This post will guide you to disable Internet Explorer using Intune Portal (a.k.a Endpoint Manager portal). Microsoft recently announced that Internet Explorer 11 desktop application would be retired and go out of support on June 15, 2022, for certain versions of Windows 10.
Microsoft continues disinvesting from Internet Explorer 11 and Microsoft Edge Legacy towards the new Microsoft Edge. The future of Internet Explorer on Windows 10 is in Microsoft Edge, recommending users switch to Microsoft Edge for a modern browsing experience with faster, more secure solutions.
Microsoft Edge has built-in Internet Explorer mode (IE mode) so that you can access legacy Internet Explorer-based websites and applications straight from Microsoft Edge.
After configuring IE mode, you can disable IE11 as a standalone browser without affecting IE mode functionality across your organization.
Prerequisites to Disable Internet Explorer
The following Windows updates and Microsoft Edge software are required-
- Windows updates
- Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2: KB4598291 or later
- Windows 10 version 1909, Windows Server version 1909: KB4598298 or later
- Windows 10 version 1809, Windows Server version 1809, and Windows Server 2019: KB4598296 or later
- Windows 10, version 1607, Windows Server 2016: KB4601318 or later
- Windows 10 initial version (July 2015): KB4601331 or later
- Windows 8.1: KB4601384 or later
- Windows Server 2012: KB4601348 or later
- Microsoft Edge Stable Channel
Disable Internet Explorer Using Intune Portal
Ensure you have the pre-requisite operating system updates. Let’s follow the steps to configure the Policy to disable Internet Explorer using Intune
- Sign in to the Microsoft Endpoint Manager admin center.
- Navigate to Devices > Configuration Profiles >+ Create Profile
- Select Platform as Windows 10 and Later
- Select Profile as Templates, choose Custom from the available Template name, and click on Create button.
Note – You can also create custom profiles, which are created similar to built-in profiles. Custom profiles are great when you want to use device settings and features built into Intune. These profiles include features and settings for you to control on devices in your organization.
In Basics, Specify a descriptive name for the policy, a description (optional), then select Next.
In Configuration settings, Click on Add button.
We have three options for the custom profile configuration. For Example – We added value two as we want to notify users only the first time. Never (Value 0)- if you don’t want to notify users that IE11 is disabled.
Always (Value 1) - if you want to notify users every time they’re redirected from IE11.
Once per user (Value 2) – if you want to notify users only the first time, they are redirected.
Under OMA-URI settings, Enter the following settings –
- Name: Enter a unique name for the OMA-URI setting. For Example – Disable Internet Explorer
- Description: Enter a description that gives an overview of the setting.
- OMA-URI: Enter the following OMA-URI. It’s case-sensitive
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableInternetExplorerApp- Data type: Select the String data type from the drop-down.
- Value: Enter the following data value
<enabled/><data id="NotifyDisableIEOptions" value="2"/>After specifying all details, Click Save.
Specified OMA-URI Settings you can see appear here, Review and Click Next.
Add scope tags (if required) and click Next.
Under Assignments, Select Included groups and then choose Select groups to include one or more device groups. Select Next to continue.
You can add applicability rules, so the profile only applies to a specific OS version or Windows edition. Here I’m leaving it default and Clicking Next.
In Review, review your settings. When you select Create, your changes are saved, and the profile is assigned.
A notification will appear automatically in the top right-hand corner with a message. Here, the Profile “Disable Internet Explorer 11” was created successfully. Your groups will receive your profile settings when the devices check in with the Intune service.
End-User Experience
Let’s check the end-user experience, Once the policy settings configured above to disable Internet explorer is applied to target devices.
In Windows ten device, Lunch Internet Explorer, you see Prevents Internet Explorer launching. In addition, a prompt will appear with the message based on the above configuration, “The action is restricted. For more information, please contact your system administrator”.
When the user clicks on OK, It will automatically redirect to Microsoft Edge Browser, and users have the following experience –
- The IE11 icon on the Start Menu will be removed, the taskbar icon will remain.
- When users try to launch shortcuts or file associations that use IE11, they will be redirected to open the same file/URL in Microsoft Edge.
- When users try to launch IE11 by directly invoking the iexplore.exe binary, Microsoft Edge will launch instead.
Resources
Disable Internet Explorer 11 as a standalone browser – https://docs.microsoft.com/en-us/deployedge/edge-ie-disable-ie11
Author
About Author – Jitesh, Microsoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.
Very good article. Thank you.
Good to hear Tushar, Appreciate your inputs!
Amazing post, Is there any way to revert this and enable the IE again.
Hello Umang, Glad you like it. Can we know why would you want to revert?
Did not work for me and I get an error.
what is the error