Let’s discuss Enable Component Updates in MS Edge to Enhance Browser Security using Intune. component updates in Microsoft Edge,” controls whether the browser automatically updates its internal components. These aren’t the main browser updates that deliver new versions, but rather small list.
With this policy, organizations can enforce security posture by ensuring critical security fixes, such as updates to certificate revocation lists and malware definitions, are applied automatically and promptly. By enabling this policy, Data breach and malware infections can be easily avoided.
However, some components are exempt from this policy. This includes any component that doesn’t contain executable code, that doesn’t significantly alter the behavior of the browser, or that’s critical for security. That is, updates that are deemed “critical for security” are still applied even if you disable this policy.
By enabling This policy, Admins don’t have to manually track and deploy every small component update for every user’s browser. Admins can trust that even if they disable the policy for a specific reason (e.g., to troubleshoot a compatibility issue), critical security updates will still get through.
Table of Contents
Enable Component Updates in MS Edge to Enhance Browser Security using Intune
As you know, End users are the first line of defence against online threats. This policy ensures their browser is equipped with the latest defences, such as updated phishing filters and malware protection lists. This policy is very useful for different organisations. Let me explain with real real-world example. Imagine you are an IT admin at a Financial firm and using Microsoft Edge as the default browser.
Microsoft updated the its internal lists of known bad sites a (component update)which are created every day. By enabling this policy, Microsoft releases a new update to this list, and the firm’s employees’ browsers automatically receive it. An employee who might have otherwise clicked on a link to a newly created phishing site is now protected because their browser recognizes it as malicious, thanks to the continuously updated security list.
- Enable or Disable Component Updates Policy in MS Edge Browser using M365 Admin Center
- Enable or Disable Background Template List Updates Policy in MS Edge Browser using M365 Admin Center
- Windows Update for Business Renamed to Windows Update Client Policies
How to Configure Component Updates in MS Edge
By signing in Microsoft Intune admin center, you can start configuring Component Updates in MS Edge. Open the Microsoft Intune Admin center. Go to Devices > Configuration > +Create >+ New Policy.
Profile Creation
After that, you can create the profile for the policy by selecting the platform and profile. It is a very necessary step and you cannot skip this. Here I would like to configure the policy to Windows 10 and later platform and settings catalog profile. Then click on the Create button.
Adding Basic Details
Basic tab helps you to give an identify for the settings you have to select for policy creation. You should add appropriate name and description for policy. Here is Name is mandatory and description is optional. After adding this click on the Next button.
Configure Component Updates in MS Edge
On the Configuration Tab, you can see the +Add settings hyperlink to access specific settings. When you click on this hyperlink, you will get Settings Picker. Here, I would like to select the settings by browsing by Category. I choose Microsoft Edge. Then, I choose Enforce Bing SafeSearch settings.
Disable Component Updates in MS Edge
If you disable this policy or set it to false, component updates are disabled for all components in Microsoft Edge. By default, this policy is disable, if you want to go with this value, click on the Next button.
Enable Component Updates
If you enable this policy, component updates are enabled in Microsoft Edge. Microsoft Edge will automatically download and apply updates to its various internal parts. This is the default and recommended setting. Here I would like to enable this policy.
Selecting Scope Tags
Scope Tags sections help you add restrictions to the visibility of the Policy. But it is not a mandatory step, so you can skip this step. Here, I don’t add scope tags for Bing SafeSearch Policy. Click on the Next button.
Selecting Group from the Assignment Tab
To assign the policy to specific groups, you can use the Assignment Tab. Here I click, +Add groups option under Included groups. I choose a group from the list of groups and click on the Select button. Again, I click on the Select button to continue.
Review + Create Tab
Before completing the policy creation, you can review each tab to avoid misconfiguration or policy failure. After verifying all the details, click on the Create Button. After creating the policy, you will get a success message.
Monitoring Status
The Monitoring Status page shows whether the policy has succeeded or not. To quickly configure the policy and take advantage of the policy sync, the device on the Company Portal, Open the Intune Portal. Go to Devices > Configuration > Search for the Policy. Here, the policy shows as successful.
Event Viewer
It helps you check the client side and verify the policy status. Open the Client device and open the Event Viewer. Go to Start > Event Viewer. Navigate to Logs: In the left pane, go to Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin.
- You will get the success result on Event ID 814
| Event ID Details |
|---|
| MDM PolicyManager: Set policy string, Policy: (ComponentUpdatesEnabled), Area: (microsoft_edge~Policy~microsoft_edge), EnrollmentID requesting merge: (EB427D85-802F-46D9- A3E2-D5B414587F63), Current User: (Device), String: (), Enrollment Type: (0x6), Scope: (0x0) |
Removing the Assigned Group from these Settings
If you want to remove the Assigned group from the policy, it is possible from the Intune Portal. To do this, open the Policy on Intune Portal and edit the Assignments tab and the Remove Policy.
To get more detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete Component Updates in MS Edge
You can easily delete the Policy from the Intune Portal. From the Configuration section, you can delete the policy. It will completely remove it from the client devices.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.