Let’s discuss how to enable disable ClickOnce Protocol Policy in MS Edge Browser using M365 Admin Center This policy setting lets users use the ClickOnce protocol to open files through applications inside Microsoft Edge instead of downloading them to their devices.
ClickOnce is a deployment technology that enables the creation of self-updating Windows-based applications that can be installed and run with minimal user interaction. The native file handler in Windows handles ClickOnce requests.
ClickOnce applications can be installed locally for offline use or run online without installation. ClickOnce allows websites to instruct browsers to open files from a specific web address using a special program on the user’s device.
ClickOnce is a technology that lets users create Windows-based applications that update automatically. Users can open files using the ClickOnce protocol if you enable this policy. This policy overrides the user’s ClickOnce setting in the edge://flags/ page.
Table of Contents
Where are ClickOnce Programs Installed?
ClickOnce applications, whether installed on your computer or accessed online, are stored in a ClickOnce application cache. This cache is made up of hidden folders located in the Local Settings section of your Documents and Settings folder.
ClickOnce Protocol Policy in MS Edge Browser
ClickOnce applications have the capability to self-update. They can check for newer versions as they become available and automatically replace any outdated files. The developer has the ability to determine the update behavior, while a network administrator can also manage update strategies by designating certain updates as mandatory.
Follow the steps given below to enable the ClickOnce in Microsoft Edge through the Microsoft 365 Admin Center Policy
- Login to Microsoft 365 Admin Center > Go to Settings > Select Microsoft Edge >Click Configuration Policies > Click on + Create Policy
- Enable Split Screen Feature in Microsoft Edge using the Microsoft 365 Admin Center Policy
- Enable Disable Screenshot Policies in Edge using Microsoft 365 Admin Center Policy
- Simplifying Routine Tasks and Gaining Insights Faster with Copilot in Microsoft 365 Admin Center
After clicking on the + Create policy, a new window appears with different tabs for creating a Configuration policy, such as Basics, Settings, Extensions, Assignments and Finish.
Basics
The first step in configuring a policy is to provide the Basics. Here, we can add the policy’s Name, Description, Type, and Platform, which will help us later identify the policy. Once you have provided all the details, click on the Next button.
Settings
Settings are the second step, where we can assign a configuration policy for Microsoft Edge. This is the most important section in creating the Policy. Follow the steps below to assign a policy.
- Click on + Add Settings to enter the Configure a setting page.
- Search for the policy name under Additional settings.
- The left pane of the Setting window shows the Value and More details options.
- Add the Value which is mandatory
- Read the More details throughly to aware of the policy.
- Click Select to assign the policy
| Policy Details | Description |
|---|---|
| Policy Name | ClickOnceEnabled |
| Value | Enabled |
| More details | Allow users to open files using the ClickOnce protocol. The ClickOnce protocol allows websites to request that the browser open files from a specific URL using the ClickOnce file handler on the user’s computer or device. Users can open files using the ClickOnce protocol if you enable this policy. This policy overrides the user’s ClickOnce setting in the edge://flags/ page. If you disable this policy, users can’t open files using the ClickOnce protocol. Instead, the file will be saved to the file system using the browser. This policy overrides the user’s ClickOnce setting in the edge://flags/ page. If you don’t configure this policy, users with Microsoft Edge versions before Microsoft Edge 87 can’t open files using the ClickOnce protocol by default. However, they have the option to enable the use of the ClickOnce protocol with the edge://flags/ page. Users with Microsoft Edge versions 87 and later can open files using the ClickOnce protocol by default but have the option to disable it with the edge://flags/ page. Disabling ClickOnce may prevent ClickOnce applications (.application files) from launching properly. |
When you click Select, you will receive a notification indicating that the Policy has been successfully updated. However, the data will not be saved until reviewed and saved in the Finish step. The screenshot below shows you that the ClickOnce policy is enabled.
- Click Next to proceed.
Extensions
Policy extensions, such as installation settings, permissions, and URLs, can be seen in the Extensions section. To add an extension, click the + Add extension button. Otherwise, you can skip this section and hit Next for further move.
On the Assignments tab, which is the fourth step in configuring a policy, you can select the groups to which the policy is assigned and which user or device is assigned it.
- Click on the +Select group
- Select the group from the Microsoft Entra group provided by default.
- Here, I selected the HTMD Cloud PC group from the list.
- Click on the Select button > Notification > Group has been updated.
- Click Next
Finish
The last stage in creating a policy is Finish. In this section, you can review all the details you provided in the previous steps.
- Click the back button to return to the last window to make any changes.
- Verify all details are correct or not.
- Click Review and Create to proceed.
End Result – ClickOnceEnabled
After clicking Review and Create, a notification confirms that the policy was created successfully. However, we must wait to deploy it to the assigned group. Otherwise, you can sync the policy through the company portal.
- Go to company portal
- Click Settings
- Tap on Sync
After the manual synchronisation, the image below shows that the new policy appears on the Policies for Microsoft Edge page.
End User Experience
To see the end-user result, you should open Microsoft Edge. You can see if ClickOnce is enabled in Microsoft Edge
- by going to
edge://flags/#edge-click-oncein the address bar. - You can also select enable or disable ClickOnce from the dropdown arrow on this page.
Client-Side Verification
Client-side verification in Microsoft 365 checks if a client application is real and authorized before accessing sensitive data. This process protects users from fake apps and ensures that only authorized applications can reach important resources.
Event Viewer is a device in Windows that shows detailed information about significant events on your computer. Event Viewer is particularly useful for troubleshooting Windows and application errors. Event IDs 813 and 814 indicate the successful application of string or integer policies.
- Event Viewer > Applications and Services Logs > Microsoft > Windows > Devicemanagement-Enterprise-Diagnostics-Provider > Admin.
- Filter Logged (Time-based) and Event level (Information)
- Click OK
MDM PolicyManager: Set policy string, Policy: (ClickOnceEnabled), Area: (microsoft_edgev78diff~Policy~microsoft_edge), EnrollmentID requesting merge: (B1E9301C-8666-412A-BA2F-3BF8A55BFA62), Current User: (Device), String: (<enabled/>), Enrollment Type: (0x6), Scope: (0x0).
- In this case, ClickOnceEnabled policy, the Even ID is 814.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.