Tech Paper: Deployment Guide Microsoft Edge
Overview
Developed by Microsoft, Microsoft Edge is a web browser that can run on multiple platforms. Microsoft Edge is based on Chromium. It works on all Windows and macOS versions that are supported. It boasts fast speed, excellent performance, superior website, and extension compatibility, as well as integrated privacy and security functionalities.
Most Microsoft Edge features are supported in virtual environments without any special configurations. However, to ensure an optimal experience, this article shows you the recommended steps for your organization’s successful deployment, configuration, and optimization of Microsoft Edge.
Performance considerations for Microsoft Edge on VDI
If you want to use Microsoft Edge on a VDI environment, it is recommended to meet the minimum requirements listed below.
- vCPU 2-4 cores per User
- RAM 1 GB per User
Large and complex web applications and extensions need more CPU and memory, which must be considered when configuring your virtual environment.
Installation
Microsoft Edge is installed on Windows 10, version 1803 and above. However, if you are using an older version of Windows or want to deploy a different Microsoft Edge channel, follow these steps:
- First, download the latest version of Microsoft Edge. Select the Channel/Version, Build, and Platform as required.
- Download the Microsoft Edge Policy File.
- Run the following command to install Microsoft Edge (64-bit) silently with logging.
MsiExec.exe /i MicrosoftEdgeEnterpriseX64.msi /qn /norestart l*v <install_logfile_name>
We strongly recommend always using the latest version of Microsoft Edge.
Disable automatic updates
If you are using non-persisted machines, it’s recommended to turn off automatic updates. Instead, update the master image to ensure all virtual machines in the delivery group are running the same version of Microsoft Edge.
Group Policy setting:
- Group Policy Name: Update policy override default
- Group Policy Path: Administrative Templates \ Microsoft Edge Update \ Applications
- Value: Enabled
- Options: Updates disabled
Remove Microsoft Edge Desktop Shortcut
The Microsoft Edge installer creates a desktop shortcut by default. If you do not want the desktop shortcut, use the following command line switches to exclude it.
MsiExec.exe /i MicrosoftEdgeEnterpriseX64.msi DONOTCREATEDESKTOPSHORTCUT=true /qn /norestart l*v <install_logfile_name>
Remove Microsoft Edge Taskbar Shortcut
The Microsoft Edge installer creates a taskbar shortcut by default. If you do not want the taskbar shortcut, use the following command line switches to exclude it.
MsiExec.exe /i MicrosoftEdgeEnterpriseX64.msi DONOTCREATETASKBARSHORTCUT=true /qn /norestart l*v <install_logfile_name>
Configuration
Manage Microsoft Edge using Group Policies
Microsoft Edge can be managed using Microsoft Group Policy. As mentioned, the Microsoft Edge Policy Files include the msedge.admx, msedgeupdate.admx, and msedgewebview2.admx files.
Copy the ADMX and language files (*.ADML) to your central store for Group Policy administrative templates (for example, \\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions).
The Microsoft Edge related policies are found in the section Administrative Templates\ Microsoft Edge
Roaming User Settings
Microsoft Edge supports two methods for syncing user data:
- Azure Active Directory (Azure AD) sync
- On-premises Sync for Active Directory Users
Azure Active Directory (Azure AD) sync
To make sure your Microsoft Edge user data is synchronised across all devices, using Azure Active Directory sync is the quickest and simplest method to use. By default, the following user-specific settings are stored and synchronized:
- Favorites
- Passwords
- Addresses and more (form-fill)
- Collections
- Settings
- Extensions
- Open tabs (available in Microsoft Edge version 88 or later)
- History (available in Microsoft Edge version 88 or later)
After the sync is configured, sync functionality is enabled via user consent. Users can turn sync on or off for each supported data type.
Note:
Microsoft Edge sync for Azure Active Directory (Azure AD) accounts is available for specific subscriptions only.
On-premises Sync for Active Directory Users
Microsoft Edge allows profiles to be associated with Active Directory (AD) accounts, which cannot be used with Azure Active Directory sync.
When on-premises sync is enabled, the data from the Active Directory profile is saved to a file named profile.pb. By default, this file is stored in %APPDATA%\Microsoft\Edge. After this file is written, it can be moved between different computers, and user data will be read and written on each computer. Microsoft Edge locks the profile.pb file when on-premises sync is enabled. If folder redirection is used to share a single profile.pb file between different computers, then only one instance of Microsoft Edge that uses the shared file can be started.
To enable on-premises sync in Microsoft Edge, configure the Group Policy setting:
- Group Policy Name: Set roaming profile directory
- Group Policy Path: Administrative Templates \ Microsoft Edge
- Value: Enabled
- Option: %RoamingProfileDirectory%
Citrix recommends excluding the following subfolders:
!ctx_localappdata!\Microsoft\Edge\User Data\Default\Cache!ctx_localappdata!\Microsoft\Edge\User Data\Default\Code Cache!ctx_localappdata!\Microsoft\Edge\User Data\Default\JumpListIconsTopSites!ctx_localappdata!\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed
Optimizations
Startup
You can specify how Microsoft Edge behaves when it starts. If you want a new tab to always open on startup, choose the RestoreOnStartupIsNewTabPage policy setting. If you are going to open a specific set of URLs, choose the RestoreOnStartUpIsURLs policy setting.
Group Policy setting:
- Group Policy Name: Action to take on startup
- Group Policy Path: Administrative Templates \ Microsoft Edge \ Startup, home page and new tab page
- Value: Enabled
- Options: Open a new tab
You can configure which background image types are allowed on the new tab page layout in Microsoft Edge.
Group Policy setting:
- Group Policy Name: Configure the background types allowed for the new tab page layout
- Group Policy Path: Administrative Templates \ Microsoft Edge \ Startup, home page and new tab page
- Value: Enabled
- Options: Disable all background image types
Sleeping Tabs
Sleeping tabs on Microsoft Edge help the browser use less memory and CPU. This way, the browser can run faster and respond better. When you do not use a tab for a while, Microsoft Edge puts it to sleep. And when you click on it again, it wakes up and works normally. The sleeping tabs feature enabled by default on the latest version of Microsoft Edge. By default, this option is set to 5 minutes of inactivity.
Group Policy setting:
- Group Policy Name: Set the background tab inactivity timeout for sleeping tabs
- Group Policy Path: Administrative Templates \ Microsoft Edge \ Sleeping tabs settings
- Value: Enabled
- Options: 5 minutes of inactivity
Performance
To improve Microsoft Edge startup speed, Microsoft developed a startup boost feature. Startup boost keeps the browser running in the background with minimal processes, so Microsoft Edge starts more quickly when launched.
Group Policy setting:
- Group Policy Name: Enable startup boost
- Group Policy Path: Administrative Templates \ Microsoft Edge\ Performance
- Value: Enabled
It is possible to reduce the memory and CPU resources required by Microsoft Edge using Citrix Workspace Environment Manager (WEM). CPU Management and Memory Management reduce the memory and CPU resources for processes and applications, including Microsoft Edge.
Extensions
Extensions, or add-ons, are simple tools that customize your browser experience and offer you more control. There are two ways that you can allow the extension:
- Force installing the extension
- Add the extension to the Allow list
A best practice is to force install the extension because that also enables the extension. If you add the extension to the Allow list, you must then enable the extension in a separate task.
You can use the ExtensionInstallBlocklist and ExtensionInstallAllowlist policy settings to control which extensions are blocked or allowed.
The following steps to enable all extensions, except the extentions that need to be blocked.
- Open the Group Policy Management editor in the section Administrative Templates \ Microsoft Edge \ Extensions
- Select Control which extensions cannot be installed.
-
Select Enabled.
-
Click Show.
-
Enter the app ID of the extensions that you want to block.
If you are adding many app IDs, make sure to put each one on a different row.
To block all extensions, type * into the policy to prevent any extensions from being installed. You can use this with the Allow specific extensions to be installed policy to only allow certain extensions.
If you can not find the app ID of an extension, look at the extension on the Microsoft Edge Add-ons website. Find the specific extension, and you see the app ID at the end of the URL in the omnibox.
Other Settings
Hide the First-run experience and splash screen
Enable the Hide the First-run experience and splash screen policy setting to prevent the First-run experience splash screen when Microsoft Edge is run for the first time. If you disable the Hide the First-run experience and splash screen, the First-run experience is shown.
Group Policy setting:
- Group Policy Name: Hide the First-run experience and splash screen
- Group Policy Name: Administrative Templates \ Microsoft Edge
- Value: Enable
In addition to the Hide the First-run experience splash screen policy settings, the following policies can be used to optimise the browser experience:
- AutoImportAtFirstRun
- NewTabPageLocation
- NewTabPageSetFeedType
- ForceSync
- SyncDisabled
- BrowserSignin
- NonRemovableProfileEnabled
Set the limit of memory a single Microsoft Edge instance can use
The Set limit on megabytes of memory a single Microsoft Edge instance can use policy sets a cap on how much memory Microsoft Edge can use before closing tabs to save memory.
When enabled, Microsoft Edge discards tabs to reduce memory once the limit is exceeded. If disabled, Microsoft Edge will attempt to reduce the memory usage only the amount of physical memory on the virtual machine is low.
You should consider enabling the Set limit on megabytes of memory a single Microsoft Edge instance can use policy setting with a value of 1024 Mb.
Group Policy setting:
- Group Policy Name: Set limit on megabytes of memory a single Microsoft Edge instance can use
- Group Policy Path: Administrative Templates \ Microsoft Edge
- Value: Enabled
- Options: 1024
Allow or block video capture
If the Allow or block video capture policy setting is enabled, users are prompted for video capture access for all sites, except those with URLs configured in the VideoCaptureAllowedUrls policy. Video capture access will be granted access without prompting for URLS in the VideoCaptureAllowedUrls policy list. If the Allow or block video capture policy setting is disabled, the users are not prompted. Video capture access is only available to URLs configured in the VideoCaptureAllowedUrls policy.
You should consider turning off the “Allow or block video capture” policy setting.
Group Policy setting:
- Group Policy Name: Allow or block video capture
- Group Policy Path: Administrative Templates \ Microsoft Edge
- Value : Disabled
Enable Window Occlusion
The Enable Window Occlusion policy setting detects when a window is covered by other windows and suspend work painting pixels. If enabled, this reduces the CPU and power consumption of Microsoft Edge. If the Enable Window Occlusion policy setting is disabled, Microsoft Edge will not detect when other windows cover a window.
Group Policy setting:
- Group Policy Name: Enable Window Occlusion
- Group Policy Path: Administrative Templates \ Microsoft Edge
- Value : Enabled
