Today, we are discussing Allow or Block Insecure Content on Sites for MS Edge using Intune Policy. As we all know, Microsoft Intune is a cloud-based service that offers a wide range of features. One of its key features is the Settings Catalog, which allows IT administrators to deploy different types of policies across an organization.
This is very helpful for IT admins to manage and enforce settings on users’ devices efficiently. Using the Settings Catalog, administrators can specifically configure security policies for Microsoft Edge, including whether to allow or block insecure content such as HTTP resources on HTTPS sites.
This helps ensure security while maintaining flexibility for trusted internal sites. To manage this, administrators can use a policy to allow only specific trusted websites to load such content by defining approved URL patterns. This helps maintain security while allowing exceptions for necessary or trusted sites.
You know Mixed content means that that is, HTTP content on HTTPS sites. This can be risky because hackers might change or see that content. So, browsers block or limit it to keep users safe. So in this post lets look how this policy to be deployed through MS Intune.
Table of Contents
What is Mixed Content?
Mixed content is when a secure HTTPS website loads some parts, like images, scripts, or videos, from an insecure HTTP source.
What is the Benefit of this Policy?
It lets organizations keep security high while allowing necessary exceptions for important sites.
Allow or Block Insecure Content on Sites for MS Edge using Intune Policy
If the policy is not configured, blockable mixed content such as scripts and iframes will be blocked, and optionally blockable mixed content like images, audio, or video will be upgraded from HTTP to HTTPS where possible. So we have to try to configure this policy in Intune. For that:
- Sign in to the MS Intune admin center
- Then navigate through Devices> Configuration> Create +New Policy
- For Creating Profile fill the details Platform as Windows 10 and later Profile type Setting catalog
- then click on the Create.
- Enable or Disable Insecure Download Warning Policy for Microsoft Edge using Intune
- How to Install Microsoft Defender Browser Protection Extension using Intune PowerShell Script
- Allow or Block Hardware Keyboard Text Suggestions in Text Input using Intune Policy
Fill the Basic Details
After that, you can name the policy to identify its purpose of the policy later. The Name is mandatory and if you like to add description, you can add. The Name and Description can be added according to the Preferences. Click on the Next button.
Configuration Settings – Settings Picker
Configuration settings are very important for policy creation. First, go to the Add settings option (displayed as a hyperlink). When you click on it, a settings picker window will appear, showing different categories. Since we are focusing on Microsoft Edge, select Microsoft Edge from the list. In Microsoft Edge, you will find different subcategories and choose the Content settings.
When you click on Content, it will show you 254 available settings under that subcategory. From these, select Allow insecure content on specified sites for the user. Once selected, it will be marked with a blue check mark. Finally, close the settings picker window to save your selection.
Disable Insecure Content on Sites Policy
Now you will see the policy displayed under the Configuration Settings main page. By default, this policy is disabled. If you want to proceed with it, click the Next button to continue.
Insecure Content on Sites Policy – Enabled
If you want to enable the policy, you can do so easily. First, toggle the switch from left to right. When it turns blue, the setting is enabled. Once enabled, another field will appear on the screen where you can enter the URLs of the websites you want to allow for insecure content. I have added our website here as an example, but you can enter one or more URLs as needed. After adding the URLs, click Next to continue.
Know the Scope Tags
What is Assignments
To assign the policy to specific groups, you can use the Assignment Tab. Here I click, +Add groups option under Included groups. I choose a group from the list of groups and click on the Select button. Again, I click on the Select button to continue.
Review + Create
To complete the policy creation, you can review all the policy details on the Review + create tab also, it acts as summary page. It helps to avoid mistakes and successfully configure the policy. After verifying all the details, click on the Create Button. After creating the policy, you will get a success message.
Monitoring Status
The Monitoring Status page shows if the policy is succeeded or not. You can quickly configure the policy and take advantage of the policy sync the assigned device on Company Portal. Open the Intune Portal. Go to Devices > Configuration > Search for the Policy. Here, the policy shows as succeeded 1.
Details of Client-Side Verification
You can verify the confirmation in the Event Viewer by looking for Event ID 813 or 814. To access this, open Event Viewer and navigate to Applications and Services Logs > Microsoft > Windows >Device Management Enterprise Diagnostic Provider > Admin.
- You can see a list of policy-related events now.
- I found the policy details in the Event ID 814.
| Policy Details |
|---|
| MDM PolicyManager: Set policy string, Policy: (InsecureContentAllowedForUrls), Area: (microsoft_edqev80diff~Policy~microsoft_edqe~ContentSettinqs), EnrollmentID requestinq merqe: (EB427D85-802F-46D9-A3E2-D5B414587F63), Current User: (S-1-12-1-3449773194- 1083384580-749570698-1797466236), Strinq: ( ). Enrollment Type: (0x6), Scope: (0x1). |
Delete the Insecure Content on Sites Policy
You can delete a policy in Microsoft Intune, for that, first sign in to the Microsoft Intune Admin Center. Navigate to Devices and then select Configuration. Locate and select the specific policy you want to remove. Once you’re on the policy details page, click the 3 -dot menu (⋯) in the top right corner and choose Delete from the available options.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Remove the Insecure Content on Sites Policy
You have to check this page by Navigating Devices> Configuration> Select the Policy.Then click on it to open its monitoring details. Scroll down to the Assignments section and click Edit. This will take you back to the policy’s assignment settings. From here, you can remove the group you no longer want the policy to apply to. For a view of the process, refer to the screenshot below.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.