Restrict All Downloads from Microsoft Edge Browser to Protect Data using Intune

Hey, let’s discuss Restrict All Downloads from Microsoft Edge Browser to Protect Data using Intune. The download restriction policy in Microsoft Edge controls which files can be downloaded. It uses Microsoft Defender SmartScreen to check if files are safe or harmful. Admins can choose to allow all downloads, block dangerous ones, or block everything. This helps keep unsafe files out of the system

This policy is important because many threats come from online downloads. It protects against viruses, ransomware, and fake apps. By blocking harmful files, it reduces the chance of hacking and data loss. It also helps organizations follow security rules.

The policy helps users by stopping unsafe downloads even if they click by mistake. For organizations, it gives IT teams control to apply the same security rules on all devices. This keeps systems safe and lowers the risk of errors. It also saves time fixing infected systems.

The security benefits are very strong with this policy. It prevents malware from spreading, keeps sensitive data safe, and blocks harmful apps. This ensures smooth business operations and builds trust. In short, it balances safety and ease of use.

Sign up to get the best of How To Manage Devices straight to your inbox!

What are the Advantages of Enabling Download Restrictions Policy using Intune?

The download restriction policy in Intune provides strong protection by controlling what users can download. It helps block dangerous or suspicious files, reducing the risk of malware, ransomware, and data breaches. This policy also gives organizations better control over security and ensures safe browsing for users.

1. Protects users from downloading harmful files.
2. Reduces the risk of malware and ransomware attacks.
3. Helps prevent data breaches and loss of sensitive information.
4. Gives IT admins control over download security across all devices.
5. Saves time and cost by reducing recovery from infections.
6. Ensures compliance with organizational security policies.

Enable Download Restrictions using Intune Policy

Before Download Restriction Policy Enabled: Users could download any file without limits, even unsafe ones. This increased risks of malware, ransomware, and data theft. Organizations had less control, and IT teams had to deal with frequent security issues.

After Download Restriction Policy Enabled: Only safe or allowed files can be downloaded, while harmful files are blocked. This keeps devices, data, and networks secure. Organizations gain stronger control, and IT teams face fewer security problems.

• Control Multiple Automatic Downloads for Trusted Sites using Intune Policy
• Enable or Disable Insecure Download Warning Policy for Microsoft Edge using Intune
• How to Configure Offline Maps Download Over Metered Connection Policy using Intune

Create a Profile

To deploy this policy using the Microsoft Intune Admin Center, start by going to the Devices section and selecting Configuration Profiles. On the configuration page, click the + Create button. A new window titled Create a Profile will open.

• select the Platform as Windows 10 and later.
• choose Settings Catalog.

Basic Step

After creating a policy, the first step is Basics. In the Basics step, you need to enter the basic details about the policy, such as the name(Allow Download Restrictions), description(To Allow Download Restrictions) platform details, etc. The platform is set to Windows by default.

Configuration Setting – Settings Picker

The next tab is Configuration Settings, also known as the Settings Picker. In this section, you will see an option called Add Settings. When you click on it, a Settings Picker window will open. In the search bar, type Microsoft Edge and select Allow Download Restrictions.

Now you will see the policy displayed under the Configuration Settings main page. By default, this policy is disabled. If you want to proceed with it, click the Next button to continue.

Enable Download Restrictions Policy

If you want to enable the policy, you can do so easily. First, toggle the switch from left to right. When it turns blue, you can see three options.The setting is enabled.

Scope Tag

A scope tag is used to assign policies to specific groups within an organisation. The scope tag is not mandatory, so you can skip this section. Click Next if they’re not required for your setup.

Assignments

Here, you will see an option called Add Groups under the Include Groups section. Click on it. When you click, a list of available groups will appear. You can search for the group you want (e.g Test_HTMD_Policy). Then click the Next button.

Final Step

In this section, you can see a summary of everything you entered in the previous steps, such as basic details, configuration settings, assignment details, and more. If you want to change or edit anything, you can easily go back to the previous section. Click Create to finish, and a message will confirm that the was created successfully.

Device and User Check-in Status

To view a policy’s status, go to Devices > Configuration in the Intune portal, select the policy (like Allow Download Restrictions), and check that the status shows Succeeded (1). Use manual sync in the Company Portal to speed up the process.

Client-Side Verification

To confirm whether the policy is successful or not, you can use the Event Viewer. First, open Event Viewer and navigate to Applications and Services Logs > Microsoft > Windows > Device Management > Enterprise Diagnostic Provider > Admin. Use Filter Current Log and search the Event ID 814.

MDM PolicyManager: Set policy string, Policy:DownloadRestrictionsrecommended), Area:
(chromelntuneV1~Policy~qooqlechrome_recommenaea), EnronmenuD requesting merqe:
(EB427D85-802F-46D9-A3E2-D5B414587F63), Current User: (Device), String: (), Enrollment Type: (0x6), Scope: (0x0).

How to remove a Group from Download Restriction Policy

After creating the policy, if you want to remove the specific group that you previously selected, you can easily do that. First, go to Devices > Configuration policies. In the Configuration policy section, search and select the policy, fAllow Download Restrictions. In the Assignment section, you will find an Edit option and click on it. Then, click the Remove option.

For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.

Delete Download Restriction Policy from Intune

If you want to delete this policy for any reason, you can easily do so. First, search for the policy name in the configuration section. When you find the policy name, you will see a 3-dot menu next to it. Click on the 3 dots, then click the Delete button.

For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.

Need Further Assistance or Have Technical Questions?

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Author

Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.