Create a Windows MS Edge Extension Policy

This policy governs the management of Microsoft Edge extensions, letting you control extension installation, usage, and permissions. By configuring this policy, organizations can enhance browser security, improve user productivity, and maintain a standardized browser environment. This policy allows for the control of which extensions are allowed, blocked, or force installed. When this policy is applied on devices, restart Microsoft Edge browser to enforce the configured settings.

Prerequisites:

• Devices must be enrolled in Windows MDM (Mobile Device Management).
• Target devices must be running Windows 10 (1809 and later), or any version of Windows 11. This policy is supported on the following Windows editions:
  • Windows Pro
  • Windows Enterprise
  • Windows Education
  • Windows SE
  • IoT Enterprise
  • IoT Enterprise LTSC
• For more information on device compatibility, see Agent Compatibility, System Requirements, and Impacts.

To create the policy:

1. Log in to the JumpCloud Admin Portal.
2. Go to DEVICE MANAGEMENT > Policy Management.
3. In the All tab, click (+).
4. On the New Policy panel, select the Windows tab.
5. Search and select MS Edge Extensions from the list, then click configure.
6. (Optional) In the Policy Name field, enter a new name for the policy or keep the default. Policy names must be unique.
7. (Optional) In the Policy Notes field, enter details such as creation date of the policy, and information on testing and deployment of the policy.
8. Under Settings, configure the following:
   • Block External Extensions - Selecting this checkbox prevents users from adding external extensions to Microsoft Edge, except for those from the Microsoft Edge Add-ons store. Edge should block attempts to install extensions from local files (.crx) or other external sources and display a relevant error message. This setting also blocks the developer mode extensions.
   • Extension Allowed Types - Specify one or multiple types of extensions users are allowed to install. Select from following Edge extension categories: extension, theme, user script, hosted app, legacy packaged app, platform app.
   • Disable Developer Mode Setting - Select this to prevent users from activating developer mode in Microsoft Edge, disabling options to load or pack extensions and use developer tools, and deactivating any extensions previously installed through developer mode. When the policy is disabled, users can freely enable developer mode to load unpacked extensions, pack extensions, and access developer tools. By default, this option is not enabled. 
   • Browser Extensions - Use the following options to allow or block extensions:
     • Allow All - Enabling this option allows users to download and install all kinds of extensions. By default, all extensions are allowed.
     • Allowlist - Specifies which extensions are not subject to the blocklist. Enter the name of extensions to allow that bypass the blocklist.
     • Blocklist - Specifies which extensions users are prohibited from installing. Enter the name of extensions to allow that bypass the allowlist. Any extensions that are already installed will be automatically disabled and cannot be re-enabled by the user. An extension will be automatically re-enabled if it is later removed from the blocklist.
   • Extension Force Install - Specifies a list of apps and extensions for silent installation.
   • Extensions Install Sources - Enter URLs of sites that contain extensions and themes that users can install. For example: https://corp.contoso.com/*
   • Blocklist for Extension Install Type - The blocklist prevents specific types of extensions from being installed.
9. (Optional) Select the Device Groups tab. Select one or more device groups where you want to apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
10. (Optional) Select the Devices tab. Select one or more devices where you want to apply this policy.
11. Click Save. If prompted, click Save again. No further action is needed for this policy to take effect.