Hey there, let’s discuss about the topic Allow or Block Users to Open Files using DirectInvoke Protocol Policy in Edge Browser using M365 Admin Center. Direct Invoke Enabled means that we can turn on a feature that lets apps or services directly trigger certain functions or commands automatically, without needing someone to step in and do it each time.
When enabled, this capability streamlines workflows by reducing intermediate steps, making interactions faster and more efficient. Enabling it often means we will need to give specific permissions through system or app settings, where users can control which apps have access.
Once activated, it enhances automation and integration between services, improving productivity in both personal and enterprise environments. The DirectInvoke protocol allows websites to request that the browser open files from a specific URL using a specific file handler on the user’s computer or device
If we enable or don’t configure this policy, users can open files using the DirectInvoke protocol. If we disable this policy, users can’t open files using the DirectInvoke protocol. Instead, the file will be saved to the file system.
Table of Contents
Is Direct Invoke Secured?
Yes, Direct Invoke includes multiple security measure like, Application sandboxing, Permission requirements, Activity logging, User confirmation for sensitive operations, Automatic timeout for inactive sessions.
Open Files using DirectInvoke Protocol Policy in Edge Browser
Here we will see how to configure the Enable or Disable Direct Invoke Settings Policy in the MS Edge browser using the Microsoft 365 Admin Center. Go to Microsoft 365 Admin Center > Settings > Microsoft Edge > Configuration Policies > Create policy.
- Enable or Disable Audio Sandbox to Run Policy in MS Edge Browser using M365 Admin Center
- Enable Disable Screenshot Policies in Edge using Microsoft 365 Admin Center Policy
- How to Configure Friendly URL Format Policy in MS Edge Browser using M365 Admin Center
Basics
The next step is Basics, in this section, we need to enter the basic details about the policy, such as the Name and Description. The Name is mandatory and cannot be skipped. Need to provide an appropriate name that will help us easily identify the policy later. Select the Policy Type as “Intune” and the Platform as Windows 10 and 11.
| Name | Description | Policy Type | Platform |
|---|---|---|---|
| Direct Invoke enable | Allow users to open files using the DirectInvoke protocol | Intune | WIndows 10 and 11 |
Settings
After completing the Basics section, you will move on to the Settings tab. Here, can create a configuration policy for Microsoft Edge. Click on the Add Settings button. This will open the configuration menu where you can choose and configure specific settings for the policy
Configure a Setting
To configure the policy, search for the policy by name. Then Value tab will open where we can select between Enabled and Disabled options. Here, we choose Enabled Direct invoke Settings Policy.
More Details
For better understanding the policy’s purpose and functionality, click “More Details” to view its complete description, including technical specifications and implementation guidance. After understanding the details we can choose whether the policy need to be enabled or disabled.
To enable the policy, we need to tick the check box beside its name in the list, then click Next to continue with the configuration process. This action confirms our selection and moves us forward in the policy setup workflow.
Extensions
If the policy requires additional functionality, we can add extensions by clicking + Add extension. The Extensions section allows us to customize the policy by adding specific extensions, which include settings for installation, permissions, and URLs. However, if no extensions are needed, we can simply skip this section.
Assignments
The next step is Assignment, an important settings. We need to deploy the policy to a specific group. Here, we can select the user or device groups that should receive the policy. choose the Test_HTMD_Policy then, click select to proceed.
After the selection of the group from the Microsoft Entra groups, a notification will appear on the page confirming that the group has been updated. Data will not be saved until it has been reviewed and saved in the “Finish” step.
Finish
This is the final step to setting up of the policy. We can check all our settings we have entered here. The tab shows all the settings we have configured, like assignments, rules and exceptions, here we can do a final quality check. After checking all the information given, click Review + Create.
Click on Review and Create, the portal will display a success message confirming that the policy has been created successfully. The new policy will appear on the Configuration Policies section. We can click on it and see the details of policy configuration.
Client-Side Verification
After the Device check in status, now the Administrators can check policy status on individual devices using Windows Event Viewer. To verify client-side compliance, go to :
- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin, and then filter for Event ID 814.
Monitoring Status
After the manual sync on the Company Portal, we need to confirm the successful deployment of the policy within the Intune Portal. To verify the policy status in Intune portal we need to follow the steps, Navigate to Devices > Configuration >Policies >Status > 1 succeeded.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been a Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.