Enable/Disable Edge Typosquatting Checker Using Intune & GPO

Typosquatting is a cyber threat in which the attacker registers a domain strikingly similar to another organization’s domain name—for example, cloudinnfra.net instead of cloudinfra.net. Notice the extra n in the name.

Edge Typosquatting Checker is a security feature designed to mitigate the risks associated with typosquatting by protecting users from typographical errors when entering URLs. This helps prevent users from inadvertently accessing websites that mimic legitimate ones and could be used for malicious purposes.

The Microsoft Edge web browser enables the TyposquattingChecker (Website typo protection) feature by default. However, you may want to ensure that users cannot disable this security feature using centralized policy controls.

• For Intune-managed devices:
  • If you manage end-user devices using Intune, you can easily create and deploy a Configure Edge TyposquattingChecker setting catalog policy.

• For Active-directory managed devices:
  • You can create a Group Policy object and use a Configure Edge Website Typo Protection setting.

We will look into both options individually, starting with Intune. Let’s check the steps.

Website Typo Protection option in Microsoft Edge

You may want first to check if the Website typo protection option is enabled or disabled in Microsoft Edge before you create an Intune or GPO policy. To check and confirm this option, follow the below steps:

• Open MS Edge browser.
• Type edge://settings/privacy in the address bar and press Enter.
• Scroll down to find an option for Website typo protection under the Security section.
• This should be Enabled by default, as shown in the screenshot below.

Configure Edge TyposquattingChecker using Intune

• Sign in to the Intune admin center.
• Go to Devices > Configuration > Create > New Policy.

• Select Platform as Windows 10 and later
• Profile type as Settings Catalog
• Click on the Create button.

Basics Tab

Enter the Name and Description of the profile. Click on Next to proceed. For Example:

• Name: Configure Edge TyposquattingChecker
• Description: This policy will enforce the enablement of Edge TyposquattingChecker on user’s devices in the Edge browser, preventing users from modifying this setting.

Configuration Settings

• Click on + Add settings
• In the Settings picker, search for TyposquattingChecker.
• Click on the Category Microsoft Edge\Typosquatting Checker settings.
• Check the box for Configure Edge TyposquattingChecker.

You may have noticed that the Configure Edge TyposquattingChecker setting has two options. One includes (User) in the name. Let me explain both options so that it’s easier for you to choose between them.

• Configure Edge TyposquattingChecker—If you choose this option, it will apply at the device level and to each user who signs in to the device. In essence, it will configure TyposquattingChecker in the Edge browser for all users on the target device. This is a device-based setting.

• Configure Edge TyposquattingChecker (User)—If you select this option, the setting will apply only to the targeted users and not affect the device-level configuration. Thus, this option is suitable if you enforce this change only on specific or all users using Edge browsers. This is a user-based setting.

I will use the Configure Edge TyposquattingChecker device-based setting to configure it for all users on the target devices.

• Use the Toggle switch to Enable this setting and click on Next to proceed to the next step. To disable this setting, keep it at its default Disabled state and click on Next.

This policy setting lets you configure whether to turn on Edge TyposquattingChecker. Edge TyposquattingChecker provides warning messages to help protect your users from potential typosquatting sites. By default, Edge TyposquattingChecker is turned on. If you enable this policy, Edge TyposquattingChecker is turned on. If you disable this policy, Edge TyposquattingChecker is turned off. If you don’t configure this policy, Edge TyposquattingChecker is turned on but users can choose whether to use Edge TyposquattingChecker.

About Edge TyposquattingChecker Intune setting

Scope tags

Click on Next.

Assignments tab

Select Add groups and select an Entra security group containing Windows 10/11 devices or Entra ID users. Adding devices to the group and targeting them is recommended for a controlled deployment. Once testing proves successful, you can expand the deployment by including additional devices in the group.

Review + create

Review the device configuration profile details on the Review + Create tab and click Create.

Sync Intune Policies

The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.

Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.

Monitoring Edge Typosquatting Checker Policy Deployment Progress

To monitor the deployment progress of a Device configuration profile, follow the below steps:

• Sign in to the Intune admin center.
• Click on Devices and then click on Configuration.
• Choose the Device Configuration profile you want to work with, and at the top of the page, you’ll see a quick view of the Success, Failure, Conflict, Not Applicable, and In Progress status.
• Click on View report to access more detailed information.

Configure Edge Website Typo Protection using Group Policy

On Active Directory joined devices, you can configure the Edge Website Typo Protection policy by creating a Group Policy Object on a domain controller. You can log in to a domain controller, another member server, or a client PC where you have installed the Group Policy Management Console and follow the steps below:

• Press the Windows key + R to open the Run dialog box.
• Type gpmc.msc to open the Group policy management console.
• Please navigate to the Group Policy Objects, right-click on it, and select New.
• Provide a Name of the GPO, For example, Configure Edge Website Typo Protection.

• Right-click on the newly created Group policy and select Edit.
• Navigate to Computer Configuration > Policies > Administrative Templates > Microsoft Edge > Edge Website Typo Protection Settings, and on the right-hand side, locate the policy setting Configure Edge Website Typo Protection.

Please note that if you cannot find the Microsoft Edge folder in the Group Policy Object (GPO) editor, you may need to download and import the Microsoft Edge ADMX templates on the domain controller first. For detailed instructions, please refer to this step-by-step guide: Download and Import ADMX Templates for Microsoft Edge.

Download and Import Microsoft Edge ADMX Template Files on a Domain Controller

• Double-click on it and Enable this policy. Click on OK to save the changes. If you want to disable the Website Typo Protection setting, select Disabled and click OK to save the changes.

This policy setting lets you configure whether to turn on Edge Website Typo Protection. Edge Website Typo Protection provides warning messages to help protect your users from potential typosquatting sites. By default, Edge Website Typo Protection is turned on.

If you enable this policy, Edge Website Typo Protection is turned on.

If you disable this policy, Edge Website Typo Protection is turned off.

If you don’t configure this policy, Edge Website Typo Protection is turned on but users can choose whether to use Edge Website Typo Protection.

About Configure Edge Website Typo Protection policy setting

Link the GPO to an Organizational Unit (OU)

After configuring the policy setting, configuring Edge Website Typo Protection, and saving the GPO, you must link it to an organizational unit containing Windows 10/11 computers. To test this GPO initially, link it with an OU containing a few test PCs. Once you confirm the policy is applying successfully, you can expand its scope by linking this GPO with an OU containing production/business user devices.

Update Group Policies on Target Windows Computers

The default Group Policy background refresh interval for Windows client computers, such as those running Windows 10/11, is set to 90 minutes, with a randomized offset time of up to 30 minutes.

To expedite the update process manually on a device or remotely, you can force a Group Policy update using gpudpate /force command. Alternatively, to apply the Group Policy on all target devices earlier without manual intervention or running any command, you can modify the default refresh interval for all computers using a group policy setting called Set Group Policy refresh interval for computers.

End-user Experience

After the devices successfully process the Intune or GPO policy on target Windows client computers, open the Microsoft Edge browser and type edge://settings/privacy in the address bar. Scroll down to the Security section and find the setting Website typo protection, which will be enabled (as configured in the Intune policy) and greyed out.

Users cannot change this option as it is greyed out, ensuring the seamless configuration of this setting across all your organization’s devices.

Read Next

• How to Install RSAT on Windows 10/11.

• How to Force Group Policy Update on Windows 11/10.

• How to Modify Group Policy Refresh Interval.

• Fix Windows Activation Error 0xC004C020 [2-Ways].

• 4 easy ways to get Windows 10/11 product key.