Today, I will explore how to enable or disable the Audio Sandbox to Run Policy in MS Edge Browser using Microsoft 365 Admin Center. Digital sandboxes provide a safe environment for testing with no real-world consequences. You can install and run programs, even potentially harmful ones, without risking your system.
Microsoft Edge uses an audio sandbox as a security measure. This feature isolates audio processing, creating a protected space where audio functions operate. By keeping audio separate from other browser processes, the sandbox prevents malicious websites from accessing or changing your audio data.
We have a post about Windows Sandbox that explains the Windows 11 Sandbox. This secure, isolated environment offers a testing environment for applications. You can activate this feature through various methods and customize its settings using Intune or Group Policy, allowing for the safe execution of potentially risky software.
Enabling the Audio Sandbox policy in Edge keeps audio processing isolated for security. Disabling it runs audio unsandboxed, potentially exposing users to risks. Through this blog post, I would like to explore how to enable or disable the Audio Sandbox to Run in MS Edge Browser using Microsoft 365 Admin Center and whether Edge’s audio runs in a protected environment.
Table of Contents
What is Audio Sandbox in Microsoft Edge?
Edge’s Audio Sandbox is a key security tool that protects your audio. Isolating audio processes stops malicious websites from damaging your audio data. This protection happens automatically in the background, so you don’t need to configure or access it directly.
Audio Sandbox to Run Policy in MS Edge Browser
Microsoft Edge policies are settings administrators use to manage how Edge works within their organization, controlling things like security and privacy. The following documentation provides the steps to control Edge’s audio security for your organization.
We need to navigate to the policy settings to manage the Audio Sandbox feature in Microsoft Edge using the Microsoft 365 Admin Center.
- Log in to Microsoft 365 Admin Center > Go to Settings > Select Microsoft Edge >
- Click Configuration Policies > Click on + Create Policy.
- Enable Disable ClickOnce Protocol Policy In MS Edge Browser Using M365 Admin Center
- Enable the Split Screen Feature in Microsoft Edge using the Microsoft 365 Admin Center Policy.
- Enable Disable Screenshot Policies in Edge using Microsoft 365 Admin Center Policy.
Basics
Clicking +Create policy allows you to configure a new policy using tabs like Basics, Settings, Extensions, Assignments, and Finish. First, we are in the Basics section, where we should provide the policy’s Name and Description for later identification. The following table shows the basic details of the Audio Sandbox to Run policy.
| Policy Name | Description | Policy Type | Platform |
|---|---|---|---|
| AudioSandboxEnabled | This policy controls the audio process sandbox. | Intune | Windows 10 and 11 |
Settings
The Settings tab is the most critical part of creating an Edge policy, where you define the actual configurations. Carefully choose and set the options here to ensure the policy meets your organization’s needs.
- To configure specific settings, click Add Setting and search for the desired policy.
Configure a Settings
Upon clicking Add settings, a resulting window will appear where you will find Value and More details. Enter the required Value and carefully review the More details for policy information. Finally, click Select to apply the chosen policy.
| Value | More Details |
|---|---|
| Enabled | This policy controls the audio process sandbox. If you enable this policy, the audio process will run sandboxed. If you disable this policy, the audio process will run unsandboxed and the WebRTC audio-processing module will run in the renderer process. This leaves users open to security risks related to running the audio subsystem unsandboxed. If you don’t configure this policy, the default configuration for the audio sandbox will be used, which might differ based on the platform. This policy is intended to give enterprises the flexibility to disable the audio sandbox if they use security software that interferes with it. |
Value
The Value section allowing us to enable or disable the policy. For instance, here I selected enabled from the dropdown arrow to enable the AudioSandbox policy.
More Details
To configure a policy, the Configuration settings are essential. Access comprehensive policy details by selecting More Details. Once you have thoroughly reviewed and confirmed the policy’s specifications, finalize your setup by clicking Select.
Clicking Select confirms a policy update notification, but the changes are not permanent until the Finish step. The provided screenshot shows the AudioSandboxEnabled policy value as enabled. To finalize these settings and move forward, you must click Next.
Extensions
The next step is Extensions. These are the default settings for all extensions in this policy. You will be able to override these defaults for managed extensions. The Extensions section allows for the configuration of specific policy extensions, installation settings, permissions, and allowed URLs.
- To customize these settings, you can add extensions using the + Add extension button.
- If no specific extension configurations are needed, simply skip this section and proceed to the next step by clicking Next.
Assignments
The Assignments tab, the fourth step in policy configuration, allows you to determine which groups, users, or devices receive the policy. By clicking +Select group, you can choose from available Microsoft Entra groups.
- For this policy, I select the HTMD Test Group as a group.
- Click Select
Once you have chosen the desired group for your policy, a confirmation notification will appear, indicating the successful assignment. To continue with the policy setup and move on to the next stage, simply click the Next button.
Finish
The Finish stage represents the final step in policy creation. It provides a comprehensive review of all configurations made in the preceding steps. This allows you to double-check every detail. If any adjustments are needed, the back button facilitates returning to previous sections. Once all settings are verified as accurate, clicking Review and Create will finalize and configure the policy.
How to Sync AudioSandboxEnabled Policy in Company Portal
Upon clicking Review and Create, a confirmation notification will appear, pointing to the successful creation of the policy. However, the policy’s deployment to the assigned group may take some time. To speed up this process, you can manually synchronize the policy through the company portal. Simply navigate to the company portal, access the settings menu, and tap the Sync option.
- Go to Company Portal
- Click on Settings
- Tap to Sync and wait a while.
Monitoring Status AudioSandboxEnabled Policy
The policy has been deployed to the HTMD – Test Group. Once the device is synced, the policy will take effect immediately. To monitor the policy deployment status from the Intune Portal, follow the steps below.
- Navigate to Devices > Windows > Configuration > Search for the “AudioSandboxEnabled” configuration policy.
Under the Device and user check-in status, you can see the policy’s deployment status.
End User Experience – AudioSandboxEnabled Policy
The Audio Sandbox in Microsoft Edge is an invisible background security feature of the user interface. While you can’t see it directly, its operational status can be determined through Edge’s policy settings. By entering “edge://policy” into the address bar, you can verify if the Allow the audio sandbox to run option is enabled, which signifies that the security measure is active and protecting your audio streams.
But we can verify the policy success using registry value. Log in to one of the policy-targeted devices. Open Registry Editor and follow the below registry path.
- Open Run > Type Regedit > Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
As per the setting we can see a new registry got created “AudioSandboxEnabled” and the value is “1“. So, we can conclude that the policy is working fine.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.