Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The latest version of Microsoft Edge includes the following policies. You can use these policies to configure how Microsoft Edge runs in your organization.
For information about an additional set of policies used to control how and when Microsoft Edge is updated, check out Microsoft Edge update policy reference.
You can download the Microsoft Security Compliance Toolkit for the recommended security configuration baseline settings for Microsoft Edge. For more information see the Microsoft Security Baselines Blog.
Starting in Microsoft Edge version 116, certain policies will not be applied to a profile that is signed in with a Microsoft account. For more information, please check an individual policy for details on whether it applies to a profile that is signed in with a Microsoft account.
Note
This article applies to Microsoft Edge version 77 or later.
New policies
The following table lists the new policies for Microsoft Edge version 141.
| Policy Name | Caption |
|---|---|
| WebRtcPostQuantumKeyAgreement | Enable post-quantum key agreement for WebRTC |
| EdgeSystemKeychainCertificateAuthEnabled | Enable System Keychain Certificate Authentication |
| EdgeSystemKeychainCertificateAuthThirdFilterEnabled | Enable Third-Party Filter for System Keychain Certificate Authentication |
| ReduceIPAddressChangeNotificationEnabled | Enable Reduce IP Address Change Notification |
| ShowTabPreviewEnabled | Enable tab preview on hover |
The following table lists the new policies for Microsoft Edge version 140.
| Policy Name | Caption |
|---|---|
| EdgeAllowedAccountOnly | Restrict sign-in to allowed accounts only |
| EdgeAllowedAccountUPN | Configure allowed account UPN pattern for sign-in |
| LocalNetworkAccessAllowedForUrls | Allow sites to make requests to local network endpoints. |
| LocalNetworkAccessBlockedForUrls | Block sites from making requests to local network endpoints. |
| DisabledMiniApps | List of disabled Mini Apps |
| RestrictCoreSharingOnRenderer | Restrict CPU core sharing for renderer process |
| ServiceWorkerAutoPreloadEnabled | Allow ServiceWorker to dispatch navigation requests without waiting for its startup |
| TwaDisclosureUiMode | Configure Trusted Web Activity disclosure UI mode |
Deprecated policies
The following table lists all deprecated policies.
| Policy Name | Caption |
|---|---|
| DefaultThirdPartyStoragePartitioningSetting | Default setting for third-party storage partitioning (deprecated) |
| ThirdPartyStoragePartitioningBlockedForOrigins | Disable third-party storage partitioning for specific top-level origins (deprecated) |
| ProxyBypassList | Configure proxy bypass rules (deprecated) |
| ProxyMode | Configure proxy server settings (deprecated) |
| ProxyPacUrl | Set the proxy .pac file URL (deprecated) |
| ProxyServer | Configure address or URL of proxy server (deprecated) |
| AllowGamesMenu | Allow users to access the games menu (deprecated) |
| BackgroundTemplateListUpdatesEnabled | Enables background updates to the list of available templates for Collections and other features that use templates (deprecated) |
| ForceCertificatePromptsOnMultipleMatches | Configure whether Microsoft Edge should automatically select a certificate when there are multiple certificate matches for a site configured with "AutoSelectCertificateForUrls" (deprecated) |
| InsecureFormsWarningsEnabled | Enable warnings for insecure forms (deprecated) |
| MicrosoftOfficeMenuEnabled | Allow users to access the Microsoft Office menu (deprecated) |
| NativeWindowOcclusionEnabled | Enable Native Window Occlusion (deprecated) |
| PromotionalTabsEnabled | Enable full-tab promotional content (deprecated) |
| RendererCodeIntegrityEnabled | Enable renderer code integrity (deprecated) |
| ShowOfficeShortcutInFavoritesBar | Show Microsoft Office shortcut in favorites bar (deprecated) |
| UnthrottledNestedTimeoutEnabled | JavaScript setTimeout will not be clamped until a higher nesting threshold is set (deprecated) |
| UserAgentReduction | Enable or disable the User-Agent Reduction (deprecated) |
| WebWidgetAllowed | Enable the Search bar (deprecated) |
Obsolete policies
The following table lists the obsoleted policies for Microsoft Edge version 141.
| Policy Name | Caption |
|---|---|
| GamerModeEnabled | Enable Gamer Mode (obsolete) |
The following table lists the obsoleted policies for Microsoft Edge version 140.
| Policy Name | Caption |
|---|---|
| AutomaticHttpsDefault | Configure Automatic HTTPS (obsolete) |
| MAUEnabled | Always use Microsoft AutoUpdate as the updater for Microsoft Edge (obsolete) |
Available policies
These tables list all of the browser-related group policies available in this release of Microsoft Edge. Use the links in the table to get more details about specific policies.
- Application Guard settings
- Cast
- Certificate management settings
- Content settings
- Default search provider
- Downloads
- Edge Website Typo Protection settings
- Edge Workspaces settings
- Experimentation
- Extensions
- Games settings
- Generative AI
- HTTP authentication
- Identity and sign-in
- Idle Browser Actions
- Immersive Reader settings
- Kiosk Mode settings
- Manageability
- Native Messaging
- Network settings
- PDF Reader
- Password manager and protection
- Performance
- Permit or deny screen capture
- Printing
- Private Network Request Settings
- Profile settings
- Proxy server
- Related Website Sets Settings
- Scareware Blocker settings
- Sleeping tabs settings
- SmartScreen settings
- Startup, home page and new tab page
- WebRtc settings
- Additional
Application Guard settings
| Policy Name | Caption |
|---|---|
| ApplicationGuardContainerProxy | Application Guard Container Proxy |
| ApplicationGuardFavoritesSyncEnabled | Application Guard Favorites Sync Enabled |
| ApplicationGuardPassiveModeEnabled | Ignore Application Guard site list configuration and browse Edge normally |
| ApplicationGuardTrafficIdentificationEnabled | Application Guard Traffic Identification |
| ApplicationGuardUploadBlockingEnabled | Prevents files from being uploaded while in Application Guard |
Cast
| Policy Name | Caption |
|---|---|
| EdgeDisableDialProtocolForCastDiscovery | Disable DIAL protocol for cast device discovery |
| EnableMediaRouter | Enable Google Cast |
| ShowCastIconInToolbar | Show the cast icon in the toolbar |
Certificate management settings
| Policy Name | Caption |
|---|---|
| CACertificateManagementAllowed | Allow users to manage installed CA certificates. |
| CACertificates | TLS server certificates that should be trusted by Microsoft Edge |
| CACertificatesWithConstraints | TLS certificates that should be trusted by Microsoft Edge for server authentication with constraints |
| CADistrustedCertificates | TLS certificates that should be distrusted by Microsoft Edge for server authentication |
| CAHintCertificates | TLS certificates that are not trusted or distrusted but can be used in path-building for server authentication |
| CAPlatformIntegrationEnabled | Use user-added TLS certificates from platform trust stores for server authentication |
Content settings
| Policy Name | Caption |
|---|---|
| AutoSelectCertificateForUrls | Automatically select client certificates for these sites |
| AutomaticDownloadsAllowedForUrls | Allow multiple automatic downloads in quick succession on specific sites |
| AutomaticDownloadsBlockedForUrls | Block multiple automatic downloads in quick succession on specific sites |
| AutomaticFullscreenAllowedForUrls | Allow automatic full screen on specified sites |
| AutomaticFullscreenBlockedForUrls | Block automatic full screen on specified sites |
| CookiesAllowedForUrls | Allow cookies on specific sites |
| CookiesBlockedForUrls | Block cookies on specific sites |
| CookiesSessionOnlyForUrls | Limit cookies from specific websites to the current session |
| DataUrlInSvgUseEnabled | Data URL support for SVGUseElement |
| DefaultAutomaticDownloadsSetting | Default automatic downloads setting |
| DefaultCookiesSetting | Configure cookies |
| DefaultDesktopSiteSetting | Configure the default view mode for websites |
| DefaultFileSystemReadGuardSetting | Control use of the File System API for reading |
| DefaultFileSystemWriteGuardSetting | Control use of the File System API for writing |
| DefaultGeolocationSetting | Default geolocation setting |
| DefaultImagesSetting | Default images setting |
| DefaultInsecureContentSetting | Control use of insecure content exceptions |
| DefaultJavaScriptJitSetting | Control use of JavaScript JIT |
| DefaultJavaScriptOptimizerSetting | Control use of JavaScript optimizers |
| DefaultJavaScriptSetting | Default JavaScript setting |
| DefaultNotificationsSetting | Default notification setting |
| DefaultPluginsSetting | Default Adobe Flash setting (obsolete) |
| DefaultPopupsSetting | Default pop-up window setting |
| DefaultThirdPartyStoragePartitioningSetting | Default setting for third-party storage partitioning (deprecated) |
| DefaultWebBluetoothGuardSetting | Control use of the Web Bluetooth API |
| DefaultWebHidGuardSetting | Control use of the WebHID API |
| DefaultWebUsbGuardSetting | Control use of the WebUSB API |
| DefaultWindowManagementSetting | Default Window Management permission setting |
| DesktopSiteForceForUrls | Force Desktop Site for these sites |
| EdgeFileUploadAllowedForUrls | File upload allowed for urls |
| EdgeFileUploadBlockedForUrls | File upload blocked for urls |
| FileSystemReadAskForUrls | Allow read access via the File System API on these sites |
| FileSystemReadBlockedForUrls | Block read access via the File System API on these sites |
| FileSystemWriteAskForUrls | Allow write access to files and directories on these sites |
| FileSystemWriteBlockedForUrls | Block write access to files and directories on these sites |
| ImagesAllowedForUrls | Allow images on these sites |
| ImagesBlockedForUrls | Block images on specific sites |
| InsecureContentAllowedForUrls | Allow insecure content on specified sites |
| InsecureContentBlockedForUrls | Block insecure content on specified sites |
| IntranetFileLinksEnabled | Allow intranet zone file URL links from Microsoft Edge to open in Windows File Explorer |
| JavaScriptAllowedForUrls | Allow JavaScript on specific sites |
| JavaScriptBlockedForUrls | Block JavaScript on specific sites |
| JavaScriptJitAllowedForSites | Allow JavaScript to use JIT on these sites |
| JavaScriptJitBlockedForSites | Block JavaScript from using JIT on these sites |
| JavaScriptOptimizerAllowedForSites | Allow JavaScript optimization on these sites |
| JavaScriptOptimizerBlockedForSites | Block JavaScript optimizations on these sites |
| LegacySameSiteCookieBehaviorEnabled | Enable default legacy SameSite cookie behavior setting (obsolete) |
| LegacySameSiteCookieBehaviorEnabledForDomainList | Revert to legacy SameSite behavior for cookies on specified sites (obsolete) |
| MobileSiteForceForUrls | Force Mobile Site for these sites |
| NotificationsAllowedForUrls | Allow notifications on specific sites |
| NotificationsBlockedForUrls | Block notifications on specific sites |
| PartitionedBlobUrlUsage | Manage Blob URL Partitioning During Fetching and Navigation |
| PluginsAllowedForUrls | Allow the Adobe Flash plug-in on specific sites (obsolete) |
| PluginsBlockedForUrls | Block the Adobe Flash plug-in on specific sites (obsolete) |
| PopupsAllowedForUrls | Allow pop-up windows on specific sites |
| PopupsBlockedForUrls | Block pop-up windows on specific sites |
| RegisteredProtocolHandlers | Register protocol handlers |
| SerialAllowAllPortsForUrls | Automatically grant sites permission to connect all serial ports |
| SerialAllowUsbDevicesForUrls | Automatically grant sites permission to connect to USB serial devices |
| ShowPDFDefaultRecommendationsEnabled | Allow notifications to set Microsoft Edge as default PDF reader |
| SpotlightExperiencesAndRecommendationsEnabled | Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft services |
| ThirdPartyStoragePartitioningBlockedForOrigins | Disable third-party storage partitioning for specific top-level origins (deprecated) |
| WebHidAllowAllDevicesForUrls | Allow listed sites to connect to any HID device |
| WebHidAllowDevicesForUrls | Allow listed sites connect to specific HID devices |
| WebHidAllowDevicesWithHidUsagesForUrls | Automatically grant permission to these sites to connect to HID devices containing top-level collections with the given HID usage |
| WebHidAskForUrls | Allow the WebHID API on these sites |
| WebHidBlockedForUrls | Block the WebHID API on these sites |
| WebUsbAllowDevicesForUrls | Grant access to specific sites to connect to specific USB devices |
| WebUsbAskForUrls | Allow WebUSB on specific sites |
| WebUsbBlockedForUrls | Block WebUSB on specific sites |
| WindowManagementAllowedForUrls | Allow Window Management permission on specified sites |
| WindowManagementBlockedForUrls | Block Window Management permission on specified sites |
Default search provider
| Policy Name | Caption |
|---|---|
| DefaultSearchProviderEnabled | Enable the default search provider |
| DefaultSearchProviderEncodings | Default search provider encodings |
| DefaultSearchProviderImageURL | Specifies the search-by-image feature for the default search provider |
| DefaultSearchProviderImageURLPostParams | Parameters for an image URL that uses POST |
| DefaultSearchProviderKeyword | Default search provider keyword |
| DefaultSearchProviderName | Default search provider name |
| DefaultSearchProviderSearchURL | Default search provider search URL |
| DefaultSearchProviderSuggestURL | Default search provider URL for suggestions |
| NewTabPageSearchBox | Configure the new tab page search box experience |
Downloads
| Policy Name | Caption |
|---|---|
| ShowDownloadsInsecureWarningsEnabled | Enable insecure download warnings |
Edge Website Typo Protection settings
| Policy Name | Caption |
|---|---|
| PreventTyposquattingPromptOverride | Prevent bypassing Edge Website Typo Protection prompts for sites |
| TyposquattingAllowListDomains | Configure the list of domains for which Edge Website Typo Protection won't trigger warnings |
| TyposquattingCheckerEnabled | Configure Edge Website Typo Protection |
Edge Workspaces settings
| Policy Name | Caption |
|---|---|
| EdgeWorkspacesEnabled | Enable Workspaces |
| WorkspacesNavigationSettings | Configure navigation settings per groups of URLs in Microsoft Edge Workspaces |
Experimentation
| Policy Name | Caption |
|---|---|
| FeatureFlagOverridesControl | Configure users ability to override feature flags |
Extensions
| Policy Name | Caption |
|---|---|
| BlockExternalExtensions | Blocks external extensions from being installed |
| ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled | Configure default state of Allow extensions from other stores setting |
| ExtensionAllowedTypes | Configure allowed extension types |
| ExtensionDeveloperModeSettings | Control the availability of developer mode on extensions page |
| ExtensionExtendedBackgroundLifetimeForPortConnectionsToUrls | Configure a list of origins that grant an extended background lifetime to connecting extensions. |
| ExtensionInstallAllowlist | Allow specific extensions to be installed |
| ExtensionInstallBlocklist | Control which extensions cannot be installed |
| ExtensionInstallForcelist | Control which extensions are installed silently |
| ExtensionInstallSources | Configure extension and user script install sources |
| ExtensionInstallTypeBlocklist | Blocklist for extension install types |
| ExtensionManifestV2Availability | Control Manifest v2 extension availability |
| ExtensionSettings | Configure extension management settings |
| MandatoryExtensionsForInPrivateNavigation | Specify extensions users must allow in order to navigate using InPrivate mode |
Games settings
| Policy Name | Caption |
|---|---|
| GamerModeEnabled | Enable Gamer Mode (obsolete) |
Generative AI
| Policy Name | Caption |
|---|---|
| GenAILocalFoundationalModelSettings | Settings for GenAI local foundational model |
HTTP authentication
| Policy Name | Caption |
|---|---|
| AllHttpAuthSchemesAllowedForOrigins | List of origins that allow all HTTP authentication |
| AllowCrossOriginAuthPrompt | Allow cross-origin HTTP Authentication prompts |
| AuthAndroidNegotiateAccountType | Account type for HTTP Negotiate authentication |
| AuthNegotiateDelegateAllowlist | Specifies a list of servers that Microsoft Edge can delegate user credentials to |
| AuthSchemes | Supported authentication schemes |
| AuthServerAllowlist | Configure list of allowed authentication servers |
| BasicAuthOverHttpEnabled | Allow Basic authentication for HTTP |
| DisableAuthNegotiateCnameLookup | Disable CNAME lookup when negotiating Kerberos authentication |
| EnableAuthNegotiatePort | Include non-standard port in Kerberos SPN |
| NtlmV2Enabled | Control whether NTLMv2 authentication is enabled |
| WindowsHelloForHTTPAuthEnabled | Windows Hello For HTTP Auth Enabled |
Identity and sign-in
| Policy Name | Caption |
|---|---|
| AutomaticProfileSwitchingSiteList | Configure the automatic profile switching site list |
| EdgeBlockSignInEnabled | Block Sign In to Edge |
| EdgeDefaultProfileEnabled | Default Profile Setting Enabled |
| EdgeOpenExternalLinksWithAppSpecifiedProfile | Prioritize App specified profile to open external links |
| EdgeOpenExternalLinksWithPrimaryWorkProfileEnabled | Use Primary Work Profile as default to open external links |
| GuidedSwitchEnabled | Guided Switch Enabled |
| ImplicitSignInEnabled | Enable implicit sign-in |
| LinkedAccountEnabled | Enable the linked account feature (obsolete) |
| OneAuthAuthenticationEnforced | OneAuth Authentication Flow Enforced for signin |
| OnlyOnPremisesImplicitSigninEnabled | Only on-premises account enabled for implicit sign-in |
| ProactiveAuthWorkflowEnabled | Enable proactive authentication |
| SeamlessWebToBrowserSignInEnabled | Seamless Web To Browser Sign-in Enabled |
| SignInCtaOnNtpEnabled | Enable sign in click to action dialog (obsolete) |
| SwitchIntranetSitesToWorkProfile | Switch intranet sites to a work or school profile |
| SwitchSitesOnIEModeSiteListToWorkProfile | Switch sites on the IE mode site list to a work or school profile |
| WAMAuthBelowWin10RS3Enabled | WAM for authentication below Windows 10 RS3 enabled |
| WebToBrowserSignInEnabled | Web To Browser Sign-in Enabled |
Idle Browser Actions
| Policy Name | Caption |
|---|---|
| IdleTimeout | Delay before running idle actions |
| IdleTimeoutActions | Actions to run when the computer is idle |
Immersive Reader settings
| Policy Name | Caption |
|---|---|
| ImmersiveReaderGrammarToolsEnabled | Enable Grammar Tools feature within Immersive Reader in Microsoft Edge (obsolete) |
| ImmersiveReaderPictureDictionaryEnabled | Enable Picture Dictionary feature within Immersive Reader in Microsoft Edge (obsolete) |
Kiosk Mode settings
| Policy Name | Caption |
|---|---|
| KioskAddressBarEditingEnabled | Configure address bar editing for kiosk mode public browsing experience |
| KioskDeleteDownloadsOnExit | Delete files downloaded as part of kiosk session when Microsoft Edge closes |
| KioskSwipeGesturesEnabled | Swipe gestures in Microsoft Edge kiosk mode enabled |
Manageability
| Policy Name | Caption |
|---|---|
| AllowEdgeDataInBackups | Allow backup of Microsoft Edge data |
| EdgeAllowedAccountOnly | Restrict sign-in to allowed accounts only |
| EdgeAllowedAccountUPN | Configure allowed account UPN pattern for sign-in |
| EdgeManagementEnabled | Microsoft Edge management enabled |
| EdgeManagementEnrollmentToken | Microsoft Edge management enrollment token |
| EdgeManagementExtensionsFeedbackEnabled | Microsoft Edge management extensions feedback enabled |
| EdgeManagementPolicyOverridesPlatformPolicy | Microsoft Edge management service policy overrides platform policy. |
| EdgeManagementUserPolicyOverridesCloudMachinePolicy | Allow cloud-based Microsoft Edge management service user policies to override local user policies. |
| MAMEnabled | Mobile App Management Enabled |
Native Messaging
| Policy Name | Caption |
|---|---|
| NativeMessagingAllowlist | Control which native messaging hosts users can use |
| NativeMessagingBlocklist | Configure native messaging block list |
| NativeMessagingUserLevelHosts | Allow user-level native messaging hosts (installed without admin permissions) |
Network settings
| Policy Name | Caption |
|---|---|
| AccessControlAllowMethodsInCORSPreflightSpecConformant | Make Access-Control-Allow-Methods matching in CORS preflight spec conformant |
| BlockTruncatedCookies | Block truncated cookies (obsolete) |
| CompressionDictionaryTransportEnabled | Enable compression dictionary transport support |
| DataURLWhitespacePreservationEnabled | DataURL Whitespace Preservation for all media types |
| HappyEyeballsV3Enabled | Use the Happy Eyeballs V3 algorithm for connection attempts |
| IPv6ReachabilityOverrideEnabled | Enable IPv6 reachability check override |
| LocalNetworkAccessAllowedForUrls | Allow sites to make requests to local network endpoints. |
| LocalNetworkAccessBlockedForUrls | Block sites from making requests to local network endpoints. |
| LocalNetworkAccessRestrictionsEnabled | Specifies whether to block requests from public websites to devices on a user's local network. |
| ZstdContentEncodingEnabled | Enable zstd content encoding support (obsolete) |
PDF Reader
| Policy Name | Caption |
|---|---|
| ViewXFAPDFInIEModeAllowedFileHash | View XFA-based PDF files using IE Mode for allowed file hash. |
| ViewXFAPDFInIEModeAllowedOrigins | View XFA-based PDF files using IE Mode for allowed file origin. |
Password manager and protection
| Policy Name | Caption |
|---|---|
| BiometricAuthenticationBeforeFilling | Enable Device authentication for password autofill |
| DeletingUndecryptablePasswordsEnabled | Enable deleting undecryptable passwords |
| PasswordDeleteOnBrowserCloseEnabled | Prevent passwords from being deleted if any Edge settings is enabled to delete browsing data when Microsoft Edge closes |
| PasswordExportEnabled | Enable exporting saved passwords from Password Manager |
| PasswordGeneratorEnabled | Allow users to get a strong password suggestion whenever they are creating an account online |
| PasswordManagerBlocklist | Configure the list of domains for which the password manager UI (Save and Fill) will be disabled |
| PasswordManagerEnabled | Enable saving passwords to the password manager |
| PasswordManagerRestrictLengthEnabled | Restrict the length of passwords that can be saved in the Password Manager |
| PasswordMonitorAllowed | Allow users to be alerted if their passwords are found to be unsafe |
| PasswordProtectionChangePasswordURL | Configure the change password URL |
| PasswordProtectionLoginURLs | Configure the list of enterprise login URLs where the password protection service should capture salted hashes of a password |
| PasswordProtectionWarningTrigger | Configure password protection warning trigger |
| PasswordRevealEnabled | Enable Password reveal button |
| PrimaryPasswordSetting | Configures a setting that asks users to enter their device password while using password autofill |
Performance
| Policy Name | Caption |
|---|---|
| EfficiencyMode | Configure when efficiency mode should become active |
| EfficiencyModeEnabled | Efficiency mode enabled |
| EfficiencyModeOnPowerEnabled | Enable efficiency mode when the device is connected to a power source |
| ExtensionsPerformanceDetectorEnabled | Extensions Performance Detector enabled |
| PerformanceDetectorEnabled | Performance Detector Enabled |
| PinBrowserEssentialsToolbarButton | Pin browser essentials toolbar button |
| StartupBoostEnabled | Enable startup boost |
Permit or deny screen capture
| Policy Name | Caption |
|---|---|
| SameOriginTabCaptureAllowedByOrigins | Allow Same Origin Tab capture by these origins |
| ScreenCaptureAllowedByOrigins | Allow Desktop, Window, and Tab capture by these origins |
| TabCaptureAllowedByOrigins | Allow Tab capture by these origins |
| WindowCaptureAllowedByOrigins | Allow Window and Tab capture by these origins |
Printing
| Policy Name | Caption |
|---|---|
| DefaultPrinterSelection | Default printer selection rules |
| OopPrintDriversAllowed | Out-of-process print drivers allowed |
| PrintHeaderFooter | Print headers and footers |
| PrintPdfAsImageDefault | Print PDF as Image Default |
| PrintPostScriptMode | Print PostScript Mode |
| PrintPreviewStickySettings | Configure the sticky print preview settings |
| PrintPreviewUseSystemDefaultPrinter | Set the system default printer as the default printer |
| PrintRasterizationMode | Print Rasterization Mode |
| PrintRasterizePdfDpi | Print Rasterize PDF DPI |
| PrintStickySettings | Print preview sticky settings |
| PrinterTypeDenyList | Disable printer types on the deny list |
| PrintingAllowedBackgroundGraphicsModes | Restrict background graphics printing mode |
| PrintingBackgroundGraphicsDefault | Default background graphics printing mode |
| PrintingEnabled | Enable printing |
| PrintingLPACSandboxEnabled | Enable Printing LPAC Sandbox |
| PrintingPaperSizeDefault | Default printing page size |
| PrintingWebpageLayout | Sets layout for printing |
| UseSystemPrintDialog | Print using system print dialog |
Private Network Request Settings
| Policy Name | Caption |
|---|---|
| InsecurePrivateNetworkRequestsAllowed | Specifies whether to allow websites to make requests to any network endpoint in an insecure manner. (obsolete) |
| InsecurePrivateNetworkRequestsAllowedForUrls | Allow the listed sites to make requests to more-private network endpoints from in an insecure manner (obsolete) |
| PrivateNetworkAccessRestrictionsEnabled | Specifies whether to apply restrictions to requests to more private network endpoints (obsolete) |
Profile settings
| Policy Name | Caption |
|---|---|
| ProfileTypeInProfileButtonEnabled | Controls the display of the profile button label for the work or school profile |
Proxy server
| Policy Name | Caption |
|---|---|
| ProxyBypassList | Configure proxy bypass rules (deprecated) |
| ProxyMode | Configure proxy server settings (deprecated) |
| ProxyPacUrl | Set the proxy .pac file URL (deprecated) |
| ProxyServer | Configure address or URL of proxy server (deprecated) |
| ProxySettings | Proxy settings |
Related Website Sets Settings
| Policy Name | Caption |
|---|---|
| RelatedWebsiteSetsEnabled | Enable Related Website Sets |
| RelatedWebsiteSetsOverrides | Override Related Website Sets. |
Scareware Blocker settings
| Policy Name | Caption |
|---|---|
| ScarewareBlockerProtectionEnabled | Configure Edge Scareware Blocker Protection |
Sleeping tabs settings
| Policy Name | Caption |
|---|---|
| AutoDiscardSleepingTabsEnabled | Configure auto discard sleeping tabs |
| SleepingTabsBlockedForUrls | Block sleeping tabs on specific sites |
| SleepingTabsEnabled | Configure sleeping tabs |
| SleepingTabsTimeout | Set the background tab inactivity timeout for sleeping tabs |
SmartScreen settings
| Policy Name | Caption |
|---|---|
| ExemptSmartScreenDownloadWarnings | Disable SmartScreen AppRep based warnings for specified file types on specified domains |
| NewSmartScreenLibraryEnabled | Enable new SmartScreen library (obsolete) |
| PreventSmartScreenPromptOverride | Prevent bypassing Microsoft Defender SmartScreen prompts for sites |
| PreventSmartScreenPromptOverrideForFiles | Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads |
| SmartScreenAllowListDomains | Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings |
| SmartScreenDnsRequestsEnabled | Enable Microsoft Defender SmartScreen DNS requests |
| SmartScreenEnabled | Configure Microsoft Defender SmartScreen |
| SmartScreenForTrustedDownloadsEnabled | Force Microsoft Defender SmartScreen checks on downloads from trusted sources |
| SmartScreenPuaEnabled | Configure Microsoft Defender SmartScreen to block potentially unwanted apps |
Startup, home page and new tab page
| Policy Name | Caption |
|---|---|
| HomepageIsNewTabPage | Set the new tab page as the home page |
| HomepageLocation | Configure the home page URL |
| NewTabPageAllowedBackgroundTypes | Configure the background types allowed for the new tab page layout |
| NewTabPageAppLauncherEnabled | Hide App Launcher on Microsoft Edge new tab page |
| NewTabPageBingChatEnabled | Disable Bing chat entry-points on Microsoft Edge Enterprise new tab page |
| NewTabPageCompanyLogo | Set new tab page company logo (obsolete) |
| NewTabPageCompanyLogoBackplateColor | Set the company logo backplate color on the new tab page. |
| NewTabPageCompanyLogoEnabled | Hide the company logo on the Microsoft Edge new tab page |
| NewTabPageContentEnabled | Allow Microsoft content on the new tab page |
| NewTabPageHideDefaultTopSites | Hide the default top sites from the new tab page |
| NewTabPageLocation | Configure the new tab page URL |
| NewTabPageManagedQuickLinks | Set new tab page quick links |
| NewTabPagePrerenderEnabled | Enable preload of the new tab page for faster rendering |
| NewTabPageQuickLinksEnabled | Allow quick links on the new tab page |
| NewTabPageSetFeedType | Configure the Microsoft Edge new tab page experience (obsolete) |
| RestoreOnStartup | Action to take on Microsoft Edge startup |
| RestoreOnStartupURLs | Sites to open when the browser starts |
| RestoreOnStartupUserURLsEnabled | Allow users to add and remove their own sites during startup when the RestoreOnStartupURLs policy is configured |
| ShowHomeButton | Show Home button on toolbar |
WebRtc settings
| Policy Name | Caption |
|---|---|