FAQ: What the new Edge offers the enterprise

Now that Microsoft has rolled out its new Chromium-based Edge browser, it's time to sort out what that means for IT admins and enterprises. Here's what's important to know.

new microsoft edge logo
Microsoft

Two weeks ago, Microsoft launched its reincarnation of Edge, the born-again browser based, not on the company's homegrown technologies, but ton hose created by Chromium, the Google-centric, open-source project whose code powers Chrome.

Although it will likely deny it, Microsoft went all-in on Chromium because its own browser — browsers, really, since Internet Explorer (IE) is, believe it or not, still a thing — was a shadow of its former self, reduced to minor player status in the battle for share.

But by becoming a Chrome clone, Edge has a shot at a comeback. Microsoft will pitch Edge to its most important customers — commercial organizations — as the alternative to Chrome. It's just like Chrome, the message will go, but integrated with other Microsoft wares, notably Office 365. Just as important, Microsoft will say, managing Edge can be accomplished using the same tools, including group policies, that IT already uses to service Windows and Office 365.

Which is why it's time to answer important questions about exactly what Edge brings to the enterprise.

(Computerworld will be adding to this FAQ or creating sequels as necessary to account for overlooked or brand new Edge-in-the-enterprise tools.)

Do we need to worry the new Edge will show up unannounced on our Windows 10 devices?

Short answer: no.

Microsoft's pledged that swaths of systems will be ineligible for the automatic replacement of Old Edge with New Edge. As long as those promises are kept, most business machines should be safe from tampering.

Here's what Microsoft has said:

Windows 10 Home: Auto swap, unless the PC is managed by IT; in the latter case, there should be no auto swap

Windows 10 Pro: Auto swap, unless the PC is managed by IT; in the latter case, there should be no auto swap

According to Microsoft, "managed" systems include those joined to an Active Directory (AD) or Azure Active Directory (AAD) domain, those updated using WSUS (Windows Server Update Services) or WUfB (Windows Update for Business), and those controlled using tools such as Intune and SCCM (System Center Configuration Manager).

Windows 10 Workstation Pro: No auto swap

Windows 10 Enterprise: No auto swap

Windows 10 Education: No auto swap

How do we stop the new Edge from appearing on our Windows 10 Pro PCs?

Microsoft offers a Blocker Toolkit that, like those before it that stymied Internet Explorer (IE) upgrades, prevents the new Edge from automatically replacing the old Edge.

"The Blocker Toolkit is intended for organizations that would like to block automatic delivery of Microsoft Edge (Chromium-based) on devices running Windows 10 version 1803 and newer that are running the Home or Pro Edition of Windows," Microsoft said in a support document.

More information about the Toolkit can be found in that same support document. The Toolkit can be downloaded from here.

Will Microsoft patch the new Edge on Windows 7 PCs not covered by the Extended Security Updates?

Yes.

If you're running unsupported Windows 7 and install Edge, Microsoft will support the browser. (That's contrary to Microsoft policy going back decades.) Microsoft has not put a potential stop date to such support, as has Google for Chrome, but Computerworld expects an end date — eventually.

"Microsoft Edge being supported in this state should be considered a temporary bridge to getting to a supported OS state," Microsoft said in a support document.

One caveat: Microsoft will not support Edge's "IE mode" unless the PC is covered by Extended Security Updates (ESU).

Will Edge rely on its own built-in update service, as does Chrome? If not, what?

No, Edge won't use Google Update, which, as the name implies, handles the updates and upgrades for Chrome and other Google-made apps.

Instead, Microsoft will use its standard servicing mechanism, which, one way or the other, ultimately begins with Windows Update. Administrators will handle Edge just as they do any Microsoft application, whether using WSUS, WUfB, SCCM or a third-party platform: IT will approve updates or not, deploy them when ready.

In Configuration Manager (version 1910 and later), for instance, admins will start by selecting Microsoft Edge under the Updates section of Classifications. (The remaining steps are outlined in this support document, under "Update Microsoft Edge.")

With Edge's new 'IE mode,' can IE11 now be removed from Windows?

Nope.

Although there was speculation that with the introduction of Chromium-Edge and its IE mode, the actual IE11 application was obsolete, and thus moot — Computerworld made that case, in fact — Microsoft has since clarified things.

"For the moment, Internet Explorer is required to be installed to use Edge with IE mode," Shilpa Subramanian, a senior program manager on the Edge team, wrote earlier this month in response to a question on GitHub.

Her "for the moment" should be taken as a strong signal that, perhaps on Windows 10 only, IE11 will eventually be put to rest. Elsewhere, Microsoft hinted that such a move wouldn't take place until after January 2023, the end of Windows 7's Extended Security Updates (ESU), because the Redmond, Wash. developer said it would support IE11 on systems covered by ESU.

More information about Edge and its IE mode can be found in this support document.

Some browsers quietly test unfinished features with sub-groups of their user base. Does Microsoft do this? If so, can we opt out?

Yes to the first; yes to the second.

Microsoft uses what it calls the Experimentation and Configuration Service (ECS) to distribute a variety of configurations, features and feature experiments. (Read about ECS here.) Those payloads may arrive unannounced and, for the guinea pigs, will be enabled without warning.

IT administrators can block ECS from touching the machines they control using the ExperimentationAndConfigurationServiceControl group policy. Among the options is one that lets admins cut off communications with ECS.

Will Microsoft patch Edge at the same time Google patches Chrome?

We don't know.

Google patches Chrome several times each month. Most vulnerabilities are addressed when the Stable build of Chrome moves to the next version number, which happens every six to eight weeks. But Google also intermittently issues updates between versions; those also include bug fixes.

Chrome's next version change, from 79 to 80, is slated for Feb. 4. The one after that, from 80 to 81, is to take place March 17. Microsoft has said nothing about how it will keep pace with Chrome — or even if it will.

Google has already issued between-version updates for Chrome 79 since that browser's Dec. 10 debut. One such update, which took Chrome to version 79.0.3945.130, included 11 security patches, one for a flaw marked "Critical," Chrome's highest-ranked vulnerability. (Three others were tagged as "High.")

Edge, meanwhile, is currently at version 79.0.309.71. Microsoft issued that version on Jan. 21, less than a week after the launch of Chromium-Edge. But it has not posted a change log, release notes or any other information about the update, leaving users in the dark.

Does Edge 79.0.309.71 include the patches for the vulnerabilities that Google fixed with Chrome 79.0.3945.130? Unknown. One would hope, of course, that Microsoft will address issues, especially critical vulnerabilities, as soon as possible, ideally simultaneously with Google. But does it?

We don't know. And that's no way to run an enterprise browser.

Is there anything new to the new tab page in Chromium-Edge? Anything for businesses?

Yes, on both counts.

There is a traditional new tab page in Edge — one that offers quick access to frequently-visited sites and a partial page of news. But Edge also offers an enterprise, or more accurately, an Office 365-specific, new tab page.

Users with credentials tied to Office 365 can switch on the alternate new tab page once they're logged in (access the page's menu, the gear icon, and select "Office 365" instead of "Microsoft News").

If left unmanaged, the new tab page provides "cards" representing the most likely Office 365 documents the user will want to launch, based on Microsoft's evaluation of recently worked, most-frequently shared, most-pressing deadline, and the like. Elsewhere on the page, several views of recent Office 365 documents and SharePoint sites are offered up.

Notably, the search field (and the address bar for that matter) on this Office 365 page relies on Microsoft Search. Powered by Bing, searches not only root through the general web, but also through internal content, including files stored in OneDrive for Business and SharePoint, as well as other information deemed important by IT (which must set up that content in many instances).

IT can manage the Office 365 new tab page using several group policies.

Copyright © 2020 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon