I try to run a secure Windows as possible and there I have as many Windows Defender setting enabled as possible, also Windows Defender Application Control – in this case just in Audit mode. After upgrading to Windows 10 1803 my primary browser Microsoft Edge stating to crash, but I got a solution from my very good friend and fellow MVP Jesper Nielsen he pointed my to this error: Edge crashes when AppLocker is enabled with DLL enforcement Windows 1803 that described the same issue as I had, just with Applocker. Read more on Jesper’s feedback
The reason for the mess in the first place is my Intune Endpoint Protection profile where I enable Windows Defender Application Guard in Audit mode:
The solution was to set this regkey:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Spartan]
“RAC_LaunchFlags”=dword:00000035
In the event log you can see that Microsoft Edge is crashing:
How to fix it with Intune Management Extentions:
Start the Microsoft 365 device management portal : https://devicemanagement.portal.azure.com
- Click Device Configuration
- Click PowerShell scripts
- Click Add
- Enter a name: Edge Crash WDAC fix
- Upload the file : File is on GitHub
- Select Configure
- Set Run this script using the logged on credentials to Yes
The powershell script I run from Intune:
New-Item -Path HKCU:\Software\Microsoft\Internet Explorer\Spartan –Force $registryPath = "HKCU:\Software\Microsoft\Internet Explorer\Spartan" #Fix Edge on 1803 with WDAG or Applocker enabled $Name = "RAC_LaunchFlags" $value = "00000035" IF(!(Test-Path $registryPath)) { New-Item -Path $registryPath -Force | Out-Null New-ItemProperty -Path $registryPath -Name $name -Value $value ` -PropertyType String -Force | Out-Null} ELSE { New-ItemProperty -Path $registryPath -Name $name -Value $value ` -PropertyType String -Force | Out-Null} <pre>
Happy testing – and please remember that this is not a official Microsoft fix.
Read more:
Windows Defender Application Control
Setting the Registry Key fixes the Problem perfectly.
Doing that with PowerShell worked also for me, but I had to set HKCU:\Software\Microsoft\Internet Explorer\Spartan under aposthrophe like this one:
New-Item -Path “HKCU:\Software\Microsoft\Internet Explorer\Spartan” –Force
to make it work for me.
Surprisingly I could not send the PS-File to the Client via Intune. Did you apply this to the machine or to the user?
Best Regards Markus
I assign the powershell script to users and in the user context