In this post, let’s learn how to configure Microsoft Edge as default browser using Intune settings catalog policies. Well, I don’t think this file association and Default apps settings in Windows 11 or Windows 10 using MDM policies is not the easiest one.
The Windows CSP policy called ApplicationDefaults/DefaultAssociationsConfiguration is used to configure the default file associations for the Windows 11 operating system. You can’t apply this policy to Windows 11 Home edition PCs. All the other Windows 11 versions are supported for this policy.
I have shared the tips to configure Google Chrome as the default browser also in this post. I used the settings catalog policy instead of Intune Custom CSP policy to set Microsoft Edge as the default browser. You will still need to use Intune Custom profiles for some of the configurations explained below.
- How To Set Google As Default Search Engine With CSP Intune Profiles
- Windows 11 Taskbar Customization Using Intune MEM
- Customize Windows 11 Start Menu Layout Settings Using Intune
Windows 11 PC Default Browser Confirmation
You can go into Settings apps in Windows 11 and navigate to Apps – Default Apps – Google Chrome. You will need to ensure that the Microsoft Edge browser is configured as the default browser for all the file extensions that you want. The following is the default browser (Microsoft Edge) configuration on Windows 11 PC.
NOTE! If you want to have Google Chrome as the default browser in the policy, then make sure you have selected Chrome as the default browser before running the DISM command mentioned below.
Create Default Browser XML file for Microsoft Edge
You will have to run the following command from the Windows 11 PC where you have configured Microsoft Edge as the default browser.
- Opened Windows Terminal from start menu (right-click on start menu).
- Run “dism /online /export-defaultappassociations:appassoc.xml“
The appassoc.xml file with all the default application details will be available in the same folder from the DISM command.
You will need to edit the XML file and remove non-Microsoft Edge browser-related application associations. I got 15 file extension entries with Microsoft Edge as default application. All these files with that extension will get opened up in the Microsoft Edge browser.
The following is the sample XML for Windows 11 PCs to configure Microsoft Edge as Default Browser using Intune.
<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
<Association Identifier=".htm" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
<Association Identifier=".html" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
<Association Identifier=".mht" ProgId="MSEdgeMHT" ApplicationName="Microsoft Edge" />
<Association Identifier=".mhtml" ProgId="MSEdgeMHT" ApplicationName="Microsoft Edge" />
<Association Identifier=".pdf" ProgId="MSEdgePDF" ApplicationName="Microsoft Edge" />
<Association Identifier=".svg" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
<Association Identifier=".xht" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
<Association Identifier=".xhtml" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
<Association Identifier="ftp" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
<Association Identifier="http" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
<Association Identifier="https" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
<Association Identifier="microsoft-edge" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
<Association Identifier="microsoft-edge-holographic" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
<Association Identifier="ms-xbl-3d8b930f" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
<Association Identifier="read" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
</DefaultAssociations>
Create base64 Result for appassoc.xml
Now it’s time to convert the appassoc.xml file to base64 Take the XML output and put it through your favorite base64 encoder app.
You can use any base64 encoders (I used https://www.base64encode.org/), but you will need to ensure that you have selected CRLF Windows as the Destination newline Separator.
NOTE! – Base64 encoding schemes are commonly used when there is a need to encode binary data that needs to be stored and transferred over the network using SyncML for MDM protocol.
The following is the base64 code. This code will be used to create Intune default browser policy.
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KCTxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtIiBQcm9nSWQ9Ik1TRWRnZUhUTSIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCgk8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bWwiIFByb2dJZD0iTVNFZGdlSFRNIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KCTxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIubWh0IiBQcm9nSWQ9Ik1TRWRnZU1IVCIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCgk8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLm1odG1sIiBQcm9nSWQ9Ik1TRWRnZU1IVCIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCgk8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLnBkZiIgUHJvZ0lkPSJNU0VkZ2VQREYiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQoJPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii5zdmciIFByb2dJZD0iTVNFZGdlSFRNIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KCTxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIueGh0IiBQcm9nSWQ9Ik1TRWRnZUhUTSIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCgk8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLnhodG1sIiBQcm9nSWQ9Ik1TRWRnZUhUTSIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCgk8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iZnRwIiBQcm9nSWQ9Ik1TRWRnZUhUTSIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCgk8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cCIgUHJvZ0lkPSJNU0VkZ2VIVE0iIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQoJPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHBzIiBQcm9nSWQ9Ik1TRWRnZUhUTSIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCgk8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0ibWljcm9zb2Z0LWVkZ2UiIFByb2dJZD0iTVNFZGdlSFRNIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KCTxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSJtaWNyb3NvZnQtZWRnZS1ob2xvZ3JhcGhpYyIgUHJvZ0lkPSJNU0VkZ2VIVE0iIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQoJPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Im1zLXhibC0zZDhiOTMwZiIgUHJvZ0lkPSJNU0VkZ2VIVE0iIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQoJPEFzc29jaWF0aW9uIElkZW50aWZpZXI9InJlYWQiIFByb2dJZD0iTVNFZGdlSFRNIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg==
Intune Policy to Configure Microsoft Edge as Default Browser
You already have all the inputs/prerequisites required to create an Intune policy to configure Microsoft Edge as the default browser on Windows 11 or Windows 10 PCs.
I’m going to use Intune Settings Catalog policy to create and deploy the Default Browser policy. You don’t have any specific Intune setting catalog policy or Windows MDM CSP to make Microsoft Edge the default browser. However, you will need to use Windows MDM CSP ApplicationDefaults/DefaultAssociationsConfiguration.
You will need to follow the steps mentioned below to create the Intune settings catalog policy.
- Sign in to the Microsoft Endpoint Manager admin center https://endpoint.microsoft.com/
- Select Devices > Configuration profiles > Create profile.
You will need to select Platform as Windows 10 and later and select Profile as Settings catalog (preview). Now, you can click on Create button to go to the next page.
On the Next Page, you will need to enter the Name of the Intune policy – Microsoft Edge Default Browser. You can enter any name and recommend typing in the description as well. You can now click on the Next button to continue to the next page.
Click on the +Add Settings button and Search with the Keyword “Default Association” to find out the correct policy settings to set Microsoft Edge as default browser using Intune.
Click on the Application Defaults category to show the actual setting called Default Associations Configuration. Ensure you have selected that setting (Default Associations Configuration) as shown in the screenshot and close this window.
You will need to enter the base64 code from the above section of this blog post to the Default Associations Configuration entry. Once the base64 code is entered into the required field, you can click on the NEXT button to continue.
This policy allows an administrator to set the default file types and protocol associations. When set, default associations will be applied on sign-in to the PC.
NOTE! – If the policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed, and default associations will be applied.
In the assignment section of the Intune Policy to Configure Microsoft Edge as Default Browser, you will need to deploy this policy to Azure AD Device Groups. The Default Associations Configuration is a device-based Windows CSP policy.
You will need to complete the policy creation wizard by clicking on the Next, Next, and Create buttons. You can also have an option to create Intune Scope Tags during the creation of Intune Default Browser policy.
NOTE! – Changes to this policy take effect after the reboot.
How to Set Google Chrome As Default Browser using Intune policy
Well, now this is easy to set Google Chrome browser as the default browser instead of Microsoft Edge. You will just need to change the XML and base64 code that you have created above.
I have given you the default (sample) XML shared by Google in the below section, and I will also share the base64 code for Google Chrome default browser XML. Once you have the base64 code, you can use this in the Intune policy that we have created in the above section.
Google Chrome Default Browser XML (Sample)
I have not included additional file extensions into the code similar to Microsoft Edge. You are free to add those as per your requirement.
<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
<Association Identifier=".htm" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
<Association Identifier=".html" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
<Association Identifier="http" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
<Association Identifier="https" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
</DefaultAssociations>
The base64 code for the above Google Chrome Default Browser XML.
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJDaHJvbWVIVE1MIiBBcHBsaWNhdGlvbk5hbWU9Ikdvb2dsZSBDaHJvbWUiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJDaHJvbWVIVE1MIiBBcHBsaWNhdGlvbk5hbWU9Ikdvb2dsZSBDaHJvbWUiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSJodHRwIiBQcm9nSWQ9IkNocm9tZUhUTUwiIEFwcGxpY2F0aW9uTmFtZT0iR29vZ2xlIENocm9tZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHBzIiBQcm9nSWQ9IkNocm9tZUhUTUwiIEFwcGxpY2F0aW9uTmFtZT0iR29vZ2xlIENocm9tZSIgLz4NCjwvRGVmYXVsdEFzc29jaWF0aW9ucz4=
Issues with Microsoft Edge as Default Browser Intune Policies?
This section will share some quick tips to start troubleshooting on issues with Microsoft Edge as Default Browser Intune Policies. First, you will need to make sure that you have initiated an Intune policy manual sync from Windows 11 or Windows 10 PC.
You can look into Event logs to confirm whether there is an error with Intune policy deployment for making Microsoft Edge browser the default browser. I have explained this process end to end process in Intune logs Event Logs post.
Intune event log path is the Applications and Services Logs – Microsoft – Windows – Devicemanagement-Enterprise-Diagnostics-Provider – Admin.
Event ID 814 (Policy Value String) – MDM PolicyManager: Set policy string, Policy: (DefaultAssociationsConfiguration), Area: (ApplicationDefaults), EnrollmentID requesting merge: (FFF6BB6A-4071-4E45-B14B-99DB4FB147BA), Current User: (Device), String:
You will also need to verify the policy details from the following Registry Path as well to confirm – Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\ApplicationDefault
- DefaultAssociationsConfiguration -> base64 code entry should be present.
- DefaultAssociationsConfiguration_ProviderSet – Decimal value = 1
Results
You will need to verify the results from Intune MEM Admin center portal. There are some other methods also to check the status of the Intune policy deployment results for Microsoft Edge as Default Browser policy.
You already got the confirmation of successful deployment of default browser Intune policy from event logs and registry entries. But the Intune admin center gives you a more detailed view of all the Windows 11 or Windows 10 devices.
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with over 17 years of experience (calculation done in 2018). He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…..…
Great article Anoop!
I’m presuming that once you make Edge the default browser that it is now locked down by policy and is unable to be changed by the end user?
What I’m trying to do where at our company is that we have settled on Edge as our standard browser for the organization and are ‘encouraging’ as the default browser. So we want to do an announcement to that end and then do a one time push more or less to make it the default on the user’s machine, but still give the flexibility to allow the user to change it if desired.
Cheers,
Dan
I am doing the same thing at my company. I found that Users are allowed to change the browser, but upon rebooting, it changes back to Edge. Wondering if there is a way around this?
Hi Anoop,
Could you able to provide any document to “Configure Microsoft Edge as Default Browser using SCCM”