Deploy Edge v77+ (Chromium) extension 1.1.7 via group policy
Follow the steps below in order to configure a GPO that will install and enable the Impero Education Pro chrome extension for web filtering and history logging. in MS Edge.
Allow clients2.googleusercontent.com in any filtering so that the Extension can be downloaded to the device
To download the new version of MS Edge if you haven't already you can find the Enterprise version here which will come as a .msi which can be deployed through group policy - https://www.microsoft.com/en-us/edge/business/download
1. Download the Edge Administrative Templates from here: https://www.microsoft.com/en-us/edge/business/download
You will need to fill out the required fields and click the "GET POLICY FILES" button
2. Open Group Policy Management
3. Create a new GPO for the policy (or add to an existing policy)
4. Right-click your GPO, and select “Edit”
5. You will then see the “Group policy management Editor” window
6. Expand the Computer/User configuration tree on the left-hand side, depending on how you wish to configure your policy
7. Right-click on “Administrative templates” and select “Add/Remove Templates”
8. Click on “Add”
9. Browse to the templates you downloaded in step 2 and open the “msedge.adm” template that is relevant to your operating system and Language.
10. Once uploaded, expand to the following path (may vary depending on your OS) on the left of the Group policy management editor:
“Computer/User configuration > Policies > Administrative templates > Classic administrative templates > Microsoft Edge > Extensions > ”
11. On the right-hand side, select “Configure the list of force-installed extensions”
12. Right-click, and select “Edit”
13. Mark the “Enabled” button
14. Click the “Show…” button
15. Under the “Value” column, enter the following:
pdmhilamamchgnnipghbjakjpbenbcdj;https://clients2.google.com/service/update2/crx (This is the Google Chrome Based extension which will also work on MS Edge v77+)
* Microsoft do not allow extensions from the Chrome store to be force installed to Edge unless the Windows machine is joined to a domain. For this reason, this policy will not work when applied locally. See https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#extensioninstallforcelist
(Please make sure you have no blank spaces in the Value Box Below)
16. Click “OK”, followed by “Apply”
17. You may also wish to disable “InPrivate Mode” and "guest mode"
18. In the same GPO, on the left-hand side, browse to:
“Policies > Classic Administrative Templates > Microsoft Edge”
19. On the right-hand side, locate “Configure InPrivate mode availability”
20. Right-click, and select “Edit”
21. In the new window, “Enable” this policy item
22. From the “Configure InPrivate mode availability” drop-down list, select “InPrivate mode disabled.”
23. Click “OK”, followed by “Apply”
24. On the right-hand side, locate “Enable guest mode”
25. Right-click, and select “Edit”
26. In the new window, “Disable” this policy item
27. Click “OK”, followed by “Apply”
28. You may wish to disable the ability for users to end processes in the Browser Task Manager
As this will stop logging and blocking. To do this you can navigate to the following location.
"Policies > Administrative Templates > Classic Administrative Templates > Microsoft Edge > "
Look for the following Object > "Enable ending processes in Browser Task Manager" and set to Disabled.
This will allow the users to open the Browser Task Manager but will disable the "End Process Button"
29. You may wish to disable or block Edge notifications completely or from specific sites. To do this you can use the following policies.
User or Computer Configuration > Administrative Templates > Classic Administrative Templates > Microsoft Edge > Content Settings > Look for "Default notification setting" and set to enabled and set the setting to "Do not allow any site to show desktop notifications"
29a. You can also set specific sites not to show notifications on the following policy;
User or Computer Configuration > Administrative Templates > Classic Administrative Templates > Microsoft Edge > Content Settings > Look for "Block notifications on these sites" and set to enabled and set the list of sites you want to block.
Here is an example of what needs to be put in;
30. Back in the Group Policy Management window, assign this policy to users/computers as normal
31. Users affected by this GPO should now see the Edge extensions installed and enabled automatically (once the GPO has updated on their machine).
32. If running Sophos, add the following exclusion