Hi, About a month or so ago I looked at the doco for the new Edge Chromium with an eye to deploying it in our organisation. Intego washing machine for mac download. At that stage the doco said that the initial deployment had to be via msi through Config Manager but that version upgrades would come via WSUS (in the product, Microsoft Edge). Hi, About a month or so ago I looked at the doco for the new Edge Chromium with an eye to deploying it in our organisation. At that stage the doco said that the initial deployment had to be via msi through Config Manager but that version upgrades would come via WSUS (in the product, Microsoft Edge).
Applies to: Configuration Manager (Current Branch)
The all-new Microsoft Edge is ready for business. Starting in Configuration Manager version 1910, you can now deploy Microsoft Edge, version 77 and later to your users. A PowerShell script is used to install the Edge build selected. The script also turns off automatic updates for Edge so they can be managed with Configuration Manager.
Deploy Microsoft Edge
Admins can pick the Beta, Dev, or Stable channel, along with a version of the Microsoft Edge client to deploy. Each release incorporates learnings and improvements from our customers and community.
Prerequisites for deploying
For clients targeted with a Microsoft Edge deployment:
PowerShell Execution Policy can't be set to Restricted.
- PowerShell is executed to perform the installation.
The Microsoft Edge installer and CMPivot are signed with the Microsoft Code Signing certificate. If that certificate isn't listed in the Trusted Publishers store, you'll need to add it. Otherwise, the Microsoft Edge installer and CMPivot won’t run when the PowerShell execution policy is set to AllSigned.
The device running the Configuration Manager console needs access to the following endpoints for deploying Microsoft Edge:
Location | Use |
---|---|
https://aka.ms/cmedgeapi | Information about releases of Microsoft Edge |
https://edgeupdates.microsoft.com/api/products?view=enterprise | Information about releases of Microsoft Edge |
http://dl.delivery.mp.microsoft.com | Content for Microsoft Edge releases |
Verify Microsoft Edge update policies
Configuration Manager version 1910
In version 1910, when Microsoft Edge is deployed, the installation script turns off automatic updates for Microsoft Edge so they can be managed with Configuration Manager. You can change this behavior using Group Policy. Download mac latest software. For more information, see Plan your deployment of Microsoft Edge and Microsoft Edge update policies.
Configuration Manager version 2002 and later
Starting in version 2002, you can create a Microsoft Edge application that's set up to receive automatic updates rather than having automatic updates disabled. This change allows you to choose to manage updates for Microsoft Edge with Configuration Manager or allow Microsoft Edge to automatically update. When creating the application, select Allow Microsoft Edge to automatically update the version of the client on the end user's device on the Microsoft Edge Settings page. If you previously used Group Policy to change this behavior, Group Policy will overwrite the setting made by Configuration Manager during installation of Microsoft Edge.
Create a deployment
Create a Microsoft Edge application using the built-in application experience, which makes Microsoft Edge easier to manage:
Hp essential software for mac download. In the console, under Software Library, there's a new node called Microsoft Edge Management.
Select Create Microsoft Edge Application from either the ribbon, or by right-clicking on the Microsoft Edge Management node.
On the Application Settings page of the wizard, specify a name, description, and location for the content for the app. Ensure the content location folder you specify is empty.
On the Microsoft Edge Settings page, select:
- The channel to deploy
- The version to deploy
- If you want to Allow Microsoft Edge to automatically update the version of the client on the end user's device (added in version 2002)
On the Deployment page, decide if you want to deploy the application. If you select Yes, you can specify your deployment settings for the application. For more information about deployment settings, see Deploy applications.
In Software Center on the client device, the user can see and install the application.
Log files for deployment
Location | Log | Use |
---|---|---|
Site server | SMSProv.log | Shows details if the creation of the app or deployment fails. |
Varies | PatchDownloader.log | Shows details if the content download fails |
Client | AppEnforce.log | Shows installation information |
Update Microsoft Edge
Starting in Configuration Manager version 1910, you'll see a node called All Microsoft Edge updates under Microsoft Edge Management. This node helps you manage updates for all Microsoft Edge channels.
Wsus Edge Training
To get updates for Microsoft Edge, ensure you have the Updates classification and the Microsoft Edge product selected for synchronization.
In the Software Library workspace, expand Microsoft Edge Management and click on the All Microsoft Edge Updates node.
If needed, click Synchronize Software Updates in the ribbon to start a synchronization. For more information, see Synchronize software updates.
Manage and deploy Microsoft Edge updates like any other update, such as adding them to your automatic deployment rule. Some of the common updates tasks you can do from the All Microsoft Edge Updates node include:
Microsoft Edge Management dashboard
(Introduced in version 2002)
Starting in Configuration Manager 2002, the Microsoft Edge Management dashboard provides you insights on the usage of Microsoft Edge and other browsers. In this dashboard, you can:
- See how many of your devices have Microsoft Edge installed
- See how many clients have different versions of Microsoft Edge installed.
- This chart doesn't include Canary Channel.
- Have a view of the installed browsers across devices
- Have a view of preferred browser by device
- Currently for the 2002 release, this chart will be empty.
Prerequisites for the dashboard
Enable the following properties in the below hardware inventory classes for the Microsoft Edge Management dashboard:
Installed Software - Asset Intelligence (SMS_InstalledSoftware)
- Software Code
- Product Name
- Product Version
Default Browser (SMS_DefaultBrowser)
- Browser Program ID
Browser Usage (SMS_BrowserUsage)
- BrowserName
- UsagePercentage
View the dashboard
From the Software Library workspace, click Microsoft Edge Management to see the dashboard. Change the collection for the graph data by clicking Browse and choosing another collection. By default your five largest collections are in the drop-down list. When you select a collection that isn't in the list, the newly selected collection takes the bottom spot on your drop-down list.
Known issues
Hardware inventory may fail to process
Hardware inventory for devices might fail to process. Errors similar to the one below may be seen in the Dataldr.log file:
Mitigation: To work around this issue, disable the collection of the Browser Usage (SMS_BrowerUsage) hardware inventory class.
Next steps
Wsus Edge Install
April’s Patch Tuesday brings us several, security-related, Microsoft Office updates and some small changes in UX and accessibility. In addition, Microsoft has also announced the much-needed retirement of the “legacy”, non-Chromium-based Edge Browser. The changes will come into effect at 10:00 PST. The decision to remove EdgeHTLML, by actively replacing it with Chromium, following the March end-of-support Edge announcement. At the same, Microsoft has encouraged organizations and consumers to upgrade to the latest Edge version.
April Patch Tuesday Highlights
On the 6th of April, Microsoft has pushed the KB4486672 update for Office Standard 2016, Office Professional 2016, Office Professional Plus 2016, Office Home and Business 2016, and Office Home and Student 2016.
As Askwoody’s MS-DEFCON columnists pointed out, Office 2016 was the only EOS MS product to receive an update. We would like to remind the users that Microsoft officially ended mainstream support for the 2016 business and home versions of Office on the 13th of October 2016. End of Support is scheduled for the 14th of October 2025. As expected, the vendor encourages all clients running any of the above-mentioned products to deploy the update as soon as possible.
So far, there’s just one issue associated with the KB4486672 deployment. Some users (i.e., Microsoft has yet to disclose if the issue predominantly affects home or enterprise end-users) might experience Office application stability or non-responsiveness issues. Microsoft stated that the problem lies in the registry code writing process and proposes the following fix:
- Download the KB4486672 update manually and execute the .msi pack. Alternatively, you can use Microsoft’s Update Center to automatically download and deploy the pack.
- Run Regedit.msc with administrative rights.
- Navigate to HKEY_CURRENT_USERSSoftwareMicrosoftOffice16.0General.
- Find the value EnableAdvancedRegistryHangDetection.
- Set value type to DWORD and Value data to 1. Save changes.
Note: if you are unable to locate the General key in 16.0, you will need to create one. When you’re done, define EnableAdvancedRegistryHangDetection under General by right-clicking on the right panel, highlighting new, and left-clicking on the DWORD button.
As mentioned in the intro, Patch Tuesday also delivers several UX and accessibility improvements. To name a few, as of the April roll, Microsoft fixed an issue with the zoom function that appears when a user utilizes the Microsoft Edge IE Mode on a multi-mon high DPI setup.
In addition, MS also fixed a minor HDR-related issue that made the display appear darker. Some child account-related issues were patched – users are now notified when a child account defined in the Family Safety section attains andor requests administrative privileges. Last, but not least, Microsoft also fixed an OneDrive syncing issue that caused the endpoint to stop working if the user would delete files or folders currently in use by OneDrive.
Edge’s anticipated retirement will impact most Windows 10 versions, from build 1803, released in April 2018, all the way to the 20H2 build. Microsoft’s decision to discontinue support for Microsoft Edge and replace the EdgeHTML rendering engine with the Chromium, open-source project, is a sound one and should facilitate the web development process as well as eliminating any disparities in web compatibility. Chromium updates will not impact users running Windows 7, Windows 8.0, or Windows 8.1.
Additional Security Tips
We always encourage our readers and customers to deploy every security and non-related security update in a timely manner. Here are some other things you can try in order to increase your overall security.
#1. Ensure that all Edge related updates are deployed correctly when using a private WSUS server.
To enforce the update all across your endpoint network, make sure that the new Edge version has been added to your WSUS catalog. Please refer to Microsoft’s Edge Management for additional information and instruction on how to deploy Edge with WSUS.
#2. Use legitimate means to deploy security updates.
Only download and install Windows Updates from known and legit sources like MS’s Update Center or MS’s official website. If you receive emails urging you to install critical Windows updates, please disregard and delete the email. Clicking on any of the links enclosed in such messages could lead to debilitating virus infections or even ransomware.
Heimdal™ Security recommends a safe and automatic updating and patching solution to prevent these fraudulent attempts. Patch & Asset Management is your one-stop, fully automated updating and patching toolbox that empowers you to download, install, and configure any 3rd party, MS, or updates for proprietary software.
#3. Restore points.
Before deploying the new updates, don’t forget to create restore points. No major issues have been reported so far, but better safe than sorry. Creating a restore point is easy and can save you from a lot of trouble if something goes wrong during an update.
Parting thoughts
Edge is dead, long live, well, Edge. April’s patching bout isn’t as ‘meaty’ as the one in March, but still crucial to your endpoint’s wellbeing. As always, stay safe, subscribe to Heimdal’s newsletter for more cybersecurity awesomeness, and shot me an email if you have any more questions.