Most of the threats in your computer come from intentional clicks when using the browser to surf the Internet, so the new Edge browser that comes with Windows 10 provides many policies to strengthen the security of access. For example, you can set Edge directly through Group Policy Editor, or you can download Extended Policies from Microsoft website to get more functions (for Windows 10 Home Edition users, you can modify the registry to achieve similar functions).
● Configure policies directly using the Group Policy Editor
The new Edge browser is already a built-in component of Windows 10 system, so we can set it in Group Policy Editor just like other system policies. After launching Group Policy Editor, expand “Computer Configuration → Administrative Templates → Windows Components → Microsoft Edge”, and select the appropriate policy to set in the right pane, for example, you can configure the Edge home button (Figure 1).
For more information on how to protect the Edge home button with built-in policies, you can refer to the article “Managing Edge Home Button Configuration with Group Policy” in Issue 3, 2020 of this publication.
● Import policy templates to configure policies
Due to the limited built-in strategies of the system, Microsoft Edge development team will continuously launch new strategies for different versions of Edge, so we can manually download the latest strategy template file from Microsoft website. First of all, determine the version of Edge you have installed, and click “…→Help and Feedback→About Microsoft Edge” in the upper right corner of your browser to check the version information of Edge, for example, my version of Edge is 85.0.564.51.
Next, open https://www.microsoft.com/zh-cn/edge/business/download, select “Stable 85 (latest supported version)” under the “Select Channel/Version” option. “, select the version “85.0.564.51”, select the platform “Windows 64-bit”, and click “Get Policy File ” (Figure 2).
Unzip the downloaded policy template to your desktop and extract the “Windows” subdirectory from it. Open Group Policy Editor and expand “Computer Configuration → Administrative Templates”, then right-click “Administrative Templates” and select “Add/Remove Templates”. Click the “Add” button in the opened window, and in the pop-up file selection window, locate the “Windows subdirectory → zh_CN → msedge.adm file” extracted above, and add the downloaded policy template to the local Add the downloaded policy template to the local policy (Figure 3).
Return to the Group Policy Editor window, expand “Administrative Templates→Classic Administrative Templates (ADM)” to see the imported policy templates, you can see that the policy template structure here is designed according to different functional groupings, it is clearer than the built-in policies shown in Figure 1, and the number of policies is also more abundant, we can configure according to their own We can configure it according to our needs (Figure 4).
For example, for a work computer that is already in stable use, to avoid viruses from downloading files in the Edge browser, you can set a policy to prohibit downloading files. Open the “Allow download restrictions” policy in the right pane of Figure 4 and set it to “Block all downloads” (or “Block potentially dangerous or unwanted downloads” if you want to download safely). “, so that potentially dangerous or unwanted downloads warned by Microsoft Defender SmartScreen will be rejected), and restart Edge to take effect (Figure 5).
Thus, when we try to download files in Edge, Edge will not automatically activate the download after opening the link with the download address like the previous default setting, and the dangerous files will be identified only after being scanned by Microsoft Defender after downloading, but now it will only display an untitled page in the browser window (which will not activate the download), and at the same time, it will display the following message in the download options page The prompt “Downloads are managed by your organization” is displayed on the download options page (Figure 6). Following the above method, we can set more policies according to our needs.
● Home Edition users: Configuring policies using the registry
Many of Edge’s policies are essentially implemented by modifying the corresponding registry keys, so Home Edition users can achieve similar configurations by editing the registry. So what keys should be changed in the registry for specific policies? Here are two ways.
The first method is to refer to the settings of Windows 10 Professional PC. First, finish the settings on Windows 10 Professional PC by referring to the above introduction, then launch Edge browser, type “edge://policy” in the address bar and enter, and you can see all the policies currently in effect in the page that opens. The DownloadRestrictions at the bottom of the policy name list corresponds to the download restriction policy (Figure 7).
Use the mouse to click on the DownloadRestrictions policy, which will automatically jump to the Edge policy settings description page. On the page that opens, you can see detailed instructions about the policy, in which you can see how you should modify the registry to achieve the corresponding settings (Figure 8).
For example, for the above download restriction policy, now just launch the Registry Editor on your Windows 10 Home Edition PC, then expand to “HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftEdge” in turn, and create a new string value named DownloadRestrictions in the right pane, create a new string value named DownloadRestrictions and set its value to 3. Restart the system and it will take effect (Figure 9).
The second method is to directly open the Edge policy setting instruction page (http://dwz.date/c75V) on the Windows 10 Home Edition computer, find the policy you need to use, and use the registry editor to modify it by referring to the instructions on the opened page as above.