Disable Internet Explorer Using Intune | Endpoint Manager | Easy Steps

This post will guide you to disable Internet Explorer using Intune Portal (a.k.a Endpoint Manager portal). Microsoft recently announced that Internet Explorer 11 desktop application would be retired and go out of support on June 15, 2022, for certain versions of Windows 10.

Microsoft continues disinvesting from Internet Explorer 11 and Microsoft Edge Legacy towards the new Microsoft Edge. The future of Internet Explorer on Windows 10 is in Microsoft Edge, recommending users switch to Microsoft Edge for a modern browsing experience with faster, more secure solutions.

Microsoft Edge has built-in Internet Explorer mode (IE mode) so that you can access legacy Internet Explorer-based websites and applications straight from Microsoft Edge.

Patch My PC

After configuring IE mode, you can disable IE11 as a standalone browser without affecting IE mode functionality across your organization.


Prerequisites to Disable Internet Explorer

The following Windows updates and Microsoft Edge software are required-

  • Windows updates
    • Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2: KB4598291 or later
    • Windows 10 version 1909, Windows Server version 1909: KB4598298 or later
    • Windows 10 version 1809, Windows Server version 1809, and Windows Server 2019: KB4598296 or later
    • Windows 10, version 1607, Windows Server 2016: KB4601318 or later
    • Windows 10 initial version (July 2015): KB4601331 or later
    • Windows 8.1: KB4601384 or later
    • Windows Server 2012: KB4601348 or later
  • Microsoft Edge Stable Channel

Disable Internet Explorer Using Intune Portal

Ensure you have the pre-requisite operating system updates. Let’s follow the steps to configure the Policy to disable Internet Explorer using Intune

  • Sign in to the Microsoft Endpoint Manager admin center.
  • Navigate to Devices > Configuration Profiles >+ Create Profile
  • Select Platform as Windows 10 and Later
  • Select Profile as Templates, choose Custom from the available Template name, and click on Create button.

Note – You can also create custom profiles, which are created similar to built-in profiles. Custom profiles are great when you want to use device settings and features built into Intune. These profiles include features and settings for you to control on devices in your organization. 

Disable Internet Explorer Using Intune | Endpoint Manager
Disable Internet Explorer Using Intune | Endpoint Manager

In Basics, Specify a descriptive name for the policy, a description (optional), then select Next.

Disable Internet Explorer Using Intune | Endpoint Manager
Disable Internet Explorer Using Intune | Endpoint Manager

In Configuration settings, Click on Add button. 

Disable Internet Explorer Using Intune | Endpoint Manager | Easy Steps
Configuration Settings – Add OMA-URI Settings Disable Internet Explorer Using Intune | Endpoint Manager | Easy Steps

We have three options for the custom profile configuration. For Example – We added value two as we want to notify users only the first time. Never (Value 0)- if you don’t want to notify users that IE11 is disabled.
Always (Value 1) - if you want to notify users every time they’re redirected from IE11.
Once per user (Value 2) – if you want to notify users only the first time, they are redirected.

Under OMA-URI settings, Enter the following settings –

  • Name: Enter a unique name for the OMA-URI setting. For Example – Disable Internet Explorer
  • Description: Enter a description that gives an overview of the setting.
  • OMA-URI: Enter the following OMA-URI. It’s case-sensitive
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableInternetExplorerApp
  • Data type: Select the String data type from the drop-down.
  • Value: Enter the following data value
<enabled/><data id="NotifyDisableIEOptions" value="2"/>

After specifying all details, Click Save.

Disable Internet Explorer Using Intune | Endpoint Manager
Disable Internet Explorer Using Intune | Endpoint Manager

Specified OMA-URI Settings you can see appear here, Review and Click Next.

Disable Internet Explorer Using Intune | Endpoint Manager
Disable Internet Explorer Using Intune | Endpoint Manager

Add scope tags (if required) and click Next.

Under Assignments, Select Included groups and then choose Select groups to include one or more device groups. Select Next to continue.

Assignments - Included Groups
Assignments – Included Groups

You can add applicability rules, so the profile only applies to a specific OS version or Windows edition. Here I’m leaving it default and Clicking Next.

Intune Policy Applicability Rules
Intune Policy Applicability Rules Disable Internet Explorer Using Intune | Endpoint Manager | Easy Steps

In Review, review your settings. When you select Create, your changes are saved, and the profile is assigned. 

Review Configuration Settings - Disable Internet Explorer
Review Configuration Settings – Disable Internet Explorer

A notification will appear automatically in the top right-hand corner with a message. Here, the Profile “Disable Internet Explorer 11” was created successfully. Your groups will receive your profile settings when the devices check in with the Intune service.

Disable Internet Explorer Using Intune | Endpoint Manager
Disable Internet Explorer Using Intune | Endpoint Manager

End-User Experience

Let’s check the end-user experience, Once the policy settings configured above to disable Internet explorer is applied to target devices.

In Windows ten device, Lunch Internet Explorer, you see Prevents Internet Explorer launching. In addition, a prompt will appear with the message based on the above configuration, “The action is restricted. For more information, please contact your system administrator”.

When the user clicks on OK, It will automatically redirect to Microsoft Edge Browser, and users have the following experience –

  • The IE11 icon on the Start Menu will be removed, the taskbar icon will remain.
  • When users try to launch shortcuts or file associations that use IE11, they will be redirected to open the same file/URL in Microsoft Edge.
  • When users try to launch IE11 by directly invoking the iexplore.exe binary, Microsoft Edge will launch instead.
Disable Internet Explorer Using Intune | Endpoint Manager
Disable Internet Explorer Using Intune | Endpoint Manager

Resources

Disable Internet Explorer 11 as a standalone browser – https://docs.microsoft.com/en-us/deployedge/edge-ie-disable-ie11

Author

About Author – Jitesh, Microsoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

6 thoughts on “Disable Internet Explorer Using Intune | Endpoint Manager | Easy Steps”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.