Set Microsoft Edge as default browser using Microsoft Intune

  • Applies to: Windows 10 and Windows 11
  • Microsoft Edge: Version 77 or later

You can set Microsoft Edge as your default browser on a Windows 10/11 devices using Intune admin center. If all your organization devices are enrolled and managed using Intune, then you can create a Device configuration profile to configure Microsoft Edge as a default browser on all devices.

You will first need to generate app association XML file on a Windows 10/11 device, then you can deploy this file to the end user devices in one of the following ways:

  1. Using Device configuration profile > Settings catalog > default association configuration
  2. Using ApplicationDefaults/DefaultAssociationsConfiguration OMA-URI setting. The exact OMA-URL URL is provided at the end of the blog post.

First let’s check the first deployment option which is also a bit easier than the 2nd option (OMA-URI). Please follow below steps to generate default app association XML file.

Step 1 – Generate Default app Association XML

First, generate a default app association XML file from any Windows 10 or Windows 11 PC. To generate default app association xml file follow below steps:

Set Microsoft Edge browser as default browser manually

You will need to login on a Windows 10 or Windows 11 PC and set Microsoft Edge as a default browser manually. Do this by going to Settings -> Apps -> Default apps -> Web browser -> Select Microsoft Edge.

Configure Microsoft Edge browser as default manually on a Windows 10/11 device
Configure Microsoft Edge browser as default manually on a Windows 10/11 device

Generate App Associations XML File

  • Create an empty folder anywhere in your system. For example: C:\temp.
  • Open command prompt as an administrator and run below command:
Dism /Online /Export-DefaultAppAssociations:"C:\temp\AppAssociations.xml"
Create App association file using DISM command
Create App association XML file using DISM command
  • Open the AppAssociations.xml file and remove all other app associations except Microsoft Edge. It should look similar to below. If you do not want to associate .pdf files with Microsoft Edge then you can remove the line with .pdf from the XML and proceed.
<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
  <Association Identifier=".htm" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
  <Association Identifier=".html" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
  <Association Identifier=".pdf" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
  <Association Identifier="http" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
  <Association Identifier="https" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" /> 
  <Association Identifier="read" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
</DefaultAssociations>

Step 2 – Encode App associations XML to base64 format

Now you have your AppAssociations.xml file. We need to use a base64 encoder app to convert it to a base64 encoded XML:

  • Click on base64encode link
  • Copy the contents of App associations XML file into the encoder and click on Encode button.
  • You will get an Output. Copy and paste the Output somewhere in notepad.
Encode Appassociation.xml file to convert it into base64 encoded XML format
Encode Appassociation.xml file to convert it into base64 encoded XML format

Step 3 – Create Intune Device Configuration Profile

To create a Device Configuration Profile, Please follow below steps:

  • Login on Microsoft intune admin Center
  • Click on Devices -> Configuration profiles -> Create Profile
  • Select Platform type as Windows 10 and later
  • Select Profile type as Settings Catalog
  • Click on Create

Basics

  • Provide a Name and Description of the Policy
  • Click on Next to Proceed.

Configuration Tab

  • Click on + Add settings.
  • Search for Application Defaults in the Settings Picker.
  • Check / Select Default Associations Configuration.
  • Close the Settings Picker.
  • Copy the base64 encoded value generated in previous step in the Default Associations configuration Textbox.
Default Associations Configuration - Paste the encoded base64 value in the text box
Default Associations Configuration – Paste the encoded base64 value in the text box

Assignments Tab

Either Add all devices or an Azure AD security group containing specific devices.

Assign the profile to either All devices or an Azure AD security group
Assign the profile to either All devices or an Azure AD security group

Review + Create

Review the policy and click on Create to create the policy.

Intune Policy Refresh Cycle

The Device will Sync / Check in to start Device configuration profile deployment. It may take some time for the process to start. Therefore, if you are testing it on a test device, you can force initiate Intune refresh cycle on the device which will speed up the download and configuration process. You can also use Powershell to force initiate Intune refresh cycle.

Also, you can restart the device first which also starts the device check-in process. Manual sync is not mandatory on user’s devices as the device check-in process happens automatically. But if you are testing this setting on a test device then this can speed up your testing and can save some time.

End User Experience

Now, let’s check one of the Windows 10/11 device where we have targeted this policy. We are expecting that Microsoft edge will be the default browser. You can verify it by following below steps:

Using Settings App on Windows 10/11

  • Go to the Settings App on the device.
  • Click on Apps -> Default Apps.
  • Scroll down on the page to find Web browser.
  • You will see that Microsoft Edge is selected as your default browser now. I did change my default browser to Google Chrome, Synced and then restarted my device. Its changed it back to Microsoft Edge due to this policy.

Please note that users can still change the Default Web browser back to Google Chrome or Firefox etc. manually, but during the next Intune refresh cycle this will again revert back to Microsoft Edge.

Confirm on the device if Microsoft Edge is set to default
Confirm on the device if Microsoft Edge is set to default

Monitoring from Intune admin center

To check if the Device Configuration Profile has been deployed successfully. Please follow below steps:

  • From Microsoft Intune admin center, Click on Devices on the left hand side
  • Click on Configuration Profiles
  • Search for Set Microsoft Edge as Default Browser device configuration profile or whatever name you had provided at the time of creation of this policy
  • In the Overview section you can check the deployment status. You can also click on View report to find more information about the deployment status
Monitor Microsoft Edge browser set as default profile using Intune admin center
Monitor Microsoft Edge browser set as default profile using Intune admin center

Verify Default app association using Registry

Follow below steps to Verify if Default app association setting has been applied successfully.

  • Go to Start -> Type Regedit and click on Registry Editor.
  • Find the Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\ApplicationDefaults
  • You can check the Registry Entry on the right hand side: DefaultAssociationsConfiguration which should be now set to base64 encoded value configured via Intune.

Verify Default app association using Event viewer

You can also check via Event viewer if Default app association Policy has been deployed to targeted devices. Please follow below steps to check:

  • Go to Start -> Search for Event Viewer and click on it to Launch Event Viewer.
  • Expand Application and Services logs -> Microsoft -> Windows.
  • Find DeviceManagement-Enterprise-Diagnostics-Provider folder.
  • Click on Admin and Filter for Event ID 814.
  • Go through the logs to find the this particular policy status.
Check Default app association XML from Event viewer
Check Default app association XML from Event viewer

OMA-URI setting for deploying Default app association

You can also use an OMA-URI setting to configure Microsoft Edge as your default browser but using Settings Catalog seems a bit simpler. If you wish to use OMA-URI then you can create a Custom device configuration profile and then Add below OMA-URI Setting:

NameMicrosoftEdgeDefaultBrowser
DescriptionSet Microsoft Edge as Default Browser.
OMA-URI./Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration
Data typeString
Valuebase64 encoded output value

Conclusion

In this blog post, we have seen how to configure Microsoft Edge as your default browser using Microsoft Intune. You can also use the same steps and set Google Chrome or Firefox or any browser as a default browser. For this, Instead of Microsoft Edge you need to Set Google Chrome or Firefox on a device manually, generate a default App association XML file, encode to base64 format and use Intune Device Configuration Profile to configure it.

References

You can use below reference / links which provide more information about setting Microsoft Edge as default browser:

READ NEXT