I already wrote a couple of blog posts recently related to the managing the new Microsoft Edge Chromium browser with Microsoft Intune, which are listed here. Today’s post is about configuring the Enterprise Mode Site list with Microsoft Intune, which forces websites to use Internet Explorer Mode (IE Mode) in Edge. This might by handy for admins to force websites (mostly legacy web apps) to use IE Mode, when they don`t run fine in Edge, but do run fine on Internet Explorer.
There are a few steps involved in configuring the Enterprise Mode Site list and configure Edge with Intune to use the list:
- Create the Enterprise Mode Site list
- Create Azure Blob Storage
- Configure Administrative Templates profile in Intune
Create the Enterprise Mode Site list
To control which websites are opened in Internet Explorer Mode, we need to use the Enterprise Mode Site list (EML). The EML is created using the Enterprise Mode Site list Manager which can be downloaded here. Only Version 2 of the tool is compatible with the new Edge browser.
After downloading and installing the tool, start the EML manager. By clicking Add you can add URLs to the list. For every URL you set a Compat Mode and Open In.
For Open in when you choose None, the URL is allowed to open in Internet Explorer and Edge. Choose IE11 to force the URL to open in IE or choose MSEdge to open the URL in Edge.
After adding all the URLs, save the file. The end result is an XML file with all the configured URLs.
Create Azure Blob Storage
We need a solution to make the Enterprise Mode List available for our Intune managed devices from every location where they are located. I choose to use Azure Blob Storage to host the XML file. The XML file will be available for all Intune managed device via an URL.
- Sign-in to the Azure portal
- Browse to Storage accounts
- Click Add
- Choose your Subscription and Resource Group
- Enter a Storage account name
- Choose a Location
- Everything else can be left default
- Click Next: Networking
- Make sure Public Endpoint (all networks) is selected
- Click Review + Create
- Click Create
Browse to the storage account as soon as the creation of the storage account is finished.
- Browse to the Containers tab
- Click +Container
- Give the container a Name
- Choose Blob (Anonymous read access for blobs only) as Public access level
- Click OK to create the container
- On the Overview tab click Upload
- Browse to the previously created XML file
- Click Upload
- Open the settings of the file
- On the Overview tab you find the URL which we need later
You can test if the list file is available by copying the URL in Edge. If the XML file is displayed, the configuration is correct and the Enterprise Mode Site list is available for your internet connected devices.
Configure Administrative Templates profile
To configure the new Edge browser to make use of the Enterprise Mode Site list, we can use an Administrative Templates profile in Microsoft Intune. In this profile we configure one setting to configure the Enterprise Mode Site list and where the list is located (the URL from the previous configuration part). And the second setting to configure the Internet Explorer integration.
- Sign-in to the Device Management Portal
- Browse to Devices – Windows
- On the Configuration Profiles tab click Create profile
- Give the configuration profile a Name
- Enter a Description (optional)
- Choose Windows 10 as Platform
- Choose Administrative Templates as Profile type
- Click Create
- Open the settings tab
- Select Edge version 77 and later from the drop-down list
- Search for Configure the Enterprise Mode Site List
- Click on the policy with Setting type Device to open the setting
- Select Enabled
- Enter the URL from the EML/ XML file which we uploaded to Azure Blob Storage
- Click OK
- Search for Configure Internet Explorer Integration
- Select Enabled
- Choose Internet Explorer Mode from the drop-down list
- Click OK
These are the two settings we need to deploy.
Assign the configuration profile to a security group.
Start Edge Chromium on a Windows 10 device and browse to an URL which is added to the Enterprise Mode Site List. An Internet Explorer icon is shown on the left of the URL. When you click on the icon a message is shown:
This page is open in Internet Explorer mode.
When you enter edge://compat in the address bar, you are redirected to the Microsoft Edge Compatibility page which shows an list of the URLs added to the EML.
That`s it for this post! Hope it`s of any help for you.
If you have a question, let me know via the comments!
Nice article, thx!
How can you configure websites for using ActiveX components?
E.g. open SharePoint document libraries in File Explorer.
I`m not aware of any possibility to control ActiveX related settings (with Intune).
good article with all the need-to-know details. But for those just ‘want to get it done’ we do have a free companion hiding all the work for admins by using a website for all adding/removing entries to the lists, in addition some other options regarding Edge/IE. Maybe worth trying:
Thanks for the article!
You`re welcome Michaël!
For the xml URL, should we choose Blob (Anonymous read access for blobs only) as Public access level? Or choose Private for a SAS (Shared Access Signature) URL to be more secured? Please let us know if you experienced SAS URL for your xml file and if there is any concern.
Also, we’re experiencing caching issue. Per https://anderseideblog.wordpress.com/2017/02/15/using-azure-storage-account-to-publish-enterprise-mode-list/, I set CacheControl = “public, no-cache” on the xml file properties, which ensures that the xml file isn’t cached on the client, and therefor I could see that the xml file was updated pretty fast after I changed it. However, the caching issue is the websites (in the xml file) do not open in the appropriate browser (even AFTER we cleared the IE cache and MS Edge cache). Sometimes we had to reboot the machine. Any idea is greatly appreciated. Thank you!