Enable IE Mode and use a Site List in Edge Chromium with Microsoft Endpoint Manager

In this two part mini series we will look at enabling IE Mode in Edge Chromium using both Microsoft Intune and Microsoft Configuration Manager. I won’t be deep diving how IE Mode works in this post (although I was tempted) but I have posted links to the Microsoft Docs throughout if you want to dig deeper.

Too much interest to focus on delivering this solution with only one half of Endpoint Manager
  1. What is IE Mode?
  2. What is a Site List?
  3. Creating a Site List
  4. Prerequisites
  5. Part 1: Enable IE Mode and use a Site List in Edge Chromium with Microsoft Intune
  6. Part 2: Enable IE Mode and use a Site List in Edge Chromium with Microsoft Configuration Manager

What is IE Mode?

IE mode on Microsoft Edge is a simplified experience that combines a modern rendering engine and compatibility with legacy sites that require Internet Explorer in a single browser. IE mode provides an integrated browsing experience in Microsoft Edge, using the integrated Chromium engine for modern sites and leveraging Internet Explorer 11 (IE11) for legacy sites that require the Trident MSHTML engine.

https://docs.microsoft.com/en-us/deployedge/edge-ie-mode#what-is-ie-mode

If we don’t use IE Mode, and Edge Chromium is our default web browser, users could face issues when opening legacy websites that should open in IE. Microsoft have addressed this issue with “IE Mode”. If Edge Chromium is their default browser, they can still open legacy websites in Chromium but we can force the website to use the IE engine to address compatibility issues.

We will cover this in more detail later but you can easily recognise if a website is being displayed in IE Mode by looking for the IE symbol in the address bar

IE Mode is enabled for this website

What is a Site List?

In the context of “IE Mode”, a Site List is a list of user defined websites whereby we can manipulate the rendering engine and compatibility mode within Edge Chromium. The Site List is created in the XML format and should be stored in one of the following locations:-

  • (Recommended) HTTPS location*: https://azureblobstorageorsomething.com/IEMode_Sites.xml (we will be using a web server to store our Site List in this blog post)
  • Local network file: \\network\shares\sites.xml
  • Local file: file:///c:/Users/<user>/Documents/sites.xml

* A copy of the Site List is cached on the client so will work even during periods of internet access being unavailable. In case you haven’t thought about it already, I highly recommend you post the XML on an Azure AD Secured Site that requires User/Device authentication (if there is sensitive data in the Site List). The Azure AD Application Proxy could be leveraged for example https://byteben.com/bb/azure-ad-application-proxy-accessing-your-internal-web-apps-from-the-internet/

The following modes are supported for websites defined in the Site List:-

  • IE11: Opens the site in IE11, regardless of which browser is opened by the user.
  • MSEdge: Opens the site in Microsoft Edge, regardless of which browser is opened by the user.
  • None: Opens in whatever browser the user chooses.

We can configure the following compatibility modes for websites running in IE Mode

  • IE8Enterprise: Loads the site in IE8 Enterprise Mode.
  • IE7Enterprise: Loads the site in IE7 Enterprise Mode.
  • IE[x]: Where [x] is the document mode number and the site loads in the specified document mode.
  • Default Mode: Loads the site using the default compatibility mode for the page.

Read the following post for more information on modes and compatibility with IE Mode https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool#adding-a-site-to-your-compatibility-list

Creating a Site List

There are two different ways to generate the Site List. Manually or using the “Enterprise Mode Site List Manager”, version 2 (v.2) you can get that here https://www.microsoft.com/en-us/download/details.aspx?id=49974

One advantage of using the “Enterprise Mode Site List Manager” is it does a basic form of version control. More info on using the “Enterprise Mode Site List Manager” can be found here https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager

I won’t go into detail on how to use the “Enterprise Mode Site List Manager”, it is pretty straight forward.

The Site List is in an XML format. I used the “Enterprise Mode Site List Manager” executable above to create the initial XML formatting. I then found it straight forward to modify this XML manually to add additional websites. I maintain mine in Git so this is where my version control happens. Here is what the layout of the XML looks like:-

Site List XML Layout

Another example can be found here https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance#enterprise-mode-v2-schema-example

For the benefit of this post, i uploaded a demo Site List to https://byteben.com/bb/IEMode.xml We will cover the Edge Compat URL seen below later in this post, for now I wanted to show you that my Site List XML file is hosted on a web server – reachable by all my clients.

Site List XML file uploaded to https://byteben.com/bb/IEMode.xml

Prerequisites

There is an assumption that you are already using Edge Chromium if you are reading this post. If not, deploy it before you continue:-

If you are not using Windows 10 1909, you will need to ensure that the correct update is installed on your clients before you continue. The full list of supported systems and required updates can be found at https://docs.microsoft.com/en-us/deployedge/edge-ie-mode#prerequisites

Windows 101909 or laterNo Update Required
Windows 101903KB4501375 or later
Windows Server1903KB4501375 or later
Windows 101809KB4501371 or later
Windows Server1809KB4501371 or later
Windows Server2019KB4501371 or later
Windows 101803KB4512509 or later
Windows 101709KB4512494 or later

Note: Internet Explorer 11 must also be enabled in Windows Features for IE Mode to work

Enable IE Mode and use a Site List in Edge Chromium with Microsoft Intune

It is recommended to host the Site List XML on a web server. Before you continue, ensure you have uploaded your Site List XML to a location reachable by all your Intune enabled clients.

1 . Create a new Configuration Profile for Edge at https://devicemanagement.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMenu/configurationProfiles

(1) Name: Microsoft Edge IE Mode
( ) Description: Optional
(2) Platform: Windows 10 and later
(3) Profile Type: Administrative Templates
(4) Click Create

Create a new Configuration Profile for Edge

2 . In Settings choose Edge version 77 and Later from the Select a category type drop down box

In Settings choose Edge version 77 and Later from the Select a category type drop down box

3 . We need to configure two policies:-


3.1 . Configure Internet Explorer integration (User)

3.1.1 . Configure Internet Explorer integration Enabled
3.1.2 . Configure Internet Explorer integration Internet Explorer Mode

Configure Internet Explorer integration

3.2 . Configure the Enterprise Mode Site List (User)

3.2.1 . Configure the Enterprise Mode Site List Enabled
3.2.2 . Configure the Enterprise Mode Site List https://byteben.com/bb/IEMode.xml << URL where your Site List is hosted

Configure the Enterprise Mode Site List

Your configuration profile settings should look similar to this:-

Two settings configure to Enable and Configure IE Mode

4 . We need to assign this configuration profile to our Users. Select Assignments and choose a User Group

Assign the newly created configuration profile to a User Group

5 . On the Assignments blade, click Save

Verify IE Mode Configuration

Verify the Configuration Profile applied the policy in HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Edge

Verify the User Policy was applied at HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Edge

Verify the Configuration applied to the Users device from the Device Status tab in the Configuration Profile we just created

Verify the Configuration Profile applied to the assigned user on their device

Verify that IE Mode is now enabled and configured in Edge Chromium by navigating to edge://compat/enterprise

edge://compat/enterprise

Verify the Websites configured in the Site List XML file are working in IE Mode

IE Mode is working for the websites configured in the Site List

Summary

As you can see, it is fairly straight forward to configure IE Mode for Edge Chromium using Microsoft Intune. In the next part of this mini series we will deliver the same policies using Configuration Manager.

Further Reading:-

https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11
https://docs.microsoft.com/en-gb/DeployEdge/configure-edge-with-intune
https://docs.microsoft.com/en-us/deployedge/edge-ie-mode#what-is-ie-mode

9 thoughts on “Enable IE Mode and use a Site List in Edge Chromium with Microsoft Endpoint Manager”

  1. Is there a way to tell in the registry which version of the sites.xml file has been applied? In IE you can see the version that got applied of enterprise mode.

  2. Hey Ben,
    No issues, we’re Hybrid-AD with Co-management but everything still managed with MEMCM so I was curious how that option works (I’ve used the GPO option in the past with Enterprise Mode), could I apply this Intune option in our scenario or do we need to move a slider from CM to Intune for this to work as expected (excuse my ignorance or any abuse of the terminology but we’ve just introduced Intune into our enterprise and I’m still working my way through how all these pieces can work together)

    1. Hi Jamie, I’ve not tested that scenario yet. You can try setting the configuration in Intune as per the post and observe the behaviour on the devices. The MDM Diagnostics page will indicate if the CSPs in the policy are overriding anything set by a GPO. What workloads do you have set to Intune/Pilot Intune for those devices in scope?

  3. Hey Ben,
    Ok I’ll get it rolling and try it out. Currently the only workload that’s been moved is for Endpoint Security.

Leave a Reply to Anonymous Cancel Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.