All Things Migration from Internet Explorer to Edge Chromium

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.

MigIE-Edge.gif

                                                                                                    Brandon Wilson & Tan Tran

Hi IT Pros,  

We still get the questions about Internet Explorer migration to Edge Chromium once in a while, especially from Government Agency Customers, the questions usually related to the in-house legacy application’ compatibility and developer's tools.  

Today we discuss about all thing migration from IE to Edge, I have combined a check list of Edge's  features, how to run Edge in IE compatible mode and its limitations for your review. We also touch on the new Edge feature for developers, the Webview2 tool which will be available in the near future. 

 

Migration from IE to Edge check list. 

 

ActiveX control, Silverlight, Java

Objects (BHOs) like Silverlight or Java. However, if you're running web apps that use ActiveX controls,

BHOs, or legacy document  modes on Internet Explorer 11, you can configure them to

 run in IE mode on the new Microsoft Edge 

IE mode on Microsoft Edge makes it easy to use all of the sites your organization needs in a single

browser. It uses the integrated Chromium engine for modern sites, and it uses the Trident

MSHTML engine from Internet Explorer 11 (IE11) for legacy sites.

When a site loads in IE mode, the IE logo indicator displays on the left side of navigation bar. You can click the IE logo indicator to display additional information, as shown here:

TanTran_1-1612941919562.png

Edge browser in IE mode, features and configuration:

Only those sites that you specifically configure (via policy) will use the IE mode: 

Entering the site FQDN names in the Enterprise Mode Site List XML defined in one of these policies: 

      - Microsoft Edge, "Configure the Enterprise Mode Site List" 

      - Internet Explorer, "Use the Enterprise Mode IE website list" 

The Microsoft Edge site list policy takes precedence over the Internet Explorer site

list policy. 

IE mode supports the following Internet Explorer functionality 

 - All document modes and enterprise modes 

 - ActiveX controls (such as Java or Silverlight)

 - Browser Helper Objects 

 - Internet Explorer settings and Group Policies that affect the security zone settings and

   Protected Mode

 - The F12 developer tools for IE, when launch with IEChooser 

 - Microsoft Edge extensions (Extensions that interact with the IE page content directly are not 

    supported.) 

IE mode doesn't support the following Internet Explorer functionality 

 - Internet Explorer toolbars.

 - Internet Explorer settings and Group Policies that affect the navigation menu

   (for example - search engines, and home pages).

 - IE11 or Microsoft Edge F12 developer tools with the exception of IEChooser.

 

Using GPO to enable Edge Enterprise mode (IE compatible mode)

Computer configuration\Policies\Administrative template\Microsoft Edge 

  • Configure Internet Explorer integration 
  • Configure the Enterprise Mode Site List policy 
TanTran_2-1612941919582.png

 

Using GPO to enable IE Enterprise mode

Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website

list 

TanTran_3-1612941919565.png

 

More info: 

Turn on Enterprise Mode and use a site list

(Internet Explorer 11 for IT Pros) - Internet Explorer | Microsoft Docs 

 

Add multiple sites to the Enterprise Mode site list using a file and

the Enterprise Mode Site List Manager (schema v.2)

(Internet Explorer 11 for IT Pros) - Internet Explorer | Microsoft Docs 

If you know that your intranet sites are not going to work correctly with Microsoft Edge,

you can configure Microsoft Edge GPO with setting named "set all intranet sites to open using IE11"

to redirect intranet sites traffic to IE11 automatically as shown here:

Computer configuration\Policies\Administrative template\Microsoft Edge 

TanTran_0-1612948339886.png

 

Edge could detect and automatically redirect traffic from IE to Edge if there is

incompatible function.

Many modern websites have designs that are incompatible with Internet Explorer (IE). When an IE user

visits an incompatible public website, the user may get a message about incompatible browser.

After the message, starting with version 84, IE will automatically redirects users to Microsoft Edge. 

 

TanTran_1-1612947375750.png

Redirection from Internet Explorer to Microsoft Edge requires an Internet Explorer Browser Helper

Object (BHO) named "IEtoEdge BHO".

The RedirectSitesFromInternetExplorerPreventBHOInstall policy controls whether or not this

BHO is installed.

IE incompatible banner

If IE detect a modern Web site and it is incompatible with:

   - A website incompatibility banner is displayed under the address bar for each redirection.  TanTran_8-1612941919569.png   - Users may continue to use IE for websites that are not on the IE compatibility list. 

   - To Add or Remove Public site in compatible list : you could email your suggestion to

      ietoedge@microsoft.com 

   - When a site is redirected from Internet Explorer to Microsoft Edge, the Internet Explorer tab that started

     loading the site is closed if it had no prior content. Otherwise, the active tab view goes to a Microsoft

      support page that explains why the site was redirected to Microsoft Edge.

  

Microsoft Edge supported browser privacy with tracking prevention feature:

The tracking prevention feature in Microsoft Edge protects users from online tracking by restricting

the ability of trackers to access browser-based storage as well as the network. 

   - To configure, typing in the url address box "edge://settings/privacy"

   - If any of the visited host names match with a host name on the Disconnectlists of Edge,

     Microsoft Edge proceeds with evaluating enforcement actions to prevent users from being tracked. 

   - You could set 3 level of prevention as shown here: 
TanTran_9-1612941919579.png

 

To Unblock tracking prevention for Company's Web Developer:

Microsoft is currently working on the Storage Access API in the Chromium codebase.

The Storage Access API gives site developers a way to request storage access from users directly,

to quickly and intuitively unblock themselves. 

 

TanTran_0-1612949212842.png

 

Mitigation of "tracking prevention" for the companies belonged to the same Org or the Org

acquired by your Company:

Microsoft Edge exempts a site from tracking prevention when the site is making third-party requests

to other sites owned by the same parent organization (as defined in the Disconnect entities.json list) 

Edge Security Best practice - Enabling SmartScreen to protect the system running Edge

Microsoft Defender SmartScreen is a service that Microsoft Edge uses to keep you safe while you

browse the web. Microsoft Defender SmartScreen provides an early warning system, based on

Microsoft Security Intelligence about web sites ' reputation (Web site URL whitelist and Black list),

against websites that might engage in phishing attacks or attempt to distribute malware through a

focused attack. 

  - SmartScreen is enable by default on Edge, you could prevent End User from acting to disable

    SmartScreen by using GPO.

  - Whenever there is a false positive blockage of legitimate Web URL, you should provide

    the information to the Defender SmartScreen Support Team to clear the blockage instead of

    disable the SmartScreen function

   - The following screenshot shown the report's content:

TanTran_0-1613024249713.png

 

More detail about how to report about smartsreen blocking a legitimate URL or an appropriate

in-house Web application

  

Edge Security recommendation - Using Windows 10 Defender Application Guard (WDAG)

   - WDAG for Microsoft Edge is the strongest form of isolation today, users of Windows 10 Enterprise can

run the Microsoft Edge browser in a fully isolated hardware environment. Doing so provides the

highest level of protection against zero-day exploits, unpatched vulnerabilities, and web-based

malware.

   - The WDAG use Hyper-V virtual container to provides a temporary environment for users to

experience the Internet. The ability to refresh the container when a user logs off means malware does

not have a place to persist.

     

TanTran_2-1613025627824.png

 

more detail at Making Microsoft Edge the most secure browser with Windows Defender

Application Guard - Microsoft Security

 

Using  Microsoft Edge DevTools to debug Office-Add-in:

When the Office add-in is running in Microsoft Edge, you can use the Microsoft Edge DevTools. 

   > Run the add-in. 

   > Run the Microsoft Edge DevTools. 

   > In the tools, open the Local tab. Your add-in will be listed by its name. 

   > Click the add-in name to open it in the tools. 

   > Open the Debugger tab. 

   > Choose the folder icon above the script (left) pane. From the list of available files shown

       in the dropdown list, select the JavaScript file that you want to debug. 

   > To set a breakpoint, select the line. You will see a red dot to the left of the line and

      a corresponding line in the Call stack (bottom right) pane. 

   > Execute functions in the add-in as needed to trigger the breakpoint. 

 

About ClickOnce and DirectInvoke:

Currently, Edge Chromium doesn't provide native support for ClickOnce or DirectInvoke. 

ClickOnce and DirectInvoke are features available in IE and Microsoft Edge classic

(version 45 and earlier) that support the use of a file handler to download files from a website.  

ClickOnce requests are handled by the native file handler in Windows. 

DirectInvoke requests are handled by a registered file handler specified by the website hosting

the file. 

ClickOnce and DirectInvoke in Microsoft Edge | Microsoft Docs 

 

Edge Group Policy list: 

 Applies to Microsoft Edge version 77 or later (Edge Chromium). 

 

NEW POLICIES 

Name 

Caption 

BasicAuthOverHttpEnabled 

Allow Basic authentication for HTTP 

TargetBlankImpliesNoOpener 

Do not set window.opener for links targeting _blank 

WebWidgetAllowed 

Allow the Web widget 

WebWidgetIsEnabledOnStartup 

Enable the Web widget at Windows startup 

 

Available Browser policies 

AVAILABLE POLICIES 

Application Guard settings 

Cast 

Content settings 

Default search provider 

Extensions 

HTTP authentication 

Kiosk Mode settings 

Native Messaging 

Password manager and protection 

Performance 

Printing 

Proxy server 

Sleeping tabs settings 

SmartScreen settings 

Startup, home page and new tab page 

Additional 

IE redirection to Edge 

 

 

 

 

To configure the group policy for a default file type and protocol associations configuration file: 

  1. Open the Group Policy editor and go to the Computer Configuration\Administrative Templates\Windows Components\File Explorer. 
  1. Select Set a default associations configuration file. 

TanTran_10-1612941919585.png

 

Importing other Browser's favorite items into Microsoft Edge 

Open Microsoft Edge  and select Settings and more  at the top corner of the window. 

Select Favorites  > Import. 

Under Import from, select the browser from which you want to import your favorites or select Favorites or bookmarks HTML file. 

 

More Edge features and documents: 

Webview2 

 TanTran_11-1612941919573.png

 

 WebView2 is Microsoft’s new embedded web control (11-19-2020), built on top of Microsoft Edge (Chromium).  

The Microsoft Edge WebView2 control enables you to embed web technologies (HTML, CSS, and JavaScript) in your native applications 

Contact Webview2 team 

Edge browser 46 tips 

Microsoft Edge Tips 

Deploy and Update Edge by SCCM 

https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/deploy-edge 

 

All Edge Documents 

Microsoft Edge documentation - Microsoft Edge Development | Microsoft Docs 

 

 

Reference: 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.