- The New Edge Mustang
- The New Edge Cruise Ship
- Plays With The New Edge Factor Bundle
- The New Edge In Knowledge
This article describes the release cadence and anticipated release schedule for Microsoft Edge. Release cadence. Microsoft provides four options, called channels, to manage how often Microsoft Edge is updated with new features. The Microsoft Edge team plans to push public updates to the Beta and Stable channels every six weeks. Buy tickets to feel the thrill of New York from the highest outdoor sky deck in the entire Western Hemisphere. General Admission Book a date and time for your visit to Edge. We are updating Microsoft Edge Legacy to the new Microsoft Edge because we believe it is the best browser for business and educational institutions. Fundamentally, the new Microsoft Edge is a modern browser that offers a fast cadence in terms of delivering security updates, enabling responsive security.
-->Applies to: Configuration Manager (Current Branch)
The all-new Microsoft Edge is ready for business. Starting in Configuration Manager version 1910, you can now deploy Microsoft Edge, version 77 and later to your users. A PowerShell script is used to install the Edge build selected. The script also turns off automatic updates for Edge so they can be managed with Configuration Manager.
Deploy Microsoft Edge
Admins can pick the Beta, Dev, or Stable channel, along with a version of the Microsoft Edge client to deploy. Each release incorporates learnings and improvements from our customers and community.
Prerequisites for deploying
For clients targeted with a Microsoft Edge deployment:
PowerShell Execution Policy can't be set to Restricted.
- PowerShell is executed to perform the installation.
The Microsoft Edge installer and CMPivot are signed with the Microsoft Code Signing certificate. If that certificate isn't listed in the Trusted Publishers store, you'll need to add it. Otherwise, the Microsoft Edge installer and CMPivot won’t run when the PowerShell execution policy is set to AllSigned.
The device running the Configuration Manager console needs access to the following endpoints for deploying Microsoft Edge:
| Location | Use |
|---|---|
https://aka.ms/cmedgeapi | Information about releases of Microsoft Edge |
https://edgeupdates.microsoft.com/api/products?view=enterprise | Information about releases of Microsoft Edge |
http://dl.delivery.mp.microsoft.com | Content for Microsoft Edge releases |
Verify Microsoft Edge update policies
Configuration Manager version 1910
In version 1910, when Microsoft Edge is deployed, the installation script turns off automatic updates for Microsoft Edge so they can be managed with Configuration Manager. You can change this behavior using Group Policy. For more information, see Plan your deployment of Microsoft Edge and Microsoft Edge update policies.
Configuration Manager version 2002 and later
Starting in version 2002, you can create a Microsoft Edge application that's set up to receive automatic updates rather than having automatic updates disabled. This change allows you to choose to manage updates for Microsoft Edge with Configuration Manager or allow Microsoft Edge to automatically update. When creating the application, select Allow Microsoft Edge to automatically update the version of the client on the end user's device on the Microsoft Edge Settings page. If you previously used Group Policy to change this behavior, Group Policy will overwrite the setting made by Configuration Manager during installation of Microsoft Edge.
Create a deployment
Create a Microsoft Edge application using the built-in application experience, which makes Microsoft Edge easier to manage:
In the console, under Software Library, there's a new node called Microsoft Edge Management.
Select Create Microsoft Edge Application from either the ribbon, or by right-clicking on the Microsoft Edge Management node.
On the Application Settings page of the wizard, specify a name, description, and location for the content for the app. Ensure the content location folder you specify is empty.
On the Microsoft Edge Settings page, select:
- The channel to deploy
- The version to deploy
- If you want to Allow Microsoft Edge to automatically update the version of the client on the end user's device (added in version 2002)
On the Deployment page, decide if you want to deploy the application. If you select Yes, you can specify your deployment settings for the application. For more information about deployment settings, see Deploy applications.
In Software Center on the client device, the user can see and install the application.
Log files for deployment
| Location | Log | Use |
|---|---|---|
| Site server | SMSProv.log | Shows details if the creation of the app or deployment fails. |
| Varies | PatchDownloader.log | Shows details if the content download fails |
| Client | AppEnforce.log | Shows installation information |
Update Microsoft Edge
Starting in Configuration Manager version 1910, you'll see a node called All Microsoft Edge updates under Microsoft Edge Management. This node helps you manage updates for all Microsoft Edge channels.
To get updates for Microsoft Edge, ensure you have the Updates classification and the Microsoft Edge product selected for synchronization.
In the Software Library workspace, expand Microsoft Edge Management and click on the All Microsoft Edge Updates node.
If needed, click Synchronize Software Updates in the ribbon to start a synchronization. For more information, see Synchronize software updates.
Manage and deploy Microsoft Edge updates like any other update, such as adding them to your automatic deployment rule. Some of the common updates tasks you can do from the All Microsoft Edge Updates node include:
Microsoft Edge Management dashboard
(Introduced in version 2002)
Starting in Configuration Manager 2002, the Microsoft Edge Management dashboard provides you insights on the usage of Microsoft Edge and other browsers. In this dashboard, you can:
- See how many of your devices have Microsoft Edge installed
- See how many clients have different versions of Microsoft Edge installed.
- This chart doesn't include Canary Channel.
- Have a view of the installed browsers across devices
- Have a view of preferred browser by device
- Currently for the 2002 release, this chart will be empty.
Prerequisites for the dashboard
Enable the following properties in the below hardware inventory classes for the Microsoft Edge Management dashboard:
Installed Software - Asset Intelligence (SMS_InstalledSoftware)
- Software Code
- Product Name
- Product Version
Default Browser (SMS_DefaultBrowser)
- Browser Program ID
Browser Usage (SMS_BrowserUsage)
- BrowserName
- UsagePercentage
View the dashboard
From the Software Library workspace, click Microsoft Edge Management to see the dashboard. Change the collection for the graph data by clicking Browse and choosing another collection. By default your five largest collections are in the drop-down list. When you select a collection that isn't in the list, the newly selected collection takes the bottom spot on your drop-down list.
Known issues
Hardware inventory may fail to process
Hardware inventory for devices might fail to process. Errors similar to the one below may be seen in the Dataldr.log file:
Mitigation: To work around this issue, disable the collection of the Browser Usage (SMS_BrowerUsage) hardware inventory class.
Next steps
UPDATE: Timelines in this post were updated in March 2020 and October 2020 to reflect the best available information.
HTTPS traffic is encrypted and protected from snooping and modification by an underlying protocol called Transport Layer Security (TLS). Disabling outdated versions of the TLS security protocol will help move the web forward toward a more secure future. All major browsers (including Firefox, Chrome, Safari, Internet Explorer and Edge Legacy) have publicly committed to require TLS version 1.2 or later by default starting in 2020.
The New Edge Mustang
Starting in Edge 84, reaching stable in July 2020, the legacy TLS/1.0 and TLS/1.1 protocols will be disabled by default. These older protocol versions are less secure than the TLS/1.2 and TLS/1.3 protocols that are now widely supported by websites:
To help users and IT administrators discover sites that still only support legacy TLS versions, the edge://flags/#show-legacy-tls-warnings flag was introduced in Edge Canary version 81.0.392. Simply set the flag to Enabled and restart the browser for the change to take effect:
Subsequently, if you visit a site that requires TLS/1.0 or TLS/1.1, the lock icon will be replaced with a “Not Secure” warning in the address box, alongside the warning in the F12 Developer Tools Console:
As shown earlier in this post, almost all sites are already able to negotiate TLS/1.2. For those that aren’t, it’s typically either a simple configuration option in either the server’s registry or web server configuration file. (Note that you can leave TLS/1.0 and TLS/1.1 enabled on the server if you like, as browsers will negotiate the latest common protocol version).
In some cases, server software may have no support for TLS/1.2 and will need to be updated to a version with such support. However, we expect that these cases will be rare—the TLS/1.2 protocol is now over 11 years old.
Obsolete TLS Blocks Subdownloads
Often a website pulls in some page content (like script or images) from another server, which might be running a different TLS version. In cases where that content server does not support TLS/1.2 or later, the content will simply be missing from the parent page.
You can identify cases like this by watching for the message net::ERR_SSL_OBSOLETE_VERSION in the Developer Tools console:
Unfortunately, a shortcoming in this console notification means that it does not appear for blocked subframes; you’ll need to look in the Network Tab or a NetLog trace for such failures.
Group Policy Details
Organizations with internal sites that are not yet prepared for this change can configure group policies to re-enable the legacy TLS protocols.
For the new Edge, use the SSLVersionMin Group Policy. This policy will remain available until the removal of the TLS/1.0 and TLS/1.1 protocols from Chromium in May 2021. Stated another way, the new Edge will stop supporting TLS/1.0+1.1 (regardless of policy) in May 2021.
For IE11 and Edge Legacy, the policy in question is the (dubiously-named) “Turn off encryption support” found inside Windows Components/Internet Explorer/Internet Control Panel/Advanced Page. Edge Legacy and IE will likely continue to support enabling these protocols via GP until they are broken from a security POV; this isn’t expected to happen for a few years.
The New Edge Cruise Ship
IE Mode Details
These older protocols will not be disabled in Internet Explorer and Edge Legacy until Spring 2021.
The New Edge has the ability to load administrator-configured sites in Internet Explorer Mode. IEMode tabs depend on the IE TLS settings, so if you need an IEMode site to load a TLS/1.0 website after Spring of 2021, you’ll need to enable TLS/1.0 using the “Turn off encryption support” group policy found inside Windows Components/Internet Explorer/Internet Control Panel/Advanced Page.
If you need to support a TLS/1.0 site in both Edge and IE Modes (e.g. the site is configured as “Neutral”), then you will need to set both policies (SSLVersionMin and “Turn off Encryption Support”).
Plays With The New Edge Factor Bundle
Thanks for your help in securing the web!
The New Edge In Knowledge
-Eric