This post will guide you to disable Internet Explorer using Intune Portal (a.k.a Endpoint Manager portal). Microsoft recently announced that Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022, for certain versions of Windows 10.
Microsoft continues disinvesting from Internet Explorer 11 and Microsoft Edge Legacy towards the new Microsoft Edge. The future of Internet Explorer on Windows 10 is in Microsoft Edge, recommending users switch to Microsoft Edge for a modern browsing experience with faster, more secure solutions.
Microsoft Edge has built-in Internet Explorer mode (IE mode) so that you can access legacy Internet Explorer-based websites and applications straight from Microsoft Edge. After you configure IE mode, you can disable IE11 as a standalone browser without affecting IE mode functionality across your organization.
Prerequisites to Disable Internet Explorer
The following Windows updates and Microsoft Edge software are required-
- Windows updates
- Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2: KB4598291 or later
- Windows 10 version 1909, Windows Server version 1909: KB4598298 or later
- Windows 10 version 1809, Windows Server version 1809, and Windows Server 2019: KB4598296 or later
- Windows 10, version 1607, Windows Server 2016: KB4601318 or later
- Windows 10 initial version (July 2015): KB4601331 or later
- Windows 8.1: KB4601384 or later
- Windows Server 2012: KB4601348 or later
- Microsoft Edge Stable Channel
Disable Internet Explorer Using Intune Portal
Ensure you have the pre-requisite operating system updates. Let’s follow the steps to configure Policy to disable Internet Explorer from Intune –
- Sign in to the Microsoft Endpoint Manager admin center.
- Navigate to Devices > Configuration Profiles >+ Create Profile
- Select Platform as Windows 10 and Later
- Select Profile as Templates, choose Custom from available Template name and click on Create button.
Note – You can also create custom profiles, which are created similar to built-in profiles. Custom profiles are great when you want to use device settings and features that aren’t built in to Intune. These profiles include features and settings for you to control on devices in your organization.
In Basics, Specify descriptive name for the policy, a description (optional), then select Next.
In Configuration settings, Click on Add button.
We have three options for the custom profile configuration. For Example – We added value 2 as we want to notify users only the first time. Never (Value 0)- if you don’t want to notify users that IE11 is disabled.
Always (Value 1) - if you want to notify users every time they’re redirected from IE11.
Once per user (Value 2) – if you want to notify users only the first time they are redirected.
Under OMA-URI settings, Enter the following settings –
- Name: Enter a unique name for the OMA-URI setting. For Example – Disable Internet Explorer
- Description: Enter a description that gives an overview of the setting.
- OMA-URI: Enter the following OMA-URI. It’s case-sensitive –
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableInternetExplorerApp- Data type: Select the String data type from the drop-down.
- Value: Enter the following data value –
<enabled/><data id="NotifyDisableIEOptions" value="2"/>After specifying all details, Click Save.
Specified OMA-URI Settings you can see appeared here, Review and Click Next.
Add scope tags (if required) and, click Next.
Under Assignments, Select Included groups and then choose Select groups to include one or more device groups. Select Next to continue.
You can add applicability rules so the profile only applies to a specific OS version or a specific Windows edition. Here I’m leaving it default and Clicking Next.
In Review, review your settings. When you select Create, your changes are saved, and the profile is assigned.
A notification will appear automatically in the top right-hand corner with a message. Here you can see, Profile “Disable Internet Explorer 11” created successfully. Your groups will receive your profile settings when the devices check-in with the Intune service.
End User Experience
Let’s check the end-user experience, Once the policy settings configured above to disable Internet explorer is applied to target devices.
In windows 10 device, Lunch Internet Explorer, you see Prevents Internet Explorer from launching. In addition, a prompt will appear with the message based on the above configuration, “The action is restricted. For more information, please contact your system administrator”.
When the user clicks on OK, It will automatically redirect to Microsoft Edge Browser, and users have the following experience –
- The IE11 icon on the Start Menu will be removed, the taskbar icon will remain.
- When users try to launch shortcuts or file associations that use IE11, they will be redirected to open the same file/URL in Microsoft Edge.
- When users try to launch IE11 by directly invoking the iexplore.exe binary, Microsoft Edge will launch instead.
Resources
Disable Internet Explorer 11 as a standalone browser
