the host operating system's filesystem using the File System API. If you set this policy to 2, access is denied.\n\nIf you don't set this policy, websites can ask for access. Users can change this setting.\n\nPolicy options mapping:\n\n* BlockFileSystemWrite (2) = Don't allow any site to request write access to files and directories\n\n* AskFileSystemWrite (3) = Allow sites to ask the user to grant write access to files and directories\n\nUse the preceding information when configuring this policy.",
"property_order": 470,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["BlockFileSystemWrite - Don't allow any site to request write access to files and directories", "AskFileSystemWrite - Allow sites to ask the user to grant write access to files and directories"]
},
"enum": [2, 3]
}
],
"options": {
"infoText": "DefaultFileSystemWriteGuardSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultfilesystemwriteguardsetting"
}]
},
"DefaultGeolocationSetting": {
"title": "DefaultGeolocationSetting - Default geolocation setting",
"description": "Set whether websites can track users' physical locations. You can allow tracking by default ('AllowGeolocation'), deny it by default ('BlockGeolocation'), or ask the user each time a website requests their location ('AskGeolocation').\n\nIf you don't configure this policy, 'AskGeolocation' is used and the user can change it.\n\nPolicy options mapping:\n\n* AllowGeolocation (1) = Allow sites to track users' physical location\n\n* BlockGeolocation (2) = Don't allow any site to track users' physical location\n\n* AskGeolocation (3) = Ask whenever a site wants to track users' physical location\n\nUse the preceding information when configuring this policy.",
"property_order": 475,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AllowGeolocation - Allow sites to track users' physical location", "BlockGeolocation - Don't allow any site to track users' physical location", "AskGeolocation - Ask whenever a site wants to track users' physical location"]
},
"enum": [1, 2, 3]
}
],
"options": {
"infoText": "DefaultGeolocationSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultgeolocationsetting"
}]
},
"DefaultImagesSetting": {
"title": "DefaultImagesSetting - Default images setting",
"description": "Set whether websites can display images. You can allow images on all sites ('AllowImages') or block them on all sites ('BlockImages').\n\nIf you don't configure this policy, images are allowed by default, and the user can change this setting.\n\nPolicy options mapping:\n\n* AllowImages (1) = Allow all sites to show all images\n\n* BlockImages (2) = Don't allow any site to show images\n\nUse the preceding information when configuring this policy.",
"property_order": 480,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AllowImages - Allow all sites to show all images", "BlockImages - Don't allow any site to show images"]
},
"enum": [1, 2]
}
],
"options": {
"infoText": "DefaultImagesSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultimagessetting"
}]
},
"DefaultInsecureContentSetting": {
"title": "DefaultInsecureContentSetting - Control use of insecure content exceptions",
"description": "Allows you to set whether users can add exceptions to allow mixed content for specific sites.\n\nThis policy can be overridden for specific URL patterns using the \"InsecureContentAllowedForUrls\" and \"InsecureContentBlockedForUrls\" policies.\n\nIf this policy isn't set, users will be allowed to add exceptions to allow blockable mixed content and disable autoupgrades for optionally blockable mixed content.\n\nPolicy options mapping:\n\n* BlockInsecureContent (2) = Do not allow any site to load mixed content\n\n* AllowExceptionsInsecureContent (3) = Allow users to add exceptions to allow mixed content\n\nUse the preceding information when configuring this policy.",
"property_order": 485,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["BlockInsecureContent - Do not allow any site to load mixed content", "AllowExceptionsInsecureContent - Allow users to add exceptions to allow mixed content"]
},
"enum": [2, 3]
}
],
"options": {
"infoText": "DefaultInsecureContentSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultinsecurecontentsetting"
}]
},
"DefaultJavaScriptJitSetting": {
"title": "DefaultJavaScriptJitSetting - Control use of JavaScript JIT",
"description": "Allows you to set whether Microsoft Edge will run the v8 JavaScript engine with JIT (Just In Time) compiler enabled or not.\n\nDisabling the JavaScript JIT will mean that Microsoft Edge may render web content more slowly, and may also disable parts of JavaScript including WebAssembly. Disabling the JavaScript JIT may allow Microsoft Edge to render web content in a more secure configuration.\n\nThis policy can be overridden for specific URL patterns using the \"JavaScriptJitAllowedForSites\" and \"JavaScriptJitBlockedForSites\" policies.\n\nIf you don't configure this policy, JavaScript JIT is enabled.\n\nPolicy options mapping:\n\n* AllowJavaScriptJit (1) = Allow any site to run JavaScript JIT\n\n* BlockJavaScriptJit (2) = Do not allow any site to run JavaScript JIT\n\nUse the preceding information when configuring this policy.",
"property_order": 490,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AllowJavaScriptJit - Allow any site to run JavaScript JIT", "BlockJavaScriptJit - Do not allow any site to run JavaScript JIT"]
},
"enum": [1, 2]
}
],
"options": {
"infoText": "DefaultJavaScriptJitSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultjavascriptjitsetting"
}]
},
"DefaultJavaScriptSetting": {
"title": "DefaultJavaScriptSetting - Default JavaScript setting",
"description": "Set whether websites can run JavaScript. You can allow it for all sites ('AllowJavaScript') or block it for all sites ('BlockJavaScript').\n\nIf you don't configure this policy, all sites can run JavaScript by default, and the user can change this setting.\n\nPolicy options mapping:\n\n* AllowJavaScript (1) = Allow all sites to run JavaScript\n\n* BlockJavaScript (2) = Don't allow any site to run JavaScript\n\nUse the preceding information when configuring this policy.",
"property_order": 495,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AllowJavaScript - Allow all sites to run JavaScript", "BlockJavaScript - Don't allow any site to run JavaScript"]
},
"enum": [1, 2]
}
],
"options": {
"infoText": "DefaultJavaScriptSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultjavascriptsetting"
}]
},
"DefaultNotificationsSetting": {
"title": "DefaultNotificationsSetting - Default notification setting",
"description": "Set whether websites can display desktop notifications. You can allow them by default ('AllowNotifications'), deny them by default ('BlockNotifications'), or have the user be asked each time a website wants to show a notification ('AskNotifications').\n\nIf you don't configure this policy, notifications are allowed by default, and the user can change this setting.\n\nPolicy options mapping:\n\n* AllowNotifications (1) = Allow sites to show desktop notifications\n\n* BlockNotifications (2) = Don't allow any site to show desktop notifications\n\n* AskNotifications (3) = Ask every time a site wants to show desktop notifications\n\nUse the preceding information when configuring this policy.",
"property_order": 500,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AllowNotifications - Allow sites to show desktop notifications", "BlockNotifications - Don't allow any site to show desktop notifications", "AskNotifications - Ask every time a site wants to show desktop notifications"]
},
"enum": [1, 2, 3]
}
],
"options": {
"infoText": "DefaultNotificationsSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultnotificationssetting"
}]
},
"DefaultPopupsSetting": {
"title": "DefaultPopupsSetting - Default pop-up window setting",
"description": "Set whether websites can show pop-up windows. You can allow them on all websites ('AllowPopups') or block them on all sites ('BlockPopups').\n\nIf you don't configure this policy, pop-up windows are blocked by default, and users can change this setting.\n\nPolicy options mapping:\n\n* AllowPopups (1) = Allow all sites to show pop-ups\n\n* BlockPopups (2) = Do not allow any site to show popups\n\nUse the preceding information when configuring this policy.",
"property_order": 505,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AllowPopups - Allow all sites to show pop-ups", "BlockPopups - Do not allow any site to show popups"]
},
"enum": [1, 2]
}
],
"options": {
"infoText": "DefaultPopupsSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultpopupssetting"
}]
},
"DefaultPrinterSelection": {
"title": "DefaultPrinterSelection - Default printer selection rules",
"description": "Overrides Microsoft Edge default printer selection rules. This policy determines the rules for selecting the default printer in Microsoft Edge, which happens the first time a user tries to print a page.\n\nWhen this policy is set, Microsoft Edge tries to find a printer that matches all of the specified attributes and uses it as default printer. If there are multiple printers that meet the criteria, the first printer that matches is used.\n\nIf you don't configure this policy or no matching printers are found within the timeout, the printer defaults to the built-in PDF printer or no printer, if the PDF printer isn't available.\n\nThe value is parsed as a JSON object, conforming to the following schema: { \"type\": \"object\", \"properties\": { \"idPattern\": { \"description\": \"Regular expression to match printer id.\", \"type\": \"string\" }, \"namePattern\": { \"description\": \"Regular expression to match printer display name.\", \"type\": \"string\" } } }\n\nOmitting a field means all values match; for example, if you don't specify connectivity Print Preview starts discovering all kinds of local printers. Regular expression patterns must follow the JavaScript RegExp syntax and matches are case sensitive.",
"property_order": 510,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "DefaultPrinterSelection"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultprinterselection"
}]
},
"DefaultSearchProviderContextMenuAccessAllowed": {
"title": "DefaultSearchProviderContextMenuAccessAllowed - Allow default search provider context menu search access",
"description": "Enables the use of a default search provider on the context menu.\n\nIf you set this policy to disabled the search context menu item that relies on your default search provider and sidebar search will not be available.\n\nIf this policy is set to enabled or not set, the context menu item for your default search provider and sidebar search will be available.\n\nThe policy value is only applied when the \"DefaultSearchProviderEnabled\" policy is enabled, and is not applicable otherwise.",
"property_order": 515,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "DefaultSearchProviderContextMenuAccessAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultsearchprovidercontextmenuaccessallowed"
}]
},
"DefaultSearchProviderEnabled": {
"title": "DefaultSearchProviderEnabled - Enable the default search provider",
"description": "Enables the ability to use a default search provider.\n\nIf you enable this policy, a user can search for a term by typing in the address bar (as long as what they type isn't a URL).\n\nYou can specify the default search provider to use by enabling the rest of the default search policies. If these are left empty (not configured) or configured incorrectly, the user can choose the default provider.\n\nIf you disable this policy, the user can't search from the address bar.\n\nIf you enable or disable this policy, users can't change or override it.\n\nIf you don't configure this policy, the default search provider is enabled, and the user can choose the default search provider and set the search provider list.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.\n\nStarting in Microsoft Edge 84, you can set this policy as a recommended policy.",
"property_order": 520,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "DefaultSearchProviderEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultsearchproviderenabled"
}]
},
"DefaultSearchProviderEncodings": {
"title": "DefaultSearchProviderEncodings - Default search provider encodings",
"description": "Specify the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the order provided.\n\nThis policy is optional. If not configured, the default, UTF-8, is used.\n\nThis policy is applied only if you enable the \"DefaultSearchProviderEnabled\" and \"DefaultSearchProviderSearchURL\" policies.\n\nStarting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the \"ManagedSearchEngines\" policy.",
"property_order": 525,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "DefaultSearchProviderEncodings"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultsearchproviderencodings"
}]
},
"DefaultSearchProviderImageURL": {
"title": "DefaultSearchProviderImageURL - Specifies the search-by-image feature for the default search provider",
"description": "Specifies the URL to the search engine used for image search. Search requests are sent using the GET method.\n\nThis policy is optional. If you don't configure it, image search isn't available.\n\nSpecify Bing's Image Search URL as:\n'{bing:baseURL}images/detail/search?iss=sbiupload&FORM=ANCMS1#enterInsights'.\n\nSpecify Google's Image Search URL as: '{google:baseURL}searchbyimage/upload'.\n\nSee \"DefaultSearchProviderImageURLPostParams\" policy to finish configuring image search.\n\nThis policy is applied only if you enable the \"DefaultSearchProviderEnabled\" and \"DefaultSearchProviderSearchURL\" policies.\n\nStarting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the \"ManagedSearchEngines\" policy.",
"property_order": 530,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "DefaultSearchProviderImageURL"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultsearchproviderimageurl"
}]
},
"DefaultSearchProviderImageURLPostParams": {
"title": "DefaultSearchProviderImageURLPostParams - Parameters for an image URL that uses POST",
"description": "If you enable this policy, it specifies the parameters used when an image search that uses POST is performed. The policy consists of comma-separated name/value pairs. If a value is a template parameter, like {imageThumbnail} in the preceding example, it's replaced with real image thumbnail data. This policy is applied only if you enable the \"DefaultSearchProviderEnabled\" and \"DefaultSearchProviderSearchURL\" policies.\n\nSpecify Bing's Image Search URL Post Params as:\n'imageBin={google:imageThumbnailBase64}'.\n\nSpecify Google's Image Search URL Post Params as:\n'encoded_image={google:imageThumbnail},image_url={google:imageURL},sbisrc={google:imageSearchSource},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight}'.\n\nIf you don't set this policy, image search requests are sent using the GET method.\n\nStarting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the \"ManagedSearchEngines\" policy.",
"property_order": 535,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "DefaultSearchProviderImageURLPostParams"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultsearchproviderimageurlpostparams"
}]
},
"DefaultSearchProviderKeyword": {
"title": "DefaultSearchProviderKeyword - Default search provider keyword",
"description": "Specifies the keyword, which is the shortcut used in the Address Bar to trigger the search for this provider.\n\nThis policy is optional. If you don't configure it, no keyword activates the search provider.\n\nThis policy is applied only if you enable the \"DefaultSearchProviderEnabled\" and \"DefaultSearchProviderSearchURL\" policies.\n\nStarting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the \"ManagedSearchEngines\" policy.",
"property_order": 540,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "DefaultSearchProviderKeyword"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultsearchproviderkeyword"
}]
},
"DefaultSearchProviderName": {
"title": "DefaultSearchProviderName - Default search provider name",
"description": "Specifies the name of the default search provider.\n\nIf you enable this policy, you set the name of the default search provider.\n\nIf you don't enable this policy or if you leave it empty, the host name specified by the search URL is used.\n\n'DefaultSearchProviderName' should be set to an organization-approved encrypted search provider that corresponds to the encrypted search provider set in DTBC-0008. This policy is applied only if you enable the \"DefaultSearchProviderEnabled\" and \"DefaultSearchProviderSearchURL\" policies.\n\nStarting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the \"ManagedSearchEngines\" policy.",
"property_order": 545,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "DefaultSearchProviderName"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultsearchprovidername"
}]
},
"DefaultSearchProviderSearchURL": {
"title": "DefaultSearchProviderSearchURL - Default search provider search URL",
"description": "Specifies the URL of the search engine used for a default search. The URL contains the string '{searchTerms}', which is replaced at query time by the terms the user is searching for.\n\nSpecify Bing's search URL as:\n\n'{bing:baseURL}search?q={searchTerms}'.\n\nSpecify Google's search URL as: '{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}ie={inputEncoding}'.\n\nThis policy is required when you enable the \"DefaultSearchProviderEnabled\" policy; if you don't enable the latter policy, this policy is ignored.\n\nStarting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the \"ManagedSearchEngines\" policy.",
"property_order": 550,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "DefaultSearchProviderSearchURL"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultsearchprovidersearchurl"
}]
},
"DefaultSearchProviderSuggestURL": {
"title": "DefaultSearchProviderSuggestURL - Default search provider URL for suggestions",
"description": "Specifies the URL for the search engine used to provide search suggestions. The URL contains the string '{searchTerms}', which is replaced at query time by the text the user has entered so far.\n\nThis policy is optional. If you don't configure it, users won't see search suggestions; they will see suggestions from their browsing history and favorites.\n\nBing's suggest URL can be specified as:\n\n'{bing:baseURL}qbox?query={searchTerms}'.\n\nGoogle's suggest URL can be specified as: '{google:baseURL}complete/search?output=chrome&q={searchTerms}'.\n\nThis policy is applied only if you enable the \"DefaultSearchProviderEnabled\" and \"DefaultSearchProviderSearchURL\" policies.\n\nStarting in Microsoft Edge 84, you can set this policy as a recommended policy. If the user has already set a default search provider, the default search provider configured by this recommended policy will not be added to the list of search providers the user can choose from. If this is the desired behavior, use the \"ManagedSearchEngines\" policy.",
"property_order": 555,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "DefaultSearchProviderSuggestURL"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultsearchprovidersuggesturl"
}]
},
"DefaultSensorsSetting": {
"title": "DefaultSensorsSetting - Default sensors setting",
"description": "Set whether websites can access and use sensors such as motion and light sensors. You can completely block or allow websites to get access to sensors.\n\nSetting the policy to 1 lets websites access and use sensors. Setting the policy to 2 denies access to sensors.\n\nYou can override this policy for specific URL patterns by using the \"SensorsAllowedForUrls\" and \"SensorsBlockedForUrls\" policies.\n\nIf you don't configure this policy, websites can access and use sensors, and users can change this setting. This is the global default for \"SensorsAllowedForUrls\" and \"SensorsBlockedForUrls\".\n\nPolicy options mapping:\n\n* AllowSensors (1) = Allow sites to access sensors\n\n* BlockSensors (2) = Do not allow any site to access sensors\n\nUse the preceding information when configuring this policy.",
"property_order": 560,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AllowSensors - Allow sites to access sensors", "BlockSensors - Do not allow any site to access sensors"]
},
"enum": [1, 2]
}
],
"options": {
"infoText": "DefaultSensorsSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultsensorssetting"
}]
},
"DefaultSerialGuardSetting": {
"title": "DefaultSerialGuardSetting - Control use of the Serial API",
"description": "Set whether websites can access serial ports. You can completely block access or ask the user each time a website wants to get access to a serial port.\n\nSetting the policy to 3 lets websites ask for access to serial ports. Setting the policy to 2 denies access to serial ports.\n\nYou can override this policy for specific URL patterns by using the \"SerialAskForUrls\" and \"SerialBlockedForUrls\" policies.\n\nIf you don't configure this policy, by default, websites can ask users whether they can access a serial port, and users can change this setting.\n\nPolicy options mapping:\n\n* BlockSerial (2) = Do not allow any site to request access to serial ports via the Serial API\n\n* AskSerial (3) = Allow sites to ask for user permission to access a serial port\n\nUse the preceding information when configuring this policy.",
"property_order": 565,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["BlockSerial - Do not allow any site to request access to serial ports via the Serial API", "AskSerial - Allow sites to ask for user permission to access a serial port"]
},
"enum": [2, 3]
}
],
"options": {
"infoText": "DefaultSerialGuardSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultserialguardsetting"
}]
},
"DefaultShareAdditionalOSRegionSetting": {
"title": "DefaultShareAdditionalOSRegionSetting - Set the default \"share additional operating system region\" setting",
"description": "This policy controls the default value for the \"share additional operating system region\" setting in Microsoft Edge.\n\nThe \"share additional operating system region\" Microsoft Edge setting controls whether the OS Regional format setting will be shared with the web through the default JavaScript locale. If shared, websites will be able to query the OS Regional format using JavaScript code, for example; \"Intl.DateTimeFormat().resolvedOptions().locale\". The default value for the setting is \"Limited\".\n\nIf you set this policy to \"Limited\", the OS Regional format will only be shared if its language part matches the Microsoft Edge display language.\n\nIf you set this policy to \"Always\", the OS Regional format will always be shared. This value could cause unexpected website behavior if the OS Regional format language is different from the Microsoft Edge display language. For example, if a website uses the JavaScript default locale to format dates, the names of the days and months can be displayed in one language while the surrounding text is displayed in another language.\n\nIf you set this policy to \"Never\", the OS Regional format will never be shared.\n\nExample 1: In this example the OS Regional format is set to \"en-GB\" and the browser display language is set to \"en-US\". Then the OS Regional format will be shared if the policy is set to \"Limited\", or \"Always\".\n\nExample 2: In this example the OS Regional format is set to \"es-MX\" and the browser display language is set to \"en-US\". Then the OS Regional format will be shared if the policy is set to \"Always\" but will not if the policy is set to \"Limited\".\n\nFor more information about this setting, see https://go.microsoft.com/fwlink/?linkid=2222282\n\nPolicy options mapping:\n\n* Limited (0) = Limited\n\n* Always (1) = Always share the OS Regional format\n\n* Never (2) = Never share the OS Regional format\n\nUse the preceding information when configuring this policy.",
"property_order": 570,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["Limited - Limited", "Always - Always share the OS Regional format", "Never - Never share the OS Regional format"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "DefaultShareAdditionalOSRegionSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultshareadditionalosregionsetting"
}]
},
"DefaultThirdPartyStoragePartitioningSetting": {
"title": "DefaultThirdPartyStoragePartitioningSetting - Default setting for third-party storage partitioning",
"description": "Third-party storage partitioning is on by default for some users starting with Microsoft Edge version 115, but it can be disabled with edge://flags.\n\nIf this policy is configured to \"AllowPartitioning\" or not configured, third-party storage partitioning can be enabled.\n\nIf this policy is set to \"BlockPartitioning\", third-party storage partitioning can't be enabled.\n\nPolicy options mapping:\n\n* AllowPartitioning (1) = Let third-party storage partitioning to be enabled.\n\n* BlockPartitioning (2) = Block third-party storage partitioning from being enabled.\n\nUse the preceding information when configuring this policy.",
"property_order": 575,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AllowPartitioning - Let third-party storage partitioning to be enabled.", "BlockPartitioning - Block third-party storage partitioning from being enabled."]
},
"enum": [1, 2]
}
],
"options": {
"infoText": "DefaultThirdPartyStoragePartitioningSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultthirdpartystoragepartitioningsetting"
}]
},
"DefaultWebBluetoothGuardSetting": {
"title": "DefaultWebBluetoothGuardSetting - Control use of the Web Bluetooth API",
"description": "Control whether websites can access nearby Bluetooth devices. You can completely block access or require the site to ask the user each time it wants to access a Bluetooth device.\n\nIf you don't configure this policy, the default value ('AskWebBluetooth', meaning users are asked each time) is used and users can change it.\n\nPolicy options mapping:\n\n* BlockWebBluetooth (2) = Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API\n\n* AskWebBluetooth (3) = Allow sites to ask the user to grant access to a nearby Bluetooth device\n\nUse the preceding information when configuring this policy.",
"property_order": 580,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["BlockWebBluetooth - Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API", "AskWebBluetooth - Allow sites to ask the user to grant access to a nearby Bluetooth device"]
},
"enum": [2, 3]
}
],
"options": {
"infoText": "DefaultWebBluetoothGuardSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultwebbluetoothguardsetting"
}]
},
"DefaultWebHidGuardSetting": {
"title": "DefaultWebHidGuardSetting - Control use of the WebHID API",
"description": "Setting the policy to 3 lets websites ask for access to HID devices. Setting the policy to 2 denies access to HID devices.\n\nLeaving it unset lets websites ask for access, but users can change this setting.\n\nThis policy can be overridden for specific url patterns using the \"WebHidAskForUrls\" and \"WebHidBlockedForUrls\" policies.\n\nPolicy options mapping:\n\n* BlockWebHid (2) = Do not allow any site to request access to HID devices via the WebHID API\n\n* AskWebHid (3) = Allow sites to ask the user to grant access to a HID device\n\nUse the preceding information when configuring this policy.",
"property_order": 585,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["BlockWebHid - Do not allow any site to request access to HID devices via the WebHID API", "AskWebHid - Allow sites to ask the user to grant access to a HID device"]
},
"enum": [2, 3]
}
],
"options": {
"infoText": "DefaultWebHidGuardSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultwebhidguardsetting"
}]
},
"DefaultWebUsbGuardSetting": {
"title": "DefaultWebUsbGuardSetting - Control use of the WebUSB API",
"description": "Set whether websites can access connected USB devices. You can completely block access or ask the user each time a website wants to get access to connected USB devices.\n\nYou can override this policy for specific URL patterns by using the \"WebUsbAskForUrls\" and \"WebUsbBlockedForUrls\" policies.\n\nIf you don't configure this policy, sites can ask users whether they can access the connected USB devices ('AskWebUsb') by default, and users can change this setting.\n\nPolicy options mapping:\n\n* BlockWebUsb (2) = Do not allow any site to request access to USB devices via the WebUSB API\n\n* AskWebUsb (3) = Allow sites to ask the user to grant access to a connected USB device\n\nUse the preceding information when configuring this policy.",
"property_order": 590,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["BlockWebUsb - Do not allow any site to request access to USB devices via the WebUSB API", "AskWebUsb - Allow sites to ask the user to grant access to a connected USB device"]
},
"enum": [2, 3]
}
],
"options": {
"infoText": "DefaultWebUsbGuardSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultwebusbguardsetting"
}]
},
"DefaultWindowManagementSetting": {
"title": "DefaultWindowManagementSetting - Default Window Management permission setting",
"description": "Setting the policy to \"BlockWindowManagement\" (value 2) automatically denies the window management permission to sites by default. This limits the ability of sites to see information about the device's screens and use that information to open and place windows or request fullscreen on specific screens.\n\nSetting the policy to \"AskWindowManagement\" (value 3) by default prompts the user when the window management permission is requested. If users allow the permission, it extends the ability of sites to see information about the device's screens and use that information to open and place windows or request fullscreen on specific screens.\n\nNot configuring the policy means the \"AskWindowManagement\" policy applies, but users can change this setting.\n\nPolicy options mapping:\n\n* BlockWindowManagement (2) = Denies the Window Management permission on all sites by default\n\n* AskWindowManagement (3) = Ask every time a site wants obtain the Window Management permission\n\nUse the preceding information when configuring this policy.",
"property_order": 595,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["BlockWindowManagement - Denies the Window Management permission on all sites by default", "AskWindowManagement - Ask every time a site wants obtain the Window Management permission"]
},
"enum": [2, 3]
}
],
"options": {
"infoText": "DefaultWindowManagementSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#defaultwindowmanagementsetting"
}]
},
"DefinePreferredLanguages": {
"title": "DefinePreferredLanguages - Define an ordered list of preferred languages that websites should display in if the site supports the language",
"description": "Configures the language variants that Microsoft Edge sends to websites as part of the Accept-Language request HTTP header and prevents users from adding, removing, or changing the order of preferred languages in Microsoft Edge settings. Users who want to change the languages Microsoft Edge displays in or offers to translate pages to will be limited to the languages configured in this policy.\n\nIf you enable this policy, websites will appear in the first language in the list that they support unless other site-specific logic is used to determine the display language. The language variants defined in this policy override the languages configured as part of the \"SpellcheckLanguage\" policy.\n\nIf you don't configure or disable this policy, Microsoft Edge sends websites the user-specified preferred languages as part of the Accept-Language request HTTP header.\n\nFor detailed information on valid language variants, see https://go.microsoft.com/fwlink/?linkid=2148854.",
"property_order": 600,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "DefinePreferredLanguages"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#definepreferredlanguages"
}]
},
"DeveloperToolsAvailability": {
"title": "DeveloperToolsAvailability - Control where developer tools can be used",
"description": "Control where developer tools can be used.\n\nIf you set this policy to 'DeveloperToolsDisallowedForForceInstalledExtensions' (the default), users can access the developer tools and the JavaScript console in general, but not in the context of extensions installed by enterprise policy.\n\nIf you set this policy to 'DeveloperToolsAllowed', users can access the developer tools and the JavaScript console in all contexts, including extensions installed by enterprise policy.\n\nIf you set this policy to 'DeveloperToolsDisallowed', users can't access the developer tools or inspect website elements. Keyboard shortcuts and menu or context menu entries that open the developer tools or the JavaScript Console are disabled.\n\nPolicy options mapping:\n\n* DeveloperToolsDisallowedForForceInstalledExtensions (0) = Block the developer tools on extensions installed by enterprise policy, allow in other contexts\n\n* DeveloperToolsAllowed (1) = Allow using the developer tools\n\n* DeveloperToolsDisallowed (2) = Don't allow using the developer tools\n\nUse the preceding information when configuring this policy.",
"property_order": 605,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["DeveloperToolsDisallowedForForceInstalledExtensions - Block the developer tools on extensions installed by enterprise policy, allow in other contexts", "DeveloperToolsAllowed - Allow using the developer tools", "DeveloperToolsDisallowed - Don't allow using the developer tools"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "DeveloperToolsAvailability"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#developertoolsavailability"
}]
},
"DiagnosticData": {
"title": "DiagnosticData - Send required and optional diagnostic data about browser usage",
"description": "This policy controls sending required and optional diagnostic data about browser usage to Microsoft.\n\nRequired diagnostic data is collected to keep Microsoft Edge secure, up to date and performing as expected.\n\nOptional diagnostic data includes data about how you use the browser, websites you visit and crash reports to Microsoft for product and service improvement.\n\nUp to version 121, this policy is not supported on Windows 10 devices. To control this data collection on Windows 10 for 121 and previous, IT admins must use the Windows diagnostic data group policy. This policy will either be 'Allow Telemetry' or 'Allow Diagnostic Data', depending on the version of Windows. Learn more about Windows 10 diagnostic data collection: https://go.microsoft.com/fwlink/?linkid=2099569\n\nFor version 122 and later, this policy is supported on Windows 10 devices to allow controlling Microsoft Edge data collection separately from Windows 10 diagnostics data collection.\n\nUse one of the following settings to configure this policy:\n\n'Off' turns off required and optional diagnostic data collection. This option is not recommended.\n\n'RequiredData' sends required diagnostic data but turns off optional diagnostic data collection. Microsoft Edge will send required diagnostic data to keep Microsoft Edge secure, up to date and performing as expected.\n\n'OptionalData' sends optional diagnostic data includes data about browser usage, websites that are visited, crash reports sent to Microsoft for product and service improvement.\n\nOn Windows 7/macOS, this policy controls sending required and optional data to Microsoft.\n\nIf you don't configure this policy or disable it, Microsoft Edge will default to the user's preference.\n\nPolicy options mapping:\n\n* Off (0) = Off (Not recommended)\n\n* RequiredData (1) = Required data\n\n* OptionalData (2) = Optional data\n\nUse the preceding information when configuring this policy.",
"property_order": 610,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["Off - Off (Not recommended)", "RequiredData - Required data", "OptionalData - Optional data"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "DiagnosticData"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#diagnosticdata"
}]
},
"Disable3DAPIs": {
"title": "Disable3DAPIs - Disable support for 3D graphics APIs",
"description": "Prevent web pages from accessing the graphics processing unit (GPU). Specifically, web pages can't access the WebGL API and plug-ins can't use the Pepper 3D API.\n\nIf you don't configure or disable this policy, it potentially allows web pages to use the WebGL API and plug-ins to use the Pepper 3D API. Microsoft Edge might, by default, still require command line arguments to be passed in order to use these APIs.\n\nIf \"HardwareAccelerationModeEnabled\" policy is set to false, the setting for 'Disable3DAPIs' policy is ignored - it's the equivalent of setting 'Disable3DAPIs' policy to true.",
"property_order": 615,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "Disable3DAPIs"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#disable3dapis"
}]
},
"DisableAuthNegotiateCnameLookup": {
"title": "DisableAuthNegotiateCnameLookup - Disable CNAME lookup when negotiating Kerberos authentication",
"description": "Determines whether the generated Kerberos SPN is based on the canonical DNS name (CNAME) or on the original name entered.\n\nIf you enable this policy, CNAME lookup is skipped and the server name (as entered) is used.\n\nIf you disable this policy or don't configure it, the canonical name of the server is used. This is determined through CNAME lookup.",
"property_order": 620,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "DisableAuthNegotiateCnameLookup"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#disableauthnegotiatecnamelookup"
}]
},
"UseSystemPrintDialog": {
"title": "UseSystemPrintDialog - Print using system print dialog",
"description": "Shows the system print dialog instead of print preview.\n\nIf you enable this policy, Microsoft Edge opens the system print dialog instead of the built-in print preview when a user prints a page.\n\nIf you don't configure or disable this policy, print commands trigger the Microsoft Edge print preview screen.",
"property_order": 625,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "UseSystemPrintDialog"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#usesystemprintdialog"
}]
},
"DisableScreenshots": {
"title": "DisableScreenshots - Disable taking screenshots",
"description": "Controls if users can take screenshots of the browser page.\n\nIf you enable this policy, users can't take screenshots using keyboard shortcuts or extension APIs.\n\nIf you disable or don't configure this policy, users can take screenshots.\n\nNote: Even if you disable screenshots using this policy, users might still be able to take screenshots using Web Capture within the browser or other methods outside of the browser. For example, using an operating system feature or another application.",
"property_order": 630,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "DisableScreenshots"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#disablescreenshots"
}]
},
"DiskCacheDir": {
"title": "DiskCacheDir - Set disk cache directory",
"description": "Configures the directory to use to store cached files.\n\nIf you enable this policy, Microsoft Edge uses the provided directory regardless of whether the user has specified the '--disk-cache-dir' flag. To avoid data loss or other unexpected errors, don't configure this policy to a volume's root directory or to a directory used for other purposes, because Microsoft Edge manages its contents.\n\nSee https://go.microsoft.com/fwlink/?linkid=2095041 for a list of variables you can use when specifying directories and paths.\n\nIf you don't configure this policy, the default cache directory is used, and users can override that default with the '--disk-cache-dir' command line flag.",
"property_order": 635,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "DiskCacheDir"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#diskcachedir"
}]
},
"DiskCacheSize": {
"title": "DiskCacheSize - Set disk cache size, in bytes",
"description": "Configures the size of the cache, in bytes, used to store files on the disk.\n\nIf you enable this policy, Microsoft Edge uses the provided cache size regardless of whether the user has specified the '--disk-cache-size' flag. The value specified in this policy isn't a hard boundary but rather a suggestion to the caching system; any value below a few megabytes is too small and will be rounded up to a reasonable minimum.\n\nIf you set the value of this policy to 0, the default cache size is used, and users can't change it.\n\nIf you don't configure this policy, the default size is used, but users can override it with the '--disk-cache-size' flag.\n\nNote: The value specified in this policy is used as a hint to various cache subsystems in the browser. The aggregate disk usage of all caches may therefore be larger than (but within the same order of magnitude as) the value specified.",
"property_order": 640,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer"
}
],
"options": {
"infoText": "DiskCacheSize"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#diskcachesize"
}]
},
"DnsOverHttpsMode": {
"title": "DnsOverHttpsMode - Control the mode of DNS-over-HTTPS",
"description": "Control the mode of the DNS-over-HTTPS resolver. Note that this policy will only set the default mode for each query. The mode can be overridden for special types of queries such as requests to resolve a DNS-over-HTTPS server hostname.\n\nThe \"off\" mode will disable DNS-over-HTTPS.\n\nThe \"automatic\" mode will send DNS-over-HTTPS queries first if a DNS-over-HTTPS server is available and may fallback to sending insecure queries on error.\n\nThe \"secure\" mode will only send DNS-over-HTTPS queries and will fail to resolve on error.\n\nIf you don't configure this policy, the browser might send DNS-over-HTTPS requests to a resolver associated with the user's configured system resolver.\n\nPolicy options mapping:\n\n* off (off) = Disable DNS-over-HTTPS\n\n* automatic (automatic) = Enable DNS-over-HTTPS with insecure fallback\n\n* secure (secure) = Enable DNS-over-HTTPS without insecure fallback\n\nUse the preceding information when configuring this policy.",
"property_order": 645,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string",
"options": {
"enum_titles": ["automatic - Enable DNS-over-HTTPS with insecure fallback", "off - Disable DNS-over-HTTPS", "secure - Enable DNS-over-HTTPS without insecure fallback"]
},
"enum": ["automatic", "off", "secure"]
}
],
"options": {
"infoText": "DnsOverHttpsMode"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#dnsoverhttpsmode"
}]
},
"DnsOverHttpsTemplates": {
"title": "DnsOverHttpsTemplates - Specify URI template of desired DNS-over-HTTPS resolver",
"description": "The URI template of the desired DNS-over-HTTPS resolver. To specify multiple DNS-over-HTTPS resolvers, separate the corresponding URI templates with spaces.\n\nIf you set \"DnsOverHttpsMode\" to \"secure\" then this policy must be set and cannot be empty.\n\nIf you set \"DnsOverHttpsMode\" to \"automatic\" and this policy is set then the URI templates specified will be used. If you don't set this policy, then hardcoded mappings will be used to attempt to upgrade the user's current DNS resolver to a DoH resolver operated by the same provider.\n\nIf the URI template contains a dns variable, requests to the resolver will use GET; otherwise requests will use POST.\n\nIncorrectly formatted templates will be ignored.",
"property_order": 650,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "DnsOverHttpsTemplates"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#dnsoverhttpstemplates"
}]
},
"DoNotSilentlyBlockProtocolsFromOrigins": {
"title": "DoNotSilentlyBlockProtocolsFromOrigins - not configurable in UI, please craft plist",
"description": "Allows you to create a list of protocols, and for each protocol an associated list of allowed origin patterns. These origins won't be silently blocked from launching an external application by anti-flood protection. The trailing separator shouldn't be included when listing the protocol. For example, list \"skype\" instead of \"skype:\" or \"skype://\".\n\nIf you configure this policy, a protocol will only be permitted to bypass being silently blocked by anti-flood protection if:\n\n- the protocol is listed\n\n- the origin of the site trying to launch the protocol matches one of the origin patterns in that protocol's allowed_origins list.\n\nIf either condition is false, the external protocol launch may be blocked by anti-flood protection.\n\nIf you don't configure this policy, no protocols can bypass being silently blocked.\n\nThe origin matching patterns use a similar format to those for the \"URLBlocklist\" policy, that are documented at https://go.microsoft.com/fwlink/?linkid=2095322.\n\nHowever, origin matching patterns for this policy cannot contain \"/path\" or \"@query\" elements. Any pattern that does contain a \"/path\" or \"@query\" element will be ignored.\n\nThis policy doesn't work as expected with file://* wildcards.",
"property_order": 655,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "DoNotSilentlyBlockProtocolsFromOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#donotsilentlyblockprotocolsfromorigins"
}]
},
"DoubleClickCloseTabEnabled": {
"title": "DoubleClickCloseTabEnabled - Double Click feature in Microsoft Edge enabled (only available in China)",
"description": "This policy lets you configure the double click feature in Microsoft Edge.\n\nDouble Click lets users close a tab by double clicking the left mouse button.\n\nIf you enable or don't configure this policy, you can use the double click feature to close a tab on Microsoft Edge to start using this feature.\n\nIf you disable this policy, you can't use the double click feature in Microsoft Edge.",
"property_order": 660,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "DoubleClickCloseTabEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#doubleclickclosetabenabled"
}]
},
"DownloadDirectory": {
"title": "DownloadDirectory - Set download directory",
"description": "Configures the directory to use when downloading files.\n\nIf you enable this policy, Microsoft Edge uses the provided directory regardless of whether the user has specified one or chosen to be prompted for download location every time. See https://go.microsoft.com/fwlink/?linkid=2095041 for a list of variables that can be used.\n\nIf you disable or don't configure this policy, the default download directory is used, and the user can change it.\n\nIf you set an invalid path, Microsoft Edge will default to the user's default download directory.\n\nIf the folder specified by the path doesn't exist, the download will trigger a prompt that asks the user where they want to save their download.",
"property_order": 665,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "DownloadDirectory"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#downloaddirectory"
}]
},
"DownloadRestrictions": {
"title": "DownloadRestrictions - Allow download restrictions",
"description": "Configures the type of downloads that Microsoft Edge completely blocks, without letting users override the security decision.\n\nSet 'BlockDangerousDownloads' to allow all downloads except for those that carry Microsoft Defender SmartScreen warnings of known dangerous downloads or that have dangerous file type extensions.\n\nSet 'BlockPotentiallyDangerousDownloads' to allow all downloads except for those that carry Microsoft Defender SmartScreen warnings of potentially dangerous or unwanted downloads or that have dangerous file type extensions.\n\nSet 'BlockAllDownloads' to block all downloads.\n\nSet 'BlockMaliciousDownloads' to allow all downloads except for those that carry Microsoft Defender SmartScreen warnings of known malicious downloads.\n\nIf you don't configure this policy or set the 'DefaultDownloadSecurity' option, the downloads go through the usual security restrictions based on Microsoft Defender SmartScreen analysis results.\n\nNote that these restrictions apply to downloads from web page content, as well as the 'download link...' context menu option. These restrictions don't apply to saving or downloading the currently displayed page, nor do they apply to the Save as PDF option from the printing options.\n\nSee https://go.microsoft.com/fwlink/?linkid=2094934 for more info on Microsoft Defender SmartScreen.\n\nPolicy options mapping:\n\n* DefaultDownloadSecurity (0) = No special restrictions\n\n* BlockDangerousDownloads (1) = Block malicious downloads and dangerous file types\n\n* BlockPotentiallyDangerousDownloads (2) = Block potentially dangerous or unwanted downloads and dangerous file types\n\n* BlockAllDownloads (3) = Block all downloads\n\n* BlockMaliciousDownloads (4) = Block malicious downloads\n\nUse the preceding information when configuring this policy.",
"property_order": 670,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["DefaultDownloadSecurity - No special restrictions", "BlockDangerousDownloads - Block malicious downloads and dangerous file types", "BlockPotentiallyDangerousDownloads - Block potentially dangerous or unwanted downloads and dangerous file types", "BlockAllDownloads - Block all downloads", "BlockMaliciousDownloads - Block malicious downloads"]
},
"enum": [0, 1, 2, 3, 4]
}
],
"options": {
"infoText": "DownloadRestrictions"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#downloadrestrictions"
}]
},
"EdgeAssetDeliveryServiceEnabled": {
"title": "EdgeAssetDeliveryServiceEnabled - Allow features to download assets from the Asset Delivery Service",
"description": "The Asset Delivery Service is a general pipeline used to deliver assets to the Microsoft Edge Clients.\nThese assets can be config files or Machine Learning models that power the features that use this service.\n\nIf you enable or don't configure this policy, features can download assets from the Asset Delivery Service.\n\nIf you disable this policy, features won't be able to download assets needed for them to run correctly.",
"property_order": 675,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeAssetDeliveryServiceEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgeassetdeliveryserviceenabled"
}]
},
"EdgeCollectionsEnabled": {
"title": "EdgeCollectionsEnabled - Enable the Collections feature",
"description": "Lets you allow users to access the Collections feature, where they can collect, organize, share, and export content more efficiently and with Office integration.\n\nIf you enable or don't configure this policy, users can access and use the Collections feature in Microsoft Edge.\n\nIf you disable this policy, users can't access and use Collections in Microsoft Edge.",
"property_order": 680,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeCollectionsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgecollectionsenabled"
}]
},
"EdgeDisableDialProtocolForCastDiscovery": {
"title": "EdgeDisableDialProtocolForCastDiscovery - Disable DIAL protocol for cast device discovery",
"description": "Enable this policy to disable the DIAL (Discovery And Launch) protocol for cast device discovery. (If EnableMediaRouter is disabled, this policy will have no effect).\n\nEnable this policy to disable DIAL protocol.\n\nBy default, Cast device discovery will use DIAL protocol.",
"property_order": 685,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeDisableDialProtocolForCastDiscovery"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgedisabledialprotocolforcastdiscovery"
}]
},
"EdgeEDropEnabled": {
"title": "EdgeEDropEnabled - Enable Drop feature in Microsoft Edge",
"description": "This policy lets you configure the Drop feature in Microsoft Edge.\n\nDrop lets users send messages or files to themselves.\n\nIf you enable or don't configure this policy, you can use the Drop feature in Microsoft Edge.\n\nIf you disable this policy, you can't use the Drop feature in Microsoft Edge.",
"property_order": 690,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeEDropEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgeedropenabled"
}]
},
"EdgeEntraCopilotPageContext": {
"title": "EdgeEntraCopilotPageContext - Control access to page content for Entra ID Profiles accessing Microsoft Copilot with Enterprise Data Protection (EDP) from the Microsoft Edge sidebar",
"description": "This policy controls access to page contents for Microsoft Copilot with enterprise data protection (EDP) in the Microsoft Edge sidebar for the web tab only. This policy controls whether Microsoft Copilot can perform page summarization and similar contextual queries.\n\nThis policy applies only to Microsoft Entra ID Microsoft Edge profiles. It does not apply to MSA Microsoft Edge profiles. For users with M365 Copilot license, this control applies only to the web tab in the Microsoft Edge sidebar and not the work tab.\n\nIf you enable this policy, Copilot will have access to page content when logged in with Entra ID.\n\nIf this policy is not configured, the default behavior for non-EU countries is that access is initially enabled. For EU countries, the default behavior is that access is initially disabled. In both cases, if the policy is not configured, users can enable or disable Copilot's access to page content using the setting toggle in Microsoft Edge.\n\nIf you disable this policy, Copilot will not be able to access page contents.\n\nExceptions to the preceding behavior include when a page is protected using data loss prevention (DLP) measures. In that case, the page content will not be shared to Copilot even when this policy is enabled. This behavior ensures the integrity of DLP.\n\nLearn more about Copilot's data usage and consent at https://go.microsoft.com/fwlink/?linkid=2288056",
"property_order": 695,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeEntraCopilotPageContext"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgeentracopilotpagecontext"
}]
},
"EdgeManagementExtensionsFeedbackEnabled": {
"title": "EdgeManagementExtensionsFeedbackEnabled - Microsoft Edge management extensions feedback enabled",
"description": "This setting controls whether Microsoft Edge sends data about blocked extensions to the Microsoft Edge management service.\n\nThe 'EdgeManagementEnabled' policy must also be enabled for this setting to take effect.\n\nIf you enable this policy, Microsoft Edge will send data to the Microsoft Edge service when a user tries to install a blocked extension.\n\nIf you disable or don't configure this policy, Microsoft Edge won't send any data to the Microsoft Edge service about blocked extensions.",
"property_order": 700,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeManagementExtensionsFeedbackEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgemanagementextensionsfeedbackenabled"
}]
},
"EdgeOpenInSidebarEnabled": {
"title": "EdgeOpenInSidebarEnabled - Enable open in sidebar",
"description": "Allow/Disallow user open a website or an app to the sidebar.\n\nIf you enable or don't configure this policy, users will be able to access the feature.\nIf you disable this policy, users will not be able to access the feature.",
"property_order": 705,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeOpenInSidebarEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgeopeninsidebarenabled"
}]
},
"EdgeShoppingAssistantEnabled": {
"title": "EdgeShoppingAssistantEnabled - Shopping in Microsoft Edge Enabled",
"description": "This policy lets users compare the prices of a product they are looking at, get coupons or rebates from the website they're on, auto-apply coupons and help checkout faster using autofill data.\n\nIf you enable or don't configure this policy, shopping features such as price comparison, coupons, rebates and express checkout will be automatically applied for retail domains. Coupons for the current retailer and prices from other retailers will be fetched from a server.\n\nIf you disable this policy shopping features such as price comparison, coupons, rebates and express checkout will not be automatically found for retail domains.\n\nStarting in version 90.0.818.56, the behavior of the messaging letting users know that there is a coupon, rebate, price comparison or price history available on shopping domains is also done through a horizontal banner below the address bar. Previously this messaging was done on the address bar.",
"property_order": 710,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeShoppingAssistantEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgeshoppingassistantenabled"
}]
},
"EdgeSidebarAppUrlHostAllowList": {
"title": "EdgeSidebarAppUrlHostAllowList - Allow specific apps to be opened in Microsoft Edge sidebar",
"description": "Define a list of sites, based on URL patterns, that are not subject to the \"EdgeSidebarAppUrlHostBlockList\".\n\nIf you don't configure this policy, a user can open any app in sidebar except the urls listed in \"EdgeSidebarAppUrlHostBlockList\".\n\nIf you configure this policy, the apps listed in the allow list could be opened in sidebar even if they are listed in the block list.\n\nBy default, all apps are allowed. However, if you prohibited apps by policy, you can use the list of allowed apps to change that policy.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2281313.",
"property_order": 715,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "EdgeSidebarAppUrlHostAllowList"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgesidebarappurlhostallowlist"
}]
},
"EdgeSidebarAppUrlHostBlockList": {
"title": "EdgeSidebarAppUrlHostBlockList - Control which apps cannot be opened in Microsoft Edge sidebar",
"description": "Define a list of sites, based on URL patterns, that cannot be opened in sidebar.\n\nIf you don't configure this policy, a user can open any app in sidebar.\n\nIf the \"HubsSidebarEnabled\" policy is disabled, this list isn't used and no sidebar can be opened.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2281313.\n\nNote: A blocklist value of '*' means all apps are blocked unless they are explicitly listed in the \"EdgeSidebarAppUrlHostAllowList\" policy.",
"property_order": 720,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "EdgeSidebarAppUrlHostBlockList"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgesidebarappurlhostblocklist"
}]
},
"EdgeSidebarCustomizeEnabled": {
"title": "EdgeSidebarCustomizeEnabled - Enable sidebar customize",
"description": "Allow/Disallow to use sidebar customize.\n\nIf you enable or don't configure this policy, users will be able to access sidebar customize.\nIf you disable this policy, users will not be able to access the sidebar customize.",
"property_order": 725,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeSidebarCustomizeEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgesidebarcustomizeenabled"
}]
},
"EdgeWalletEtreeEnabled": {
"title": "EdgeWalletEtreeEnabled - Edge Wallet E-Tree Enabled",
"description": "The Edge Wallet E-Tree feature in Microsoft Edge allows users to plant a E-Tree for their own.\n\nIf you enable or don't configure this policy, users can use the Edge Wallet E-Tree feature.\n\nIf you disable this policy, users can't use the Edge Wallet E-Tree feature.",
"property_order": 730,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeWalletEtreeEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgewalletetreeenabled"
}]
},
"EdgeWorkspacesEnabled": {
"title": "EdgeWorkspacesEnabled - Enable Workspaces",
"description": "Microsoft Edge Workspaces helps improve productivity for users in your organization.\n\nIf you enable or don't configure this policy, users will be able to access the Microsoft Edge Workspaces feature.\nIf you disable this policy, users will not be able to access the Microsoft Edge Workspaces feature.\n\nTo learn more about the feature, see https://go.microsoft.com/fwlink/?linkid=2209950",
"property_order": 735,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EdgeWorkspacesEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#edgeworkspacesenabled"
}]
},
"EditFavoritesEnabled": {
"title": "EditFavoritesEnabled - Allows users to edit favorites",
"description": "Enable this policy to let users add, remove, and modify favorites. This is the default behavior if you don't configure the policy.\n\nDisable this policy to stop users from adding, removing, or modifying favorites. They can still use existing favorites.",
"property_order": 740,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EditFavoritesEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#editfavoritesenabled"
}]
},
"EfficiencyMode": {
"title": "EfficiencyMode - Configure when efficiency mode should become active",
"description": "This policy setting lets you configure when efficiency mode will become active. By default, efficiency mode is set to 'BalancedSavings'. On devices with no battery, the default is for efficiency mode to never become active.\n\nIndividual sites may be blocked from participating in efficiency mode by configuring the policy \"SleepingTabsBlockedForUrls\".\n\nSet this policy to 'AlwaysActive' and efficiency mode will always be active.\n\nSet this policy to 'NeverActive' and efficiency mode will never become active.\n\nSet this policy to 'ActiveWhenUnplugged' and efficiency mode will become active when the device is unplugged.\n\nSet this policy to 'ActiveWhenUnpluggedBatteryLow' and efficiency mode will become active when the device is unplugged and the battery is low.\n\nSet this policy to 'BalancedSavings' and when the device is unplugged, efficiency mode will take moderate steps to save battery. When the device is unplugged and the battery is low, efficiency mode will take additional steps to save battery.\n\nSet this policy to 'MaximumSavings' and when the device is unplugged or unplugged and the battery is low, efficiency mode takes additional steps to save battery.\n\nIf the device does not have a battery, efficiency mode will never become active in any mode other than 'AlwaysActive' unless the setting or \"EfficiencyModeEnabled\" policy is enabled.\n\nThis policy has no effect if the \"EfficiencyModeEnabled\" policy is disabled.\n\nLearn more about efficiency mode: https://go.microsoft.com/fwlink/?linkid=2173921\n\nPolicy options mapping:\n\n* AlwaysActive (0) = Efficiency mode is always active\n\n* NeverActive (1) = Efficiency mode is never active\n\n* ActiveWhenUnplugged (2) = Efficiency mode is active when the device is unplugged\n\n* ActiveWhenUnpluggedBatteryLow (3) = Efficiency mode is active when the device is unplugged and the battery is low\n\n* BalancedSavings (4) = When the device is unplugged, efficiency mode takes moderate steps to save battery. When the device is unplugged and the battery is low, efficiency mode takes additional steps to save battery.\n\n* MaximumSavings (5) = When the device is unplugged or unplugged and the battery is low, efficiency mode takes additional steps to save battery.\n\nUse the preceding information when configuring this policy.",
"property_order": 745,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["AlwaysActive - Efficiency mode is always active", "NeverActive - Efficiency mode is never active", "ActiveWhenUnplugged - Efficiency mode is active when the device is unplugged", "ActiveWhenUnpluggedBatteryLow - Efficiency mode is active when the device is unplugged and the battery is low", "BalancedSavings - When the device is unplugged, efficiency mode takes moderate steps to save battery. When the device is unplugged and the battery is low, efficiency mode takes additional steps to save battery.", "MaximumSavings - When the device is unplugged or unplugged and the battery is low, efficiency mode takes additional steps to save battery."]
},
"enum": [0, 1, 2, 3, 4, 5]
}
],
"options": {
"infoText": "EfficiencyMode"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#efficiencymode"
}]
},
"EfficiencyModeEnabled": {
"title": "EfficiencyModeEnabled - Efficiency mode enabled",
"description": "Enables efficiency mode which helps extend battery life by saving computer resources. By default, efficiency mode is enabled for devices with a battery and disabled otherwise.\n\nIf you enable this policy, efficiency mode will become active according to the setting chosen by the user. You can configure the efficiency mode setting using the \"EfficiencyMode\" policy. If the device does not have a battery, efficiency mode will always be active.\n\nIf you disable this policy, efficiency mode will never become active. The \"EfficiencyMode\" and \"EfficiencyModeOnPowerEnabled\" policies will have no effect.\n\nIf you don't configure this policy, efficiency mode will be enabled for devices with a battery and disabled otherwise. Users can choose the efficiency mode option they want in edge://settings/system.\n\nLearn more about efficiency mode: https://go.microsoft.com/fwlink/?linkid=2173921",
"property_order": 750,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EfficiencyModeEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#efficiencymodeenabled"
}]
},
"EfficiencyModeOnPowerEnabled": {
"title": "EfficiencyModeOnPowerEnabled - Enable efficiency mode when the device is connected to a power source",
"description": "Allows efficiency mode to become active when the device is connected to a power source. On devices with no battery, this policy has no effect.\n\nIf you enable this policy, efficiency mode will become active when the device is connected to a power source.\n\nIf you disable or don't configure this policy, efficiency mode will never become active when the device is connected to a power source.\n\nThis policy has no effect if the \"EfficiencyModeEnabled\" policy is disabled.\n\nLearn more about efficiency mode: https://go.microsoft.com/fwlink/?linkid=2173921",
"property_order": 755,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EfficiencyModeOnPowerEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#efficiencymodeonpowerenabled"
}]
},
"EnableAuthNegotiatePort": {
"title": "EnableAuthNegotiatePort - Include non-standard port in Kerberos SPN",
"description": "Specifies whether the generated Kerberos SPN should include a non-standard port.\n\nIf you enable this policy, and a user includes a non-standard port (a port other than 80 or 443) in a URL, that port is included in the generated Kerberos SPN.\n\nIf you don't configure or disable this policy, the generated Kerberos SPN won't include a port in any case.",
"property_order": 760,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EnableAuthNegotiatePort"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#enableauthnegotiateport"
}]
},
"EnableMediaRouter": {
"title": "EnableMediaRouter - Enable Google Cast",
"description": "Enable this policy to enable Google Cast. Users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites, and (if shown) the Cast toolbar icon.\n\nDisable this policy to disable Google Cast.\n\nBy default, Google Cast is enabled.",
"property_order": 765,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EnableMediaRouter"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#enablemediarouter"
}]
},
"EnableOnlineRevocationChecks": {
"title": "EnableOnlineRevocationChecks - Enable online OCSP/CRL checks",
"description": "Online revocation checks don't provide a significant security benefit and are disabled by default.\n\nIf you enable this policy, Microsoft Edge will perform soft-fail, online OCSP/CRL checks. \"Soft fail\" means that if the revocation server can't be reached, the certificate will be considered valid.\n\nIf you disable the policy or don't configure it, Microsoft Edge won't perform online revocation checks.",
"property_order": 770,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EnableOnlineRevocationChecks"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#enableonlinerevocationchecks"
}]
},
"EncryptedClientHelloEnabled": {
"title": "EncryptedClientHelloEnabled - TLS Encrypted ClientHello Enabled",
"description": "Encrypted ClientHello (ECH) is an extension to TLS that encrypts the sensitive fields of ClientHello to improve privacy.\n\nIf ECH is enabled, Microsoft Edge might or might not use ECH depending on server support, the availability of the HTTPS DNS record, or the rollout status.\n\nIf you enable or do not configure this policy, Microsoft Edge will follow the default rollout process for ECH.\n\nIf this policy is disabled, Microsoft Edge will not enable ECH.\n\nBecause ECH is an evolving protocol, Microsoft Edge's implementation is subject to change.\n\nAs such, this policy is a temporary measure to control the initial experimental implementation. It will be replaced with final controls as the protocol finalizes.",
"property_order": 775,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EncryptedClientHelloEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#encryptedclienthelloenabled"
}]
},
"EnhanceSecurityMode": {
"title": "EnhanceSecurityMode - Enhance the security state in Microsoft Edge",
"description": "This policy lets you enhance the security state in Microsoft Edge.\n\nIf you set this policy to 'StandardMode', the enhanced mode will be turned off and Microsoft Edge will fallback to its standard security mode.\n\nIf you set this policy to 'BalancedMode', the security state will be in balanced mode.\n\nIf you set this policy to 'StrictMode', the security state will be in strict mode.\n\nIf you set this policy to 'BasicMode', the security state will be in basic mode.\n\nNote: Sites that use WebAssembly (WASM) are not supported on 32-bit systems when \"EnhanceSecurityMode\" is enabled. If you require access to a site that uses WASM, consider adding it to your exception list as described in https://go.microsoft.com/fwlink/?linkid=2183321.\n\nStarting in Microsoft Edge 113, 'BasicMode' is deprecated and is treated the same as 'BalancedMode'. It won't work in Microsoft Edge version 116.\n\nFor detailed information about Enhanced Security Mode, see https://go.microsoft.com/fwlink/?linkid=2185895\n\nPolicy options mapping:\n\n* StandardMode (0) = Standard mode\n\n* BalancedMode (1) = Balanced mode\n\n* StrictMode (2) = Strict mode\n\n* BasicMode (3) = (Deprecated) Basic mode\n\nUse the preceding information when configuring this policy.",
"property_order": 780,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["StandardMode - Standard mode", "BalancedMode - Balanced mode", "StrictMode - Strict mode", "BasicMode - (Deprecated) Basic mode"]
},
"enum": [0, 1, 2, 3]
}
],
"options": {
"infoText": "EnhanceSecurityMode"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#enhancesecuritymode"
}]
},
"EnhanceSecurityModeBypassListDomains": {
"title": "EnhanceSecurityModeBypassListDomains - Configure the list of domains for which enhance security mode will not be enforced",
"description": "Configure the list of enhance security trusted domains. This means that\nenhance security mode will not be enforced when loading the sites in trusted domains.",
"property_order": 785,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "EnhanceSecurityModeBypassListDomains"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#enhancesecuritymodebypasslistdomains"
}]
},
"EnhanceSecurityModeEnforceListDomains": {
"title": "EnhanceSecurityModeEnforceListDomains - Configure the list of domains for which enhance security mode will always be enforced",
"description": "Configure the list of enhance security untrusted domains. This means that\nenhance security mode will always be enforced when loading the sites in untrusted domains.",
"property_order": 790,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "EnhanceSecurityModeEnforceListDomains"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#enhancesecuritymodeenforcelistdomains"
}]
},
"EnhanceSecurityModeIndicatorUIEnabled": {
"title": "EnhanceSecurityModeIndicatorUIEnabled - Manage the indicator UI of the Enhanced Security Mode (ESM) feature in Microsoft Edge",
"description": "This policy lets you manage whether the indicator User Interface (UI) for enhanced security mode is shown or not when ESM is turned on.\n\nIf you enable or don't configure this policy, the indicator UI is on.\n\nIf you disable this policy, the indicator UI is off.\n\nNote: If this policy is used, only the indicator User Interface experience is supressed - ESM is still turned on. For more information, see the \"EnhanceSecurityMode\" policy.\n\nFor detailed information about Enhanced Security Mode, see https://go.microsoft.com/fwlink/?linkid=2185895",
"property_order": 795,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EnhanceSecurityModeIndicatorUIEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#enhancesecuritymodeindicatoruienabled"
}]
},
"EnhanceSecurityModeOptOutUXEnabled": {
"title": "EnhanceSecurityModeOptOutUXEnabled - Manage opt-out user experience for Enhanced Security Mode (ESM) in Microsoft Edge (deprecated)",
"description": "This policy lets you manage whether the opt-out user experience for enhanced security mode is presented when ESM is turned on for Microsoft Edge.\n\nIf you enable or don't configure this policy, the UI for the opt-out user experience is on.\n\nIf you disable this policy, the UI for the opt-out user experience is off.\n\nNote: If this policy is used, only the User Interface for the opt-out experience is supressed - ESM is still turned on. For more information, see the \"EnhanceSecurityMode\" policy.\n\nFor detailed information about Enhanced Security Mode, see https://go.microsoft.com/fwlink/?linkid=2185895.\n\nAfter careful evaluation, we have determined that this experimental opt-out UX is not required. As a result, this policy will be deprecated and stop working after Edge version 130.",
"property_order": 800,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EnhanceSecurityModeOptOutUXEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#enhancesecuritymodeoptoutuxenabled"
}]
},
"EnterpriseHardwarePlatformAPIEnabled": {
"title": "EnterpriseHardwarePlatformAPIEnabled - Allow managed extensions to use the Enterprise Hardware Platform API",
"description": "When this policy is set to enabled, extensions installed by enterprise policy are allowed to use the Enterprise Hardware Platform API.\nWhen this policy is set to disabled or isn't set, no extensions are allowed to use the Enterprise Hardware Platform API.\nThis policy also applies to component extensions.",
"property_order": 805,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "EnterpriseHardwarePlatformAPIEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#enterprisehardwareplatformapienabled"
}]
},
"ExemptFileTypeDownloadWarnings": {
"title": "ExemptFileTypeDownloadWarnings - not configurable in UI, please craft plist",
"description": "You can enable this policy to create a dictionary of file type extensions with a corresponding list of domains that will be exempted from file type extension-based download warnings. This lets enterprise administrators block file type extension-based download warnings for files that are associated with a listed domain. For example, if the \"jnlp\" extension is associated with \"website1.com\", users would not see a warning when downloading \"jnlp\" files from \"website1.com\", but see a download warning when downloading \"jnlp\" files from \"website2.com\".\n\nFiles with file type extensions specified for domains identified by this policy will still be subject to non-file type extension-based security warnings such as mixed-content download warnings and Microsoft Defender SmartScreen warnings.\n\nIf you disable this policy or don't configure it, file types that trigger extension-based download warnings will show warnings to the user.\n\nIf you enable this policy:\n\n* The URL pattern should be formatted according to https://go.microsoft.com/fwlink/?linkid=2095322.\n* The file type extension entered must be in lower-cased ASCII. The leading separator should not be included when listing the file type extension, so list \"jnlp\" should be used instead of \".jnlp\".\n\nExample:\n\nThe following example value would prevent file type extension-based download warnings on swf, exe, and jnlp extensions for *.contoso.com domains. It will show the user a file type extension-based download warning on any other domain for exe and jnlp files, but not for swf files.\n\n[\n { \"file_extension\": \"jnlp\", \"domains\": [\"contoso.com\"] },\n { \"file_extension\": \"exe\", \"domains\": [\"contoso.com\"] },\n { \"file_extension\": \"swf\", \"domains\": [\"*\"] }\n]\n\nNote that while the preceding example shows the suppression of file type extension-based download warnings for \"swf\" files for all domains, applying suppression of such warnings for all domains for any dangerous file type extension is not recommended due to security concerns. It is shown in the example merely to demonstrate the ability to do so.",
"property_order": 810,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "ExemptFileTypeDownloadWarnings"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#exemptfiletypedownloadwarnings"
}]
},
"ExperimentationAndConfigurationServiceControl": {
"title": "ExperimentationAndConfigurationServiceControl - Control communication with the Experimentation and Configuration Service",
"description": "The Experimentation and Configuration Service is used to deploy Experimentation and Configuration payloads to the client.\n\nExperimentation payload consists of a list of early in development features that Microsoft is enabling for testing and feedback.\n\nConfiguration payload consists of a list of recommended settings that Microsoft wants to deploy to optimize the user experience.\n\nConfiguration payload may also contain a list of actions to take on certain domains for compatibility reasons. For example, the browser may override the User Agent string on a website if that website is broken. Each of these actions is intended to be temporary while Microsoft tries to resolve the issue with the site owner.\n\nIf you set this policy to 'FullMode', the full payload is downloaded from the Experimentation and Configuration Service. This includes both the experimentation and configuration payloads.\n\nIf you set this policy to 'ConfigurationsOnlyMode', only the configuration payload is downloaded.\n\nIf you set this policy to 'RestrictedMode', the communication with the Experimentation and Configuration Service is stopped completely. Microsoft does not recommend this setting.\n\nIf you don't configure this policy on a managed device, the behavior on Beta and Stable channels is the same as the 'ConfigurationsOnlyMode'. On Canary and Dev channels the behavior is the same as 'FullMode'.\n\nIf you don't configure this policy on an unmanaged device, the behavior is the same as the 'FullMode'.\n\nPolicy options mapping:\n\n* FullMode (2) = Retrieve configurations and experiments\n\n* ConfigurationsOnlyMode (1) = Retrieve configurations only\n\n* RestrictedMode (0) = Disable communication with the Experimentation and Configuration Service\n\nUse the preceding information when configuring this policy.",
"property_order": 815,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["RestrictedMode - Disable communication with the Experimentation and Configuration Service", "ConfigurationsOnlyMode - Retrieve configurations only", "FullMode - Retrieve configurations and experiments"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "ExperimentationAndConfigurationServiceControl"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#experimentationandconfigurationservicecontrol"
}]
},
"ExplicitlyAllowedNetworkPorts": {
"title": "ExplicitlyAllowedNetworkPorts - Explicitly allowed network ports",
"description": "There is a list of restricted ports built into Microsoft Edge. Connections to these ports will fail. This policy allows bypassing that list. The set of ports is defined as a comma-separated list that outgoing connections should be permitted on.\n\nPorts are restricted to prevent Microsoft Edge from being used as a vector to exploit various network vulnerabilities. Setting this policy may expose your network to attacks. This policy is intended as a temporary workaround for error code \"ERR_UNSAFE_PORT\" while migrating a service running on a blocked port to a standard port (for example port 80 or 443).\n\nMalicious websites can easily detect that this policy is set, and for which ports, then use that information to target attacks.\n\nEach port listed in this policy is labeled with a date that it can be unblocked until. After that date the port will be restricted regardless of if it's specified by the value of this policy.\n\nLeaving the value empty or unset means that all restricted ports will be blocked. Invalid port values set through this policy will be ignored while valid ones will still be applied.\n\nThis policy overrides the \"--explicitly-allowed-ports\" command-line option.\n\nPolicy options mapping:\n\n* 554 (554) = port 554 (can be unblocked until 2021/10/15)\n\n* 10080 (10080) = port 10080 (can be unblocked until 2022/04/01)\n\n* 6566 (6566) = port 6566 (can be unblocked until 2021/10/15)\n\n* 989 (989) = port 989 (can be unblocked until 2022/02/01)\n\n* 990 (990) = port 990 (can be unblocked until 2022/02/01)\n\nUse the preceding information when configuring this policy.",
"property_order": 820,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ExplicitlyAllowedNetworkPorts"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#explicitlyallowednetworkports"
}]
},
"ExtensionAllowedTypes": {
"title": "ExtensionAllowedTypes - Configure allowed extension types",
"description": "Setting the policy controls which apps and extensions may be installed in Microsoft Edge, which hosts they can interact with, and limits runtime access.\n\nIf you don't set this policy, there aren't any restrictions on acceptable extension and app types.\n\nExtensions and apps which have a type that's not on the list won't be installed. Each value should be one of these strings:\n\n* \"extension\"\n\n* \"theme\"\n\n* \"user_script\"\n\n* \"hosted_app\"\n\nSee the Microsoft Edge extensions documentation for more information about these types.\n\nNote: This policy also affects extensions and apps to be force-installed using \"ExtensionInstallForcelist\".\n\nPolicy options mapping:\n\n* extension (extension) = Extension\n\n* theme (theme) = Theme\n\n* user_script (user_script) = User script\n\n* hosted_app (hosted_app) = Hosted app\n\n* legacy_packaged_app (legacy_packaged_app) = Legacy packaged app\n\n* platform_app (platform_app) = Platform app\n\nUse the preceding information when configuring this policy.",
"property_order": 825,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ExtensionAllowedTypes"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#extensionallowedtypes"
}]
},
"ExtensionDeveloperModeSettings": {
"title": "ExtensionDeveloperModeSettings - Control the availability of developer mode on extensions page",
"description": "Control if users can turn on Developer Mode on edge://extensions.\n\nIf the policy isn't set, users can turn on developer mode on the extension page unless DeveloperToolsAvailability policy is set to DeveloperToolsDisallowed (2).\nIf the policy is set to Allow (0), users can turn on developer mode on the extensions page.\nIf the policy is set to Disallow (1), users cannot turn on developer mode on the extensions page.\n\nIf this policy is set, DeveloperToolsAvailability can no longer control extensions developer mode.\n\nPolicy options mapping:\n\n* Allow (0) = Allow the usage of developer mode on extensions page\n\n* Disallow (1) = Do not allow the usage of developer mode on extensions page\n\nUse the preceding information when configuring this policy.",
"property_order": 830,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["Allow - Allow the usage of developer mode on extensions page", "Disallow - Do not allow the usage of developer mode on extensions page"]
},
"enum": [0, 1]
}
],
"options": {
"infoText": "ExtensionDeveloperModeSettings"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#extensiondevelopermodesettings"
}]
},
"ExtensionExtendedBackgroundLifetimeForPortConnectionsToUrls": {
"title": "ExtensionExtendedBackgroundLifetimeForPortConnectionsToUrls - Configure a list of origins that grant an extended background lifetime to connecting extensions.",
"description": "Extensions that connect to one of these origins will keep running as long as the port is connected.\nIf unset, the policy's default values are used. These are the app origins that offer SDKs that are known to not offer the possibility to restart a closed connection to a previous state:\n- Smart Card Connector\n- Citrix Receiver (stable, beta, back-up)\n- VMware Horizon (stable, beta)\n\nIf set, the default value list is extended with the newly configured values. The defaults and policy-provided entries will grant the exception to the connecting extensions, as long as the port is connected.",
"property_order": 835,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ExtensionExtendedBackgroundLifetimeForPortConnectionsToUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#extensionextendedbackgroundlifetimeforportconnectionstourls"
}]
},
"ExtensionInstallBlocklist": {
"title": "ExtensionInstallBlocklist - Control which extensions cannot be installed",
"description": "Lets you specify which extensions the users CANNOT install. Extensions already installed will be disabled if blocked, without a way for the user to enable them. After a disabled extension is removed from the blocklist it will automatically get re-enabled.\n\nA blocklist value of '*' means all extensions are blocked unless they are explicitly listed in the allowlist.\n\nIf this policy isn't set, the user can install any extension in Microsoft Edge.",
"property_order": 840,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ExtensionInstallBlocklist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#extensioninstallblocklist"
}]
},
"ExtensionInstallForcelist": {
"title": "ExtensionInstallForcelist - Control which extensions are installed silently",
"description": "Set this policy to specify a list of apps and extensions that install silently, without user interaction. Users can't uninstall or turn off this setting. Permissions are granted implicitly, including the enterprise.deviceAttributes and enterprise.platformKeys extension APIs. Note: These 2 APIs aren't available to apps and extensions that aren't force-installed.\n\nIf you don't set this policy, no apps or extensions are autoinstalled and users can uninstall any app in Microsoft Edge.\n\nThis policy supercedes \"ExtensionInstallBlocklist\" policy. If a previously force-installed app or extension is removed from this list, Microsoft Edge automatically uninstalls it.\n\nFor Windows instances not joined to a Microsoft Active Directory domain, forced installation is limited to apps and extensions listed in the Microsoft Edge Add-ons website.\n\nOn macOS instances, apps and extensions from outside the Microsoft Edge Add-ons website can only be force installed if the instance is managed via MDM, or joined to a domain via MCX.\n\nThe source code of any extension can be altered by users with developer tools, potentially rendering the extension unfunctional. If this is a concern, configure the \"DeveloperToolsAvailability\" policy.\n\nEach list item of the policy is a string that contains an extension ID and, optionally, an \"update\" URL separated by a semicolon (;). The extension ID is the 32-letter string found, for example, on edge://extensions when in Developer mode. If specified, the \"update\" URL should point to an Update Manifest XML document ( https://go.microsoft.com/fwlink/?linkid=2095043 ). By default, the Microsoft Edge Add-ons website's update URL is used. The \"update\" URL set in this policy is only used for the initial installation; subsequent updates of the extension use the update URL in the extension's manifest.\n\nNote: This policy doesn't apply to InPrivate mode. Read about hosting extensions at [Publish and update extensions in the Microsoft Edge Add-ons website](/microsoft-edge/extensions-chromium/enterprise/hosting-and-updating).",
"property_order": 845,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ExtensionInstallForcelist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#extensioninstallforcelist"
}]
},
"ExtensionInstallSources": {
"title": "ExtensionInstallSources - Configure extension and user script install sources",
"description": "Define URLs that can install extensions and themes.\n\nDefine URLs that can install extensions and themes directly without having to drag and drop the packages to the edge://extensions page.\n\nEach item in this list is an extension-style match pattern (see https://go.microsoft.com/fwlink/?linkid=2095039). Users can easily install items from any URL that matches an item in this list. Both the location of the *.crx file and the page where the download is started from (in other words, the referrer) must be allowed by these patterns. Do not host the files at a location that requires authentication.\n\nThe \"ExtensionInstallBlocklist\" policy takes precedence over this policy. Any extensions that's on the block list won't be installed, even if it comes from a site on this list.",
"property_order": 850,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ExtensionInstallSources"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#extensioninstallsources"
}]
},
"ExtensionInstallTypeBlocklist": {
"title": "ExtensionInstallTypeBlocklist - Blocklist for extension install types",
"description": "The blocklist controls which extension install types are disallowed.\n\nSetting the \"command_line\" will block an extension from being loaded from command line.\n\nPolicy options mapping:\n\n* command_line (command_line) = Blocks extensions from being loaded from command line\n\nUse the preceding information when configuring this policy.",
"property_order": 855,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ExtensionInstallTypeBlocklist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#extensioninstalltypeblocklist"
}]
},
"ExtensionInstallAllowlist": {
"title": "ExtensionInstallAllowlist - Allow specific extensions to be installed",
"description": "Setting this policy specifies which extensions are not subject to the blocklist.\n\nA blocklist value of * means all extensions are blocked and users can only install extensions listed in the allow list.\n\nBy default, all extensions are allowed. However, if you prohibited extensions by policy, you can use the list of allowed extensions to change that policy.",
"property_order": 860,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ExtensionInstallAllowlist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#extensioninstallallowlist"
}]
},
"ExtensionManifestV2Availability": {
"title": "ExtensionManifestV2Availability - Control Manifest v2 extension availability",
"description": "Control if Manifest v2 extensions can be used by browser.\n\nManifest v2 extensions support will be deprecated and all extensions need to be migrated to v3 in the future. More information about, and the timeline of the migration has not been established.\n\nIf the policy is set to Default or not set, v2 extension loading is decided by browser. This will follow the preceding timeline when it's established.\n\nIf the policy is set to Disable, v2 extensions installation are blocked, and existing ones are disabled. This option is going to be treated the same as if the policy is unset after v2 support is turned off by default.\n\nIf the policy is set to Enable, v2 extensions are allowed. The option is going to be treated the same as if the policy isn't set before v2 support is turned off by default.\n\nIf the policy is set to EnableForForcedExtensions, force installed v2 extensions are allowed. This includes extensions that are listed by \"ExtensionInstallForcelist\" or \"ExtensionSettings\" with installation_mode \"force_installed\" or \"normal_installed\". All other v2 extensions are disabled. The option is always available regardless of the manifest migration state.\n\nExtensions availabilities are still controlled by other policies.\n\nPolicy options mapping:\n\n* Default (0) = Default browser behavior\n\n* Disable (1) = Manifest v2 is disabled\n\n* Enable (2) = Manifest v2 is enabled\n\n* EnableForForcedExtensions (3) = Manifest v2 is enabled for forced extensions only\n\nUse the preceding information when configuring this policy.",
"property_order": 865,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["Default - Default browser behavior", "Disable - Manifest v2 is disabled", "Enable - Manifest v2 is enabled", "EnableForForcedExtensions - Manifest v2 is enabled for forced extensions only"]
},
"enum": [0, 1, 2, 3]
}
],
"options": {
"infoText": "ExtensionManifestV2Availability"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#extensionmanifestv2availability"
}]
},
"ExtensionSettings": {
"title": "ExtensionSettings - not configurable in UI, please craft plist",
"description": "Setting this policy controls extension management settings for Microsoft Edge, including any controlled by existing extension-related policies. This policy supersedes any legacy policies that might be set.\n\nThis policy maps an extension ID or an update URL to its specific setting only. A default configuration can be set for the special ID \"*\", which applies to all extensions without a custom configuration in this policy. With an update URL, configuration applies to extensions with the exact update URL stated in the extension manifest. If the 'override_update_url' flag is set to true, the extension is installed and updated using the update URL specified in the \"ExtensionInstallForcelist\" policy or in 'update_url' field in this policy. The flag 'override_update_url' is ignored if the 'update_url' is the Edge Add-ons website update URL. For more details, check out the detailed guide to ExtensionSettings policy available at https://go.microsoft.com/fwlink/?linkid=2161555.\n\nTo block extensions from a particular third party store, you only need to block the update_url for that store. For example, if you want to block extensions from Chrome Web Store, you can use the following JSON.\n\n{\"update_url:https://clients2.google.com/service/update2/crx\":{\"installation_mode\":\"blocked\"}}\n\nNote that you can still use \"ExtensionInstallForcelist\" and \"ExtensionInstallAllowlist\" to allow / force install specific extensions even if the store is blocked using the JSON in the previous example.\n\nIf the 'sidebar_auto_open_blocked' flag is set to true in an extension's configuration, the hub-app (sidebar app) corresponding to the specified extension will be prevented from automatically opening.\n\nOn Windows instances, apps and extensions from outside the Microsoft Edge Add-ons website can only be forced installed if the instance is joined to a Microsoft Active Directory domain or joined to Microsoft Azure Active Directory®`.\n\nOn macOS instances, apps and extensions from outside the Microsoft Edge Add-ons website can only be force installed if the instance is managed via MDM, joined to a domain via MCX.",
"property_order": 870,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "ExtensionSettings"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#extensionsettings"
}]
},
"ExtensionsPerformanceDetectorEnabled": {
"title": "ExtensionsPerformanceDetectorEnabled - Extensions Performance Detector enabled",
"description": "This policy controls if users can access the Extensions Performance Detector Recommended Action feature in Browser Essentials. This feature alerts extension users if their extensions are causing performance regressions in the browser and allows them to take action to resolve the issue.\n\nIf you enable or don't configure this policy, users will receive Extensions Performance Detector notifications from Browser Essentials. When there is an active alert, users will be able to view the impact of extensions on their browser's performance and make an informed decision to disable impacting extensions. The detector will exclude browser-managed extensions, such as Google Docs offline, component extensions, and organization-managed extensions (ie. extensions that cannot be disabled).\n\nIf you disable this policy, users will not receive notifications or be able to view the Extensions Performance Detector Recommended Action.",
"property_order": 875,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ExtensionsPerformanceDetectorEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#extensionsperformancedetectorenabled"
}]
},
"ExternalProtocolDialogShowAlwaysOpenCheckbox": {
"title": "ExternalProtocolDialogShowAlwaysOpenCheckbox - Show an \"Always open\" checkbox in external protocol dialog",
"description": "This policy controls whether the \"Always allow this site to open links of this type\" checkbox is shown on external protocol launch confirmation prompts. This policy only applies to https:// links.\n\nIf you enable this policy, when an external protocol confirmation prompt is shown, the user can select \"Always allow\" to skip all future confirmation prompts for the protocol on this site.\n\nIf you disable this policy, the \"Always allow\" checkbox isn't displayed. The user will be prompted for confirmation every time an external protocol is invoked.\n\nPrior to Microsoft Edge 83, if you don't configure this policy, the \"Always allow\" checkbox isn't displayed. The user will be prompted for confirmation every time an external protocol is invoked.\n\nOn Microsoft Edge 83, if you don't configure this policy, the checkbox visibility is controlled by the \"Enable remembering protocol launch prompting preferences\" flag in edge://flags\n\nAs of Microsoft Edge 84, if you don't configure this policy, when an external protocol confirmation prompt is shown, the user can select \"Always allow\" to skip all future confirmation prompts for the protocol on this site.",
"property_order": 880,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ExternalProtocolDialogShowAlwaysOpenCheckbox"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#externalprotocoldialogshowalwaysopencheckbox"
}]
},
"FamilySafetySettingsEnabled": {
"title": "FamilySafetySettingsEnabled - Allow users to configure Family safety and Kids Mode",
"description": "This policy disables two family safety related features in the browser. This will hide the Family page inside Settings and navigation to edge://settings/family will be blocked. The family settings page describes what features are available with family groups with Microsoft Family Safety. Learn more about Family Safety here: (https://go.microsoft.com/fwlink/?linkid=2098432). Starting in Microsoft Edge 90, this policy also disables Kids Mode, a kid friendly browsing mode with custom themes and allow list browsing that requires the device password to exit. Learn more about Kids Mode here: (https://go.microsoft.com/fwlink/?linkid=2146910)\n\nIf you enable this policy or don't configure it, the family page in Settings will be shown and Kids Mode will be available.\n\nIf you disable this policy, the family page will not be shown, and Kids Mode will be hidden.",
"property_order": 885,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "FamilySafetySettingsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#familysafetysettingsenabled"
}]
},
"FeatureFlagOverridesControl": {
"title": "FeatureFlagOverridesControl - Configure users ability to override feature flags",
"description": "Configures users ability to override state of feature flags.\nIf you set this policy to 'CommandLineOverridesEnabled', users can override state of feature flags using command line arguments but not edge://flags page.\n\nIf you set this policy to 'OverridesEnabled', users can override state of feature flags using command line arguments or edge://flags page.\n\nIf you set this policy to 'OverridesDisabled', users can't override state of feature flags using command line arguments or edge://flags page.\n\nIf you don't configure this policy, the behavior is the same as the 'OverridesEnabled'.\n\nPolicy options mapping:\n\n* CommandLineOverridesEnabled (2) = Allow users to override feature flags using command line arguments only\n\n* OverridesEnabled (1) = Allow users to override feature flags\n\n* OverridesDisabled (0) = Prevent users from overriding feature flags\n\nUse the preceding information when configuring this policy.",
"property_order": 890,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["OverridesDisabled - Prevent users from overriding feature flags", "OverridesEnabled - Allow users to override feature flags", "CommandLineOverridesEnabled - Allow users to override feature flags using command line arguments only"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "FeatureFlagOverridesControl"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#featureflagoverridescontrol"
}]
},
"FetchKeepaliveDurationSecondsOnShutdown": {
"title": "FetchKeepaliveDurationSecondsOnShutdown - Fetch keepalive duration on shutdown",
"description": "Controls the duration (in seconds) that keepalive requests are allowed to prevent the browser from completing its shutdown.\n\nIf you configure this policy, the browser will block completing shutdown while it processes any outstanding keepalive requests (see https://fetch.spec.whatwg.org/#request-keepalive-flag) up to the maximum period of time specified by this policy.\n\nIf you disable or don't configure this policy, the default value of 0 seconds is used and outstanding keepalive requests will be immediately cancelled during browser shutdown.",
"property_order": 895,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer"
}
],
"options": {
"infoText": "FetchKeepaliveDurationSecondsOnShutdown"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#fetchkeepalivedurationsecondsonshutdown"
}]
},
"FileOrDirectoryPickerWithoutGestureAllowedForOrigins": {
"title": "FileOrDirectoryPickerWithoutGestureAllowedForOrigins - Allow file or directory picker APIs to be called without prior user gesture",
"description": "For security reasons, the showOpenFilePicker(), showSaveFilePicker() and showDirectoryPicker() web APIs require a prior user gesture (\"transient activation\") to be called or will otherwise fail.\n\nIf you enable this policy, admins can specify origins on which these APIs can be called without prior user gesture.\n\nFor detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.\n\nIf you disable or don't configure this policy, all origins will require a prior user gesture to call these APIs.",
"property_order": 900,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "FileOrDirectoryPickerWithoutGestureAllowedForOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#fileordirectorypickerwithoutgestureallowedfororigins"
}]
},
"FileSystemReadAskForUrls": {
"title": "FileSystemReadAskForUrls - Allow read access via the File System API on these sites",
"description": "Setting the policy lets you list the URL patterns that specify which sites can ask users to grant them read access to files or directories in the host operating system's file system via the File System API.\n\nLeaving the policy unset means \"DefaultFileSystemReadGuardSetting\" applies for all sites, if it's set. If not, users' personal settings apply.\n\nURL patterns can't conflict with \"FileSystemReadBlockedForUrls\". Neither policy takes precedence if a URL matches with both.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.",
"property_order": 905,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "FileSystemReadAskForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#filesystemreadaskforurls"
}]
},
"FileSystemReadBlockedForUrls": {
"title": "FileSystemReadBlockedForUrls - Block read access via the File System API on these sites",
"description": "If you set this policy, you can list the URL patterns that specify which sites can't ask users to grant them read access to files or directories in the host operating system's file system via the File System API.\n\nIf you don't set this policy, \"DefaultFileSystemReadGuardSetting\" applies for all sites, if it's set. If not, users' personal settings apply.\n\nURL patterns can't conflict with \"FileSystemReadAskForUrls\". Neither policy takes precedence if a URL matches with both.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.",
"property_order": 910,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "FileSystemReadBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#filesystemreadblockedforurls"
}]
},
"FileSystemWriteAskForUrls": {
"title": "FileSystemWriteAskForUrls - Allow write access to files and directories on these sites",
"description": "If you set this policy, you can list the URL patterns that specify which sites can ask users to grant them write access to files or directories in the host operating system's file system.\n\nIf you don't set this policy, \"DefaultFileSystemWriteGuardSetting\" applies for all sites, if it's set. If not, users' personal settings apply.\n\nURL patterns can't conflict with \"FileSystemWriteBlockedForUrls\". Neither policy takes precedence if a URL matches with both.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.",
"property_order": 915,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "FileSystemWriteAskForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#filesystemwriteaskforurls"
}]
},
"FileSystemWriteBlockedForUrls": {
"title": "FileSystemWriteBlockedForUrls - Block write access to files and directories on these sites",
"description": "If you set this policy, you can list the URL patterns that specify which sites can't ask users to grant them write access to files or directories in the host operating system's file system.\n\nIf you don't set this policy, \"DefaultFileSystemWriteGuardSetting\" applies for all sites, if it's set. If not, users' personal settings apply.\n\nURL patterns can't conflict with \"FileSystemWriteAskForUrls\". Neither policy takes precedence if a URL matches with both.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.",
"property_order": 920,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "FileSystemWriteBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#filesystemwriteblockedforurls"
}]
},
"ForceBingSafeSearch": {
"title": "ForceBingSafeSearch - Enforce Bing SafeSearch",
"description": "Ensure that queries in Bing web search are done with SafeSearch set to the value specified. Users can't change this setting.\n\nIf you configure this policy to 'BingSafeSearchNoRestrictionsMode', SafeSearch in Bing search falls back to the bing.com value.\n\nIf you configure this policy to 'BingSafeSearchModerateMode', the moderate setting is used in SafeSearch. The moderate setting filters adult videos and images but not text from search results.\n\nIf you configure this policy to 'BingSafeSearchStrictMode', the strict setting in SafeSearch is used. The strict setting filters adult text, images, and videos.\n\nIf you disable this policy or don't configure it, SafeSearch in Bing search isn't enforced, and users can set the value they want on bing.com.\n\nPolicy options mapping:\n\n* BingSafeSearchNoRestrictionsMode (0) = Don't configure search restrictions in Bing\n\n* BingSafeSearchModerateMode (1) = Configure moderate search restrictions in Bing\n\n* BingSafeSearchStrictMode (2) = Configure strict search restrictions in Bing\n\nUse the preceding information when configuring this policy.",
"property_order": 925,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["BingSafeSearchNoRestrictionsMode - Don't configure search restrictions in Bing", "BingSafeSearchModerateMode - Configure moderate search restrictions in Bing", "BingSafeSearchStrictMode - Configure strict search restrictions in Bing"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "ForceBingSafeSearch"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#forcebingsafesearch"
}]
},
"ForceCertificatePromptsOnMultipleMatches": {
"title": "ForceCertificatePromptsOnMultipleMatches - Configure whether Microsoft Edge should automatically select a certificate when there are multiple certificate matches for a site configured with \"AutoSelectCertificateForUrls\" (deprecated)",
"description": "This policy is deprecated because we are moving to a new policy. It won't work in Microsoft Edge version 104. The new policy to use is \"PromptOnMultipleMatchingCertificates\".\n\nToggles whether users are prompted to select a certificate if there are multiple certificates available and a site is configured with \"AutoSelectCertificateForUrls\". If you don't configure \"AutoSelectCertificateForUrls\" for a site, the user will always be prompted to select a certificate.\n\nIf you set this policy to True, Microsoft Edge will prompt a user to select a certificate for sites on the list defined in \"AutoSelectCertificateForUrls\" if and only if there is more than one certificate.\n\nIf you set this policy to False or don't configure it, Microsoft Edge will automatically select a certificate even if there are multiple matches for a certificate. The user will not be prompted to select a certificate for sites on the list defined in \"AutoSelectCertificateForUrls\".",
"property_order": 930,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ForceCertificatePromptsOnMultipleMatches"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#forcecertificatepromptsonmultiplematches"
}]
},
"ForceEphemeralProfiles": {
"title": "ForceEphemeralProfiles - Enable use of ephemeral profiles",
"description": "Controls whether user profiles are switched to ephemeral mode. An ephemeral profile is created when a session begins, is deleted when the session ends, and is associated with the user's original profile.\n\nIf you enable this policy, profiles run in ephemeral mode. This lets users work from their own devices without saving browsing data to those devices. If you enable this policy as an OS policy (by using GPO on Windows, for example), it applies to every profile on the system.\n\nIf you disable this policy or don't configure it, users get their regular profiles when they sign in to the browser.\n\nIn ephemeral mode, profile data is saved on disk only for the length of the user session. Features like browser history, extensions and their data, web data like cookies, and web databases aren't saved after the browser is closed. This doesn't prevent a user from manually downloading any data to disk, or from saving pages or printing them. If the user has enabled sync, all data is preserved in their sync accounts just like with regular profiles. Users can also use InPrivate browsing in ephemeral mode unless you explicitly disable this.",
"property_order": 935,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ForceEphemeralProfiles"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#forceephemeralprofiles"
}]
},
"ForceGoogleSafeSearch": {
"title": "ForceGoogleSafeSearch - Enforce Google SafeSearch",
"description": "Forces queries in Google Web Search to be performed with SafeSearch set to active, and prevents users from changing this setting.\n\nIf you enable this policy, SafeSearch in Google Search is always active.\n\nIf you disable this policy or don't configure it, SafeSearch in Google Search isn't enforced.",
"property_order": 940,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ForceGoogleSafeSearch"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#forcegooglesafesearch"
}]
},
"ForcePermissionPolicyUnloadDefaultEnabled": {
"title": "ForcePermissionPolicyUnloadDefaultEnabled - Controls whether unload event handlers can be disabled.",
"description": "unload event handlers are being deprecated. Whether they fire depends on the unload Permissions-Policy.\nCurrently, they are allowed by policy by default. In the future they will gradually move to being disallowed by default and sites must explicitly enable them using Permissions-Policy headers.\nThis enterprise policy can be used to opt out of this gradual deprecation by forcing the default to stay enabled.\n\nPages might depend on unload event handlers to save data or signal the end of a user session to the server.\nThis is not recommended because it's unreliable and impacts performance by blocking use of BackForwardCache.\nRecommended alternatives exist, but the unload event has been used for a long time. Some applications might still rely on them.\n\nIf you disable this policy or don't configure it, unload event handlers will gradually be deprecated in-line with the deprecation rollout and sites which don't set Permissions-Policy header will stop firing `unload` events.\n\nIf you enable this policy then unload event handlers will continue to work by default.",
"property_order": 945,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ForcePermissionPolicyUnloadDefaultEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#forcepermissionpolicyunloaddefaultenabled"
}]
},
"ForceSync": {
"title": "ForceSync - Force synchronization of browser data and do not show the sync consent prompt",
"description": "Forces data synchronization in Microsoft Edge. This policy also prevents the user from turning sync off.\n\nIf you don't configure this policy, users will be able to turn sync on or off. If you enable this policy, users will not be able to turn sync off.\n\nFor this policy to work as intended,\n\"BrowserSignin\" policy must not be configured, or must be set to enabled. If \"BrowserSignin\" is set to disabled, then \"ForceSync\" will not take affect.\n\n\"SyncDisabled\" must not be configured or must be set to False. If this is set to True, \"ForceSync\" will not take affect. If you wish to ensure specific datatypes sync or do not sync, use the \"ForceSyncTypes\" policy and \"SyncTypesListDisabled\" policy.\n\n0 = Do not automatically start sync and show the sync consent (default)\n1 = Force sync to be turned on for Azure AD/Azure AD-Degraded user profile and do not show the sync consent prompt",
"property_order": 950,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ForceSync"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#forcesync"
}]
},
"ForceSyncTypes": {
"title": "ForceSyncTypes - Configure the list of types that are included for synchronization",
"description": "If you enable this policy all the specified data types will be included for synchronization for Azure AD/Azure AD-Degraded user profiles. This policy can be used to ensure the type of data uploaded to the Microsoft Edge synchronization service.\n\nYou can provide one of the following data types for this policy: \"favorites\", \"settings\", \"passwords\", \"addressesAndMore\", \"extensions\", \"history\", \"openTabs\", \"edgeWallet\", and \"collections\". The \"apps\" data type will be supported starting in Microsoft Edge version 100. Note that these data type names are case sensitive.\n\nUsers will not be able to override the enabled data types.",
"property_order": 955,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ForceSyncTypes"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#forcesynctypes"
}]
},
"ForceYouTubeRestrict": {
"title": "ForceYouTubeRestrict - Force minimum YouTube Restricted Mode",
"description": "Enforces a minimum Restricted Mode on YouTube and prevents users from picking a less restricted mode.\n\nSet to 'Strict' to enforce Strict Restricted Mode on YouTube.\n\nSet to 'Moderate' to enforce the user to only use Moderate Restricted Mode and Strict Restricted Mode on YouTube. They can't disable Restricted Mode.\n\nSet to 'Off' or don't configure this policy to not enforce Restricted Mode on YouTube. External policies such as YouTube policies might still enforce Restricted Mode.\n\nPolicy options mapping:\n\n* Off (0) = Do not enforce Restricted Mode on YouTube\n\n* Moderate (1) = Enforce at least Moderate Restricted Mode on YouTube\n\n* Strict (2) = Enforce Strict Restricted Mode for YouTube\n\nUse the preceding information when configuring this policy.",
"property_order": 960,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["Off - Do not enforce Restricted Mode on YouTube", "Moderate - Enforce at least Moderate Restricted Mode on YouTube", "Strict - Enforce Strict Restricted Mode for YouTube"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "ForceYouTubeRestrict"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#forceyoutuberestrict"
}]
},
"GloballyScopeHTTPAuthCacheEnabled": {
"title": "GloballyScopeHTTPAuthCacheEnabled - Enable globally scoped HTTP auth cache",
"description": "This policy configures a single global per profile cache with HTTP server authentication credentials.\n\nIf you disable or don't set this policy, the browser will use the default behavior of cross-site auth, which as of version 80, will be to scope HTTP server authentication credentials by top-level site. So, if two sites use resources from the same authenticating domain, credentials will need to be provided independently in the context of both sites. Cached proxy credentials will be reused across sites.\n\nIf you enable this policy HTTP auth credentials entered in the context of one site will automatically be used in the context of another site.\n\nEnabling this policy leaves sites open to some types of cross-site attacks, and allows users to be tracked across sites even without cookies by adding entries to the HTTP auth cache using credentials embedded in URLs.\n\nThis policy is intended to give enterprises depending on the legacy behavior a chance to update their login procedures and will be removed in the future.",
"property_order": 965,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "GloballyScopeHTTPAuthCacheEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#globallyscopehttpauthcacheenabled"
}]
},
"GoToIntranetSiteForSingleWordEntryInAddressBar": {
"title": "GoToIntranetSiteForSingleWordEntryInAddressBar - Force direct intranet site navigation instead of searching on single word entries in the Address Bar",
"description": "If you enable this policy, the top auto-suggest result in the address bar suggestion list will navigate to intranet sites if the text entered in the address bar is a single word without punctuation.\n\nDefault navigation when typing a single word without punctuation will conduct a navigation to an intranet site matching the entered text.\n\nIf you enable this policy, the second auto-suggest result in the address bar suggestion list will conduct a web search exactly as it was entered, provided that this text is a single word without punctuation. The default search provider will be used unless a policy to prevent web search is also enabled.\n\nTwo effects of enabling this policy are:\n\nNavigation to sites in response to single word queries that would typically resolve to a history item will no longer happen. Instead, the browser will attempt navigate to internal sites that may not exist in an organization's intranet. This will result in a 404 error.\n\nPopular, single-word search terms will require manual selection of search suggestions to properly conduct a search.",
"property_order": 970,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "GoToIntranetSiteForSingleWordEntryInAddressBar"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#gotointranetsiteforsinglewordentryinaddressbar"
}]
},
"GuidedSwitchEnabled": {
"title": "GuidedSwitchEnabled - Guided Switch Enabled",
"description": "Allows Microsoft Edge to prompt the user to switch to the appropriate profile when Microsoft Edge detects that a link is a personal or work link.\n\nIf you enable this policy, you'll be prompted to switch to another account if the current profile doesn't work for the requesting link.\n\nIf you disable this policy, you won't be prompted to switch to another account when there's a profile and link mismatch.\n\nIf this policy isn't configured, guided switch is turned on by default. A user can override this value in the browser settings.",
"property_order": 975,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "GuidedSwitchEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#guidedswitchenabled"
}]
},
"HSTSPolicyBypassList": {
"title": "HSTSPolicyBypassList - Configure the list of names that will bypass the HSTS policy check",
"description": "Setting the policy specifies a list of hostnames that bypass preloaded HSTS upgrades from http to https.\n\nOnly single-label hostnames are allowed in this policy, and this policy only applies to static HSTS-preloaded entries (for example, \"app\", \"new\", \"search\", \"play\"). This policy does not prevent HSTS upgrades for servers that have dynamically requested HSTS upgrades using a Strict-Transport-Security response header.\n\nSupplied hostnames must be canonicalized: Any IDNs must be converted to their A-label format, and all ASCII letters must be lowercase. This policy only applies to the specific single-label hostnames specified, not to subdomains of those names.",
"property_order": 980,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "HSTSPolicyBypassList"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#hstspolicybypasslist"
}]
},
"HardwareAccelerationModeEnabled": {
"title": "HardwareAccelerationModeEnabled - Use graphics acceleration when available",
"description": "If you enable this policy, or leave it unconfigured, graphics acceleration will be utilized if it’s available.\nIf you disable this policy, turns off graphics acceleration.",
"property_order": 985,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "HardwareAccelerationModeEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#hardwareaccelerationmodeenabled"
}]
},
"HeadlessModeEnabled": {
"title": "HeadlessModeEnabled - Control use of the Headless Mode",
"description": "This policy setting lets you decide whether users can launch Microsoft Edge in headless mode.\n\nIf you enable or don't configure this policy, Microsoft Edge allows use of the headless mode.\n\nIf you disable this policy, Microsoft Edge denies use of the headless mode.",
"property_order": 990,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "HeadlessModeEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#headlessmodeenabled"
}]
},
"HideFirstRunExperience": {
"title": "HideFirstRunExperience - Hide the First-run experience and splash screen",
"description": "If you enable this policy, the First-run experience and the splash screen will not be shown to users when they run Microsoft Edge for the first time.\n\nFor the configuration options shown in the First Run Experience, the browser will default to the following:\n\n-On the New Tab Page, the feed type will be set to MSN News and the layout to Inspirational.\n\n-The user will still be automatically signed into Microsoft Edge if the Windows account is of Azure AD or MSA type.\n\n-Sync will not be enabled by default and users will be prompted to choose whether they'd like to sync on browser startup. You can use the \"ForceSync\" or the \"SyncDisabled\" policy to configure sync and the sync consent prompt.\n\nIf you disable or don't configure this policy, the First-run experience and the Splash screen will be shown.\n\nNote: The specific configuration options shown to the user in the First Run Experience, can also be managed by using other specific policies. You can use the HideFirstRunExperience policy in combination with these policies to configure a specific browser experience on your managed devices. Some of these other policies are:\n\n-\"AutoImportAtFirstRun\"\n\n-\"NewTabPageLocation\"\n\n-\"NewTabPageSetFeedType\"\n\n-\"ForceSync\"\n\n-\"SyncDisabled\"\n\n-\"BrowserSignin\"\n\n-\"NonRemovableProfileEnabled\"",
"property_order": 995,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "HideFirstRunExperience"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#hidefirstrunexperience"
}]
},
"HideRestoreDialogEnabled": {
"title": "HideRestoreDialogEnabled - Hide restore pages dialog after browser crash",
"description": "This policy gives an option to hide the \"Restore pages\" dialog after Microsoft Edge has crashed. The \"Restore pages\" dialog gives users the option to restore the pages that were previously open before Microsoft Edge crashed.\n\nIf you enable this policy, the \"Restore pages\" dialog will not be shown. In the event of a crash, Microsoft Edge will not restore previous tabs and will start the session with a new tab page.\n\nIf you disable or don't set this policy, the \"Restore pages\" dialog will be shown.\n\nIf you set this policy, do not set the \"ClearBrowsingDataOnExit\" or \"SavingBrowserHistoryDisabled\" policy since that prevents history from being saved which also disables the dialog.",
"property_order": 1000,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "HideRestoreDialogEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#hiderestoredialogenabled"
}]
},
"HomepageIsNewTabPage": {
"title": "HomepageIsNewTabPage - Set the new tab page as the home page",
"description": "Configures the default home page in Microsoft Edge. You can set the home page to a URL you specify or to the new tab page.\n\nIf you enable this policy, the Home button is set to the new tab page as configured by the user or with the policy \"NewTabPageLocation\" and the URL set with the policy \"HomepageLocation\" is not taken into consideration.\n\nIf you disable this policy, the Home button is the set URL as configured by the user or as configured in the policy \"HomepageLocation\".\n\nIf you don't configure this policy, users can choose whether the set URL or the new tab page is their home page.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.",
"property_order": 1005,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "HomepageIsNewTabPage"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#homepageisnewtabpage"
}]
},
"HomepageLocation": {
"title": "HomepageLocation - Configure the home page URL",
"description": "Configures the default home page URL in Microsoft Edge.\n\nThe home page is the page opened by the Home button. The pages that open on startup are controlled by the \"RestoreOnStartup\" policies.\n\nYou can either set a URL here or set the home page to open the new tab page 'edge://newtab'. By default, the Home button will open the new tab page (as configured by the user or with the policy \"NewTabPageLocation\"), and the user will be able to choose between the URL configured by this policy and the new tab page.\n\nIf you enable this policy, users can't change their home page URL, but they can choose the behavior for the Home button to open either the set URL or the new tab page. If you wish to enforce the usage of the set URL you must also configure \"HomepageIsNewTabPage\"=Disabled.\n\nIf you disable or don't configure this policy, users can choose their own home page, as long as the \"HomepageIsNewTabPage\" policy isn't enabled.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.",
"property_order": 1010,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "HomepageLocation"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#homepagelocation"
}]
},
"HttpAllowlist": {
"title": "HttpAllowlist - HTTP Allowlist",
"description": "Setting the policy specifies a list of hostnames or hostname patterns (such as '[*.]example.com') that will not be upgraded to HTTPS and will not show an error interstitial if HTTPS-First Mode is enabled. Organizations can use this policy to maintain access to servers that do not support HTTPS, without needing to disable \"AutomaticHttpsDefault\".\n\nSupplied hostnames must be canonicalized: Any IDNs must be converted to their A-label format, and all ASCII letters must be lowercase.\n\nBlanket host wildcards (i.e., \"*\" or \"[*]\") are not allowed. Instead, HTTPS-First Mode and HTTPS Upgrades should be explicitly disabled via their specific policies.\n\nNote: This policy does not apply to HSTS upgrades.",
"property_order": 1015,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "HttpAllowlist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#httpallowlist"
}]
},
"HubsSidebarEnabled": {
"title": "HubsSidebarEnabled - Show Hubs Sidebar",
"description": "Sidebar is a launcher bar on the right side of Microsoft Edge's screen.\n\nIf you enable or don't configure this policy, the Sidebar will be shown.\nIf you disable this policy, the Sidebar will never be shown.",
"property_order": 1020,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "HubsSidebarEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#hubssidebarenabled"
}]
},
"ImagesAllowedForUrls": {
"title": "ImagesAllowedForUrls - Allow images on these sites",
"description": "Define a list of sites, based on URL patterns, that can display images.\n\nIf you don't configure this policy, the global default value is used for all sites either from the \"DefaultImagesSetting\" policy (if set) or the user's personal configuration.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards (*) are allowed.",
"property_order": 1025,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ImagesAllowedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#imagesallowedforurls"
}]
},
"ImagesBlockedForUrls": {
"title": "ImagesBlockedForUrls - Block images on specific sites",
"description": "Define a list of sites, based on URL patterns, that aren't allowed to display images.\n\nIf you don't configure this policy, the global default value from the \"DefaultImagesSetting\" policy (if set) or the user's personal configuration is used for all sites.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards (*) are allowed.",
"property_order": 1030,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ImagesBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#imagesblockedforurls"
}]
},
"ImportAutofillFormData": {
"title": "ImportAutofillFormData - Allow importing of autofill form data",
"description": "Allows users to import autofill form data from another browser into Microsoft Edge.\n\nIf you enable this policy, the option to manually import autofill data is automatically selected.\n\nIf you disable this policy, autofill form data isn't imported at first run, and users can't import it manually.\n\nIf you don't configure this policy, autofill data is imported at first run, and users can choose whether to import this data manually during later browsing sessions.\n\nYou can set this policy as a recommendation. This means that Microsoft Edge will import autofill data on first run, but users can select or clear **autofill data** option during manual import.\n\n**Note**: This policy currently manages importing from Google Chrome (on Windows 7, 8, and 10 and on macOS) and Mozilla Firefox (on Windows 7, 8, and 10 and on macOS) browsers.",
"property_order": 1035,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportAutofillFormData"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importautofillformdata"
}]
},
"ImportFavorites": {
"title": "ImportFavorites - Allow importing of favorites",
"description": "Allows users to import favorites from another browser into Microsoft Edge.\n\nIf you enable this policy, the **Favorites** check box is automatically selected in the **Import browser data** dialog box.\n\nIf you disable this policy, favorites aren't imported at first run, and users can't import them manually.\n\nIf you don't configure this policy, favorites are imported at first run, and users can choose whether to import them manually during later browsing sessions.\n\nYou can also set this policy as a recommendation. This means that Microsoft Edge imports favorites on first run, but users can select or clear the **favorites** option during manual import.\n\n**Note**: This policy currently manages importing from Internet Explorer (on Windows 7, 8, and 10), Google Chrome (on Windows 7, 8, and 10 and on macOS), Mozilla Firefox (on Windows 7, 8, and 10 and on macOS), and Apple Safari (on macOS) browsers.",
"property_order": 1040,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportFavorites"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importfavorites"
}]
},
"ImportBrowserSettings": {
"title": "ImportBrowserSettings - Allow importing of browser settings",
"description": "Allows users to import browser settings from another browser into Microsoft Edge.\n\nIf you enable this policy, the **Browser settings** check box is automatically selected in the **Import browser data** dialog box.\n\nIf you disable this policy, browser settings aren't imported at first run, and users can't import them manually.\n\nIf you don't configure this policy, browser settings are imported at first run, and users can choose whether to import them manually during later browsing sessions.\n\nYou can also set this policy as a recommendation. This means that Microsoft Edge imports the settings on first run, but users can select or clear the **browser settings** option during manual import.\n\n**Note**: This policy currently manages importing Google Chrome (on Windows 7, 8, and 10 and on macOS).",
"property_order": 1045,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportBrowserSettings"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importbrowsersettings"
}]
},
"ImportCookies": {
"title": "ImportCookies - Allow importing of Cookies",
"description": "Allows users to import Cookies from another browser into Microsoft Edge.\n\nIf you disable this policy, Cookies aren't imported on first run.\n\nIf you don't configure this policy, Cookies are imported on first run.\n\nYou can also set this policy as a recommendation. This means that Microsoft Edge imports Cookies on first run.\n\n**Note**: This policy currently manages importing Google Chrome (on Windows 7, 8, and 10 and on macOS).",
"property_order": 1050,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportCookies"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importcookies"
}]
},
"ImportExtensions": {
"title": "ImportExtensions - Allow importing of extensions",
"description": "Allows users to import extensions from another browser into Microsoft Edge.\n\nIf you enable this policy, the **Extensions** check box is automatically selected in the **Import browser data** dialog box.\n\nIf you disable this policy, extensions aren't imported at first run, and users can't import them manually.\n\nIf you don't configure this policy, extensions are imported at first run, and users can choose whether to import them manually during later browsing sessions.\n\nYou can also set this policy as a recommendation. This means that Microsoft Edge imports extensions on first run, but users can select or clear the **extensions** option during manual import.\n\n**Note**: This policy currently only supports importing from Google Chrome (on Windows 7, 8, and 10 and on macOS).",
"property_order": 1055,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportExtensions"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importextensions"
}]
},
"ImportHistory": {
"title": "ImportHistory - Allow importing of browsing history",
"description": "Allows users to import their browsing history from another browser into Microsoft Edge.\n\nIf you enable this policy, the **Browsing history** check box is automatically selected in the **Import browser data** dialog box.\n\nIf you disable this policy, browsing history data isn't imported at first run, and users can't import this data manually.\n\nIf you don't configure this policy, browsing history data is imported at first run, and users can choose whether to import it manually during later browsing sessions.\n\nYou can also set this policy as a recommendation. This means that Microsoft Edge imports browsing history on first run, but users can select or clear the **history** option during manual import.\n\n**Note**: This policy currently manages importing from Internet Explorer (on Windows 7, 8, and 10), Google Chrome (on Windows 7, 8, and 10 and on macOS), Mozilla Firefox (on Windows 7, 8, and 10 and on macOS), and Apple Safari (macOS) browsers.",
"property_order": 1060,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportHistory"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importhistory"
}]
},
"ImportHomepage": {
"title": "ImportHomepage - Allow importing of home page settings",
"description": "Allows users to import their home page setting from another browser into Microsoft Edge.\n\nIf you enable this policy, the option to manually import the home page setting is automatically selected.\n\nIf you disable this policy, the home page setting isn't imported at first run, and users can't import it manually.\n\nIf you don't configure this policy, the home page setting is imported at first run, and users can choose whether to import this data manually during later browsing sessions.\n\nYou can set this policy as a recommendation. This means that Microsoft Edge imports the home page setting on first run, but users can select or clear the **home page** option during manual import.\n\n**Note**: This policy currently manages importing from Internet Explorer (on Windows 7, 8, and 10).",
"property_order": 1065,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportHomepage"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importhomepage"
}]
},
"ImportOpenTabs": {
"title": "ImportOpenTabs - Allow importing of open tabs",
"description": "Allows users to import open and pinned tabs from another browser into Microsoft Edge.\n\nIf you enable this policy, the **Open tabs** check box is automatically selected in the **Import browser data** dialog box.\n\nIf you disable this policy, open tabs aren't imported at first run, and users can't import them manually.\n\nIf you don't configure this policy, open tabs are imported at first run, and users can choose whether to import them manually during later browsing sessions.\n\nYou can also set this policy as a recommendation. This means that Microsoft Edge imports open tabs on first run, but users can select or clear the **Open tabs** option during manual import.\n\n**Note**: This policy currently only supports importing from Google Chrome (on Windows 7, 8, and 10 and on macOS).",
"property_order": 1070,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportOpenTabs"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importopentabs"
}]
},
"ImportPaymentInfo": {
"title": "ImportPaymentInfo - Allow importing of payment info",
"description": "Allows users to import payment info from another browser into Microsoft Edge.\n\nIf you enable this policy, the **payment info** check box is automatically selected in the **Import browser data** dialog box.\n\nIf you disable this policy, payment info isn't imported at first run, and users can't import it manually.\n\nIf you don't configure this policy, payment info is imported at first run, and users can choose whether to import it manually during later browsing sessions.\n\nYou can also set this policy as a recommendation. This means that Microsoft Edge imports payment info on first run, but users can select or clear the **payment info** option during manual import.\n\n**Note:** This policy currently manages importing from Google Chrome (on Windows 7, 8, and 10 and on macOS).",
"property_order": 1075,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportPaymentInfo"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importpaymentinfo"
}]
},
"ImportSavedPasswords": {
"title": "ImportSavedPasswords - Allow importing of saved passwords",
"description": "Allows users to import saved passwords from another browser into Microsoft Edge.\n\nIf you enable this policy, the option to manually import saved passwords is automatically selected.\n\nIf you disable this policy, saved passwords aren't imported on first run, and users can't import them manually.\n\nIf you don't configure this policy, no passwords are imported at first run, and users can choose whether to import them manually during later browsing sessions.\n\nYou can set this policy as a recommendation. This means that Microsoft Edge imports passwords on first run, but users can select or clear the **passwords** option during manual import.\n\n**Note**: This policy currently manages importing from Internet Explorer (on Windows 7, 8, and 10), Google Chrome (on Windows 7, 8, and 10 and on macOS), and Mozilla Firefox (on Windows 7, 8, and 10 and on macOS) browsers.",
"property_order": 1080,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportSavedPasswords"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importsavedpasswords"
}]
},
"ImportSearchEngine": {
"title": "ImportSearchEngine - Allow importing of search engine settings",
"description": "Allows users to import search engine settings from another browser into Microsoft Edge.\n\nIf you enable, this policy, the option to import search engine settings is automatically selected.\n\nIf you disable this policy, search engine settings aren't imported at first run, and users can't import them manually.\n\nIf you don't configure this policy, search engine settings are imported at first run, and users can choose whether to import this data manually during later browsing sessions.\n\nYou can set this policy as a recommendation. This means that Microsoft Edge imports search engine settings on first run, but users can select or clear the **search engine** option during manual import.\n\n**Note**: This policy currently manages importing from Internet Explorer (on Windows 7, 8, and 10).",
"property_order": 1085,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportSearchEngine"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importsearchengine"
}]
},
"ImportShortcuts": {
"title": "ImportShortcuts - Allow importing of shortcuts",
"description": "Allows users to import Shortcuts from another browser into Microsoft Edge.\n\nIf you disable this policy, Shortcuts aren't imported on first run.\n\nIf you don't configure this policy, Shortcuts are imported on first run.\n\nYou can also set this policy as a recommendation. This means that Microsoft Edge imports Shortcuts on first run.\n\n**Note**: This policy currently manages importing from Google Chrome (on Windows 7, 8, and 10 and on macOS).",
"property_order": 1090,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ImportShortcuts"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#importshortcuts"
}]
},
"InAppSupportEnabled": {
"title": "InAppSupportEnabled - In-app support Enabled",
"description": "Microsoft Edge uses the in-app support feature (enabled by default) to allow users to contact our support agents directly from the browser. Also, by default, users can't disable (turn off) the in-app support feature.\n\nIf you enable this policy or don't configure it, users can invoke in-app support.\n\nIf you disable this policy, users can't invoke in-app support.",
"property_order": 1095,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "InAppSupportEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#inappsupportenabled"
}]
},
"InPrivateModeAvailability": {
"title": "InPrivateModeAvailability - Configure InPrivate mode availability",
"description": "Specifies whether the user can open pages in InPrivate mode in Microsoft Edge.\n\nIf you don't configure this policy or set it to 'Enabled', users can open pages in InPrivate mode.\n\nSet this policy to 'Disabled' to stop users from using InPrivate mode.\n\nSet this policy to 'Forced' to always use InPrivate mode.\n\nPolicy options mapping:\n\n* Enabled (0) = InPrivate mode available\n\n* Disabled (1) = InPrivate mode disabled\n\n* Forced (2) = InPrivate mode forced\n\nUse the preceding information when configuring this policy.",
"property_order": 1100,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["Enabled - InPrivate mode available", "Disabled - InPrivate mode disabled", "Forced - InPrivate mode forced"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "InPrivateModeAvailability"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#inprivatemodeavailability"
}]
},
"InsecureContentAllowedForUrls": {
"title": "InsecureContentAllowedForUrls - Allow insecure content on specified sites",
"description": "Create a list of URL patterns to specify sites that can display or, as of version 94, download insecure mixed content (that is, HTTP content on HTTPS sites).\n\nIf you don't configure this policy, blockable mixed content will be blocked and optionally blockable mixed content will be upgraded. However, users will be allowed to set exceptions to allow insecure mixed content for specific sites.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards (*) are allowed.",
"property_order": 1105,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "InsecureContentAllowedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#insecurecontentallowedforurls"
}]
},
"InsecureContentBlockedForUrls": {
"title": "InsecureContentBlockedForUrls - Block insecure content on specified sites",
"description": "Create a list of URL patterns to specify sites that aren't allowed to display blockable (i.e. active) mixed content (that is, HTTP content on HTTPS sites) and for which optionally blockable mixed content upgrades will be disabled.\n\nIf you don't configure this policy, blockable mixed content will be blocked and optionally blockable mixed content will be upgraded. However, users will be allowed to set exceptions to allow insecure mixed content for specific sites.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards (*) are allowed.",
"property_order": 1110,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "InsecureContentBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#insecurecontentblockedforurls"
}]
},
"InsecureFormsWarningsEnabled": {
"title": "InsecureFormsWarningsEnabled - Enable warnings for insecure forms",
"description": "This policy controls the handling of insecure forms (forms submitted over HTTP) embedded in secure (HTTPS) sites in the browser.\nIf you enable this policy or don't set it, a full page warning will be shown when an insecure form is submitted. Additionally, a warning bubble will be shown next to the form fields when they are focused, and autofill will be disabled for those forms.\nIf you disable this policy, warnings will not be shown for insecure forms, and autofill will work normally.",
"property_order": 1115,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "InsecureFormsWarningsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#insecureformswarningsenabled"
}]
},
"InsecurePrivateNetworkRequestsAllowed": {
"title": "InsecurePrivateNetworkRequestsAllowed - Specifies whether to allow websites to make requests to any network endpoint in an insecure manner.",
"description": "Controls whether websites are allowed to make requests to more-private network endpoints.\n\nWhen this policy is enabled, all Private Network Access checks are disabled for all origins. This may allow attackers to perform cross-site request forgery (CSRF) attacks on private network servers.\n\nWhen this policy is disabled or not configured, the default behavior for requests to more-private network endpoints will depend on the user's personal configuration for the BlockInsecurePrivateNetworkRequests, PrivateNetworkAccessSendPreflights, and PrivateNetworkAccessRespectPreflightResults feature flags. These flags may be controlled by experimentation or set via the command line.\n\nThis policy relates to the Private Network Access specification. See https://wicg.github.io/private-network-access/ for more details.\n\nA network endpoint is more private than another if:\n1) Its IP address is localhost and the other is not.\n2) Its IP address is private and the other is public.\nIn the future, depending on spec evolution, this policy might apply to all cross-origin requests directed at private IPs or localhost.\n\nWhen this policy enabled, websites are allowed to make requests to any network endpoint, subject to other cross-origin checks.",
"property_order": 1120,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "InsecurePrivateNetworkRequestsAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#insecureprivatenetworkrequestsallowed"
}]
},
"InsecurePrivateNetworkRequestsAllowedForUrls": {
"title": "InsecurePrivateNetworkRequestsAllowedForUrls - Allow the listed sites to make requests to more-private network endpoints from in an insecure manner",
"description": "List of URL patterns. Requests initiated from websites served by matching origins are not subject to Private Network Access checks.\n\nIf this policy is not set, this policy behaves as if set to the empty list.\n\nFor origins not covered by the patterns specified here, the global default value will be used either from the \"InsecurePrivateNetworkRequestsAllowed\" policy, if it is set, or the user's personal configuration otherwise.\n\nFor detailed information on valid URL patterns, see [Filter format for URL list-based policies](/DeployEdge/edge-learnmmore-url-list-filter%20format).",
"property_order": 1125,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "InsecurePrivateNetworkRequestsAllowedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#insecureprivatenetworkrequestsallowedforurls"
}]
},
"IntensiveWakeUpThrottlingEnabled": {
"title": "IntensiveWakeUpThrottlingEnabled - Control the IntensiveWakeUpThrottling feature",
"description": "When enabled the IntensiveWakeUpThrottling feature causes Javascript timers in background tabs to be aggressively throttled and coalesced, running no more than once per minute after a page has been backgrounded for 5 minutes or more.\n\nThis is a web standards compliant feature, but it may break functionality on some websites by causing certain actions to be delayed by up to a minute. However, it results in significant CPU and battery savings when enabled. See https://bit.ly/30b1XR4 for more details.\n\nIf you enable this policy, the feature will be force enabled, and users will not be able to override this setting.\nIf you disable this policy, the feature will be force disabled, and users will not be able to override this setting.\nIf you don't configure this policy, the feature will be controlled by its own internal logic. Users can manually configure this setting.\n\nNote that the policy is applied per renderer process, with the most recent value of the policy setting in force when a renderer process starts. A full restart is required to ensure that all the loaded tabs receive a consistent policy setting. It is harmless for processes to be running with different values of this policy.",
"property_order": 1130,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "IntensiveWakeUpThrottlingEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#intensivewakeupthrottlingenabled"
}]
},
"IntranetRedirectBehavior": {
"title": "IntranetRedirectBehavior - Intranet Redirection Behavior",
"description": "This policy configures behavior for intranet redirection via DNS interception checks. The checks attempt to discover whether the browser is behind a proxy that redirects unknown host names.\n\nIf this policy isn't configured, the browser will use the default behavior of DNS interception checks and intranet redirect suggestions. In M88, they are enabled by default but will be disabled by default in the future release.\n\n\"DNSInterceptionChecksEnabled\" is a related policy that might also disable DNS interception checks. However, this policy is a more flexible version which might separately control intranet redirection infobars and might be expanded in the future.\nIf either \"DNSInterceptionChecksEnabled\" or this policy make a request to disable interception checks, the checks will be disabled.\nIf DNS interception checks are disabled by this policy but \"GoToIntranetSiteForSingleWordEntryInAddressBar\" is enabled, single word queries will still result in intranet navigations.\n\nPolicy options mapping:\n\n* Default (0) = Use default browser behavior.\n\n* DisableInterceptionChecksDisableInfobar (1) = Disable DNS interception checks and did-you-mean \"http://intranetsite/\" infobars.\n\n* DisableInterceptionChecksEnableInfobar (2) = Disable DNS interception checks; allow did-you-mean \"http://intranetsite/\" infobars.\n\n* EnableInterceptionChecksEnableInfobar (3) = Allow DNS interception checks and did-you-mean \"http://intranetsite/\" infobars.\n\nUse the preceding information when configuring this policy.",
"property_order": 1135,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["Default - Use default browser behavior.", "DisableInterceptionChecksDisableInfobar - Disable DNS interception checks and did-you-mean \"http://intranetsite/\" infobars.", "DisableInterceptionChecksEnableInfobar - Disable DNS interception checks; allow did-you-mean \"http://intranetsite/\" infobars.", "EnableInterceptionChecksEnableInfobar - Allow DNS interception checks and did-you-mean \"http://intranetsite/\" infobars."]
},
"enum": [0, 1, 2, 3]
}
],
"options": {
"infoText": "IntranetRedirectBehavior"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#intranetredirectbehavior"
}]
},
"IsolateOrigins": {
"title": "IsolateOrigins - Enable site isolation for specific origins",
"description": "Specify origins to run in an isolated process.\n\nBy default, Microsoft Edge isolates pages from each Site into its own process. This policy enables more granular isolation based on Origin rather than Site. For example, specifying https://subdomain.contoso.com/ will cause pages from https://subdomain.contoso.com/ to be isolated in a different process than pages from other Origins within the https://contoso.com/ Site.\n\nIf you enable this policy, each of the named origins in a comma-separated list will run in its own process.\n\nIf you disable or don't configure this policy, pages will be isolated on a per-Site basis.",
"property_order": 1140,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "IsolateOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#isolateorigins"
}]
},
"JavaScriptAllowedForUrls": {
"title": "JavaScriptAllowedForUrls - Allow JavaScript on specific sites",
"description": "Define a list of sites, based on URL patterns, that are allowed to run JavaScript.\n\nIf you don't configure this policy, \"DefaultJavaScriptSetting\" applies for all sites, if it's set. If not, the user's personal setting applies.\n\nFor detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.",
"property_order": 1145,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "JavaScriptAllowedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#javascriptallowedforurls"
}]
},
"JavaScriptBlockedForUrls": {
"title": "JavaScriptBlockedForUrls - Block JavaScript on specific sites",
"description": "Define a list of sites, based on URL patterns, that aren't allowed to run JavaScript.\n\nIf you don't configure this policy, \"DefaultJavaScriptSetting\" applies for all sites, if it's set. If not, the user's personal setting applies.\n\nFor detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.",
"property_order": 1150,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "JavaScriptBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#javascriptblockedforurls"
}]
},
"JavaScriptJitAllowedForSites": {
"title": "JavaScriptJitAllowedForSites - Allow JavaScript to use JIT on these sites",
"description": "Allows you to set a list of site url patterns that specify sites which are allowed to run JavaScript with JIT (Just In Time) compiler enabled.\n\nFor detailed information on valid site url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.\n\nJavaScript JIT policy exceptions will only be enforced at a site granularity (eTLD+1). A policy set for only subdomain.contoso.com will not correctly apply to contoso.com or subdomain.contoso.com since they both resolve to the same eTLD+1 (contoso.com) for which there is no policy. In this case, policy must be set on contoso.com to apply correctly for both contoso.com and subdomain.contoso.com.\n\nThis policy applies on a frame-by-frame basis and not based on top level origin url alone, so e.g. if contoso.com is listed in the JavaScriptJitAllowedForSites policy but contoso.com loads a frame containing fabrikam.com then contoso.com will have JavaScript JIT enabled, but fabrikam.com will use the policy from \"DefaultJavaScriptJitSetting\", if set, or default to JavaScript JIT enabled.\n\nIf you don't configure this policy for a site then the policy from \"DefaultJavaScriptJitSetting\" applies to the site, if set, otherwise Javascript JIT is enabled for the site.",
"property_order": 1155,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "JavaScriptJitAllowedForSites"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#javascriptjitallowedforsites"
}]
},
"JavaScriptJitBlockedForSites": {
"title": "JavaScriptJitBlockedForSites - Block JavaScript from using JIT on these sites",
"description": "Allows you to set a list of site url patterns that specify sites which are not allowed to run JavaScript JIT (Just In Time) compiler enabled.\n\nDisabling the JavaScript JIT will mean that Microsoft Edge may render web content more slowly, and may also disable parts of JavaScript including WebAssembly. Disabling the JavaScript JIT may allow Microsoft Edge to render web content in a more secure configuration.\n\nFor detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.\n\nJavaScript JIT policy exceptions will only be enforced at a site granularity (eTLD+1). A policy set for only subdomain.contoso.com will not correctly apply to contoso.com or subdomain.contoso.com since they both resolve to the same eTLD+1 (contoso.com) for which there is no policy. In this case, policy must be set on contoso.com to apply correctly for both contoso.com and subdomain.contoso.com.\n\nThis policy applies on a frame-by-frame basis and not based on top level origin url alone, so e.g. if contoso.com is listed in the JavaScriptJitBlockedForSites policy but contoso.com loads a frame containing fabrikam.com then contoso.com will have JavaScript JIT disabled, but fabrikam.com will use the policy from \"DefaultJavaScriptJitSetting\", if set, or default to JavaScript JIT enabled.\n\nIf you don't configure this policy for a site then the policy from \"DefaultJavaScriptJitSetting\" applies to the site, if set, otherwise JavaScript JIT is enabled for the site.",
"property_order": 1160,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "JavaScriptJitBlockedForSites"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#javascriptjitblockedforsites"
}]
},
"KeyboardFocusableScrollersEnabled": {
"title": "KeyboardFocusableScrollersEnabled - Enable keyboard focusable scrollers",
"description": "This policy provides a temporary opt-out for the new keyboard focusable scrollers behavior.\n\nWhen this policy is Enabled or unset, scrollers without focusable children are keyboard focusable by default. Further, scrollers are click focusable and programmatically focusable by default.\n\nWhen this policy is Disabled, scrollers are not focusable by default.\n\nThis policy is a temporary workaround and will be removed in Edge Stable 135.",
"property_order": 1165,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "KeyboardFocusableScrollersEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#keyboardfocusablescrollersenabled"
}]
},
"LegacySameSiteCookieBehaviorEnabledForDomainList": {
"title": "LegacySameSiteCookieBehaviorEnabledForDomainList - Revert to legacy SameSite behavior for cookies on specified sites",
"description": "Cookies set for domains match specified patterns will revert to legacy SameSite behavior.\n\nReverting to legacy behavior causes cookies that don't specify a SameSite attribute to be treated as if they were \"SameSite=None\", removes the requirement for \"SameSite=None\" cookies to carry the \"Secure\" attribute, and skips the scheme comparison when evaluating if two sites are same-site.\n\nIf you don't set this policy, the global default value will be used. The global default will also be used for cookies on domains not covered by the patterns you specify.\n\nThe global default value can be configured using the \"LegacySameSiteCookieBehaviorEnabled\" policy. If \"LegacySameSiteCookieBehaviorEnabled\" is unset, the global default value falls back to other configuration sources.\n\nFor detailed information about valid URL patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.\n\nNote that patterns you list in this policy are treated as domains, not URLs, so you should not specify a scheme or port.",
"property_order": 1170,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "LegacySameSiteCookieBehaviorEnabledForDomainList"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#legacysamesitecookiebehaviorenabledfordomainlist"
}]
},
"LinkedAccountEnabled": {
"title": "LinkedAccountEnabled - Enable the linked account feature",
"description": "Microsoft Edge guides a user to the account management page where they can link a Microsoft Account (MSA) to an Azure Active Directory (Azure AD) account.\n\nIf you enable or don't configure this policy, linked account information will be shown on a flyout. When the Azure AD profile doesn't have a linked account it will show \"Add account\".\n\nIf you disable this policy, linked accounts will be turned off and no extra information will be shown.",
"property_order": 1175,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "LinkedAccountEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#linkedaccountenabled"
}]
},
"LocalProvidersEnabled": {
"title": "LocalProvidersEnabled - Allow suggestions from local providers",
"description": "Allow suggestions from suggestion providers on the device (local providers), for example, Favorites and Browsing History, in Microsoft Edge's Address Bar and Auto-Suggest List.\n\nIf you enable this policy, suggestions from local providers are used.\n\nIf you disable this policy, suggestions from local providers are never used. Local history and local favorites suggestions will not appear.\n\nIf you do not configure this policy, suggestions from local providers are allowed but the user can change that using the settings toggle.\n\nNote that some features may not be available if a policy to disable this feature has been applied. For example, Browsing History suggestions will not be available if you enable the \"SavingBrowserHistoryDisabled\" policy.\n\nThis policy requires a browser restart to finish applying.",
"property_order": 1180,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "LocalProvidersEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#localprovidersenabled"
}]
},
"MAMEnabled": {
"title": "MAMEnabled - Mobile App Management Enabled",
"description": "Allows the Microsoft Edge browser to retrieve policies from the Intune application management services and apply them to users' profiles.\n\nIf you enable this policy or don't configure it, Mobile App Management (MAM) Policies can be applied.\n\nIf you disable this policy, Microsoft Edge will not communicate with Intune to request MAM Policies.",
"property_order": 1185,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "MAMEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#mamenabled"
}]
},
"MAUEnabled": {
"title": "MAUEnabled - Always use Microsoft AutoUpdate as the updater for Microsoft Edge",
"description": "This policy lets you configure the updater that Microsoft Edge uses.\n\nIf you enable this policy, Microsoft Edge will only be updated by Microsoft AutoUpdate.\n\nIf you disable or don't configure this policy, Microsoft Edge will be updated by Microsoft Edge Update.",
"property_order": 1190,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "MAUEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#mauenabled"
}]
},
"MSAWebSiteSSOUsingThisProfileAllowed": {
"title": "MSAWebSiteSSOUsingThisProfileAllowed - Allow single sign-on for Microsoft personal sites using this profile",
"description": "'Allow single sign-on for Microsoft personal sites using this profile' option allows non-MSA profiles to be able to use single sign-on for Microsoft sites using MSA credentials present on the machine. This option shows up for end-users as a toggle in Settings -> Profiles -> Profile Preferences for non-MSA profiles only.\n\nIf you disable this policy, non-MSA profiles will not be able to use single sign-on for Microsoft sites using MSA credentials present on the machine.\n\nIf you enable this policy or don't configure it, users will be able to use the Settings option to ensure non-MSA profiles are able to use single sign-on for Microsoft sites using MSA credentials present on the machine provided only a single MSA account exists on the machine.",
"property_order": 1195,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "MSAWebSiteSSOUsingThisProfileAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#msawebsitessousingthisprofileallowed"
}]
},
"ManagedFavorites": {
"title": "ManagedFavorites - not configurable in UI, please craft plist",
"description": "Configures a list of managed favorites.\n\nThe policy creates a list of favorites. Each favorite contains the keys \"name\" and \"url,\" which hold the favorite's name and its target. You can configure a subfolder by defining a favorites without an \"url\" key but with an additional \"children\" key that contains a list of favorites as defined above (some of which may be folders again). Microsoft Edge amends incomplete URLs as if they were submitted via the Address Bar, for example \"microsoft.com\" becomes \"https://microsoft.com/\".\n\nThese favorites are placed in a folder that can't be modified by the user (but the user can choose to hide it from the favorites bar). By default the folder name is \"Managed favorites\" but you can change it by adding to the list of favorites a dictionary containing the key \"toplevel_name\" with the desired folder name as the value.\n\nManaged favorites are not synced to the user account and can't be modified by extensions.",
"property_order": 1200,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "ManagedFavorites"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#managedfavorites"
}]
},
"ManagedConfigurationPerOrigin": {
"title": "ManagedConfigurationPerOrigin - not configurable in UI, please craft plist",
"description": "Setting this policy defines the return value of Managed Configuration API for given origin.\n\nManaged Configuration API is a key-value configuration that can be accessed via navigator.device.getManagedConfiguration() javascript call. This API is only available to origins which correspond to force-installed web applications via \"WebAppInstallForceList\".",
"property_order": 1205,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "ManagedConfigurationPerOrigin"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#managedconfigurationperorigin"
}]
},
"ManagedSearchEngines": {
"title": "ManagedSearchEngines - not configurable in UI, please craft plist",
"description": "Lets you configure a list of up to 10 search engines, one of which must be marked as the default search engine. Starting in Microsoft Edge version 100, you can configure up to 100 engines.\n\nYou do not need to specify the encoding. Starting in Microsoft Edge 80, the suggest_url and image_search_url parameters are optional. The optional parameter, image_search_post_params (consists of comma-separated name/value pairs), is available starting in Microsoft Edge 80.\n\nStarting in Microsoft Edge 83, you can enable search engine discovery with the optional allow_search_engine_discovery parameter. This parameter must be the first item in the list. If allow_search_engine_discovery isn't specified, search engine discovery will be disabled by default. Starting in Microsoft Edge 84, you can set this policy as a recommended policy to allow search provider discovery. You don't need to add the optional allow_search_engine_discovery parameter. Starting in Microsoft Edge 100, setting this policy as a recommended policy will also allow users to manually add new search engines from their Microsoft Edge settings.\n\nIf you enable this policy, users can't add, remove, or change any search engine in the list. Users can set their default search engine to any search engine in the list.\n\nIf you disable or don't configure this policy, users can modify the search engines list as desired.\n\nIf the \"DefaultSearchProviderSearchURL\" policy is set, this policy (ManagedSearchEngines) is ignored. The user must restart their browser to finish applying this policy.",
"property_order": 1210,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "ManagedSearchEngines"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#managedsearchengines"
}]
},
"MaxConnectionsPerProxy": {
"title": "MaxConnectionsPerProxy - Maximum number of concurrent connections to the proxy server",
"description": "Specifies the maximum number of simultaneous connections to the proxy server.\n\nSome proxy servers can't handle a high number of concurrent connections per client - you can solve this by setting this policy to a lower value.\n\nThe value of this policy should be lower than 100 and higher than 6. The default value is 32.\n\nSome web apps are known to consume many connections with hanging GETs - lowering the maximum connections below 32 may lead to browser networking hangs if too many of these kind of web apps are open.\n\nIf you don't configure this policy, the default value (32) is used.",
"property_order": 1215,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer"
}
],
"options": {
"infoText": "MaxConnectionsPerProxy"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#maxconnectionsperproxy"
}]
},
"MediaRouterCastAllowAllIPs": {
"title": "MediaRouterCastAllowAllIPs - Allow Google Cast to connect to Cast devices on all IP addresses",
"description": "Enable this policy to let Google Cast connect to Cast devices on all IP addresses, not just RFC1918/RFC4193 private addresses.\n\nDisable this policy to restrict Google Cast to Cast devices on RFC1918/RFC4193 private addresses.\n\nIf you don't configure this policy, Google Cast connects to Cast devices on RFC1918/RFC4193 private addresses only, unless you enable the CastAllowAllIPs feature.\n\nIf the \"EnableMediaRouter\" policy is disabled, then this policy has no effect.",
"property_order": 1220,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "MediaRouterCastAllowAllIPs"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#mediaroutercastallowallips"
}]
},
"MicrosoftEdgeInsiderPromotionEnabled": {
"title": "MicrosoftEdgeInsiderPromotionEnabled - Microsoft Edge Insider Promotion Enabled",
"description": "Shows content promoting the Microsoft Edge Insider channels on the About Microsoft Edge settings page.\n\nIf you enable or don't configure this policy, the Microsoft Edge Insider promotion content will be shown on the About Microsoft Edge page.\n\nIf you disable this policy, the Microsoft Edge Insider promotion content will not be shown on the About Microsoft Edge page.",
"property_order": 1225,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "MicrosoftEdgeInsiderPromotionEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#microsoftedgeinsiderpromotionenabled"
}]
},
"MicrosoftEditorProofingEnabled": {
"title": "MicrosoftEditorProofingEnabled - Spell checking provided by Microsoft Editor",
"description": "The Microsoft Editor service provides enhanced spell and grammar checking for editable text fields on web pages.\n\nIf you enable or don't configure this policy, Microsoft Editor spell check can be used for eligible text fields.\n\nIf you disable this policy, spell check can only be provided by local engines that use platform or Hunspell services. The results from these engines might be less informative than the results Microsoft Editor can provide.\n\nIf the \"SpellcheckEnabled\" policy is set to disabled, or the user disables spell checking in the settings page, this policy will have no effect.",
"property_order": 1230,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "MicrosoftEditorProofingEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#microsofteditorproofingenabled"
}]
},
"MicrosoftEditorSynonymsEnabled": {
"title": "MicrosoftEditorSynonymsEnabled - Synonyms are provided when using Microsoft Editor spell checker",
"description": "The Microsoft Editor service provides enhanced spell and grammar checking for editable text fields on web pages, and synonyms can be suggested as an integrated feature.\n\nIf you enable this policy, Microsoft Editor spell checker will provide synonyms for suggestions for misspelled words.\n\nIf you disable or don't configure this policy, Microsoft Editor spell checker will not provide synonyms for suggestions for misspelled words.\n\nIf the \"SpellcheckEnabled\" policy or the \"MicrosoftEditorProofingEnabled\" policy are set to disabled, or the user disables spell checking or chooses not to use Microsoft Editor spell checker in the settings page, this policy will have no effect.",
"property_order": 1235,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "MicrosoftEditorSynonymsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#microsofteditorsynonymsenabled"
}]
},
"MicrosoftOfficeMenuEnabled": {
"title": "MicrosoftOfficeMenuEnabled - Allow users to access the Microsoft Office menu (deprecated)",
"description": "This policy is deprecated because it's been replaced by the Microsoft Edge sidebar. Microsoft Office applications are now available in the sidebar, which can be managed by HubsSidebarEnabled policy.\n\nWhen users can access the Microsoft Office menu, they can get access to Office applications such as Microsoft Word and Microsoft Excel.\n\nIf you enable or don't configure this policy, users can open the Microsoft Office menu.\n\nIf you disable this policy, users won't be able to access the Microsoft Office menu.",
"property_order": 1240,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "MicrosoftOfficeMenuEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#microsoftofficemenuenabled"
}]
},
"MutationEventsEnabled": {
"title": "MutationEventsEnabled - Enable deprecated/removed Mutation Events",
"description": "This policy provides a temporary opt-in back to a deprecated and removed set of platform events named Mutation Events.\n\nIf you enable this policy, mutation events will continue to be fired, even if they've been disabled by default for normal web users.\n\nIf you disable or don't configure this policy, these events will not be fired.\n\nThis policy is a temporary workaround, and enterprises should still work to remove their dependencies on these mutation events.",
"property_order": 1245,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "MutationEventsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#mutationeventsenabled"
}]
},
"NativeMessagingBlocklist": {
"title": "NativeMessagingBlocklist - Configure native messaging block list",
"description": "Setting this policy specifies which native messaging hosts shouldn't be loaded. A deny list value of * means all native messaging hosts are denied unless they're explicitly allowed.\n\nIf you leave this policy unset , Microsoft Edge loads all installed native messaging hosts.",
"property_order": 1250,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "NativeMessagingBlocklist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#nativemessagingblocklist"
}]
},
"NativeMessagingUserLevelHosts": {
"title": "NativeMessagingUserLevelHosts - Allow user-level native messaging hosts (installed without admin permissions)",
"description": "If you set this policy to Enabled or leave it unset, Microsoft Edge can use native messaging hosts installed at the user level.\n\nIf you set this policy to Disabled, Microsoft Edge can only use these hosts if they're installed at the system level.",
"property_order": 1255,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "NativeMessagingUserLevelHosts"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#nativemessaginguserlevelhosts"
}]
},
"NativeMessagingAllowlist": {
"title": "NativeMessagingAllowlist - Control which native messaging hosts users can use",
"description": "Setting the policy specifies which native messaging hosts aren't subject to the deny list. A deny list value of * means all native messaging hosts are denied unless they're explicitly allowed.\n\nAll native messaging hosts are allowed by default. However, if a native messaging host is denied by policy, the admin can use the allow list to change that policy.",
"property_order": 1260,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "NativeMessagingAllowlist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#nativemessagingallowlist"
}]
},
"NetworkPredictionOptions": {
"title": "NetworkPredictionOptions - Enable network prediction",
"description": "Enables network prediction and prevents users from changing this setting.\n\nThis controls DNS prefetching, TCP and SSL preconnection, and prerendering of web pages.\n\nIf you don't configure this policy, network prediction is enabled but the user can change it.\n\nPolicy options mapping:\n\n* NetworkPredictionAlways (0) = Predict network actions on any network connection\n\n* NetworkPredictionWifiOnly (1) = Not supported, if this value is used it will be treated as if 'Predict network actions on any network connection' (0) was set\n\n* NetworkPredictionNever (2) = Don't predict network actions on any network connection\n\nUse the preceding information when configuring this policy.",
"property_order": 1265,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["NetworkPredictionAlways - Predict network actions on any network connection", "NetworkPredictionWifiOnly - Not supported, if this value is used it will be treated as if 'Predict network actions on any network connection' (0) was set", "NetworkPredictionNever - Don't predict network actions on any network connection"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "NetworkPredictionOptions"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#networkpredictionoptions"
}]
},
"NewBaseUrlInheritanceBehaviorAllowed": {
"title": "NewBaseUrlInheritanceBehaviorAllowed - Allows enabling the feature NewBaseUrlInheritanceBehavior (deprecated)",
"description": "NewBaseUrlInheritanceBehavior is a Microsoft Edge feature that causes about:blank and about:srcdoc frames to consistently inherit their base url values via snapshots of their initiator's base url.\n\nIf you disable this policy, it prevents users or Microsoft Edge variations from enabling NewBaseUrlInheritanceBehavior, in case compatibility issues are discovered.\n\nIf you enable or don't configure this policy, it allows enabling NewBaseUrlInheritanceBehavior.\n\nThis policy is being deprecated because the feature NewBaseUrlInheritanceBehaviorAllowed has been removed.\n\nThis policy will be obsolete in release 133.",
"property_order": 1270,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "NewBaseUrlInheritanceBehaviorAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newbaseurlinheritancebehaviorallowed"
}]
},
"NewPDFReaderEnabled": {
"title": "NewPDFReaderEnabled - Microsoft Edge built-in PDF reader powered by Adobe Acrobat enabled",
"description": "The policy lets Microsoft Edge launch the new version of the built-in PDF reader that's powered by Adobe Acrobat's PDF rendering engine. The new PDF reader ensures that there's no loss of functionality and delivers an enhanced PDF experience. This experience includes richer rendering, improved performance, strong security for PDF handling, and greater accessibility.\n\nIf you enable this policy, Microsoft Edge will use the new Adobe Acrobat powered built-in PDF reader to open all PDF files.\n\nIf you disable or don't configure this policy, Microsoft Edge will use the existing PDF reader to open all PDF files.",
"property_order": 1275,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "NewPDFReaderEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newpdfreaderenabled"
}]
},
"NewTabPageAllowedBackgroundTypes": {
"title": "NewTabPageAllowedBackgroundTypes - Configure the background types allowed for the new tab page layout",
"description": "You can configure which types of background image that are allowed on the new tab page layout in Microsoft Edge.\n\nIf you don't configure this policy, all background image types on the new tab page are enabled.\n\nPolicy options mapping:\n\n* DisableImageOfTheDay (1) = Disable daily background image type\n\n* DisableCustomImage (2) = Disable custom background image type\n\n* DisableAll (3) = Disable all background image types\n\nUse the preceding information when configuring this policy.",
"property_order": 1280,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["DisableImageOfTheDay - Disable daily background image type", "DisableCustomImage - Disable custom background image type", "DisableAll - Disable all background image types"]
},
"enum": [1, 2, 3]
}
],
"options": {
"infoText": "NewTabPageAllowedBackgroundTypes"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newtabpageallowedbackgroundtypes"
}]
},
"NewTabPageAppLauncherEnabled": {
"title": "NewTabPageAppLauncherEnabled - Hide App Launcher on Microsoft Edge new tab page",
"description": "By default, the App Launcher is shown every time a user opens a new tab page.\n\nIf you enable or don't configure this policy, there is no change on the Microsoft Edge new tab page and App Launcher is there for users.\n\nIf you disable this policy, App Launcher doesn't appear and users won't be able to launch M365 apps from Microsoft Edge new tab page via the App Launcher.",
"property_order": 1285,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "NewTabPageAppLauncherEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newtabpageapplauncherenabled"
}]
},
"NewTabPageBingChatEnabled": {
"title": "NewTabPageBingChatEnabled - Disable Bing chat entry-points on Microsoft Edge Enterprise new tab page",
"description": "By default, there are two Bing chat entry-points on new tab page. One is inside the new tab page search box, and one is in the Bing Autosuggest drawer on-click.\n\nIf you enable or don't configure this policy, there is no change on the Microsoft Edge Enterprise new tab page and the Bing chat entry-points are there for users.\n\nIf you disable this policy, Bing chat entry-points don't appear on the new tab page.",
"property_order": 1290,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "NewTabPageBingChatEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newtabpagebingchatenabled"
}]
},
"NewTabPageCompanyLogoEnabled": {
"title": "NewTabPageCompanyLogoEnabled - Hide the company logo on the Microsoft Edge new tab page",
"description": "By default, the company logo is shown on the new tab page if the company logo is configured in Admin Portal.\n\nIf you enable or don't configure this policy, there is no change on the Microsoft Edge new tab page and the company logo is there for users.\n\nIf you disable this policy, the company logo doesn't appear on Microsoft Edge new tab page.",
"property_order": 1295,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "NewTabPageCompanyLogoEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newtabpagecompanylogoenabled"
}]
},
"NewTabPageContentEnabled": {
"title": "NewTabPageContentEnabled - Allow Microsoft content on the new tab page",
"description": "This policy applies for Microsoft Edge to all profile types, namely unsigned local user profiles, profiles signed in using a Microsoft Account, profiles signed in using Active Directory and profiles signed in using Microsoft Entra ID. The Enterprise new tab page for profiles signed in using Microsoft Entra ID can be configured in the M365 admin portal, but this policy setting takes precedence, so any M365 admin portal configurations will be ignored.\n\nIf you enable or don't configure this policy, Microsoft Edge displays Microsoft content on the new tab page. The user can choose different display options for the content. These options include, but aren't limited to: Content off, Content visible on scroll, Headings only, and Content visible. Enabling this policy doesn't force content to be visible - the user can keep setting their own preferred content position.\n\nIf you disable this policy, Microsoft Edge doesn't display Microsoft content on the new tab page, the Content control in the NTP settings flyout is disabled and set to \"Content off\", and the Layout control in the NTP settings flyout is disabled and set to \"Custom\".\n\nRelated policies: \"NewTabPageAllowedBackgroundTypes\", \"NewTabPageQuickLinksEnabled\"",
"property_order": 1300,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "NewTabPageContentEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newtabpagecontentenabled"
}]
},
"NewTabPageHideDefaultTopSites": {
"title": "NewTabPageHideDefaultTopSites - Hide the default top sites from the new tab page",
"description": "Hides the default top sites from the new tab page in Microsoft Edge.\n\nIf you set this policy to true, the default top site tiles are hidden.\n\nIf you set this policy to false or don't configure it, the default top site tiles remain visible.",
"property_order": 1305,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "NewTabPageHideDefaultTopSites"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newtabpagehidedefaulttopsites"
}]
},
"NewTabPageLocation": {
"title": "NewTabPageLocation - Configure the new tab page URL",
"description": "Configures the default URL for the new tab page.\n\nThe recommended version of this policy does not currently work and functions exactly like the mandatory version.\n\nThis policy determines the page that's opened when new tabs are created (including when new windows are opened). It also affects the startup page if that's set to open to the new tab page.\n\nThis policy doesn't determine which page opens on startup; that's controlled by the \"RestoreOnStartup\" policy. It also doesn't affect the home page if that's set to open to the new tab page.\n\nIf you don't configure this policy, the default new tab page is used.\n\nIf you configure this policy *and* the \"NewTabPageSetFeedType\" policy, this policy has precedence.\n\nIf a blank tab is preferred, \"about:blank\" is the correct URL to use, not \"about://blank\".\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.",
"property_order": 1310,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "NewTabPageLocation"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newtabpagelocation"
}]
},
"NewTabPageManagedQuickLinks": {
"title": "NewTabPageManagedQuickLinks - not configurable in UI, please craft plist",
"description": "By default, Microsoft Edge displays quick links on the new tab page from user-added shortcuts and top sites based on browsing history. With this policy, you can configure up to three quick link tiles on the new tab page, expressed as a JSON object:\n\n[ { \"url\": \"https://www.contoso.com\", \"title\": \"Contoso Portal\", \"pinned\": true/false }, ... ]\n\nThe 'url' field is required; 'title' and 'pinned' are optional. If 'title' is not provided, the URL is used as the default title. If 'pinned' is not provided, the default value is false.\n\nMicrosoft Edge presents these in the order listed, from left to right, with all pinned tiles displayed ahead of non-pinned tiles.\n\nIf the policy is set as mandatory, the 'pinned' field will be ignored and all tiles will be pinned. The tiles can't be deleted by the user and will always appear at the front of the quick links list.\n\nIf the policy is set as recommended, pinned tiles will remain in the list but the user has the ability to edit and delete them. Quick link tiles that aren't pinned behave like default top sites and are pushed off the list if other websites are visited more frequently. When applying non-pinned links via this policy to an existing browser profile, the links may not appear at all, depending on how they rank compared to the user's browsing history.",
"property_order": 1315,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "NewTabPageManagedQuickLinks"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newtabpagemanagedquicklinks"
}]
},
"NewTabPagePrerenderEnabled": {
"title": "NewTabPagePrerenderEnabled - Enable preload of the new tab page for faster rendering",
"description": "If you configure this policy, preloading the New tab page is enabled, and users can't change this setting. If you don't configure this policy, preloading is enabled and a user can change this setting.",
"property_order": 1320,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "NewTabPagePrerenderEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newtabpageprerenderenabled"
}]
},
"NewTabPageQuickLinksEnabled": {
"title": "NewTabPageQuickLinksEnabled - Allow quick links on the new tab page",
"description": "If you enable or don't configure this policy, Microsoft Edge displays quick links on the new tab page, and the user can interact with the control, turning quick links on and off. Enabling this policy does not force quick links to be visible - the user can continue to turn quick links on and off.\n\nIf you disable this policy, Microsoft Edge hides quick links on the new tab page and disables the quick links control in the NTP settings flyout.\n\nThis policy only applies for Microsoft Edge local user profiles, profiles signed in using a Microsoft Account, and profiles signed in using Active Directory. To configure the Enterprise new tab page for profiles signed in using Azure Active Directory, use the M365 admin portal.\n\nRelated policies: \"NewTabPageAllowedBackgroundTypes\", \"NewTabPageContentEnabled\"",
"property_order": 1325,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "NewTabPageQuickLinksEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newtabpagequicklinksenabled"
}]
},
"NewTabPageSearchBox": {
"title": "NewTabPageSearchBox - Configure the new tab page search box experience",
"description": "You can configure the new tab page search box to use \"Search box (Recommended)\" or \"Address bar\" to search on new tabs. This policy only works if you set the search engine to a value other than Bing by setting the following two policies: \"DefaultSearchProviderEnabled\" and \"DefaultSearchProviderSearchURL\".\n\n If you disable or don't configure this policy and:\n\n- If the address bar default search engine is Bing, the new tab page uses the search box to search on new tabs.\n- If the address bar default search engine is not Bing, users are offered an additional choice (use \"Address bar\") when searching on new tabs.\n\n\nIf you enable this policy and set it to:\n\n- \"Search box (Recommended)\" ('bing'), the new tab page uses the search box to search on new tabs.\n- \"Address bar\" ('redirect'), the new tab page search box uses the address bar to search on new tabs.\n\nPolicy options mapping:\n\n* bing (bing) = Search box (Recommended)\n\n* redirect (redirect) = Address bar\n\nUse the preceding information when configuring this policy.",
"property_order": 1330,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string",
"options": {
"enum_titles": ["bing - Search box (Recommended)", "redirect - Address bar"]
},
"enum": ["bing", "redirect"]
}
],
"options": {
"infoText": "NewTabPageSearchBox"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#newtabpagesearchbox"
}]
},
"NotificationsAllowedForUrls": {
"title": "NotificationsAllowedForUrls - Allow notifications on specific sites",
"description": "Allows you to create a list of url patterns to specify sites that are allowed to display notifications.\n\nIf you don't set this policy, the global default value will be used for all sites. This default value will be from the \"DefaultNotificationsSetting\" policy if it's set, or from the user's personal configuration. For detailed information on valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.",
"property_order": 1335,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "NotificationsAllowedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#notificationsallowedforurls"
}]
},
"NotificationsBlockedForUrls": {
"title": "NotificationsBlockedForUrls - Block notifications on specific sites",
"description": "Allows you to create a list of url patterns to specify sites that are not allowed to display notifications.\n\nIf you don't set this policy, the global default value will be used for all sites. This default value will be from the \"DefaultNotificationsSetting\" policy if it's set, or from the user's personal configuration. For detailed information on valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.",
"property_order": 1340,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "NotificationsBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#notificationsblockedforurls"
}]
},
"NtlmV2Enabled": {
"title": "NtlmV2Enabled - Control whether NTLMv2 authentication is enabled",
"description": "Controls whether NTLMv2 is enabled.\n\nAll recent versions of Samba and Windows servers support NTLMv2. You should only disable NTLMv2 to address issues with backwards compatibility as it reduces the security of authentication.\n\nIf you don't configure this policy, NTLMv2 is enabled by default.",
"property_order": 1345,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "NtlmV2Enabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#ntlmv2enabled"
}]
},
"OrganizationLogoOverlayOnAppIconEnabled": {
"title": "OrganizationLogoOverlayOnAppIconEnabled - Allow your organization's logo from Microsoft Entra to be overlaid on the Microsoft Edge app icon of a work profile",
"description": "Allow your organization's logo from Entra, if any, to be overlaid on the Microsoft Edge app icon of a profile that's signed in with an Entra ID (formerly known as Azure Active Directory) account. This requires a browser restart to take effect.\n\nIf you enable this policy, your organization's logo from Entra will be used.\n\nIf you disable or don't configure this policy, your organization's logo from Entra won't be used.\n\nFor more information about configuring your organization's logo on Entra, please visit https://go.microsoft.com/fwlink/?linkid=2254514.",
"property_order": 1350,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "OrganizationLogoOverlayOnAppIconEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#organizationlogooverlayonappiconenabled"
}]
},
"OrganizationalBrandingOnWorkProfileUIEnabled": {
"title": "OrganizationalBrandingOnWorkProfileUIEnabled - Allow the use of your organization's branding assets from Microsoft Entra on the profile-related UI of a work profile",
"description": "Allow the use of your organization's branding assets from Entra, if any, on the profile-related UI of a profile that's signed in with an Entra ID (formerly known as Azure Active Directory) account. This requires a browser restart to take effect.\n\nIf you enable this policy, your organization's branding assets from Entra will be used.\n\nIf you disable or don't configure this policy, your organization's branding assets from Entra won't be used.\n\nFor more information about configuring your organization's branding assets on Entra, please visit https://go.microsoft.com/fwlink/?linkid=2254514.",
"property_order": 1355,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "OrganizationalBrandingOnWorkProfileUIEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#organizationalbrandingonworkprofileuienabled"
}]
},
"OriginAgentClusterDefaultEnabled": {
"title": "OriginAgentClusterDefaultEnabled - Origin-keyed agent clustering enabled by default",
"description": "The Origin-Agent-Cluster: HTTP header controls whether a document is isolated in an origin-keyed agent cluster or in a site-keyed agent cluster. This has security implications because an origin-keyed agent cluster allows isolating documents by origin. The consequence of this for developers is that the document.domain accessor can no longer be set when origin-keyed agent clustering is enabled.\n\nIf you enable or don't configure this policy, documents without the Origin-Agent-Cluster: header will be assigned to origin-keyed agent clustering by default. On these documents, the document.domain accessor will not be settable.\n\nIf you disable this policy, documents without the Origin-Agent-Cluster: header will be assigned to site-keyed agent clusters by default. On these documents, the document.domain accessor will be settable.\n\nSee https://go.microsoft.com/fwlink/?linkid=2191896 for additional details.",
"property_order": 1360,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "OriginAgentClusterDefaultEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#originagentclusterdefaultenabled"
}]
},
"OverrideSecurityRestrictionsOnInsecureOrigin": {
"title": "OverrideSecurityRestrictionsOnInsecureOrigin - Control where security restrictions on insecure origins apply",
"description": "Specifies a list of origins (URLs) or hostname patterns (like \"*.contoso.com\") for which security restrictions on insecure origins don't apply.\n\nThis policy lets you specify allowed origins for legacy applications that can't deploy TLS or set up a staging server for internal web development so that developers can test out features requiring secure contexts without having to deploy TLS on the staging server. This policy also prevents the origin from being labeled \"Not Secure\" in the omnibox.\n\nSetting a list of URLs in this policy has the same effect as setting the command-line flag '--unsafely-treat-insecure-origin-as-secure' to a comma-separated list of the same URLs. If you enable this policy, it overrides the command-line flag.\n\nFor more information on secure contexts, see https://www.w3.org/TR/secure-contexts/.",
"property_order": 1365,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "OverrideSecurityRestrictionsOnInsecureOrigin"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#overridesecurityrestrictionsoninsecureorigin"
}]
},
"PDFSecureMode": {
"title": "PDFSecureMode - Secure mode and Certificate-based Digital Signature validation in native PDF reader",
"description": "The policy enables Digital Signature validation for PDF files in a secure environment, which shows the correct validation status of the signatures.\n\nIf you enable this policy, PDF files with Certificate-based digital signatures are opened with an option to view and verify the validity of the signatures with high security.\n\nIf you disable or don't configure this policy, the capability to view and verify the signature will not be available.",
"property_order": 1370,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PDFSecureMode"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#pdfsecuremode"
}]
},
"PDFXFAEnabled": {
"title": "PDFXFAEnabled - XFA support in native PDF reader enabled",
"description": "Lets the Microsoft Edge browser enable XFA (XML Forms Architecture) support in the native PDF reader and allows users to open XFA PDF files in the browser.\n\nIf you enable this policy, XFA support in the native PDF reader will be enabled.\n\nIf you disable or don't configure this policy, Microsoft Edge will not enable XFA support in the native PDF reader.",
"property_order": 1375,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PDFXFAEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#pdfxfaenabled"
}]
},
"PasswordDeleteOnBrowserCloseEnabled": {
"title": "PasswordDeleteOnBrowserCloseEnabled - Prevent passwords from being deleted if any Edge settings is enabled to delete browsing data when Microsoft Edge closes",
"description": "When this policy is enabled, the passwords saved with Edge Password Manager are exempted from deletion when the browser closes. This policy is only effective when the \"ClearBrowsingDataOnExit\" policy is enabled.\n\nIf you enable this policy, passwords won't be cleared when the browser closes.\nIf you disable or don't configure this policy, the user's personal configuration is used.",
"property_order": 1380,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PasswordDeleteOnBrowserCloseEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#passworddeleteonbrowsercloseenabled"
}]
},
"PasswordGeneratorEnabled": {
"title": "PasswordGeneratorEnabled - Allow users to get a strong password suggestion whenever they are creating an account online",
"description": "Configures the Password Generator Settings toggle that enables/disables the feature for users.\n\nIf you enable or don't configure this policy, then Password Generator will offer users a strong and unique password suggestion (via a dropdown) on Signup and Change Password pages.\n\nIf you disable this policy, users will no longer see strong password suggestions on Signup or Change Password pages.",
"property_order": 1385,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PasswordGeneratorEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#passwordgeneratorenabled"
}]
},
"PasswordManagerBlocklist": {
"title": "PasswordManagerBlocklist - Configure the list of domains for which the password manager UI (Save and Fill) will be disabled",
"description": "Configure the list of domains where Microsoft Edge should disable the password manager. This means that Save and Fill workflows will be disabled, ensuring that passwords for those websites can't be saved or auto filled into web forms.\n\nIf you enable this policy, the password manager will be disabled for the specified set of domains.\n\nIf you disable or don't configure this policy, password manager will work as usual for all domains.\n\nIf you configure this policy, that is, add domains for which password manager is blocked, users can't change or override the behavior in Microsoft Edge. In addition, users can't use password manager for those URLs.",
"property_order": 1390,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "PasswordManagerBlocklist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#passwordmanagerblocklist"
}]
},
"PasswordManagerEnabled": {
"title": "PasswordManagerEnabled - Enable saving passwords to the password manager",
"description": "Enable Microsoft Edge to save user passwords. The next time a user visits a site with a saved password, Microsoft Edge will enter the password automatically.\n\nIf you enable or don't configure this policy, users can save and add their passwords in Microsoft Edge.\n\nIf you disable this policy, users can't save and add new passwords, but they can still use previously saved passwords.",
"property_order": 1395,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PasswordManagerEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#passwordmanagerenabled"
}]
},
"PasswordManagerRestrictLengthEnabled": {
"title": "PasswordManagerRestrictLengthEnabled - Restrict the length of passwords that can be saved in the Password Manager",
"description": "Make Microsoft Edge restrict the length of usernames and/or passwords that can be saved in the Password Manager.\n\nIf you enable this policy, Microsoft Edge will not let the user save credentials with usernames and/or passwords longer than 256 characters.\n\nIf you disable or don't configure this policy, Microsoft Edge will let the user save credentials with arbitrarily long usernames and/or passwords.",
"property_order": 1400,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PasswordManagerRestrictLengthEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#passwordmanagerrestrictlengthenabled"
}]
},
"PasswordMonitorAllowed": {
"title": "PasswordMonitorAllowed - Allow users to be alerted if their passwords are found to be unsafe",
"description": "Allow Microsoft Edge to monitor user passwords.\n\nIf you enable this policy, the user will get alerted if any of their passwords stored in Microsoft Edge are found to be unsafe. Microsoft Edge will show an alert and this information will also be available in Settings > Passwords > Password Monitor.\n\nIf you disable this policy, users will not be asked for permission to enable this feature. Their passwords will not be scanned and they will not be alerted either.\n\nIf you don't configure the policy, users can turn this feature on or off.\n\nTo learn more about how Microsoft Edge finds unsafe passwords see https://go.microsoft.com/fwlink/?linkid=2133833\n\nAdditional guidance:\n\nThis policy can be set as both Recommended as well as Mandatory, however with an important callout.\n\nMandatory enabled: If the policy is set to Mandatory enabled, the UI in Settings will be disabled but remain in 'On' state, and a briefcase icon will be made visible next to it with this description displayed on hover - \"This setting is managed by your organization.\"\n\nRecommended enabled: If the policy is set to Recommended enabled, the UI in Settings will remain in 'Off' state, but a briefcase icon will be made visible next to it with this description displayed on hover - \"Your organization recommends a specific value for this setting and you have chosen a different value\"\n\nMandatory and Recommended disabled: Both these states will work the normal way, with the usual captions being shown to users.",
"property_order": 1405,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PasswordMonitorAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#passwordmonitorallowed"
}]
},
"PasswordProtectionChangePasswordURL": {
"title": "PasswordProtectionChangePasswordURL - Configure the change password URL",
"description": "Configures the change password URL (HTTP and HTTPS schemes only).\n\nPassword protection service will send users to this URL to change their password after seeing a warning in the browser.\n\nIf you enable this policy, then password protection service sends users to this URL to change their password.\n\nIf you disable this policy or don't configure it, then password protection service will not redirect users to a change password URL.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.",
"property_order": 1410,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "PasswordProtectionChangePasswordURL"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#passwordprotectionchangepasswordurl"
}]
},
"PasswordProtectionLoginURLs": {
"title": "PasswordProtectionLoginURLs - Configure the list of enterprise login URLs where the password protection service should capture salted hashes of a password",
"description": "Configure the list of enterprise login URLs (HTTP and HTTPS schemes only) where Microsoft Edge should capture the salted hashes of passwords and use it for password reuse detection.\n\nIf you enable this policy, the password protection service captures fingerprints of passwords on the defined URLs.\n\nIf you disable this policy or don't configure it, no password fingerprints are captured.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is available only on instances that are managed via MDM or joined to a domain via MCX.",
"property_order": 1415,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "PasswordProtectionLoginURLs"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#passwordprotectionloginurls"
}]
},
"PasswordProtectionWarningTrigger": {
"title": "PasswordProtectionWarningTrigger - Configure password protection warning trigger",
"description": "Allows you to control when to trigger password protection warning. Password protection alerts users when they reuse their protected password on potentially suspicious sites.\n\nYou can use the \"PasswordProtectionLoginURLs\" and \"PasswordProtectionChangePasswordURL\" policies to configure which passwords to protect.\n\nExemptions: Passwords for the sites listed in \"PasswordProtectionLoginURLs\" and \"PasswordProtectionChangePasswordURL\", as well as for the sites listed in \"SmartScreenAllowListDomains\", will not trigger a password-protection warning.\n\nSet to 'PasswordProtectionWarningOff' to not show password protection warningss.\n\nSet to 'PasswordProtectionWarningOnPasswordReuse' to show password protection warnings when the user reuses their protected password on a non-allowlisted site.\n\nIf you disable or don't configure this policy, then the warning trigger is not shown.\n\nPolicy options mapping:\n\n* PasswordProtectionWarningOff (0) = Password protection warning is off\n\n* PasswordProtectionWarningOnPasswordReuse (1) = Password protection warning is triggered by password reuse\n\nUse the preceding information when configuring this policy.",
"property_order": 1420,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["PasswordProtectionWarningOff - Password protection warning is off", "PasswordProtectionWarningOnPasswordReuse - Password protection warning is triggered by password reuse"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "PasswordProtectionWarningTrigger"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#passwordprotectionwarningtrigger"
}]
},
"PasswordRevealEnabled": {
"title": "PasswordRevealEnabled - Enable Password reveal button",
"description": "Lets you configure the default display of the browser password reveal button for password input fields on websites.\n\nIf you enable or don't configure this policy, the browser user setting defaults to displaying the password reveal button.\n\nIf you disable this policy, the browser user setting won't display the password reveal button.\n\nFor accessibility, users can change the browser setting from the default policy.\n\nThis policy only affects the browser password reveal button, it doesn't affect websites' custom reveal buttons.",
"property_order": 1425,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PasswordRevealEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#passwordrevealenabled"
}]
},
"PaymentMethodQueryEnabled": {
"title": "PaymentMethodQueryEnabled - Allow websites to query for available payment methods",
"description": "Allows you to set whether websites can check if the user has payment methods saved.\n\nIf you disable this policy, websites that use PaymentRequest.canMakePayment or PaymentRequest.hasEnrolledInstrument API will be informed that no payment methods are available.\n\nIf you enable this policy or don't set this policy, websites can check if the user has payment methods saved.",
"property_order": 1430,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PaymentMethodQueryEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#paymentmethodqueryenabled"
}]
},
"PerformanceDetectorEnabled": {
"title": "PerformanceDetectorEnabled - Performance Detector Enabled",
"description": "The performance detector detects tab performance issues and recommends actions to fix the performance issues.\n\nIf you enable or don't configure this policy, performance detector is turned on.\n\nIf you disable this policy, performance detector is turned off.\n\nThe user can configure its behavior in edge://settings/system.\n\nLearn more about performance detector: https://aka.ms/EdgePerformanceDetector",
"property_order": 1435,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PerformanceDetectorEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#performancedetectorenabled"
}]
},
"PersonalizationReportingEnabled": {
"title": "PersonalizationReportingEnabled - Allow personalization of ads, Microsoft Edge, search, news and other Microsoft services by sending browsing history, favorites and collections, usage and other browsing data to Microsoft",
"description": "This policy prevents Microsoft from collecting a user's Microsoft Edge browsing history, favorites and collections, usage, and other browsing data to be used for personalizing advertising, search, news, Microsoft Edge and other Microsoft services.\n\nThis setting is not available for child accounts or enterprise accounts.\n\nIf you disable this policy, users can't change or override the setting. If this policy is enabled or not configured, Microsoft Edge will default to the user's preference.",
"property_order": 1440,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PersonalizationReportingEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#personalizationreportingenabled"
}]
},
"PictureInPictureOverlayEnabled": {
"title": "PictureInPictureOverlayEnabled - Enable Picture in Picture overlay feature on supported webpages in Microsoft Edge",
"description": "This policy lets you configure the Picture in Picture floating overlay button in Microsoft Edge.\n\nThe Picture in Picture floating overlay button lets user to watch videos in a floating window on top of other windows.\n\nIf you enable or don't configure this policy, you can use the Picture in Picture floating overlay button in Microsoft Edge.\n\nIf you disable this policy, you can't use the Picture in Picture floating overlay button in Microsoft Edge.",
"property_order": 1445,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PictureInPictureOverlayEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#pictureinpictureoverlayenabled"
}]
},
"PinBrowserEssentialsToolbarButton": {
"title": "PinBrowserEssentialsToolbarButton - Pin browser essentials toolbar button",
"description": "This policy lets you configure whether to pin the Browser essentials button on the toolbar.\n\nWhen the button is pinned, it will always appear on the toolbar.\n\nWhen the button isn't pinned, it will only appear when there's an alert. An example of this kind of alert is the performance detector alert that indicates the browser is using high CPU or memory.\n\nIf you enable or don't configure this policy, the Browser essentials button will be pinned on the toolbar.\n\nIf you disable this policy, the Browser essentials button won't be pinned on the toolbar.\n\nLearn more about browser essentials: https://go.microsoft.com/fwlink/?linkid=2240439",
"property_order": 1450,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PinBrowserEssentialsToolbarButton"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#pinbrowseressentialstoolbarbutton"
}]
},
"PopupsAllowedForUrls": {
"title": "PopupsAllowedForUrls - Allow pop-up windows on specific sites",
"description": "Define a list of sites, based on URL patterns, that can open pop-up windows. Wildcards (*) are allowed.\n\nIf you don't configure this policy, the global default value from the \"DefaultPopupsSetting\" policy (if set) or the user's personal configuration is used for all sites.",
"property_order": 1455,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "PopupsAllowedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#popupsallowedforurls"
}]
},
"PopupsBlockedForUrls": {
"title": "PopupsBlockedForUrls - Block pop-up windows on specific sites",
"description": "Define a list of sites, based on URL patterns, that are blocked from opening pop-up windows. Wildcards (*) are allowed.\n\nIf you don't configure this policy, the global default value from the \"DefaultPopupsSetting\" policy (if set) or the user's personal configuration is used for all sites.",
"property_order": 1460,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "PopupsBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#popupsblockedforurls"
}]
},
"PostQuantumKeyAgreementEnabled": {
"title": "PostQuantumKeyAgreementEnabled - Enable post-quantum key agreement for TLS",
"description": "This policy configures whether Microsoft Edge will offer Kyber, a post-quantum key agreement algorithm, in TLS. This lets supporting servers protect user traffic from being decrypted by quantum computers.\n\nIf you enable this policy, Microsoft Edge will offer Kyber in TLS connections. TLS connections will be protected with Kyber key agreement when communicating with compatible servers that select Kyber during the TLS handshake.\n\nIf this disable this policy, Microsoft Edge will not offer Kyber in TLS connections. User traffic will be unprotected from decryption by quantum computers.\n\nIf you don't configure this policy, Microsoft Edge will follow the default rollout process for offering Kyber.\n\nOffering Kyber is backwards-compatible. Existing TLS servers and networking middleware are expected to ignore the new option and continue selecting previous options.\n\nHowever, devices that don't implement TLS correctly may malfunction when offered the new option. For example, they might disconnect in response to unrecognized options or the resulting larger messages. These devices are not post-quantum-ready and will interfere with an enterprise's post-quantum transition. If this issue is encountered, administrators should contact the vendor for a fix.\n\nThis policy is a temporary measure and will be removed in future versions of Microsoft Edge. You can enable it to test for issues and you can disable it while you resolve issues.",
"property_order": 1465,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PostQuantumKeyAgreementEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#postquantumkeyagreementenabled"
}]
},
"PreventSmartScreenPromptOverride": {
"title": "PreventSmartScreenPromptOverride - Prevent bypassing Microsoft Defender SmartScreen prompts for sites",
"description": "This policy setting lets you decide whether users can override the Microsoft Defender SmartScreen warnings about potentially malicious websites.\n\nIf you enable this setting, users can't ignore Microsoft Defender SmartScreen warnings and they are blocked from continuing to the site.\n\nIf you disable or don't configure this setting, users can ignore Microsoft Defender SmartScreen warnings and continue to the site.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.",
"property_order": 1470,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PreventSmartScreenPromptOverride"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#preventsmartscreenpromptoverride"
}]
},
"PreventSmartScreenPromptOverrideForFiles": {
"title": "PreventSmartScreenPromptOverrideForFiles - Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads",
"description": "This policy lets you determine whether users can override Microsoft Defender SmartScreen warnings about unverified downloads.\n\nIf you enable this policy, users in your organization can't ignore Microsoft Defender SmartScreen warnings, and they're prevented from completing the unverified downloads.\n\nIf you disable or don't configure this policy, users can ignore Microsoft Defender SmartScreen warnings and complete unverified downloads.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.",
"property_order": 1475,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PreventSmartScreenPromptOverrideForFiles"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#preventsmartscreenpromptoverrideforfiles"
}]
},
"PreventTyposquattingPromptOverride": {
"title": "PreventTyposquattingPromptOverride - Prevent bypassing Edge Website Typo Protection prompts for sites",
"description": "This policy setting lets you decide whether users can override the Edge Website Typo Protection warnings about potential typosquatting websites.\n\nIf you enable this setting, users can't ignore Edge Website Typo Protection warnings and they are blocked from continuing to the site.\n\nIf you disable or don't configure this setting, users can ignore Edge Website Typo Protection warnings and continue to the site.\n\nThis will only take effect when TyposquattingCheckerEnabled policy is not set or set to enabled.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.",
"property_order": 1480,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PreventTyposquattingPromptOverride"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#preventtyposquattingpromptoverride"
}]
},
"PrimaryPasswordSetting": {
"title": "PrimaryPasswordSetting - Configures a setting that asks users to enter their device password while using password autofill",
"description": "The feature helps users add an additional layer of privacy to their online accounts by requiring device authentication (as a way of confirming the user's identity) before the saved password is auto-filled into a web form. This ensures that non-authorized persons can't use saved passwords for autofill.\n\nThis group policy configures the radio button selector that enables this feature for users. It also has a frequency control where users can specify how often they would like to be prompted for authentication.\n\nIf you set this policy to 'Automatically', disable this policy, or don't configure this policy, autofill will not have any authentication flow.\n\nIf you set this policy to 'WithDevicePassword', users will have to enter their device password (or preferred mode of authentication under Windows) to prove their identity before their password is auto filled. Authentication modes include Windows Hello, PIN, face recognition, or fingerprint. The frequency for authentication prompt will be set to 'Ask permission once per browsing session' by default. However, users can change it to the other option, which is 'Always ask permission'.\n\nIf you set this policy to 'WithCustomPrimaryPassword', users will be asked to create their custom password and then to be redirected to Settings. After the custom password is set, users can authenticate themselves using the custom password and their passwords will get auto-filled after successful authentication. The frequency for authentication prompt will be set to 'Ask permission once per browsing session' by default. However, users can change it to the other option, which is 'Always ask permission'.\n\nIf you set this policy to 'AutofillOff', saved passwords will no longer be suggested for autofill.\n\nPolicy options mapping:\n\n* Automatically (0) = Automatically\n\n* WithDevicePassword (1) = With device password\n\n* WithCustomPrimaryPassword (2) = With custom primary password\n\n* AutofillOff (3) = Autofill off\n\nUse the preceding information when configuring this policy.",
"property_order": 1485,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["Automatically - Automatically", "WithDevicePassword - With device password", "WithCustomPrimaryPassword - With custom primary password", "AutofillOff - Autofill off"]
},
"enum": [0, 1, 2, 3]
}
],
"options": {
"infoText": "PrimaryPasswordSetting"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#primarypasswordsetting"
}]
},
"PrintHeaderFooter": {
"title": "PrintHeaderFooter - Print headers and footers",
"description": "Force 'headers and footers' to be on or off in the printing dialog.\n\nIf you don't configure this policy, users can decide whether to print headers and footers.\n\nIf you disable this policy, users can't print headers and footers.\n\nIf you enable this policy, users always print headers and footers.",
"property_order": 1490,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PrintHeaderFooter"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printheaderfooter"
}]
},
"PrintPdfAsImageDefault": {
"title": "PrintPdfAsImageDefault - Print PDF as Image Default",
"description": "Controls if Microsoft Edge makes the Print as image option the default when printing PDFs.\n\nIf you enable this policy, Microsoft Edge will default to setting the Print as image option in the Print Preview when printing a PDF.\n\nIf you disable or don't configure this policy, Microsoft Edge will not default to setting the Print as image option in the Print Preview when printing a PDF.",
"property_order": 1495,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PrintPdfAsImageDefault"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printpdfasimagedefault"
}]
},
"PrintPreviewStickySettings": {
"title": "PrintPreviewStickySettings - not configurable in UI, please craft plist",
"description": "Configuring this policy sets the print preview settings as the most recent choice in Print Preview instead of the default print preview settings.\n\nEach item of this policy expects a boolean:\n\nLayout specifies if the webpage layout should be kept sticky or not in print preview settings. If we set this to True the webpage layout uses the recent choice otherwise it will set to default value.\n\nSize specifies if the page size should be kept sticky or not in print preview settings. If we set this to True the page size uses the recent choice otherwise it will set to default value.\n\nScale Type specifies if the scaling percentage and scale type should be kept sticky or not in print preview settings. If we set this to True the scale percentage and scale type both uses the recent choice oherwise it will set to default value.\n\nMargins specifies if the page margin should be kept sticky or not in print preview settings. If we set this to True the page margins uses the recent choice otherwise it will set to default value.\n\nIf you enable this policy, the selected values will use the most recent choice in Print Preview.\n\nIf you disable or don't configure this policy, print preview settings will not be impacted.",
"property_order": 1500,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "PrintPreviewStickySettings"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printpreviewstickysettings"
}]
},
"PrintPreviewUseSystemDefaultPrinter": {
"title": "PrintPreviewUseSystemDefaultPrinter - Set the system default printer as the default printer",
"description": "Tells Microsoft Edge to use the system default printer as the default choice in Print Preview instead of the most recently used printer.\n\nIf you disable this policy or don't configure it, Print Preview uses the most recently used printer as the default destination choice.\n\nIf you enable this policy, Print Preview uses the OS system default printer as the default destination choice.",
"property_order": 1505,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PrintPreviewUseSystemDefaultPrinter"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printpreviewusesystemdefaultprinter"
}]
},
"PrintRasterizePdfDpi": {
"title": "PrintRasterizePdfDpi - Print Rasterize PDF DPI",
"description": "Controls print image resolution when Microsoft Edge prints PDFs with rasterization.\n\nWhen printing a PDF using the Print to image option, it can be beneficial to specify a print resolution other than a device's printer setting or the PDF default. A high resolution will significantly increase the processing and printing time while a low resolution can lead to poor imaging quality.\n\nIf you set this policy, it allows a particular resolution to be specified for use when rasterizing PDFs for printing.\n\nIf you set this policy to zero or don't configure it, the system default resolution will be used during rasterization of page images.",
"property_order": 1510,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer"
}
],
"options": {
"infoText": "PrintRasterizePdfDpi"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printrasterizepdfdpi"
}]
},
"PrintStickySettings": {
"title": "PrintStickySettings - Print preview sticky settings",
"description": "Specifies whether print preview should apply last used settings for Microsoft Edge PDF and webpages.\n\nIf you set this policy to 'EnableAll' or don't configure it, Microsoft Edge applies the last used print preview settings for both PDF and webpages.\n\nIf you set this policy to 'DisableAll', Microsoft Edge doesn't apply the last used print preview settings for both PDF and webpages.\n\nIf you set this policy to 'DisablePdf', Microsoft Edge doesn't apply the last used print preview settings for PDF printing and retains it for webpages.\n\nIf you set this policy to 'DisableWebpage', Microsoft Edge doesn't apply the last used print preview settings for webpage printing and retain it for PDF.\n\nThis policy is only available if you enable or don't configure the \"PrintingEnabled\" policy.\n\nPolicy options mapping:\n\n* EnableAll (0) = Enable sticky settings for PDF and Webpages\n\n* DisableAll (1) = Disable sticky settings for PDF and Webpages\n\n* DisablePdf (2) = Disable sticky settings for PDF\n\n* DisableWebpage (3) = Disable sticky settings for Webpages\n\nUse the preceding information when configuring this policy.",
"property_order": 1515,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["EnableAll - Enable sticky settings for PDF and Webpages", "DisableAll - Disable sticky settings for PDF and Webpages", "DisablePdf - Disable sticky settings for PDF", "DisableWebpage - Disable sticky settings for Webpages"]
},
"enum": [0, 1, 2, 3]
}
],
"options": {
"infoText": "PrintStickySettings"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printstickysettings"
}]
},
"PrinterTypeDenyList": {
"title": "PrinterTypeDenyList - Disable printer types on the deny list",
"description": "The printer types on the deny list won't be discovered or have their capabilities fetched.\n\nPlacing all printer types on the deny list effectively disables printing, because there's no print destination for documents.\n\nIf you don't configure this policy, or the printer list is empty, all printer types are discoverable.\n\nPrinter destinations include extension printers and local printers. Extension printers are also known as print provider destinations, and include any destination that belongs to a Microsoft Edge extension.\nLocal printers are also known as native printing destinations, and include destinations available to the local machine and shared network printers.\n\nIn Microsoft version 93 or later, if you set this policy to 'pdf' it also disables the 'save as Pdf' option from the right click context menu.\n\nIn Microsoft version 103 or later, if you set this policy to 'onedrive' it also disables the 'save as Pdf (OneDrive)' option from print preview.\n\nPolicy options mapping:\n\n* privet (privet) = Zeroconf-based (mDNS + DNS-SD) protocol destinations\n\n* extension (extension) = Extension-based destinations\n\n* pdf (pdf) = The 'Save as PDF' destination. (93 or later, also disables from context menu)\n\n* local (local) = Local printer destinations\n\n* onedrive (onedrive) = Save as PDF (OneDrive) printer destinations. (103 or later)\n\nUse the preceding information when configuring this policy.",
"property_order": 1520,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "PrinterTypeDenyList"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printertypedenylist"
}]
},
"PrintingAllowedBackgroundGraphicsModes": {
"title": "PrintingAllowedBackgroundGraphicsModes - Restrict background graphics printing mode",
"description": "Restricts background graphics printing mode. If this policy isn't set there's no restriction on printing background graphics.\n\nPolicy options mapping:\n\n* any (any) = Allow printing with and without background graphics\n\n* enabled (enabled) = Allow printing only with background graphics\n\n* disabled (disabled) = Allow printing only without background graphics\n\nUse the preceding information when configuring this policy.",
"property_order": 1525,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string",
"options": {
"enum_titles": ["any - Allow printing with and without background graphics", "disabled - Allow printing only without background graphics", "enabled - Allow printing only with background graphics"]
},
"enum": ["any", "disabled", "enabled"]
}
],
"options": {
"infoText": "PrintingAllowedBackgroundGraphicsModes"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printingallowedbackgroundgraphicsmodes"
}]
},
"PrintingBackgroundGraphicsDefault": {
"title": "PrintingBackgroundGraphicsDefault - Default background graphics printing mode",
"description": "Overrides the last used setting for printing background graphics.\nIf you enable this setting, background graphics printing is enabled.\nIf you disable this setting, background graphics printing is disabled.\n\nPolicy options mapping:\n\n* enabled (enabled) = Enable background graphics printing mode by default\n\n* disabled (disabled) = Disable background graphics printing mode by default\n\nUse the preceding information when configuring this policy.",
"property_order": 1530,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string",
"options": {
"enum_titles": ["disabled - Disable background graphics printing mode by default", "enabled - Enable background graphics printing mode by default"]
},
"enum": ["disabled", "enabled"]
}
],
"options": {
"infoText": "PrintingBackgroundGraphicsDefault"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printingbackgroundgraphicsdefault"
}]
},
"PrintingEnabled": {
"title": "PrintingEnabled - Enable printing",
"description": "Enables printing in Microsoft Edge and prevents users from changing this setting.\n\nIf you enable this policy or don't configure it, users can print.\n\nIf you disable this policy, users can't print from Microsoft Edge. Printing is disabled in the wrench menu, extensions, JavaScript applications, and so on. Users can still print from plug-ins that bypass Microsoft Edge while printing. For example, certain Adobe Flash applications have the print option in their context menu, which isn't covered by this policy.",
"property_order": 1535,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PrintingEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printingenabled"
}]
},
"PrintingPaperSizeDefault": {
"title": "PrintingPaperSizeDefault - not configurable in UI, please craft plist",
"description": "Overrides default printing page size.\n\nname should contain one of the listed formats or 'custom' if required paper size is not in the list. If 'custom' value is provided custom_size property should be specified. It describes the desired height and width in micrometers. Otherwise custom_size property shouldn't be specified. Policy that violates these rules is ignored.\n\nIf the page size is unavailable on the printer chosen by the user this policy is ignored.",
"property_order": 1540,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "PrintingPaperSizeDefault"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printingpapersizedefault"
}]
},
"PrintingWebpageLayout": {
"title": "PrintingWebpageLayout - Sets layout for printing",
"description": "Configuring this policy sets the layout for printing webpages.\n\nIf you disable or don't configure this policy, users can decide whether to print webpages in Portrait or Landscape layout.\n\nIf you enable this policy, the selected option is set as the layout option.\n\nPolicy options mapping:\n\n* portrait (0) = Sets layout option as portrait\n\n* landscape (1) = Sets layout option as landscape\n\nUse the preceding information when configuring this policy.",
"property_order": 1545,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["portrait - Sets layout option as portrait", "landscape - Sets layout option as landscape"]
},
"enum": [0, 1]
}
],
"options": {
"infoText": "PrintingWebpageLayout"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#printingwebpagelayout"
}]
},
"PrivateNetworkAccessRestrictionsEnabled": {
"title": "PrivateNetworkAccessRestrictionsEnabled - Specifies whether to apply restrictions to requests to more private network endpoints",
"description": "Specifies whether to apply restrictions to requests to more private\nnetwork endpoints\n\nWhen this policy is Enabled, any time when a warning is supposed to be displayed in the DevTools due to Private Network Access checks failing, the request is blocked.\n\nWhen this policy is Disabled or unset, all Private Network Access warnings are not enforced and the requests are not blocked.\n\nSee https://wicg.github.io/private-network-access/ for Private Network Access restrictions.\n\nNote: A network endpoint is more private than another if:\n1) Its IP address is localhost and the other is not.\n2) Its IP address is private and the other is public.",
"property_order": 1550,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PrivateNetworkAccessRestrictionsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#privatenetworkaccessrestrictionsenabled"
}]
},
"ProactiveAuthWorkflowEnabled": {
"title": "ProactiveAuthWorkflowEnabled - Enable proactive authentication",
"description": "This policy controls the proactive authentication in Microsoft Edge, that connects the signed-in user identity with Microsoft Bing, MSN and Copilot services for a smooth and consistent sign-in experience.\n\nIf you enable or don't configure this policy, Microsoft Edge authentication requests are automatically sent to the services using the account that is signed-in to the browser.\n\nIf you disable this policy, Microsoft Edge does not send authentications requests to these services and users will need to manually sign-in.",
"property_order": 1555,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ProactiveAuthWorkflowEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#proactiveauthworkflowenabled"
}]
},
"PromotionalTabsEnabled": {
"title": "PromotionalTabsEnabled - Enable full-tab promotional content",
"description": "Control the presentation of full-tab promotional or educational content. This setting controls the presentation of welcome pages that help users sign into Microsoft Edge, choose their default browser, or learn about product features.\n\nIf you enable this policy (set it true) or don't configure it, Microsoft Edge can show full-tab content to users to provide product information.\n\nIf you disable (set to false) this policy, Microsoft Edge can't show full-tab content to users.",
"property_order": 1560,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PromotionalTabsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#promotionaltabsenabled"
}]
},
"PromptForDownloadLocation": {
"title": "PromptForDownloadLocation - Ask where to save downloaded files",
"description": "Set whether to ask where to save a file before downloading it.\n\nIf you enable this policy, the user is asked where to save each file before downloading; if you don't configure it, files are saved automatically to the default location, without asking the user.\n\nIf you don't configure this policy, the user will be able to change this setting.",
"property_order": 1565,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PromptForDownloadLocation"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#promptfordownloadlocation"
}]
},
"PromptOnMultipleMatchingCertificates": {
"title": "PromptOnMultipleMatchingCertificates - Prompt the user to select a certificate when multiple certificates match",
"description": "This policy controls whether the user is prompted to select a client certificate when more than one certificate matches \"AutoSelectCertificateForUrls\".\nIf this policy is set to True, the user is prompted to select a client certificate whenever the auto-selection policy matches multiple certificates.\nIf this policy is set to False or not set, the user may only be prompted when no certificate matches the auto-selection.",
"property_order": 1570,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "PromptOnMultipleMatchingCertificates"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#promptonmultiplematchingcertificates"
}]
},
"ProxyBypassList": {
"title": "ProxyBypassList - Configure proxy bypass rules (deprecated)",
"description": "This policy is deprecated, use \"ProxySettings\" instead. It won't work in Microsoft Edge version 91.\n\nDefines a list of hosts for which Microsoft Edge bypasses any proxy.\n\nThis policy is applied only if the \"ProxySettings\" policy isn't specified and you have selected either fixed_servers or pac_script in the \"ProxyMode\" policy. If you selected any other mode for configuring proxy policies, don't enable or configure this policy.\n\nIf you enable this policy, you can create a list of hosts for which Microsoft Edge doesn't use a proxy.\n\nIf you don't configure this policy, no list of hosts is created for which Microsoft Edge bypasses a proxy. Leave this policy unconfigured if you've specified any other method for setting proxy policies.\n\nFor more detailed examples go to https://go.microsoft.com/fwlink/?linkid=2094936.",
"property_order": 1575,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "ProxyBypassList"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#proxybypasslist"
}]
},
"ProxyMode": {
"title": "ProxyMode - Configure proxy server settings (deprecated)",
"description": "This policy is deprecated, use \"ProxySettings\" instead. It won't work in Microsoft Edge version 91.\n\nIf you set this policy to Enabled you can specify the proxy server Microsoft Edge uses and prevents users from changing proxy settings. Microsoft Edge ignores all proxy-related options specified from the command line. The policy is only applied if the \"ProxySettings\" policy isn't specified.\n\nOther options are ignored if you choose one of the following options:\n * direct = Never use a proxy server and always connect directly\n * system = Use system proxy settings\n * auto_detect = Auto detect the proxy server\n\nIf you choose to use:\n * fixed_servers = Fixed proxy servers. You can specify further options with \"ProxyServer\" and \"ProxyBypassList\".\n * pac_script = A .pac proxy script. Use \"ProxyPacUrl\" to set the URL to a proxy .pac file.\n\nFor detailed examples, go to https://go.microsoft.com/fwlink/?linkid=2094936.\n\nIf you don't configure this policy, users can choose their own proxy settings.\n\nPolicy options mapping:\n\n* ProxyDisabled (direct) = Never use a proxy\n\n* ProxyAutoDetect (auto_detect) = Auto detect proxy settings\n\n* ProxyPacScript (pac_script) = Use a .pac proxy script\n\n* ProxyFixedServers (fixed_servers) = Use fixed proxy servers\n\n* ProxyUseSystem (system) = Use system proxy settings\n\nUse the preceding information when configuring this policy.",
"property_order": 1580,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string",
"options": {
"enum_titles": ["ProxyAutoDetect - Auto detect proxy settings", "ProxyDisabled - Never use a proxy", "ProxyFixedServers - Use fixed proxy servers", "ProxyPacScript - Use a .pac proxy script", "ProxyUseSystem - Use system proxy settings"]
},
"enum": ["auto_detect", "direct", "fixed_servers", "pac_script", "system"]
}
],
"options": {
"infoText": "ProxyMode"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#proxymode"
}]
},
"ProxyPacUrl": {
"title": "ProxyPacUrl - Set the proxy .pac file URL (deprecated)",
"description": "This policy is deprecated, use \"ProxySettings\" instead. It won't work in Microsoft Edge version 91.\n\nSpecifies the URL for a proxy auto-config (PAC) file.\n\nThis policy is applied only if the \"ProxySettings\" policy isn't specified and you have selected pac_script in the \"ProxyMode\" policy. If you selected any other mode for configuring proxy policies, don't enable or configure this policy.\n\nIf you enable this policy, you can specify the URL for a PAC file, which defines how the browser automatically chooses the appropriate proxy server for fetching a particular website.\n\nIf you disable or don't configure this policy, no PAC file is specified. Leave this policy unconfigured if you've specified any other method for setting proxy policies.\n\nFor detailed examples, see https://go.microsoft.com/fwlink/?linkid=2094936.",
"property_order": 1585,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "ProxyPacUrl"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#proxypacurl"
}]
},
"ProxyServer": {
"title": "ProxyServer - Configure address or URL of proxy server (deprecated)",
"description": "This policy is deprecated, use \"ProxySettings\" instead. It won't work in Microsoft Edge version 91.\n\nSpecifies the URL of the proxy server.\n\nThis policy is applied only if the \"ProxySettings\" policy isn't specified and you have selected fixed_servers in the \"ProxyMode\" policy. If you selected any other mode for configuring proxy policies, don't enable or configure this policy.\n\nIf you enable this policy, the proxy server configured by this policy will be used for all URLs.\n\nIf you disable or don't configure this policy, users can choose their own proxy settings while in this proxy mode. Leave this policy unconfigured if you've specified any other method for setting proxy policies.\n\nFor more options and detailed examples, see https://go.microsoft.com/fwlink/?linkid=2094936.",
"property_order": 1590,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "ProxyServer"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#proxyserver"
}]
},
"ProxySettings": {
"title": "ProxySettings - not configurable in UI, please craft plist",
"description": "Configures the proxy settings for Microsoft Edge.\n\nIf you enable this policy, Microsoft Edge ignores all proxy-related options specified from the command line.\n\nIf you don't configure this policy, users can choose their own proxy settings.\n\nThis policy overrides the following individual policies:\n\n\"ProxyMode\"\n\"ProxyPacUrl\"\n\"ProxyServer\"\n\"ProxyBypassList\"\n\nSetting the \"ProxySettings\" policy accepts the following fields:\n * ProxyMode, which lets you specify the proxy server used by Microsoft Edge and prevents users from changing proxy settings\n * ProxyPacUrl, a URL to a proxy .pac file\n * ProxyPacMandatory, a boolean flag which prevents the network stack from falling back to direct connections with invalid or unavailable PAC script\n * ProxyServer, a URL for the proxy server\n * ProxyBypassList, a list of proxy hosts that Microsoft Edge bypasses\n\nFor ProxyMode, if you choose the value:\n * direct, a proxy is never used and all other fields are ignored.\n * system, the systems's proxy is used and all other fields are ignored.\n * auto_detect, all other fields are ignored.\n * fixed_servers, the ProxyServer and ProxyBypassList fields are used.\n * pac_script, the ProxyPacUrl, ProxyPacMandatory and ProxyBypassList fields are used.\n\nFor more detailed examples go to https://go.microsoft.com/fwlink/?linkid=2094936.",
"property_order": 1595,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "ProxySettings"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#proxysettings"
}]
},
"QRCodeGeneratorEnabled": {
"title": "QRCodeGeneratorEnabled - Enable QR Code Generator",
"description": "This policy enables the QR Code generator feature in Microsoft Edge.\n\nIf you enable this policy or don't configure it, the QR Code Generator feature is enabled.\n\nIf you disable this policy, the QR Code Generator feature is disabled.",
"property_order": 1600,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "QRCodeGeneratorEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#qrcodegeneratorenabled"
}]
},
"QuicAllowed": {
"title": "QuicAllowed - Allow QUIC protocol",
"description": "Allows use of the QUIC protocol in Microsoft Edge.\n\nIf you enable this policy or don't configure it, the QUIC protocol is allowed.\n\nIf you disable this policy, the QUIC protocol is blocked.\n\nQUIC is a transport layer network protocol that can improve performance of web applications that currently use TCP.",
"property_order": 1605,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "QuicAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#quicallowed"
}]
},
"QuickSearchShowMiniMenu": {
"title": "QuickSearchShowMiniMenu - Enables Microsoft Edge mini menu",
"description": "Enables Microsoft Edge mini menu on websites and PDFs. The mini menu is triggered on text selection and has basic actions like copy and smart actions like definitions.\n\nIf you enable or don't config this policy, selecting text on websites and PDFs will show the Microsoft Edge mini menu.\n\nIf you disable this policy, the Microsoft Edge mini menu will not be shown when text on websites and PDFs is selected.",
"property_order": 1610,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "QuickSearchShowMiniMenu"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#quicksearchshowminimenu"
}]
},
"QuickViewOfficeFilesEnabled": {
"title": "QuickViewOfficeFilesEnabled - Manage QuickView Office files capability in Microsoft Edge",
"description": "Allows you to set whether users can view publicly accessible Office files on the web that aren't on OneDrive or SharePoint. (For example: Word documents, PowerPoint presentations, and Excel spreadsheets)\n\nIf you enable or don't configure this policy, these files can be viewed in Microsoft Edge using Office Viewer instead of downloading the files.\n\nIf you disable this policy, these files will be downloaded to be viewed.",
"property_order": 1615,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "QuickViewOfficeFilesEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#quickviewofficefilesenabled"
}]
},
"RSAKeyUsageForLocalAnchorsEnabled": {
"title": "RSAKeyUsageForLocalAnchorsEnabled - Check RSA key usage for server certificates issued by local trust anchors (deprecated)",
"description": "This policy is deprecated because RSAKeyUsageForLocalAnchorsEnabled feature has been removed.\n\nThis policy will be removed in version 133.\n\nThe X.509 key usage extension declares how the key in a certificate can be\nused. These instructions ensure certificates aren't used in an unintended\ncontext, which protects against a class of cross-protocol attacks on HTTPS and\nother protocols. HTTPS clients must verify that server certificates match the\nconnection's TLS parameters.\n\nStarting in Microsoft Edge 124, this\ncheck is always enabled.\n\nMicrosoft Edge 123 and earlier have the\nfollowing behavior:\n\nIf this policy is set to enabled,\nMicrosoft Edge will perform this key\ncheck. This helps prevent attacks where an attacker manipulates the browser into\ninterpreting a key in ways that the certificate owner did not intend.\n\nIf this policy is set to disabled,\nMicrosoft Edge will skip this key check in\nHTTPS connections that negotiate TLS 1.2 and use an RSA certificate that\nchains to a local trust anchor. Examples of local trust anchors include\npolicy-provided or user-installed root certificates. In all other cases, the\ncheck is performed independent of this policy's setting.\n\nIf this policy is not configured,\nMicrosoft Edge will behave as if the\npolicy is enabled.\n\nThis policy is available for administrators to preview the behavior of a\nfuture release, which will enable this check by default. At that point, this\npolicy will remain temporarily available for administrators that need more\ntime to update their certificates to meet the new RSA key usage requirements.\n\nConnections that fail this check will fail with the error\nERR_SSL_KEY_USAGE_INCOMPATIBLE. Sites that fail with this error likely have a\nmisconfigured certificate. Modern ECDHE_RSA cipher suites use the\n\"digitalSignature\" key usage option, while legacy RSA decryption cipher suites\nuse the \"keyEncipherment\" key usage option. If uncertain, administrators should\ninclude both in RSA certificates meant for HTTPS.",
"property_order": 1620,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "RSAKeyUsageForLocalAnchorsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#rsakeyusageforlocalanchorsenabled"
}]
},
"ReadAloudEnabled": {
"title": "ReadAloudEnabled - Enable Read Aloud feature in Microsoft Edge",
"description": "Enables the Read Aloud feature within Microsoft Edge.\nUsing this feature, users can listen to the content on the web page. This enables users to multi-task or improve their reading comprehension by hearing content at their own pace.\n\nIf you enable this policy or don't configure it, the Read Aloud option shows up in the address bar, right click context menu, more menu, on the PDF toolbar, and within Immersive Reader.\nIf you disable this policy, users can't access the Read Aloud feature from the address bar, right click context menu, more menu, on the PDF toolbar, and within Immersive Reader.",
"property_order": 1625,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ReadAloudEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#readaloudenabled"
}]
},
"RegisteredProtocolHandlers": {
"title": "RegisteredProtocolHandlers - not configurable in UI, please craft plist",
"description": "Set this policy (recommended only) to register a list of protocol handlers. This list is merged with ones registered by the user and both are available to use.\n\nTo register a protocol handler:\n\n- Set the protocol property to the scheme (for example, \"mailto\")\n- Set the URL property to the URL property of the application that handlers the scheme specified in the \"protocol\" field. The pattern can include a \"%s\" placeholder, which the handled URL replaces.\n\nUsers can't remove a protocol handler registered by this policy. However, they can install a new default protocol handler to override the existing protocol handlers.",
"property_order": 1630,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "RegisteredProtocolHandlers"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#registeredprotocolhandlers"
}]
},
"RelatedMatchesCloudServiceEnabled": {
"title": "RelatedMatchesCloudServiceEnabled - Configure Related Matches in Find on Page",
"description": "Specifies how the user receives related matches in Find on Page, which provides spellcheck, synonyms, and Q&A results in Microsoft Edge.\n\nIf you enable or don't configure this policy, users can receive related matches in Find on Page on all sites. The results are processed in a cloud service.\n\nIf you disable this policy, users can receive related matches in Find on Page on limited sites. The results are processed on the user's device.",
"property_order": 1635,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "RelatedMatchesCloudServiceEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#relatedmatchescloudserviceenabled"
}]
},
"RelatedWebsiteSetsEnabled": {
"title": "RelatedWebsiteSetsEnabled - Enable Related Website Sets",
"description": "This policy lets you control the enablement of the Related Website Sets feature. Related Website Sets (RWS) is a way for an organisation to declare relationships among sites, so that Microsoft Edge allows limited third-party cookie access for specific purposes across those sites.\n\nIf this policy set to True or unset, the Related Website Sets feature is enabled.\n\nIf this policy is set to False, the Related Website Sets feature is disabled.",
"property_order": 1640,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "RelatedWebsiteSetsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#relatedwebsitesetsenabled"
}]
},
"RelatedWebsiteSetsOverrides": {
"title": "RelatedWebsiteSetsOverrides - not configurable in UI, please craft plist",
"description": "This policy provides a way to override the list of sets Microsoft Edge uses for Related Website Sets\n\nEach set in the browser's list of Related Website Sets must meet the requirements of a Related Website Set. A Related Website Set must contain a primary site and one or more member sites.\nA set can also contain a list of service sites that it owns, as well as a map from a site to all its ccTLD variants. See https://github.com/WICG/first-party-sets for more information on how Microsoft Edge uses Related Website Sets.\n\n\nAll sites in a Related Website Set must be a registrable domain served over HTTPS. Each site in a Related Website Set must also be unique, which means a site can't be listed more than once in a Related Website Set.\n\nWhen this policy is given an empty dictionary, Microsoft Edge uses the public list of Related Website Sets.\n\nFor all sites in a Related Website Set from the replacements list, if a site is also present on a Related Website Set in the browser's list, then that site will be removed from the browser's Related Website Set. After this, the policy's Related Website Set will be added to the Microsoft Edge's list of Related Website Sets.\n\nFor all sites in a Related Website Set from the additions list, if a site is also present on a Related Website Set in Microsoft Edge's list, then the browser's Related Website Set will be updated so that the new Related Website Set can be added to the browser's list. After the browser's list has been updated, the policy's Related Website Set will be added to the browser's list of Related Website Sets.\n\nThe browser's list of Related Website Sets requires that for all sites in its list, no site is in\nmore than one set. This is also required for both the replacements list\nand the additions list. Similarly, a site can't be in both the\nreplacements list and the additions list.\n\nWildcards (*) aren't supported as a policy value, or as a value within any Related Website Set in these lists.",
"property_order": 1645,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "RelatedWebsiteSetsOverrides"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#relatedwebsitesetsoverrides"
}]
},
"RelaunchNotification": {
"title": "RelaunchNotification - Notify a user that a browser restart is recommended or required for pending updates",
"description": "Notify users that they need to restart Microsoft Edge to apply a pending update.\n\nIf you don't configure this policy, Microsoft Edge adds a recycle icon at the far right of the top menu bar to prompt users to restart the browser to apply the update.\n\nIf you enable this policy and set it to 'Recommended', a recurring warning prompts users that a restart is recommended. Users can dismiss this warning and defer the restart.\n\nIf you set the policy to 'Required', a recurring warning prompts users that the browser will be restarted automatically as soon as a notification period passes. The default period is seven days. You can configure this period with the \"RelaunchNotificationPeriod\" policy.\n\nThe user's session is restored when the browser restarts.\n\nPolicy options mapping:\n\n* Recommended (1) = Recommended - Show a recurring prompt to the user indicating that a restart is recommended\n\n* Required (2) = Required - Show a recurring prompt to the user indicating that a restart is required\n\nUse the preceding information when configuring this policy.",
"property_order": 1650,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["Recommended - Recommended - Show a recurring prompt to the user indicating that a restart is recommended", "Required - Required - Show a recurring prompt to the user indicating that a restart is required"]
},
"enum": [1, 2]
}
],
"options": {
"infoText": "RelaunchNotification"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#relaunchnotification"
}]
},
"RelaunchNotificationPeriod": {
"title": "RelaunchNotificationPeriod - Set the time period for update notifications",
"description": "Allows you to set the time period, in milliseconds, over which users are notified that Microsoft Edge must be relaunched to apply a pending update.\n\nOver this time period, the user will be repeatedly informed of the need for an update. In Microsoft Edge the app menu changes to indicate that a relaunch is needed once one third of the notification period passes. This notification changes color once two thirds of the notification period passes, and again once the full notification period has passed. The additional notifications enabled by the \"RelaunchNotification\" policy follow this same schedule.\n\nIf not set, the default period of 604800000 milliseconds (one week) is used.",
"property_order": 1655,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer"
}
],
"options": {
"infoText": "RelaunchNotificationPeriod"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#relaunchnotificationperiod"
}]
},
"RelaunchWindow": {
"title": "RelaunchWindow - not configurable in UI, please craft plist",
"description": "Specifies a target time window for the end of the relaunch notification period.\n\nUsers are notified of the need for a browser relaunch or device restart based on the \"RelaunchNotification\" and \"RelaunchNotificationPeriod\" policy settings. Browsers and devices are forcibly restarted at the end of the notification period when the \"RelaunchNotification\" policy is set to 'Required'. This RelaunchWindow policy can be used to defer the end of the notification period so that it falls within a specific time window.\n\nIf you don't configure this policy, the default target time window is the whole day (i.e., the end of the notification period is never deferred).\n\nNote: Though the policy can accept multiple items in entries, all but the first item are ignored.\nWarning: Setting this policy may delay application of software updates.",
"property_order": 1660,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "RelaunchWindow"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#relaunchwindow"
}]
},
"RemoteDebuggingAllowed": {
"title": "RemoteDebuggingAllowed - Allow remote debugging",
"description": "Controls whether users may use remote debugging.\n\nIf you enable or don't configure this policy, users may use remote debugging by specifying --remote-debug-port and --remote-debugging-pipe command line switches.\n\nIf you disable this policy, users are not allowed to use remote debugging.",
"property_order": 1665,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "RemoteDebuggingAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#remotedebuggingallowed"
}]
},
"ResolveNavigationErrorsUseWebService": {
"title": "ResolveNavigationErrorsUseWebService - Enable resolution of navigation errors using a web service",
"description": "Allow Microsoft Edge to issue a dataless connection to a web service to probe networks for connectivity in cases like hotel and airport Wi-Fi.\n\nIf you enable this policy, a web service is used for network connectivity tests.\n\nIf you disable this policy, Microsoft Edge uses native APIs to try to resolve network connectivity and navigation issues.\n\n**Note**: Except on Windows 8 and later versions of Windows, Microsoft Edge *always* uses native APIs to resolve connectivity issues.\n\nIf you don't configure this policy, Microsoft Edge respects the user preference that's set under Services at edge://settings/privacy.\nSpecifically, there's a **Use a web service to help resolve navigation errors** toggle, which the user can switch on or off. Be aware that if you have enabled this policy (ResolveNavigationErrorsUseWebService), the **Use a web service to help resolve navigation errors** setting is turned on, but the user can't change the setting by using the toggle. If you have disabled this policy, the **Use a web service to help resolve navigation errors** setting is turned off, and the user can't change the setting by using the toggle.",
"property_order": 1670,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ResolveNavigationErrorsUseWebService"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#resolvenavigationerrorsusewebservice"
}]
},
"RestoreOnStartup": {
"title": "RestoreOnStartup - Action to take on Microsoft Edge startup",
"description": "Specify how Microsoft Edge behaves when it starts.\n\nIf you want a new tab to always open on startup, choose 'RestoreOnStartupIsNewTabPage'.\n\nIf you want to reopen URLs that were open the last time Microsoft Edge closed, choose 'RestoreOnStartupIsLastSession'. The browsing session will be restored as it was. Note that this option disables some settings that rely on sessions or that perform actions on exit (such as Clear browsing data on exit or session-only cookies).\n\nIf you want to open a specific set of URLs, choose 'RestoreOnStartupIsURLs'.\n\nStarting in Microsoft Edge version 125, if you want to reopen URLs that were open the last time Microsoft Edge closed and open a specific set of URLs, choose 'RestoreOnStartupIsLastSessionAndURLs'.\n\nDisabling this setting is the same as leaving it not configured. Users will be able to change it in Microsoft Edge.\n\nThis policy is only available on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory, or instances that enrolled for device management. On macOS, this policy is only available on instances that are managed via MDM or joined to a domain via MCX.\n\nPolicy options mapping:\n\n* RestoreOnStartupIsNewTabPage (5) = Open a new tab\n\n* RestoreOnStartupIsLastSession (1) = Restore the last session\n\n* RestoreOnStartupIsURLs (4) = Open a list of URLs\n\n* RestoreOnStartupIsLastSessionAndURLs (6) = Open a list of URLs and restore the last session\n\nUse the preceding information when configuring this policy.",
"property_order": 1675,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["RestoreOnStartupIsLastSession - Restore the last session", "RestoreOnStartupIsURLs - Open a list of URLs", "RestoreOnStartupIsNewTabPage - Open a new tab", "RestoreOnStartupIsLastSessionAndURLs - Open a list of URLs and restore the last session"]
},
"enum": [1, 4, 5, 6]
}
],
"options": {
"infoText": "RestoreOnStartup"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#restoreonstartup"
}]
},
"RestoreOnStartupURLs": {
"title": "RestoreOnStartupURLs - Sites to open when the browser starts",
"description": "Specify a list of websites to open automatically when the browser starts. If you don't configure this policy, no site is opened on startup.\n\nThis policy only works if you also set the \"RestoreOnStartup\" policy to 'Open a list of URLs' (4).\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, joined to Microsoft Azure Active Directory` or instances that enrolled for device management.",
"property_order": 1680,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "RestoreOnStartupURLs"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#restoreonstartupurls"
}]
},
"RestoreOnStartupUserURLsEnabled": {
"title": "RestoreOnStartupUserURLsEnabled - Allow users to add and remove their own sites during startup when the RestoreOnStartupURLs policy is configured",
"description": "This policy only works if you set the \"RestoreOnStartup\" policy to 'Open a list of URLs' (4) and the \"RestoreOnStartupURLs\" policy as mandatory.\nIf you enable this policy, users are allowed to add and remove their own URLs to open when starting Edge while maintaining the admin specified mandatory list of sites specified by setting \"RestoreOnStartup\" policy to open a list of URLS and providing the list of sites in the \"RestoreOnStartupURLs\" policy.\n\nIf you disable or don't configure this policy, there is no change to how the \"RestoreOnStartup\" and \"RestoreOnStartupURLs\" policies work.",
"property_order": 1685,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "RestoreOnStartupUserURLsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#restoreonstartupuserurlsenabled"
}]
},
"RestorePdfView": {
"title": "RestorePdfView - Restore PDF view",
"description": "Enables PDF View Recovery in Microsoft Edge.\n\nIf you enable or don't configure this policy Microsoft Edge will recover the last state of PDF view and land users to the section where they ended reading in the last session.\n\nIf you disable this policy Microsoft Edge will recover the last state of PDF view and land users at the start of the PDF file.",
"property_order": 1690,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "RestorePdfView"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#restorepdfview"
}]
},
"RestrictSigninToPattern": {
"title": "RestrictSigninToPattern - Restrict which accounts can be used to sign in to Microsoft Edge",
"description": "Determines which accounts can be used to sign in to the Microsoft Edge account that's chosen during the Sync opt-in flow.\n\nYou can configure this policy to match multiple accounts using a Perl style regular expression for the pattern. If a user tries to sign in to the browser with an account whose username doesn't match this pattern, they are blocked and will get the appropriate error message. Note that pattern matches are case sensitive. For more information about the regular expression rules that are used, refer to https://go.microsoft.com/fwlink/p/?linkid=2133903.\n\nIf you don't configure this policy or leave it blank, users can use any account to sign in to Microsoft Edge.\n\nNote that signed-in profiles with a username that doesn't match this pattern will be signed out after this policy is enabled.",
"property_order": 1695,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "RestrictSigninToPattern"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#restrictsignintopattern"
}]
},
"SSLErrorOverrideAllowed": {
"title": "SSLErrorOverrideAllowed - Allow users to proceed from the HTTPS warning page",
"description": "Microsoft Edge shows a warning page when users visit sites that have SSL errors.\n\nIf you enable or don't configure (default) this policy, users can click through these warning pages.\n\nIf you disable this policy, users are blocked from clicking through any warning page.",
"property_order": 1700,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SSLErrorOverrideAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#sslerroroverrideallowed"
}]
},
"SSLErrorOverrideAllowedForOrigins": {
"title": "SSLErrorOverrideAllowedForOrigins - Allow users to proceed from the HTTPS warning page for specific origins",
"description": "Microsoft Edge shows a warning page when users visit sites that have SSL errors.\n\nIf you enable or don't configure the \"SSLErrorOverrideAllowed\" policy, this policy does nothing.\n\nIf you disable the \"SSLErrorOverrideAllowed\" policy, configuring this policy lets you configure a list of origin patterns for sites where users can continue to click through SSL error pages. Users can't click through SSL error pages on origins that are not on this list.\n\nIf you don't configure this policy, the \"SSLErrorOverrideAllowed\" policy applies for all sites.\n\nFor detailed information about valid origin patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy. This policy only matches based on origin, so any path or query in the URL pattern is ignored.",
"property_order": 1705,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SSLErrorOverrideAllowedForOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#sslerroroverrideallowedfororigins"
}]
},
"SameOriginTabCaptureAllowedByOrigins": {
"title": "SameOriginTabCaptureAllowedByOrigins - Allow Same Origin Tab capture by these origins",
"description": "Setting the policy lets you set a list of URL patterns that can capture tabs with their same Origin.\n\nLeaving the policy unset means that sites will not be considered for an override at this scope of capture.\n\nIf a site matches a URL pattern in this policy, the following policies will not be considered: \"TabCaptureAllowedByOrigins\", \"WindowCaptureAllowedByOrigins\", \"ScreenCaptureAllowedByOrigins\", \"ScreenCaptureAllowed\".\n\nFor detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. This policy only matches based on origin, so any path in the URL pattern is ignored.",
"property_order": 1710,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SameOriginTabCaptureAllowedByOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#sameorigintabcaptureallowedbyorigins"
}]
},
"SandboxExternalProtocolBlocked": {
"title": "SandboxExternalProtocolBlocked - Allow Microsoft Edge to block navigations to external protocols in a sandboxed iframe",
"description": "Microsoft Edge will block navigations to external protocols inside a\nsandboxed iframe.\n\nIf you enable or don't configure this policy, Microsoft Edge will block those navigations.\n\nIf you disable this policy, Microsoft Edge will not block those navigations.\n\nThis can be used by administrators who need more time to update their internal website affected by this new restriction. This Enterprise policy is temporary; it's intended to be removed after Microsoft Edge version 117.",
"property_order": 1715,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SandboxExternalProtocolBlocked"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#sandboxexternalprotocolblocked"
}]
},
"SaveCookiesOnExit": {
"title": "SaveCookiesOnExit - Save cookies when Microsoft Edge closes",
"description": "When this policy is enabled, the specified set of cookies is exempt from deletion when the browser closes. This policy is only effective when:\n- The 'Cookies and other site data' toggle is configured in Settings/Privacy and services/Clear browsing data on close or\n- The policy \"ClearBrowsingDataOnExit\" is enabled or\n- The policy \"DefaultCookiesSetting\" is set to 'Keep cookies for the duration of the session'.\n\nYou can define a list of sites, based on URL patterns, that will have their cookies preserved across sessions.\n\nNote: Users can still edit the cookie site list to add or remove URLs. However, they can't remove URLs that have been added by an Admin.\n\nIf you enable this policy, the list of cookies won't be cleared when the browser closes.\n\nIf you disable or don't configure this policy, the user's personal configuration is used.",
"property_order": 1720,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SaveCookiesOnExit"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#savecookiesonexit"
}]
},
"SavingBrowserHistoryDisabled": {
"title": "SavingBrowserHistoryDisabled - Disable saving browser history",
"description": "Disables saving browser history and prevents users from changing this setting.\n\nIf you enable this policy, browsing history isn't saved. This also disables tab syncing.\n\nIf you disable this policy or don't configure it, browsing history is saved.",
"property_order": 1725,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SavingBrowserHistoryDisabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#savingbrowserhistorydisabled"
}]
},
"ScreenCaptureAllowed": {
"title": "ScreenCaptureAllowed - Allow or deny screen capture",
"description": "If you enable this policy, or don't configure this policy, a web page can use screen-share APIs (for example, getDisplayMedia() or the Desktop Capture extension API) for a screen capture.\nIf you disable this policy, calls to screen-share APIs will fail. For example, if you're using a web-based online meeting, video or screen sharing will not work. However, this policy is not considered\n(and a site will be allowed to use screen-share APIs) if the site matches an origin pattern in any of the following policies:\n\"ScreenCaptureAllowedByOrigins\",\n\"WindowCaptureAllowedByOrigins\",\n\"TabCaptureAllowedByOrigins\",\n\"SameOriginTabCaptureAllowedByOrigins\".",
"property_order": 1730,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ScreenCaptureAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#screencaptureallowed"
}]
},
"ScreenCaptureAllowedByOrigins": {
"title": "ScreenCaptureAllowedByOrigins - Allow Desktop, Window, and Tab capture by these origins",
"description": "Setting the policy lets you set a list of URL patterns that can use Desktop, Window, and Tab Capture.\n\nLeaving the policy unset means that sites will not be considered for an override at this scope of Capture.\n\nThis policy is not considered if a site matches a URL pattern in any of the following policies: \"WindowCaptureAllowedByOrigins\", \"TabCaptureAllowedByOrigins\", \"SameOriginTabCaptureAllowedByOrigins\".\n\nIf a site matches a URL pattern in this policy, the \"ScreenCaptureAllowed\" will not be considered.\n\nFor detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. This policy only matches based on origin, so any path in the URL pattern is ignored.",
"property_order": 1735,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ScreenCaptureAllowedByOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#screencaptureallowedbyorigins"
}]
},
"ScreenCaptureWithoutGestureAllowedForOrigins": {
"title": "ScreenCaptureWithoutGestureAllowedForOrigins - Allow screen capture without prior user gesture",
"description": "For security reasons, the\ngetDisplayMedia() web API requires\na prior user gesture (\"transient activation\") to be called or the API will\nfail.\n\nWhen this policy is configured, admins can specify origins on which this API\ncan be called without prior user gesture.\n\nFor detailed information on valid url patterns, see\nhttps://go.microsoft.com/fwlink/?linkid=2095322. Note: * is not an accepted\nvalue for this policy.\n\nIf this policy is not configured, all origins require a prior user gesture to\ncall this API.",
"property_order": 1740,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ScreenCaptureWithoutGestureAllowedForOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#screencapturewithoutgestureallowedfororigins"
}]
},
"ScrollToTextFragmentEnabled": {
"title": "ScrollToTextFragmentEnabled - Enable scrolling to text specified in URL fragments",
"description": "This feature lets hyperlink and address bar URL navigations target specific text on a web page, which will be scrolled to after the web page finishes loading.\n\nIf you enable or don't configure this policy, web page scrolling to specific text fragments via a URL will be enabled.\n\nIf you disable this policy, web page scrolling to specific text fragments via a URL will be disabled.",
"property_order": 1745,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ScrollToTextFragmentEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#scrolltotextfragmentenabled"
}]
},
"SearchFiltersEnabled": {
"title": "SearchFiltersEnabled - Search Filters Enabled",
"description": "Lets you filter your autosuggestions by selecting a filter from the search filters ribbon. For example, if you select the \"Favorites\" filter, only favorites suggestions will be shown.\n\nIf you enable or don't configure this policy, the autosuggestion dropdown defaults to displaying the ribbon of available filters.\n\nIf you disable this policy, the autosuggestion dropdown won't display the ribbon of available filters.",
"property_order": 1750,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SearchFiltersEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#searchfiltersenabled"
}]
},
"SearchForImageEnabled": {
"title": "SearchForImageEnabled - Search for image enabled",
"description": "This policy lets you configure the Image Search feature in the right-click context menu.\n\nIf you enable or don't configure this policy, then the \"Search the web for image\" option will be visible in the context menu.\n\nIf you disable this policy, then the \"Search the web for image\" will not be visible in the context menu.",
"property_order": 1755,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SearchForImageEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#searchforimageenabled"
}]
},
"SearchInSidebarEnabled": {
"title": "SearchInSidebarEnabled - Search in Sidebar enabled",
"description": "Search in Sidebar allows users to open search result in sidebar (including sidebar search for Progressive Web Apps).\n\nIf you configure this policy to 'EnableSearchInSidebar' or don't configure it, Search in sidebar will be enabled.\n\nIf you configure this policy to 'DisableSearchInSidebarForKidsMode', Search in sidebar will be disabled when in Kids mode. Some methods that would normally invoke sidebar search will invoke a traditional search instead.\n\nIf you configure this policy to 'DisableSearchInSidebar', Search in sidebar will be disabled. Some methods that would normally invoke sidebar search will invoke a traditional search instead.\n\nPolicy options mapping:\n\n* EnableSearchInSidebar (0) = Enable search in sidebar\n\n* DisableSearchInSidebarForKidsMode (1) = Disable search in sidebar for Kids Mode\n\n* DisableSearchInSidebar (2) = Disable search in sidebar\n\nUse the preceding information when configuring this policy.",
"property_order": 1760,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["EnableSearchInSidebar - Enable search in sidebar", "DisableSearchInSidebarForKidsMode - Disable search in sidebar for Kids Mode", "DisableSearchInSidebar - Disable search in sidebar"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "SearchInSidebarEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#searchinsidebarenabled"
}]
},
"SearchSuggestEnabled": {
"title": "SearchSuggestEnabled - Enable search suggestions",
"description": "Enables web search suggestions in Microsoft Edge's Address Bar and Auto-Suggest List and prevents users from changing this policy.\n\nIf you enable this policy, web search suggestions are used.\n\nIf you disable this policy, web search suggestions are never used, however local history and local favorites suggestions still appear. If you disable this policy, neither the typed characters, nor the URLs visited will be included in telemetry to Microsoft.\n\nIf this policy is left not set, search suggestions are enabled but the user can change that.",
"property_order": 1765,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SearchSuggestEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#searchsuggestenabled"
}]
},
"SecurityKeyPermitAttestation": {
"title": "SecurityKeyPermitAttestation - Websites or domains that don't need permission to use direct Security Key attestation",
"description": "Specifies the WebAuthn RP IDs that don't need explicit user permission when attestation certificates from security keys are requested. Additionally, a signal is sent to the security key indicating that it can use enterprise attestation. Without this policy, users are prompted each time a site requests attestation of security keys.",
"property_order": 1770,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SecurityKeyPermitAttestation"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#securitykeypermitattestation"
}]
},
"SensorsAllowedForUrls": {
"title": "SensorsAllowedForUrls - Allow access to sensors on specific sites",
"description": "Define a list of sites, based on URL patterns, that can access and use sensors such as motion and light sensors.\n\nIf you don't configure this policy, the global default value from the \"DefaultSensorsSetting\" policy (if set) or the user's personal configuration is used for all sites.\n\nFor URL patterns that don't match this policy, the following order of precedence is used: The \"SensorsBlockedForUrls\" policy (if there is a match), the \"DefaultSensorsSetting\" policy (if set), or the user's personal settings.\n\nThe URL patterns defined in this policy can't conflict with those configured in the \"SensorsBlockedForUrls\" policy. You can't allow and block a URL.\n\nFor detailed information about valid URL patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322.",
"property_order": 1775,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SensorsAllowedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#sensorsallowedforurls"
}]
},
"SensorsBlockedForUrls": {
"title": "SensorsBlockedForUrls - Block access to sensors on specific sites",
"description": "Define a list of sites, based on URL patterns, that can't access sensors such as motion and light sensors.\n\nIf you don't configure this policy, the global default value from the \"DefaultSensorsSetting\" policy (if set) or the user's personal configuration is used for all sites.\n\nFor URL patterns that don't match this policy, the following order of precedence is used: The \"SensorsAllowedForUrls\" policy (if there is a match), the \"DefaultSensorsSetting\" policy (if set), or the user's personal settings.\n\nThe URL patterns defined in this policy can't conflict with those configured in the \"SensorsAllowedForUrls\" policy. You can't allow and block a URL.\n\nFor detailed information about valid URL patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322.",
"property_order": 1780,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SensorsBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#sensorsblockedforurls"
}]
},
"SerialAllowAllPortsForUrls": {
"title": "SerialAllowAllPortsForUrls - Automatically grant sites permission to connect all serial ports",
"description": "Setting the policy allows you to list sites which are automatically granted permission to access all available serial ports.\n\nThe URLs must be valid, or the policy is ignored. Only the origin (scheme, host, and port) of the URL is considered.\n\nThis policy overrides \"DefaultSerialGuardSetting\", \"SerialAskForUrls\", \"SerialBlockedForUrls\" and the user's preferences.",
"property_order": 1785,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SerialAllowAllPortsForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#serialallowallportsforurls"
}]
},
"SerialAllowUsbDevicesForUrls": {
"title": "SerialAllowUsbDevicesForUrls - not configurable in UI, please craft plist",
"description": "Setting the policy lets you list sites that are automatically granted permission to access USB serial devices with vendor and product IDs that match the vendor_id and product_id fields.\n\nOptionally you can omit the product_id field. This enables site access to all the vendor's devices. When you provide a product ID, then you give the site access to a specific device from the vendor but not all devices.\n\nThe URLs must be valid, or the policy is ignored. Only the origin (scheme, host, and port) of the URL is considered.\n\nThis policy overrides \"DefaultSerialGuardSetting\", \"SerialAskForUrls\", \"SerialBlockedForUrls\" and the user's preferences.\n\nThis policy only affects access to USB devices through the Web Serial API. To grant access to USB devices through the WebUSB API see the \"WebUsbAllowDevicesForUrls\" policy.",
"property_order": 1790,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "SerialAllowUsbDevicesForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#serialallowusbdevicesforurls"
}]
},
"SerialAskForUrls": {
"title": "SerialAskForUrls - Allow the Serial API on specific sites",
"description": "Define a list of sites, based on URL patterns, that can ask the user for access to a serial port.\n\nIf you don't configure this policy, the global default value from the \"DefaultSerialGuardSetting\" policy (if set) or the user's personal configuration is used for all sites.\n\nFor URL patterns that don't match this policy, the following order of precedence is used: The \"SerialBlockedForUrls\" policy (if there is a match), the \"DefaultSerialGuardSetting\" policy (if set), or the user's personal settings.\n\nThe URL patterns defined in this policy can't conflict with those configured in the \"SerialBlockedForUrls\" policy. You can't allow and block a URL.\n\nFor detailed information about valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322.",
"property_order": 1795,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SerialAskForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#serialaskforurls"
}]
},
"SerialBlockedForUrls": {
"title": "SerialBlockedForUrls - Block the Serial API on specific sites",
"description": "Define a list of sites, based on URL patterns, that can't ask the user to grant them access to a serial port.\n\nIf you don't configure this policy, the global default value from the \"DefaultSerialGuardSetting\" policy (if set) or the user's personal configuration is used for all sites.\n\nFor URL patterns that don't match this policy, the following order of precedence is used: The \"SerialAskForUrls\" policy (if there is a match), the \"DefaultSerialGuardSetting\" policy (if set), or the user's personal settings.\n\nThe URL patterns in this policy can't conflict with those configured in the \"SerialAskForUrls\" policy. You can't allow and block a URL.\n\nFor detailed information about valid URL patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.",
"property_order": 1800,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SerialBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#serialblockedforurls"
}]
},
"SharedArrayBufferUnrestrictedAccessAllowed": {
"title": "SharedArrayBufferUnrestrictedAccessAllowed - Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context",
"description": "Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context. A SharedArrayBuffer is a binary data buffer that can be used to create views on shared memory. SharedArrayBuffers have a memory access vulnerability in several popular CPUs.\n\nIf you enable this policy, sites are allowed to use SharedArrayBuffers with no restrictions.\n\nIf you disable or don't configure this policy, sites are allowed to use SharedArrayBuffers only when cross-origin isolated.\n\nMicrosoft Edge will require cross-origin isolation when using SharedArrayBuffers from Microsoft Edge 91 onward for Web Compatibility reasons.",
"property_order": 1805,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SharedArrayBufferUnrestrictedAccessAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#sharedarraybufferunrestrictedaccessallowed"
}]
},
"SharedLinksEnabled": {
"title": "SharedLinksEnabled - Show links shared from Microsoft 365 apps in History",
"description": "Allows Microsoft Edge to display links recently shared by or shared with the user from Microsoft 365 apps in History.\n\nIf you enable or don't configure this policy, Microsoft Edge displays links recently shared by or shared with the user from Microsoft 365 apps in History.\n\nIf you disable this policy, Microsoft Edge does not display links recently shared by or shared with the user from Microsoft 365 apps in History. The control in Microsoft Edge settings is disabled and set to off.\n\nThis policy only applies for Microsoft Edge local user profiles and profiles signed in using Azure Active Directory.",
"property_order": 1810,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SharedLinksEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#sharedlinksenabled"
}]
},
"ShowAcrobatSubscriptionButton": {
"title": "ShowAcrobatSubscriptionButton - Shows button on native PDF viewer in Microsoft Edge that allows users to sign up for Adobe Acrobat subscription",
"description": "This policy lets the native PDF viewer in Microsoft Edge show a button that lets a user looking for advanced digital document features to discover and subscribe to premium offerings. This is done via the Acrobat extension.\n\nIf you enable or don't configure this policy, the button will show up on the native PDF viewer in Microsoft Edge. A user will be able to buy Adobe subscription to access their premium offerings.\n\nIf you disable this policy, the button won't be visible on the native PDF viewer in Microsoft Edge. A user won't be able to discover Adobe's advanced PDF tools or buy their subscriptions.",
"property_order": 1815,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ShowAcrobatSubscriptionButton"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#showacrobatsubscriptionbutton"
}]
},
"ShowCastIconInToolbar": {
"title": "ShowCastIconInToolbar - Show the cast icon in the toolbar",
"description": "Set this policy to true to show the Cast toolbar icon on the toolbar or the overflow menu. Users won't be able to remove it.\n\nIf you don't configure this policy or if you disable it, users can pin or remove the icon by using its contextual menu.\n\nIf you've also set the \"EnableMediaRouter\" policy to false, then this policy is ignored, and the toolbar icon isn't shown.",
"property_order": 1820,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ShowCastIconInToolbar"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#showcasticonintoolbar"
}]
},
"ShowDownloadsInsecureWarningsEnabled": {
"title": "ShowDownloadsInsecureWarningsEnabled - Enable insecure download warnings",
"description": "Enables warnings when potentially dangerous content is downloaded over HTTP.\n\nIf you enable or don't configure this policy, when a user tries to download potentially dangerous content from an HTTP site, the user will receive a UI warning, such as \"Insecure download blocked.\" The user will still have an option to proceed and download the item.\n\nIf you disable this policy, the warnings for insecure downloads will be suppressed.",
"property_order": 1825,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ShowDownloadsInsecureWarningsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#showdownloadsinsecurewarningsenabled"
}]
},
"ShowDownloadsToolbarButton": {
"title": "ShowDownloadsToolbarButton - Show Downloads button on the toolbar",
"description": "Set this policy to always show the Downloads button on the toolbar.\n\nIf you enable this policy, the Downloads button is pinned to the toolbar.\n\nIf you disable or don't configure the policy, the Downloads button isn't shown on the toolbar by default. Users can toggle the Downloads button in edge://settings/appearance.",
"property_order": 1830,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ShowDownloadsToolbarButton"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#showdownloadstoolbarbutton"
}]
},
"ShowHistoryThumbnails": {
"title": "ShowHistoryThumbnails - Show thumbnail images for browsing history",
"description": "This policy lets you configure whether the history thumbnail feature collects and saves images for the sites you visit. When enabled, this feature makes it easier to identify sites when you hover over your history results.\nIf you don't configure this policy, the thumbnail feature is turned on after a user visits the history hub twice in the past 7 days.\nIf you enable this policy, the history thumbnail collects and saves images for visited sites.\nIf you disable this policy, the history thumbnail doesn't collect and save images for visited sites.\nWhen the feature is disabled, existing images are deleted on a per user basis, and the feature no longer collects or saves images when a site is visited.",
"property_order": 1835,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ShowHistoryThumbnails"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#showhistorythumbnails"
}]
},
"ShowHomeButton": {
"title": "ShowHomeButton - Show Home button on toolbar",
"description": "Shows the Home button on Microsoft Edge's toolbar.\n\nEnable this policy to always show the Home button. Disable it to never show the button.\n\nIf you don't configure the policy, users can choose whether to show the home button.",
"property_order": 1840,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ShowHomeButton"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#showhomebutton"
}]
},
"ShowMicrosoftRewards": {
"title": "ShowMicrosoftRewards - Show Microsoft Rewards experiences",
"description": "Show Microsoft Rewards experience and notifications.\nIf you enable this policy:\n - Microsoft account users (excludes Azure AD accounts) in search, new tab page, and earn markets will see the Microsoft Rewards experience in their Microsoft Edge user profile.\n - The setting to enable Microsoft Rewards in Microsoft Edge settings will be enabled and toggled on.\n\nIf you disable this policy:\n - Microsoft account users (excludes Azure AD accounts) in search, new tab page, and earn markets will not see the Microsoft Rewards experience in their Microsoft Edge user profile.\n - The setting to enable Microsoft Rewards in Microsoft Edge settings will be disabled and toggled off.\n\nIf you don't configure this policy:\n - Microsoft account users (excludes Azure AD accounts) in search, new tab page, and earn markets will see the Microsoft Rewards experience in their Microsoft Edge user profile.\n - The setting to enable Microsoft Rewards in Microsoft Edge settings will be enabled and toggled on.",
"property_order": 1845,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ShowMicrosoftRewards"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#showmicrosoftrewards"
}]
},
"ShowOfficeShortcutInFavoritesBar": {
"title": "ShowOfficeShortcutInFavoritesBar - Show Microsoft Office shortcut in favorites bar (deprecated)",
"description": "This policy didn't work as expected due to changes in operational requirements. Therefore it's deprecated and should not be used.\n\nSpecifies whether to include a shortcut to Office.com in the favorites bar. For users signed into Microsoft Edge the shortcut takes users to their Microsoft Office apps and docs.\n If you enable or don't configure this policy, users can choose whether to see the shortcut by changing the toggle in the favorites bar context menu.\n If you disable this policy, the shortcut isn't shown.",
"property_order": 1850,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ShowOfficeShortcutInFavoritesBar"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#showofficeshortcutinfavoritesbar"
}]
},
"ShowPDFDefaultRecommendationsEnabled": {
"title": "ShowPDFDefaultRecommendationsEnabled - Allow notifications to set Microsoft Edge as default PDF reader",
"description": "This policy setting lets you decide whether employees should receive recommendations to set Microsoft Edge as PDF handler.\n\nIf you enable or don't configure this setting, employees receive recommendations from Microsoft Edge to set itself as the default PDF handler.\n\nIf you disable this setting, employees will not receive any notifications from Microsoft Edge to set itself as the default PDF handler.",
"property_order": 1855,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ShowPDFDefaultRecommendationsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#showpdfdefaultrecommendationsenabled"
}]
},
"ShowRecommendationsEnabled": {
"title": "ShowRecommendationsEnabled - Allow feature recommendations and browser assistance notifications from Microsoft Edge",
"description": "This setting controls the in-browser assistance notifications which are intended to help users get the most out of Microsoft Edge. This is done by recommending features and by helping them use browser features. These notifications take the form of dialog boxes, flyouts, coach marks and banners in the browser. An example of an assistance notification would be when a user has many tabs opened in the browser. In this instance Microsoft Edge may prompt the user to try out the vertical tabs feature which is designed to give better browser tab management.\n\nDisabling this policy will stop this message from appearing again even if the user has too many tabs open.\n Any features that have been disabled by a management policy are not suggested to users.\nIf you enable or don't configure this setting, users will receive recommendations or notifications from Microsoft Edge.\n If you disable this setting, users will not receive any recommendations or notifications from Microsoft Edge",
"property_order": 1860,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ShowRecommendationsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#showrecommendationsenabled"
}]
},
"SignedHTTPExchangeEnabled": {
"title": "SignedHTTPExchangeEnabled - Enable Signed HTTP Exchange (SXG) support",
"description": "Enable support for Signed HTTP Exchange (SXG).\n\nIf this policy isn't set or enabled, Microsoft Edge will accept web contents served as Signed HTTP Exchanges.\n\nIf this policy is set to disabled, Signed HTTP Exchanges can't be loaded.",
"property_order": 1865,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SignedHTTPExchangeEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#signedhttpexchangeenabled"
}]
},
"SitePerProcess": {
"title": "SitePerProcess - Enable site isolation for every site",
"description": "The 'SitePerProcess' policy can be used to prevent users from opting out of the default behavior of isolating all sites. Note that you can also use the \"IsolateOrigins\" policy to isolate additional, finer-grained origins.\n\nIf you enable this policy, users can't opt out of the default behavior where each site runs in its own process.\n\nIf you disable or don't configure this policy, a user can opt out of site isolation. (For example, by using \"Disable site isolation\" entry in edge://flags.) Disabling the policy or not configuring the policy doesn't turn off Site Isolation.",
"property_order": 1870,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SitePerProcess"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#siteperprocess"
}]
},
"SleepingTabsBlockedForUrls": {
"title": "SleepingTabsBlockedForUrls - Block sleeping tabs on specific sites",
"description": "Define a list of sites, based on URL patterns, that are not allowed to be put to sleep by sleeping tabs. Sites in this list are also excluded from other performance optimizations like efficiency mode and tab discard.\n\nIf the policy \"SleepingTabsEnabled\" is disabled, this list is not used and no sites will be put to sleep automatically.\n\nIf you don't configure this policy, all sites will be eligible to be put to sleep unless the user's personal configuration blocks them.",
"property_order": 1875,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SleepingTabsBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#sleepingtabsblockedforurls"
}]
},
"SleepingTabsEnabled": {
"title": "SleepingTabsEnabled - Configure sleeping tabs",
"description": "This policy setting lets you configure whether to turn on sleeping tabs. Sleeping tabs reduces CPU, battery, and memory usage by putting idle background tabs to sleep. Microsoft Edge uses heuristics to avoid putting tabs to sleep that do useful work in the background, such as display notifications, play sound, and stream video. By default, sleeping tabs is turned on.\n\nIndividual sites may be blocked from being put to sleep by configuring the policy \"SleepingTabsBlockedForUrls\".\n\nIf you enable this setting, sleeping tabs is turned on.\n\nIf you disable this setting, sleeping tabs is turned off.\n\nIf you don't configure this setting, users can choose whether to use sleeping tabs.",
"property_order": 1880,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SleepingTabsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#sleepingtabsenabled"
}]
},
"SleepingTabsTimeout": {
"title": "SleepingTabsTimeout - Set the background tab inactivity timeout for sleeping tabs",
"description": "This policy setting lets you configure the timeout, in seconds, after which inactive background tabs will be automatically put to sleep if sleeping tabs is enabled. By default, this timeout is 7,200 seconds (2 hours).\n\nTabs are only put to sleep automatically when the policy \"SleepingTabsEnabled\" is enabled or is not configured and the user has enabled the sleeping tabs setting.\n\nIf you don't configure this policy, users can choose the timeout value.\n\nPolicy options mapping:\n\n* 30Seconds (30) = 30 seconds of inactivity\n\n* 5Minutes (300) = 5 minutes of inactivity\n\n* 15Minutes (900) = 15 minutes of inactivity\n\n* 30Minutes (1800) = 30 minutes of inactivity\n\n* 1Hour (3600) = 1 hour of inactivity\n\n* 2Hours (7200) = 2 hours of inactivity\n\n* 3Hours (10800) = 3 hours of inactivity\n\n* 6Hours (21600) = 6 hours of inactivity\n\n* 12Hours (43200) = 12 hours of inactivity\n\nUse the preceding information when configuring this policy.",
"property_order": 1885,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["30Seconds - 30 seconds of inactivity", "5Minutes - 5 minutes of inactivity", "15Minutes - 15 minutes of inactivity", "30Minutes - 30 minutes of inactivity", "1Hour - 1 hour of inactivity", "2Hours - 2 hours of inactivity", "3Hours - 3 hours of inactivity", "6Hours - 6 hours of inactivity", "12Hours - 12 hours of inactivity"]
},
"enum": [30, 300, 900, 1800, 3600, 7200, 10800, 21600, 43200]
}
],
"options": {
"infoText": "SleepingTabsTimeout"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#sleepingtabstimeout"
}]
},
"SmartActionsBlockList": {
"title": "SmartActionsBlockList - Block smart actions for a list of services",
"description": "List specific services, such as PDFs, and websites that don't show smart actions. (Smart actions are actions like \"define\" which are available in full and mini context menus in Microsoft Edge.)\n\nIf you enable the policy:\n - The smart action in the mini and full context menu will be disabled for all profiles for services that match the given list.\n - Users will not see the smart action in the mini and full context menu on text selection for services that match the given list.\n - In Microsoft Edge settings, the smart action in the mini and full context menu will be disabled for services that match the given list.\n\nIf you disable or don't configure this policy:\n - The smart action in the mini and full context menu will be enabled for all profiles.\n - Users will see the smart action in the mini and full context menu on text selection.\n - In Microsoft Edge settings, the smart action in the mini and full context menu will be enabled.\n\nPolicy options mapping:\n\n* smart_actions (smart_actions) = Smart actions in pdfs and on websites\n\n* smart_actions_website (smart_actions_website) = Smart actions on websites\n\n* smart_actions_pdf (smart_actions_pdf) = Smart actions in PDF\n\nUse the preceding information when configuring this policy.",
"property_order": 1890,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SmartActionsBlockList"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#smartactionsblocklist"
}]
},
"SmartScreenAllowListDomains": {
"title": "SmartScreenAllowListDomains - Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings",
"description": "Configure the list of Microsoft Defender SmartScreen trusted domains. This means:\nMicrosoft Defender SmartScreen won't check for potentially malicious resources like phishing software and other malware if the source URLs match these domains.\nThe Microsoft Defender SmartScreen download protection service won't check downloads hosted on these domains.\n\nIf you enable this policy, Microsoft Defender SmartScreen trusts these domains.\nIf you disable or don't set this policy, default Microsoft Defender SmartScreen protection is applied to all resources.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10/11 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.\nNote: If your organization has enabled Microsoft Defender for Endpoint, this policy and any allow list created with it will be ignored. You must configure your allow and block lists in Microsoft 365 Defender portal using Indicators (Settings > Endpoints > Indicators).",
"property_order": 1895,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SmartScreenAllowListDomains"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#smartscreenallowlistdomains"
}]
},
"SmartScreenDnsRequestsEnabled": {
"title": "SmartScreenDnsRequestsEnabled - Enable Microsoft Defender SmartScreen DNS requests",
"description": "This policy lets you configure whether to enable DNS requests made by Microsoft Defender SmartScreen. Note: Disabling DNS requests will prevent Microsoft Defender SmartScreen from getting IP addresses, and potentially impact the IP-based protections provided.\n\nIf you enable or don't configure this setting, Microsoft Defender SmartScreen will make DNS requests.\n\nIf you disable this setting, Microsoft Defender SmartScreen will not make any DNS requests.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.",
"property_order": 1900,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SmartScreenDnsRequestsEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#smartscreendnsrequestsenabled"
}]
},
"SmartScreenEnabled": {
"title": "SmartScreenEnabled - Configure Microsoft Defender SmartScreen",
"description": "This policy setting lets you configure whether to turn on Microsoft Defender SmartScreen. Microsoft Defender SmartScreen provides warning messages to help protect your users from potential phishing scams and malicious software. By default, Microsoft Defender SmartScreen is turned on.\n\nIf you enable this setting, Microsoft Defender SmartScreen is turned on.\n\nIf you disable this setting, Microsoft Defender SmartScreen is turned off.\n\nIf you don't configure this setting, users can choose whether to use Microsoft Defender SmartScreen.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.",
"property_order": 1905,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SmartScreenEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#smartscreenenabled"
}]
},
"SmartScreenPuaEnabled": {
"title": "SmartScreenPuaEnabled - Configure Microsoft Defender SmartScreen to block potentially unwanted apps",
"description": "This policy setting lets you configure whether to turn on blocking for potentially unwanted apps with Microsoft Defender SmartScreen. Potentially unwanted app blocking with Microsoft Defender SmartScreen provides warning messages to help protect users from adware, coin miners, bundleware, and other low-reputation apps that are hosted by websites. Potentially unwanted app blocking with Microsoft Defender SmartScreen is turned off by default.\n\nIf you enable this setting, potentially unwanted app blocking with Microsoft Defender SmartScreen is turned on.\n\nIf you disable this setting, potentially unwanted app blocking with Microsoft Defender SmartScreen is turned off.\n\nIf you don't configure this setting, users can choose whether to use potentially unwanted app blocking with Microsoft Defender SmartScreen.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.",
"property_order": 1910,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SmartScreenPuaEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#smartscreenpuaenabled"
}]
},
"SpeechRecognitionEnabled": {
"title": "SpeechRecognitionEnabled - Configure Speech Recognition",
"description": "Set whether websites can use the W3C Web Speech API to recognize speech from the user. The Microsoft Edge implementation of the Web Speech API uses Azure Cognitive Services, so voice data will leave the machine.\n\nIf you enable or don't configure this policy, web-based applications that use the Web Speech API can use Speech Recognition.\n\nIf you disable this policy, Speech Recognition is not available through the Web Speech API.\n\nRead more about this feature here:\nSpeechRecognition API: https://go.microsoft.com/fwlink/?linkid=2143388\nCognitive Services: https://go.microsoft.com/fwlink/?linkid=2143680",
"property_order": 1915,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SpeechRecognitionEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#speechrecognitionenabled"
}]
},
"SpellcheckEnabled": {
"title": "SpellcheckEnabled - Enable spellcheck",
"description": "If you enable or don't configure this policy, the user can use spellcheck.\n\nIf you disable this policy, the user can't use spellcheck and the \"SpellcheckLanguage\" and \"SpellcheckLanguageBlocklist\" policies are also disabled.",
"property_order": 1920,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SpellcheckEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#spellcheckenabled"
}]
},
"SplitScreenEnabled": {
"title": "SplitScreenEnabled - Enable split screen feature in Microsoft Edge",
"description": "This policy lets you configure the split screen feature in Microsoft Edge. This feature lets a user open two web pages in one tab.\n\nIf you enable or don't configure this policy, users can use the split screen feature in Microsoft Edge.\n\nIf you disable this policy, users can't use the split screen feature in Microsoft Edge.",
"property_order": 1925,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SplitScreenEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#splitscreenenabled"
}]
},
"SuppressUnsupportedOSWarning": {
"title": "SuppressUnsupportedOSWarning - Suppress the unsupported OS warning",
"description": "Suppresses the warning that appears when Microsoft Edge is running on a computer or operating system that is no longer supported.\n\nIf this policy is false or unset, the warnings will appear on such unsupported computers or operating systems.",
"property_order": 1930,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SuppressUnsupportedOSWarning"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#suppressunsupportedoswarning"
}]
},
"SwitchIntranetSitesToWorkProfile": {
"title": "SwitchIntranetSitesToWorkProfile - Switch intranet sites to a work profile",
"description": "Allows Microsoft Edge to switch to the appropriate profile when Microsoft Edge detects that a URL is the intranet.\n\nIf you enable or don't configure this policy, navigations to intranet URLs will switch to the most recently used work profile if one exists.\n\nIf you disable this policy, navigations to intranet URLs will remain in the current browser profile.",
"property_order": 1935,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SwitchIntranetSitesToWorkProfile"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#switchintranetsitestoworkprofile"
}]
},
"SyncDisabled": {
"title": "SyncDisabled - Disable synchronization of data using Microsoft sync services",
"description": "Disables data synchronization in Microsoft Edge. This policy also prevents the sync consent prompt from appearing.\n\nThis policy disables cloud synchronization only and has no impact on the \"RoamingProfileSupportEnabled\" policy.\n\nIf you don't set this policy or apply it as recommended, users will be able to turn sync on or off. If you apply this policy as mandatory, users will not be able to turn sync on.",
"property_order": 1940,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "SyncDisabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#syncdisabled"
}]
},
"SyncTypesListDisabled": {
"title": "SyncTypesListDisabled - Configure the list of types that are excluded from synchronization",
"description": "If you enable this policy all the specified data types will be excluded from synchronization. This policy can be used to limit the type of data uploaded to the Microsoft Edge synchronization service.\n\nYou can provide one of the following data types for this policy: \"favorites\", \"settings\", \"passwords\", \"addressesAndMore\", \"extensions\", \"history\", \"openTabs\", \"edgeWallet\", and \"collections\". The \"apps\" data type will be supported starting in Microsoft Edge version 100. Note that these data type names are case sensitive.\n\nUsers will not be able to override the disabled data types.",
"property_order": 1945,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "SyncTypesListDisabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#synctypeslistdisabled"
}]
},
"TLSCipherSuiteDenyList": {
"title": "TLSCipherSuiteDenyList - Specify the TLS cipher suites to disable",
"description": "Configure the list of cipher suites that are disabled for TLS connections.\n\nIf you configure this policy, the list of configured cipher suites will not be used when establishing TLS connections.\n\nIf you don't configure this policy, the browser will choose which TLS cipher suites to use.\n\nCipher suite values to be disabled are specified as 16-bit hexadecimal values. The values are assigned by the Internet Assigned Numbers Authority (IANA) registry.\n\nThe TLS 1.3 cipher suite TLS_AES_128_GCM_SHA256 (0x1301) is required for TLS 1.3 and can't be disabled by this policy.\n\nThis policy does not affect QUIC-based connections. QUIC can be turned off via the \"QuicAllowed\" policy.",
"property_order": 1950,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "TLSCipherSuiteDenyList"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#tlsciphersuitedenylist"
}]
},
"TabCaptureAllowedByOrigins": {
"title": "TabCaptureAllowedByOrigins - Allow Tab capture by these origins",
"description": "Setting the policy lets you set a list of URL patterns that can use Tab Capture.\n\nLeaving the policy unset means that sites will not be considered for an override at this scope of capture.\n\nThis policy is not considered if a site matches a URL pattern in the \"SameOriginTabCaptureAllowedByOrigins\" policy.\n\nIf a site matches a URL pattern in this policy, the following policies will not be considered: \"WindowCaptureAllowedByOrigins\", \"ScreenCaptureAllowedByOrigins\", \"ScreenCaptureAllowed\".\n\nFor detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. This policy only matches based on origin, so any path in the URL pattern is ignored.",
"property_order": 1955,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "TabCaptureAllowedByOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#tabcaptureallowedbyorigins"
}]
},
"TabServicesEnabled": {
"title": "TabServicesEnabled - Enable tab organization suggestions",
"description": "This policy controls whether Microsoft Edge can use its tab organization service to help name or suggest tab groups to increase productivity.\n\nIf you enable or don't configure this policy, when a user creates a tab group or activates certain \"Group Similar Tabs\" features Microsoft Edge sends tab data to its tab organization service. This data includes URLs, page titles, and existing group information. The service uses this data to return suggestions for better groupings and group names.\n\nIf you disable this policy, no data will be sent to the tab organization service. Microsoft Edge won't suggest group names when a group is created and certain \"Group Similar Tabs\" features that rely on the service won't be available.",
"property_order": 1960,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "TabServicesEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#tabservicesenabled"
}]
},
"TaskManagerEndProcessEnabled": {
"title": "TaskManagerEndProcessEnabled - Enable ending processes in the Browser task manager",
"description": "If you enable or don't configure this policy, users can end processes in the Browser task manager. If you disable it, users can't end processes, and the End process button is disabled in the Browser task manager.",
"property_order": 1965,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "TaskManagerEndProcessEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#taskmanagerendprocessenabled"
}]
},
"TextPredictionEnabled": {
"title": "TextPredictionEnabled - Text prediction enabled by default",
"description": "The Microsoft Turing service uses natural language processing to generate predictions for long-form editable text fields on web pages.\n\nIf you enable or don't configure this policy, text predictions will be provided for eligible text fields.\n\nIf you disable this policy, text predictions will not be provided in eligible text fields. Sites may still provide their own text predictions.",
"property_order": 1970,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "TextPredictionEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#textpredictionenabled"
}]
},
"ThirdPartyStoragePartitioningBlockedForOrigins": {
"title": "ThirdPartyStoragePartitioningBlockedForOrigins - Block third-party storage partitioning for these origins",
"description": "Lets you set a list of url patterns that specify top-level origins (the url in the tab's address bar) that block third-party (cross-origin iframe) storage partitioning.\n\nIf this policy isn't set or a top-level origin doesn't match, then the value from \"DefaultThirdPartyStoragePartitioningSetting\" will be used.\n\nNote that the patterns you list are treated as origins, not URLs, so you shouldn't specify a path.",
"property_order": 1975,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "ThirdPartyStoragePartitioningBlockedForOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#thirdpartystoragepartitioningblockedfororigins"
}]
},
"TotalMemoryLimitMb": {
"title": "TotalMemoryLimitMb - Set limit on megabytes of memory a single Microsoft Edge instance can use",
"description": "Configures the amount of memory that a single Microsoft Edge instance can use before tabs start getting discarded to save memory. The memory used by the tab will be freed and the tab will have to be reloaded when switched to.\n\nIf you enable this policy, the browser will start to discard tabs to save memory once the limitation is exceeded. However, there is no guarantee that the browser is always running under the limit. Any value under 1024 will be rounded up to 1024.\n\nIf you don't set this policy, the browser will only attempt to save memory when it has detected that the amount of physical memory on its machine is low.",
"property_order": 1980,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer"
}
],
"options": {
"infoText": "TotalMemoryLimitMb"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#totalmemorylimitmb"
}]
},
"TrackingPrevention": {
"title": "TrackingPrevention - Block tracking of users' web-browsing activity",
"description": "Lets you decide whether to block websites from tracking users' web-browsing activity.\n\nIf you disable this policy or don't configure it, users can set their own level of tracking prevention.\n\nPolicy options mapping:\n\n* TrackingPreventionOff (0) = Off (no tracking prevention)\n\n* TrackingPreventionBasic (1) = Basic (blocks harmful trackers, content and ads will be personalized)\n\n* TrackingPreventionBalanced (2) = Balanced (blocks harmful trackers and trackers from sites user has not visited; content and ads will be less personalized)\n\n* TrackingPreventionStrict (3) = Strict (blocks harmful trackers and majority of trackers from all sites; content and ads will have minimal personalization. Some parts of sites might not work)\n\nUse the preceding information when configuring this policy.",
"property_order": 1985,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["TrackingPreventionOff - Off (no tracking prevention)", "TrackingPreventionBasic - Basic (blocks harmful trackers, content and ads will be personalized)", "TrackingPreventionBalanced - Balanced (blocks harmful trackers and trackers from sites user has not visited; content and ads will be less personalized)", "TrackingPreventionStrict - Strict (blocks harmful trackers and majority of trackers from all sites; content and ads will have minimal personalization. Some parts of sites might not work)"]
},
"enum": [0, 1, 2, 3]
}
],
"options": {
"infoText": "TrackingPrevention"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#trackingprevention"
}]
},
"TranslateEnabled": {
"title": "TranslateEnabled - Enable Translate",
"description": "Enables the integrated Microsoft translation service on Microsoft Edge.\n\nIf you enable this policy, Microsoft Edge offers to translate a webpage by showing an integrated translate flyout when the language detected on a webpage isn't listed under preferred languages. A translate option is available on the right-click context menu.\n\nUsers can also translate selected text on a webpage via the right-click context menu, or on a PDF via the PDF toolbar and the right-click context menu.\n\nIf you don't configure this policy, the policy is enabled by default. Users can choose whether to use the translation functionality or not.\n\nYou can disable this policy to disable all built-in translate features.",
"property_order": 1990,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "TranslateEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#translateenabled"
}]
},
"TyposquattingAllowListDomains": {
"title": "TyposquattingAllowListDomains - Configure the list of domains for which Edge Website Typo Protection won't trigger warnings",
"description": "Configure the list of Edge Website Typo Protection trusted domains. This means:\nEdge Website Typo Protection won't check for potentially malicious typosquatting websites.\n\nIf you enable this policy, Edge Website Typo Protection trusts these domains.\nIf you disable or don't set this policy, default Edge Website Typo Protection protection is applied to all resources.\n\nThis will only take effect when TyposquattingCheckerEnabled policy is not set or set to enabled.\n\nThis policy is available only on Windows instances that are joined to a Microsoft Active Directory domain, Windows 10/11 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a domain via MCX.\nAlso note that this policy does not apply if your organization has enabled Microsoft Defender for Endpoint. You must configure your allow and block lists in Microsoft 365 Defender portal using Indicators (Settings > Endpoints > Indicators).",
"property_order": 1995,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "TyposquattingAllowListDomains"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#typosquattingallowlistdomains"
}]
},
"TyposquattingCheckerEnabled": {
"title": "TyposquattingCheckerEnabled - Configure Edge Website Typo Protection",
"description": "This policy setting lets you configure whether to turn on Edge Website Typo Protection. Edge Website Typo Protection provides warning messages to help protect your users from potential typosquatting sites. By default, Edge Website Typo Protection is turned on.\n\nIf you enable this policy, Edge Website Typo Protection is turned on.\n\nIf you disable this policy, Edge Website Typo Protection is turned off.\n\nIf you don't configure this policy, Edge Website Typo Protection is turned on but users can choose whether to use Edge Website Typo Protection.",
"property_order": 2000,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "TyposquattingCheckerEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#typosquattingcheckerenabled"
}]
},
"URLAllowlist": {
"title": "URLAllowlist - Define a list of allowed URLs",
"description": "Setting the policy provides access to the listed URLs, as exceptions to \"URLBlocklist\".\n\nFormat the URL pattern according to https://go.microsoft.com/fwlink/?linkid=2095322.\n\nYou can use this policy to open exceptions to restrictive block lists. For example, you can include '*' in the block list to block all requests, and then use this policy to allow access to a limited list of URLs. You can use this policy to open exceptions to certain schemes, subdomains of other domains, ports, or specific paths.\n\nThe most specific filter determines if a URL is blocked or allowed. The allowed list takes precedence over the block list.\n\nThis policy is limited to 1000 entries; subsequent entries are ignored.\n\nThis policy also allows the browser to automatically invoke external applications registered as protocol handlers for protocols like \"tel:\" or \"ssh:\".\n\nIf you don't configure this policy, there are no exceptions to the block list in the \"URLBlocklist\" policy.\n\nThis policy does not work as expected with file://* wildcards.",
"property_order": 2005,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "URLAllowlist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#urlallowlist"
}]
},
"URLBlocklist": {
"title": "URLBlocklist - Block access to a list of URLs",
"description": "Define a list of sites, based on URL patterns, that are blocked (your users can't load them).\n\nFormat the URL pattern according to https://go.microsoft.com/fwlink/?linkid=2095322.\n\nYou can define exceptions in the \"URLAllowlist\" policy. These policies are limited to 1000 entries; subsequent entries are ignored.\n\nNote that blocking internal 'edge://*' URLs isn't recommended - this may lead to unexpected errors.\n\nThis policy doesn't prevent the page from updating dynamically through JavaScript. For example, if you block 'contoso.com/abc', users might still be able to visit 'contoso.com' and click on a link to visit 'contoso.com/abc', as long as the page doesn't refresh.\n\nIf you don't configure this policy, no URLs are blocked.\n\nThis policy does not work as expected with file://* wildcards.",
"property_order": 2010,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "URLBlocklist"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#urlblocklist"
}]
},
"UnthrottledNestedTimeoutEnabled": {
"title": "UnthrottledNestedTimeoutEnabled - JavaScript setTimeout will not be clamped until a higher nesting threshold is set (deprecated)",
"description": "This policy is deprecated because it is a temporary policy for web standards compliance. It won't work in Microsoft Edge as soon as version 107.\nIf you enable this policy, the JavaScript setTimeout and setInterval, with an interval smaller than 4ms, will not be clamped. This improves short horizon performance, but websites abusing the API will still eventually have their setTimeout usages clamped.\nIf you disable or don't configure policy, the JavaScript setTimeout and setInterval, with an interval smaller than 4ms, will be clamped.\n\nThis is a web standards compliancy feature that may change task ordering on a web page, leading to unexpected behavior on sites that are dependent on a certain ordering.\nIt also may affect sites with a lot of usage of a timeout of 0ms for setTimeout. For example, increasing CPU load.",
"property_order": 2015,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "UnthrottledNestedTimeoutEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#unthrottlednestedtimeoutenabled"
}]
},
"UpdatePolicyOverride": {
"title": "UpdatePolicyOverride - Specifies how Microsoft Edge Update handles available updates from Microsoft Edge",
"description": "If you enable this policy, Microsoft Edge Update handles Microsoft Edge updates according to how you configure the following options:\n\n- Automatic silent updates only: Updates are applied only when they're found by the periodic update check.\n\n- Manual updates only: Updates are applied only when the user runs a manual update check. (Not all apps provide an interface for this option.)\n\nIf you select manual updates, make sure you periodically check for updates by using Microsoft Autoupdate.\n\nIf you don't enable and configure this policy, Microsoft Edge Update automatically checks for updates.\n\nPolicy options mapping:\n\n* automatic-silent-only (automatic-silent-only) = Updates are applied only when they're found by the periodic update check.\n\n* manual-only (manual-only) = Updates are applied only when the user runs a manual update check. (Not all apps provide an interface for this option.)\n\nUse the preceding information when configuring this policy.",
"property_order": 2020,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string",
"options": {
"enum_titles": ["automatic-silent-only - Updates are applied only when they're found by the periodic update check.", "manual-only - Updates are applied only when the user runs a manual update check. (Not all apps provide an interface for this option.)"]
},
"enum": ["automatic-silent-only", "manual-only"]
}
],
"options": {
"infoText": "UpdatePolicyOverride"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#updatepolicyoverride"
}]
},
"UploadFromPhoneEnabled": {
"title": "UploadFromPhoneEnabled - Enable upload files from mobile in Microsoft Edge desktop",
"description": "This policy lets you configure the \"Upload from mobile\" feature in Microsoft Edge.\n\nUpload from mobile lets users select file from mobile devices to desktop when user upload file in a webpage in Microsoft Edge.\n\nIf you enable or don't configure this policy, you can use the Upload from mobile feature in Microsoft Edge.\n\nIf you disable this policy, you can't use the Upload from mobile feature in Microsoft Edge.",
"property_order": 2025,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "UploadFromPhoneEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#uploadfromphoneenabled"
}]
},
"UrlDiagnosticDataEnabled": {
"title": "UrlDiagnosticDataEnabled - URL reporting in Edge diagnostic data enabled",
"description": "Controls sending URLs of pages visited and per-page usage in the Microsoft Edge optional diagnostics data to Microsoft to help make browsing and search better. This also includes identifiers and usage diagnostics of other browser components that can modify or provide content, such as extensions.\n\nThis policy is applicable only if the \"DiagnosticData\" setting is set to 'OptionalData'. See the description of \"DiagnosticData\" for more information on how Microsoft Edge diagnostic data levels are set.\n\nIf you enable or don't configure this setting, URLs are provided in optional diagnostic data.\n\nIf you disable this setting, URLs are not reported in optional diagnostic data.",
"property_order": 2030,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "UrlDiagnosticDataEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#urldiagnosticdataenabled"
}]
},
"UserAgentClientHintsGREASEUpdateEnabled": {
"title": "UserAgentClientHintsGREASEUpdateEnabled - Control the User-Agent Client Hints GREASE Update feature (deprecated)",
"description": "The User-Agent GREASE specification recommends the inclusion of additional GREASE characters beyond the current semicolon and space, and recommends that the arbitrary version number be varied over time.\n\nWhen enabled, the User-Agent Client Hints GREASE Update feature aligns the User-Agent GREASE algorithm with the latest version from the specification. The updated specification may break some websites that restrict the characters that requests may contain. For more information, see the following specification: https://wicg.github.io/ua-client-hints/#grease\n\nIf this policy is enabled or not configured, the User-Agent GREASE algorithm from the specification will be used. If the policy is disabled, the prior User-Agent GREASE algorithm will be used.\n\nThis policy will be removed in release 133. This policy is deprecated as the updated GREASE algorithm has been on by default since Microsoft Edge version 102.",
"property_order": 2035,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "UserAgentClientHintsGREASEUpdateEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#useragentclienthintsgreaseupdateenabled"
}]
},
"UserAgentReduction": {
"title": "UserAgentReduction - Enable or disable the User-Agent Reduction",
"description": "The User-Agent HTTP request header is scheduled to be reduced. To facilitate testing and compatibility, this policy can enable the reduction feature for all websites, or disable the ability for origin trials, or field trials to enable the feature.\n\nIf you don't configure this policy or set it to Default, User-Agent will be controlled by experimentation.\n\nSet this policy to 'ForceEnabled' to force the reduced version of the User-Agent request header.\n\nSet this policy to 'ForceDisabled' to force the full version of the User-Agent request header.\n\nTo learn more about the User-Agent string, read here:\n\nhttps://go.microsoft.com/fwlink/?linkid=2186267\n\nPolicy options mapping:\n\n* Default (0) = User-Agent reduction will be controllable via Experimentation\n\n* ForceDisabled (1) = User-Agent reduction diabled, and not enabled by Experimentation\n\n* ForceEnabled (2) = User-Agent reduction will be enabled for all origins\n\nUse the preceding information when configuring this policy.",
"property_order": 2040,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "integer",
"options": {
"enum_titles": ["Default - User-Agent reduction will be controllable via Experimentation", "ForceDisabled - User-Agent reduction diabled, and not enabled by Experimentation", "ForceEnabled - User-Agent reduction will be enabled for all origins"]
},
"enum": [0, 1, 2]
}
],
"options": {
"infoText": "UserAgentReduction"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#useragentreduction"
}]
},
"UserDataDir": {
"title": "UserDataDir - Set the user data directory",
"description": "Set the directory to use for storing user data.\n\nIf you enable this policy, Microsoft Edge uses the specified directory regardless of whether the user has set the '--user-data-dir' command-line flag.\n\nIf you don't enable this policy, the default profile path is used, but the user can override it by using the '--user-data-dir' flag. Users can find the directory for the profile at edge://version/ under profile path.\n\nTo avoid data loss or other errors, don't configure this policy to a volume's root directory or to a directory that's used for other purposes, because Microsoft Edge manages its contents.\n\nSee https://go.microsoft.com/fwlink/?linkid=2095041 for a list of variables that can be used.",
"property_order": 2045,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "UserDataDir"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#userdatadir"
}]
},
"UserFeedbackAllowed": {
"title": "UserFeedbackAllowed - Allow user feedback",
"description": "Microsoft Edge uses the Edge Feedback feature (enabled by default) to allow users to send feedback, suggestions or customer surveys and to report any issues with the browser. Also, by default, users can't disable (turn off) the Edge Feedback feature.\n\nStarting in Microsoft Edge 105, if the user is signed into Microsoft Edge with their work or school account, their feedback is associated with their account and organization.\n\nIf you enable this policy or don't configure it, users can invoke Edge Feedback.\n\nIf you disable this policy, users can't invoke Edge Feedback.",
"property_order": 2050,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "UserFeedbackAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#userfeedbackallowed"
}]
},
"VerticalTabsAllowed": {
"title": "VerticalTabsAllowed - Configures availability of a vertical layout for tabs on the side of the browser",
"description": "Configures whether a user can access an alternative layout where tabs are vertically aligned on the side of the browser instead of at the top.\nWhen there are several tabs open, this layout provides better tab viewing and management. There's better visibility of the site titles,\nit's easier to scan aligned icons, and there's more space to manage and close tabs.\n\nIf you disable this policy, then the vertical tab layout will not be available as an option for users.\n\nIf you enable or don't configure this policy, the tab layout will still be at the top, but a user has the option to turn on vertical tabs on the side.",
"property_order": 2055,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "VerticalTabsAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#verticaltabsallowed"
}]
},
"VideoCaptureAllowed": {
"title": "VideoCaptureAllowed - Allow or block video capture",
"description": "Control whether sites can capture video.\n\nIf enabled or not configured (default), the user will be asked about video capture access for all sites except those with URLs configured in the \"VideoCaptureAllowedUrls\" policy list, which will be granted access without prompting.\n\nIf you disable this policy, the user isn't prompted, and video capture is only available to URLs configured in \"VideoCaptureAllowedUrls\" policy.\n\nThis policy affects all types of video inputs, not only the built-in camera.",
"property_order": 2060,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "VideoCaptureAllowed"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#videocaptureallowed"
}]
},
"VideoCaptureAllowedUrls": {
"title": "VideoCaptureAllowedUrls - Sites that can access video capture devices without requesting permission",
"description": "Specify websites, based on URL patterns, that can use video capture devices without asking the user for permission. Patterns in this list are matched against the security origin of the requesting URL. If they match, the site is automatically granted access to video capture devices. Note, however, that the pattern \"*\", which matches any URL, is not supported by this policy.",
"property_order": 2065,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "VideoCaptureAllowedUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#videocaptureallowedurls"
}]
},
"VisualSearchEnabled": {
"title": "VisualSearchEnabled - Visual search enabled",
"description": "Visual search lets you quickly explore more related content about entities in an image.\n\nIf you enable or don't configure this policy, visual search will be enabled via image hover, context menu, and search in sidebar.\n\nIf you disable this policy, visual search will be disabled and you won't be able to get more info about images via hover, context menu, and search in sidebar.\n\nNote: Visual Search in Web Capture is still managed by \"WebCaptureEnabled\" policy.",
"property_order": 2070,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "VisualSearchEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#visualsearchenabled"
}]
},
"WPADQuickCheckEnabled": {
"title": "WPADQuickCheckEnabled - Set WPAD optimization",
"description": "Allows you to turn off WPAD (Web Proxy Auto-Discovery) optimization in Microsoft Edge.\n\nIf you disable this policy, WPAD optimization is disabled, which makes the browser wait longer for DNS-based WPAD servers.\n\nIf you enable or don't configure the policy, WPAD optimization is enabled.\n\nIndependent of whether or how this policy is enabled, the WPAD optimization setting cannot be changed by users.",
"property_order": 2075,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "WPADQuickCheckEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#wpadquickcheckenabled"
}]
},
"WalletDonationEnabled": {
"title": "WalletDonationEnabled - Wallet Donation Enabled",
"description": "The Wallet Donation feature in Microsoft Edge allows users to view their donation summary, explore Nonprofit organizations (NPOs), donate to an NPO, manage their monthly donations, and view their donation history.\n\nIf you enable or don't configure this policy, users can use the Wallet Donation feature.\n\nIf you disable this policy, users can't use the Wallet Donation feature.",
"property_order": 2080,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "WalletDonationEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#walletdonationenabled"
}]
},
"WebAppInstallForceList": {
"title": "WebAppInstallForceList - not configurable in UI, please craft plist",
"description": "Setting the policy specifies a list of web apps that install silently, without user interaction, and which users can't uninstall or turn off.\n\nEach list item of the policy is an object with a mandatory member:\nurl (the URL of the web app to install)\n\nand 6 optional members:\n- default_launch_container\n(for how the web app opens—a new tab is the default)\n\n- create_desktop_shortcut\n(True if you want to create Linux and\nMicrosoft Windows desktop shortcuts).\n\n- fallback_app_name\n(Starting with Microsoft Edge version 90,\nallows you to override the app name if it is not a\nProgressive Web App (PWA), or the app name that is temporarily\ninstalled if it is a PWA but authentication is required before the\ninstallation can be completed. If both\ncustom_name and\nfallback_app_name are provided,\nthe latter will be ignored.)\n\n- custom_name\n(Starting with Microsoft Edge version 112\non all desktop platforms, allows you to permanently override the app name for all\nweb apps and PWAs.)\n\n- custom_icon\n(Starting with Microsoft Edge version 112\non all desktop platforms, allows you to override the app icon of installed apps.\nThe icons have to be square, maximal 1 MB in size, and in one of the following formats:\njpeg, png, gif, webp, ico. The hash value has to be the SHA256 hash of the icon file.)\n\n- install_as_shortcut\n(Starting with Microsoft Edge\nversion 107). If enabled the given url will be installed as a shortcut,\nas if done via the \"Create Shortcut...\" option in the desktop browser GUI.\nNote that when installed as a shortcut it won't be updated if the manifest in url changes.\nIf disabled or unset, the web app at the given url will be installed normally.\n(Not currently supported in Microsoft Edge.)",
"property_order": 2085,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "WebAppInstallForceList"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webappinstallforcelist"
}]
},
"WebAppSettings": {
"title": "WebAppSettings - not configurable in UI, please craft plist",
"description": "This policy allows an admin to specify settings for installed web apps. This policy maps a Web App ID to its specific setting. A default configuration can be set using the special ID *, which applies to all web apps without a custom configuration in this policy.\n\n- The manifest_id field is the Manifest ID for the Web App.\nSee https://developer.chrome.com/blog/pwa-manifest-id/\nfor instructions on how to determine the Manifest ID for an installed web app.\n- The run_on_os_login field specifies if a web app can be run during OS login.\nIf this field is set to blocked, the web app will not run during OS login and the user will not be able to enable this later.\nIf this field is set to run_windowed, the web app will run during OS login and the user won't be able to disable this later.\nIf this field is set to allowed, the user will be able to configure the web app to run at OS login.\nThe default policy configuration only allows the allowed and blocked values.\n- (Starting with Microsoft Edge version 120) The prevent_close_after_run_on_os_login field specifies if a web app can be prevented from closing in any way.\nFor example, by the user, by task manager, or by web APIs. This behavior can only be enabled if run_on_os_login is set to run_windowed.\nIf the app is already running, this setting will only take effect after the app is restarted.\nIf this field isn't defined, users can close the app.\n(This is currently not supported in Microsoft Edge.)\n- (Since version 118) The force_unregister_os_integration field specifies if all OS integration for a web app, that is, shortcuts, file handlers, protocol handlers and so on will be removed or not.\nIf an app is already running, this property will come into effect after the app restarts.\nThis should be used with caution, since it can override any OS integration that is set automatically during the startup of the web applications system. This currently only works on Windows, Mac and Linux platforms.",
"property_order": 2090,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "WebAppSettings"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webappsettings"
}]
},
"WebCaptureEnabled": {
"title": "WebCaptureEnabled - Enable the Screenshot (previously named Web Capture) feature in Microsoft Edge",
"description": "Note: The web capture feature is rebranded to \"Screenshot\".\n\nEnables the Screenshot feature in Microsoft Edge. This feature lets users capture web and PDF content, and annotate captures using inking tools. Users can also do a visual image search based on the captured content.\n\nIf you enable or don't configure this policy, the Screenshot option appears in the context menu, the Settings and more menu, and by using the keyboard shortcut, CTRL+SHIFT+S.\n\nIf you disable this policy, users can't access this feature in Microsoft Edge.",
"property_order": 2095,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "WebCaptureEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webcaptureenabled"
}]
},
"WebHidAllowAllDevicesForUrls": {
"title": "WebHidAllowAllDevicesForUrls - Allow listed sites to connect to any HID device",
"description": "This setting allows you to list sites which are automatically granted permission to access all available devices.\n\nThe URLs must be valid or the policy is ignored. Only the origin (scheme, host and port) of the URL is evaluated.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.\n\nThis policy overrides \"DefaultWebHidGuardSetting\", \"WebHidAskForUrls\", \"WebHidBlockedForUrls\" and the user's preferences.",
"property_order": 2100,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "WebHidAllowAllDevicesForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webhidallowalldevicesforurls"
}]
},
"WebHidAllowDevicesForUrls": {
"title": "WebHidAllowDevicesForUrls - not configurable in UI, please craft plist",
"description": "This setting lets you list the URLs that specify which sites are automatically granted permission to access a HID device with the given vendor and product IDs.\n\nSetting the policy Each item in the list requires both devices and urls fields for the item to be valid, otherwise the item is ignored.\n\n * Each item in the devices field must have a vendor_id and may have a product_id field.\n\n * Omitting the product_id field will create a policy matching any device with the specified vendor ID.\n\n * An item which has a product_id field without a vendor_id field is invalid and is ignored.\n\nIf you don't set this policy, that means \"DefaultWebHidGuardSetting\" applies, if it's set. If not, the user's personal setting applies.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.\n\nURLs in this policy shouldn't conflict with those configured through \"WebHidBlockedForUrls\". If they do, this policy takes precedence over \"WebHidBlockedForUrls\".",
"property_order": 2105,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "WebHidAllowDevicesForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webhidallowdevicesforurls"
}]
},
"WebHidAllowDevicesWithHidUsagesForUrls": {
"title": "WebHidAllowDevicesWithHidUsagesForUrls - not configurable in UI, please craft plist",
"description": "This setting allows you to list the URLs that specify which sites are automatically granted permission to access a HID device containing a top-level collection with the given HID usage.\n\nEach item in the list requires both usages and urls fields for the policy to be valid.\n\n * Each item in the usages field must have a usage_page and may have a usage field.\n\n * Omitting the usage field will create a policy matching any device containing a top-level collection with a usage from the specified usage page.\n\n * An item which has a usage field without a usage_page field is invalid and is ignored.\n\nIf you don't set this policy, that means \"DefaultWebHidGuardSetting\" applies, if it's set. If not, the user's personal setting applies.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.\n\nURLs in this policy shouldn't conflict with those configured through \"WebHidBlockedForUrls\". If they do, this policy takes precedence over \"WebHidBlockedForUrls\".",
"property_order": 2110,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "WebHidAllowDevicesWithHidUsagesForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webhidallowdeviceswithhidusagesforurls"
}]
},
"WebHidAskForUrls": {
"title": "WebHidAskForUrls - Allow the WebHID API on these sites",
"description": "Setting the policy lets you list the URL patterns that specify which sites can ask users to grant them access to a HID device.\n\nLeaving the policy unset means \"DefaultWebHidGuardSetting\" applies for all sites, if it's set. If not, users' personal settings apply.\n\nFor URL patterns that don't match the policy, the following values are applied in order of precedence:\n\n * \"WebHidBlockedForUrls\" (if there is a match),\n\n * \"DefaultWebHidGuardSetting\" (if set), or\n\n * Users' personal settings.\n\nURL patterns must not conflict with \"WebHidBlockedForUrls\". Neither policy takes precedence if a URL matches both patterns.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.",
"property_order": 2115,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "WebHidAskForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webhidaskforurls"
}]
},
"WebHidBlockedForUrls": {
"title": "WebHidBlockedForUrls - Block the WebHID API on these sites",
"description": "Setting the policy lets you list the URL patterns that specify which sites can't ask users to grant them access to a HID device.\n\nLeaving the policy unset means \"DefaultWebHidGuardSetting\" applies for all sites, if it's set. If not, users' personal settings apply.\n\nFor URL patterns that don't match the policy, the following values are applied in order of precedence:\n\n * \"WebHidAskForUrls\" (if there is a match),\n\n * \"DefaultWebHidGuardSetting\" (if set), or\n\n * Users' personal settings.\n\nURL patterns can't conflict with \"WebHidAskForUrls\". Neither policy takes precedence if a URL matches both patterns.\n\nFor detailed information about valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. * is not an accepted value for this policy.",
"property_order": 2120,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "WebHidBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webhidblockedforurls"
}]
},
"WebRtcLocalIpsAllowedUrls": {
"title": "WebRtcLocalIpsAllowedUrls - Manage exposure of local IP addressess by WebRTC",
"description": "Specifies a list of origins (URLs) or hostname patterns (like \"*contoso.com*\") for which local IP address should be exposed by WebRTC.\n\nIf you enable this policy and set a list of origins (URLs) or hostname patterns, when edge://flags/#enable-webrtc-hide-local-ips-with-mdns is Enabled, WebRTC will expose the local IP address for cases that match patterns in the list.\n\nIf you disable or don't configure this policy, and edge://flags/#enable-webrtc-hide-local-ips-with-mdns is Enabled, WebRTC will not expose local IP addresses. The local IP address is concealed with an mDNS hostname.\n\nIf you enable, disable, or don't configure this policy, and edge://flags/#enable-webrtc-hide-local-ips-with-mdns is Disabled, WebRTC will expose local IP addresses.\n\nPlease note that this policy weakens the protection of local IP addresses that might be needed by administrators.",
"property_order": 2125,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "WebRtcLocalIpsAllowedUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webrtclocalipsallowedurls"
}]
},
"WebRtcLocalhostIpHandling": {
"title": "WebRtcLocalhostIpHandling - Restrict exposure of local IP address by WebRTC",
"description": "Allows you to set whether or not WebRTC exposes the user's local IP address.\n\nIf you set this policy to \"AllowAllInterfaces\" or \"AllowPublicAndPrivateInterfaces\", WebRTC exposes the local IP address.\n\nIf you set this policy to \"AllowPublicInterfaceOnly\" or \"DisableNonProxiedUdp\", WebRTC doesn't expose the local IP address.\n\nIf you don't set this policy, or if you disable it, WebRTC exposes the local IP address.\n\nNote: This policy does not provide an option to exclude specific domains.\n\nPolicy options mapping:\n\n* AllowAllInterfaces (default) = Allow all interfaces. This exposes the local IP address\n\n* AllowPublicAndPrivateInterfaces (default_public_and_private_interfaces) = Allow public and private interfaces over http default route. This exposes the local IP address\n\n* AllowPublicInterfaceOnly (default_public_interface_only) = Allow public interface over http default route. This doesn't expose the local IP address\n\n* DisableNonProxiedUdp (disable_non_proxied_udp) = Use TCP unless proxy server supports UDP. This doesn't expose the local IP address\n\nUse the preceding information when configuring this policy.",
"property_order": 2130,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string",
"options": {
"enum_titles": ["AllowAllInterfaces - Allow all interfaces. This exposes the local IP address", "AllowPublicAndPrivateInterfaces - Allow public and private interfaces over http default route. This exposes the local IP address", "AllowPublicInterfaceOnly - Allow public interface over http default route. This doesn't expose the local IP address", "DisableNonProxiedUdp - Use TCP unless proxy server supports UDP. This doesn't expose the local IP address"]
},
"enum": ["default", "default_public_and_private_interfaces", "default_public_interface_only", "disable_non_proxied_udp"]
}
],
"options": {
"infoText": "WebRtcLocalhostIpHandling"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webrtclocalhostiphandling"
}]
},
"WebRtcUdpPortRange": {
"title": "WebRtcUdpPortRange - Restrict the range of local UDP ports used by WebRTC",
"description": "Restricts the UDP port range used by WebRTC to a specified port interval (endpoints included).\n\nBy configuring this policy, you specify the range of local UDP ports that WebRTC can use.\n\nIf you don't configure this policy, or if you set it to an empty string or invalid port range, WebRTC can use any available local UDP port.",
"property_order": 2135,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "string"
}
],
"options": {
"infoText": "WebRtcUdpPortRange"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webrtcudpportrange"
}]
},
"WebUsbAllowDevicesForUrls": {
"title": "WebUsbAllowDevicesForUrls - not configurable in UI, please craft plist",
"description": "Allows you to set a list of urls that specify which sites will automatically be granted permission to access a USB device with the given vendor and product IDs. Each item in the list must contain both devices and urls in order for the policy to be valid. Each item in devices can contain a vendor ID and product ID field. Any ID that is omitted is treated as a wildcard with one exception, and that exception is that a product ID cannot be specified without a vendor ID also being specified. Otherwise, the policy will not be valid and will be ignored.\n\nThe USB permission model uses the URL of the requesting site (\"requesting URL\") and the URL of the top-level frame site (\"embedding URL\") to grant permission to the requesting URL to access the USB device. The requesting URL may be different than the embedding URL when the requesting site is loaded in an iframe. Therefore, the \"urls\" field can contain up to two URL strings delimited by a comma to specify the requesting and embedding URL respectively. If only one URL is specified, then access to the corresponding USB devices will be granted when the requesting site's URL matches this URL regardless of embedding status. The URLs in \"urls\" must be valid URLs, otherwise the policy will be ignored.\n\nThis is deprecated and only supported for backwards compatibility in the following manner. If both a requesting and embedding URL is specified, then the embedding URL will be granted the permission as top-level origin and the requesting URL will be ignored entirely.\n\nIf this policy is left not set, the global default value will be used for all sites either from the \"DefaultWebUsbGuardSetting\" policy if it is set, or the user's personal configuration otherwise.\n\nURL patterns in this policy should not clash with the ones configured via \"WebUsbBlockedForUrls\". If there is a clash, this policy will take precedence over \"WebUsbBlockedForUrls\" and \"WebUsbAskForUrls\".",
"property_order": 2140,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "WebUsbAllowDevicesForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webusballowdevicesforurls"
}]
},
"WebUsbAskForUrls": {
"title": "WebUsbAskForUrls - Allow WebUSB on specific sites",
"description": "Define a list of sites, based on URL patterns, that can ask the user for access to a USB device.\n\nIf you don't configure this policy, the global default value from the \"DefaultWebUsbGuardSetting\" policy (if set) or the user's personal configuration is used for all sites.\n\nThe URL patterns defined in this policy can't conflict with those configured in the \"WebUsbBlockedForUrls\" policy - you can't both allow and block a URL. For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322",
"property_order": 2145,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "WebUsbAskForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webusbaskforurls"
}]
},
"WebUsbBlockedForUrls": {
"title": "WebUsbBlockedForUrls - Block WebUSB on specific sites",
"description": "Define a list of sites, based on URL patterns, that can't ask the user to grant them access to a USB device.\n\nIf you don't configure this policy, the global default value from the \"DefaultWebUsbGuardSetting\" policy (if set) or the user's personal configuration is used for all sites.\n\nURL patterns in this policy can't conflict with those configured in the \"WebUsbAskForUrls\" policy. You can't both allow and block a URL. For detailed information on valid url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322.",
"property_order": 2150,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "WebUsbBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#webusbblockedforurls"
}]
},
"WindowCaptureAllowedByOrigins": {
"title": "WindowCaptureAllowedByOrigins - Allow Window and Tab capture by these origins",
"description": "Setting the policy lets you set a list of URL patterns that can use Window and Tab Capture.\n\nLeaving the policy unset means that sites will not be considered for an override at this scope of Capture.\n\nThis policy is not considered if a site matches a URL pattern in any of the following policies: \"TabCaptureAllowedByOrigins\", \"SameOriginTabCaptureAllowedByOrigins\".\n\nIf a site matches a URL pattern in this policy, the following policies will not be considered: \"ScreenCaptureAllowedByOrigins\", \"ScreenCaptureAllowed\".\n\nFor detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. This policy only matches based on origin, so any path in the URL pattern is ignored.",
"property_order": 2155,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "WindowCaptureAllowedByOrigins"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#windowcaptureallowedbyorigins"
}]
},
"WindowManagementAllowedForUrls": {
"title": "WindowManagementAllowedForUrls - Allow Window Management permission on specified sites",
"description": "Lets you configure a list of site url patterns that specify sites which will automatically grant the window management permission. This extends the ability of sites to see information about the device's screens. This information can be used to open and place windows or request fullscreen on specific screens.\n\nFor detailed information on valid site url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards, *, are allowed. This policy only matches based on site origin, so any path in the URL pattern is ignored.\n\nIf this policy isn't configured for a site, then the policy from \"DefaultWindowManagementSetting\" applies to the site, if configured. Otherwise the permission will follow the browser's defaults and let users choose this permission per site.",
"property_order": 2160,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "WindowManagementAllowedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#windowmanagementallowedforurls"
}]
},
"WindowManagementBlockedForUrls": {
"title": "WindowManagementBlockedForUrls - Block Window Management permission on specified sites",
"description": "Lets you configure a list of site url patterns that specify sites which will automatically deny the window management permission. This limits the ability of sites to see information about the device's screens. This information can be used to open and place windows or request fullscreen on specific screens.\n\nFor detailed information on valid site url patterns, see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards, *, are allowed. This policy only matches based on site origin, so any path in the URL pattern is ignored.\n\nIf this policy isn't configured for a site, then the policy from \"DefaultWindowManagementSetting\" applies to the site, if configured. Otherwise the permission will follow the browser's defaults and let users choose this permission per site.",
"property_order": 2165,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "array",
"items": {
"type": "string",
"title": "Entries"
}
}
],
"options": {
"infoText": "WindowManagementBlockedForUrls"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#windowmanagementblockedforurls"
}]
},
"WorkspacesNavigationSettings": {
"title": "WorkspacesNavigationSettings - not configurable in UI, please craft plist",
"description": "This setting lets you to define groups of URLs, and apply specific Microsoft Edge Workspaces navigation settings to each group.\n\nIf this policy is configured, Microsoft Edge Workspaces will use the configured settings when deciding whether and how to share navigations among collaborators in a Microsoft Edge Workspace.\n\nIf this policy is not configured, Microsoft Edge Workspaces will use only default and internally configured navigation settings.\n\nFor more information about configuration options, see https://go.microsoft.com/fwlink/?linkid=2218655\n\nNote, format url_patterns according to https://go.microsoft.com/fwlink/?linkid=2095322. You can configure the url_regex_patterns in this policy to match multiple URLs using a Perl style regular expression for the pattern. Note that pattern matches are case sensitive. For more information about the regular expression rules that are used, refer to https://go.microsoft.com/fwlink/p/?linkid=2133903.",
"property_order": 2170,
"anyOf": [
{"type": "null",
"title": "Not Configured"
}
],
"options": {
"infoText": "WorkspacesNavigationSettings"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#workspacesnavigationsettings"
}]
},
"ZstdContentEncodingEnabled": {
"title": "ZstdContentEncodingEnabled - Enable zstd content encoding support",
"description": "This feature enables advertising \"zstd\" support in the Accept-Encoding request header and support for decompressing zstd web content.\n\nIf you enable or don't configure this policy, Microsoft Edge will accept server responses compressed with zstd.\n\nIf you disable this policy, the zstd content encoding feature will not be advertised or supported when processing server responses.\n\nThis policy is temporary and will be removed in the future.",
"property_order": 2175,
"anyOf": [
{"type": "null", "title": "Not Configured"},
{
"title": "Configured",
"type": "boolean"
}
],
"options": {
"infoText": "ZstdContentEncodingEnabled"
},
"links": [{
"rel": "Documentation for Policy",
"href": "https://docs.microsoft.com/deployedge/microsoft-edge-policies#zstdcontentencodingenabled"
}]
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment