Microsoft Intune : Optimizing Security & Browsing Experience with Microsoft Edge -- A Technical Guide

I - Introduction :

In an increasingly digital world, security and navigation optimization have become major concerns for businesses and individuals alike. That's where Microsoft Intune comes in. This article, entitled "Microsoft Intune : Optimize your security and browsing experience on Microsoft Edge - A technical guide", will provide you with detailed information on how Microsoft Intune can improve your security posture and browsing experience on Microsoft Edge.

Get ready to dive into the world of advanced browser customization with Intune and discover how you can enhance your browsing experience while strengthening security.

II - Benefits of standardizing Microsoft Edge Security & Browsing Experience :

Using Microsoft Intune to manage Chrome security settings offers a number of advantages:

• Centralized protection : Manage Microsoft Edge security settings for all devices from a central console, simplifying administration and policy consistency.
• Enhanced security : Apply strict policies to protect users against common web threats, such as phishing, malware and data leaks.
• Enhanced browsing : Configure settings to optimize user performance and browsing experience, while preserving security. With all important links grouped together in the favorites bar for example, employees don't have to search for the websites or applications they need - they're all just a click away.
• Simplified compliance : Ensure that devices comply with internal regulations and security requirements.
• Reducing support requests : By having settings, employees are less likely to contact the support department with questions such as “I can't find how to access this app or site”.

III - Standardize Microsoft Edge settings :

in the following section, we will enable and configure below settings in Microsoft Edge :

1. Action to take on startup
2. Configure the new tab page URL
3. Set the new tab page as the home page
4. Sites to open when the browser starts
5. Show the home button on the toolbar
6. Enable favorite bar
7. Add favorite folder to favorite bar with compagny links and apps
8. Configure Edge TyposquattingChecker
9. Block tracking of users' web-browsing activity
10. Configure Microsoft Defender SmartScreen
11. Enforce Bing SafeSearch
12. Enforce Google SafeSearch
13. Configure password protection warning trigger

To begin configuration, we need to start by creating a configuration policy in Microsoft Intune, we will use this policy to group all settings. To do this :

• Login on Microsoft Intune Admin Center
• Click on Devices –> Configuration Profiles
• Click on "+ Create " then select "+ New Policy"

• Select Platform as "Windows 10 and later"
• Select Profile type as "Templates"
• Select Template Name as "Administrative Templates"
• Select "Create"

Provide a Name and Description of the Policy.

From the Configuration settings, click on "Computer Configuration", click on the "Microsoft Edge" folder – Startup, home page and new tab page folder. Click on it to open the folder that contains the Microsoft Edge browser settings you can configure.

We will use this Policy to enable and configure all recent settings.

for all parameters to be applied to Edge, you can choose :

• whether the option can be modified by the end user or not.
• whether the option is applied to the "User" or to the "Device".

In this blog, I'm going to set all options to "cannot be changed" and apply them to the "Device".

1 - Action to take on Startup :

Enable this policy and Set it to Open a List of URLs. Whenever Microsoft Edge opens, a new tab is automatically open. You can also specify default URL / website as well. In my case I will specify "www.Google.com" as default.

To add this feature, type "Action to take on Startup" in the search bar then select setting with "Device" as type and without user can override option :

Select "Enable" then select "Open a new tab" as action to take on startup then select OK ta validate.

2 - Configure the new tab page URL :

This action allows you to specify a URL / web address with the opening of a new Tab.

Set it to Enabled and Provide New tab page URL. You can set this to any website you want. When you click on New Tab in Microsoft Edge, a website set here will automatically open.

To add this feature, type "Configure the new tab page page URL" in the search bar then select setting with "Device" as type and without user can override option :

Select "Enable" then add your default URL as new tab page URL then select OK ta validate.

3 - Set the new tab page as the home page :

in the previous section we added the url “www.google.com” as the opening URL for a new Tab, now we're going to apply the same parameter to the home page.

This option will set new tab page as your homepage. When you click the Home Button in Microsoft Edge, it will use the new tab page. Please keep in mind that clicking on the home page setting will not open a new tab. We’ll explore the user experience of clicking the home page in the later section of this blog post.

To add this feature, type "Set the new tab page as the home page" in the search bar then select setting with "Device" as type and without user can override option :

Select "Enable" then select OK ta validate.

4 - Sites to open when the browser starts :

Enable this option and define the sites you want to open when the browser starts. You can input one or multiple website URLs in the list by entering them in the text boxes.

In my case I will add only "www.google.com".

To add this feature, type "Sites to open when the browser starts" in the search bar then select setting with "Device" as type and without user can override option :

Select "Enable" and add your URLs to open when the browser starts then select OK ta validate.

5 - Show Home button on toolbar :

Shows the Home button on Microsoft Edge’s toolbar. Enable this policy to always show the Home button. Disable it to never show the button.

In our case, home button will open "Google" as we've already configured.

To add this feature, type "Show Home button on toolbar" in the search bar then select setting with "Device" as type and without user can override option :

Select "Enabled" then OK to validate.

6 - Enable Favorites Bar :

this step is very important so that the user can see the favorites we're going to add in the next section, once activated, the user won't be able to deactivate it.

To add this feature, type "Enable favorites bar" in the search bar then select setting with "Device" as type and without user can override :

Select "Enabled" then OK to validate.

7 - Add favorite folder to favorite bar with compagny links and apps :

The good part of this configuration is that Intune won't overwrite my favorites and replace them with the company's favorites, on the contrary, it will add the favors defined by the company to mine.

Configures a list of managed favorites.

To add this feature, type "Configure favorites" in the search bar then select setting with "Device" as type and without user can override :

In this section I will add some Office365 web apps just for test, You can configure it with your own Web links.

This is the code to add to the favorites configuration section.

[
  {
    "toplevel_name": "GlobalIT Bookmarks"
  },
  {
    "name": "Office365",
    "url": "https://office.com"
  },
  {
    "name": "Outlook",
    "url": "https://outlook.office.com"
  },
{
    "name": "Microsoft Teams",
    "url": "https://teams.microsoft.com/"
  } ,
{
    "name": "Sharepoint",
    "url": "https://globalitnow.sharepoint.com/"
  }  ,
{
    "name": "OneDrive",
    "url": "https://www.microsoft365.com/onedrive"
  } ,
{
    "name": "OneNote",
    "url": "https://www.microsoft365.com/launch/onenote?auth=2"
  } 

]        

Clic on "Ok" to validate.

8 - Configure Edge TyposquattingChecker :

The "TyposquattingChecker" is a feature built into the Microsoft Edge browser that protects you against typosquatting attacks.

Typosquatting is a form of cyberattack in which a cybercriminal registers a domain name that closely resembles that of a popular website or brand (for example, microsoft.com instead of microsooft.com : Notice the extra o in the name). The aim of this cybercrime is to trick users into visiting the malicious website, where they may be invited to enter their private information, such as usernames, passwords and credit card details.

The "TyposquattingChecker" in Edge warns you if you appear to have mistyped a popular domain name and could land on a malicious web page.

This is a very useful feature for strengthening your online security and protecting you against phishing attacks and other cyber threats.

To add this feature, type "Configure Edge TyposquattingChecker" in the search bar then select setting with "Device" as type and without user can override :

Select Enable ans validate by OK.

9 - Block tracking of users' web-browsing activity :

The "Tracking Prevention" option in Microsoft Edge is a privacy feature designed to block trackers that collect data on your browsing behavior. Trackers can collect data on how you interact with a site, such as the content you click on.

To add this feature, type "Block tracking" in the search bar then select setting with "Device" as type and without user can override :

Select "Enabled" then select one of those block type :

• Basic : Blocks potentially dangerous trackers, but allows most other trackers and those that personalize content and ads.
• Balanced (recommended) : Blocks potentially dangerous trackers and trackers from sites you haven't visited. Content and ads will probably be less personalized.
• Strict : Blocks potentially dangerous trackers and most trackers on all sites. Content and ads are likely to be minimally personalized. This option blocks most trackers, but may prevent some websites from behaving as expected.

In my case I'm choosing Balanced.

Valide with OK.

10 - Configure Microsoft Defender SmartScreen :

The "Microsoft Defender SmartScreen" option in Microsoft Edge is a security feature that helps protect your computer from malicious websites and downloads. Here's how it works:

• Alert on suspicious web pages : SmartScreen analyzes web pages and determines whether they might be suspicious. If it finds a suspicious site, SmartScreen displays a warning page advising you to proceed with caution.
• Defense against phishing and malicious sites : SmartScreen checks the sites you visit against a dynamic list of reported phishing and malware sites. If it finds a match, SmartScreen displays a warning that the site has been blocked for your safety.
• Download detection : SmartScreen checks your downloads against a list of reported malware sites and programs known to be dangerous. If a match is found, SmartScreen warns you that the download has been blocked for your safety.

To add this feature, type "Configure Microsoft Defender SmartScreen" in the search bar then select setting with "Device" as type and without user can override :

Select "Enabled" then validate with OK.

11 - Force Bing SafeSearch :

Bing SafeSearch is an automated filter used by parents, workplaces and schools to block Google results displaying harmful content, such as pornographic or violent images, videos and websites.

this policy will apply when users search from Edge on the Bing search engine.

To add this feature :

• type "Force Bing SafeSearch" in the search bar
• select setting with "Device" as type and without user can override option
• Select Enabled
• Select Safesearch mode that is in line with your company's policy (in my case I have choose : Moderate Search Restriction )
• Select OK.

12 - Force Google SafeSearch :

Google SafeSearch is an automated filter used by parents, workplaces and schools to block Google results displaying harmful content, such as pornographic or violent images, videos and websites.

It also forces queries in Google Web Search to be performed with SafeSearch set to active, and prevents users from changing this setting.

this policy will apply when users search from Edge on the Google search engine.

To add this feature :

• type "Force Google SafeSearch" in the search bar
• select setting with "Device" as type and without user can override option
• Select Enabled
• Select OK.

13 - Configure password protection warning trigger :

The "Configure password protection warning trigger" policy in Microsoft Edge lets you control when to trigger a password protection warning.

This feature alerts users when they reuse their protected password on potentially suspicious sites.

To add this feature :

• type "Password protection warning trigger" in the search bar
• select setting with "Device" as type and without user can override option
• Select Enabled
• Select "Password Protection Trigger" that meet your company needs (in my case I have use : Password Protection Warning On Password Reuse)
• Select OK.

Now that we've finished with the Microsoft Edge configurations, we'll be back to continue the Policy we started with.

Now that we've added all the configurations we want, we click on “Next” to move on to the next step.

You can add tag here if you want, I will skip this.

In my case, I will apply this configuration to all machines joined to Microsoft Intune.

Clic on save to apply this Policy.

IV - User Experience on Edge :

after checking that the policy is applied on my virtual machine from Intune

if you want to track how many parameters have been applied to your VM, you can see that all parameters have been successfully applied.

I opened Microsoft Edge and noticed the following changes:

• Edge started with a new Tab pointing directly to google.com
• You can clearly see the home button, which also takes you back to google.com
• There's also a new folder on the Favorites bar with the list of URLs mentioned in the Policy.

• If you go into the settings of the browser by typing edge://settings/profiles, the 1st thing you will notice is that in the middle of the page a message stating “Your browser is managed by your organization” is there.

• All the settings we have defined since intune are unchangeable now and managed solely by the company's global policy, as you can see here for example :

• Tracking Prevention is in Balanced mode and cant be changed by the end user.

• as you can also see, "TyposquattingChecker" and "Microsoft Defender SmartScreen" settings are applied and cant be changed by the end user.

V - Conclusion

In conclusion, Microsoft Intune offers a complete solution for optimizing the security and browsing experience on Chrome. Whether you're an individual concerned about your online security, or an enterprise looking to protect and effectively manage your employees' devices, Intune is an option worth considering. With its robust functionality and ease of management, it's more necessary than ever to adopt tools like Microsoft Intune to navigate safely and efficiently in today's digital world. We hope you have found this technical guide useful, and that it has provided you with the information you need to optimize your browsing experience with Microsoft Intune.

Thanks

Aymen EL JAZIRI

System Administrator