When using Azure AD joined devices managed by Intune – often there is no reason for using Microsoft Internet Explorer any more – and like Chris Jackson from Microsoft has stated Internet Explorer is there for compatibility reason only, and you should move to a more modern and secure browser. Microsoft is not supporting new web standards for Internet Explorer.
Internet Explorer Enterprise Mode was introduced for Internet Explorer 11  back in 2014, in this blog post I will describe how to use Intune to setup Internet Explorer Enterprise Mode with Intune and ensure that only the site that we know having issue with Microsoft Edge Browser is showed in Internet Explorer, and if the end user is starting Internet Explorer they will automatic be redirected to Microsoft Edge.

A example of a site that does not work in Microsoft Edge or any other browser is the old silverlight portal for Intune management https://manage.microsoft.com this is just and example I recommend using Windows Analytics – Upgrade Readiness – Site discovery
to see what site that your organisation is using that requires a document mode or a plugin that is only supported in Internet Explorer

Move from Internet Explorer to Edge - 1

So we need to download Enterprise Mode Site List Manager enter the you have that need to be running in Internet Explorer and save the .xml file

Move from Internet Explorer to Edge - 10

In my case I upload the .xml file to a Azure Blob storage so it is available from the internet

Move from Internet Explorer to Edge - 11

Generate a blob SAS token and URL – save the Blob SAS URL – you need that in Intune

Move from Internet Explorer to Edge - 12

Now we are ready to create a policy in Intune that automatic redirect the user to Internet Explorer for the sites entered in the Site List Manager

Start the Microsoft 365 Device Management portal

  1. Click Device Configuration
  2. Click Profile
  3. Click Create Profile

Move from Internet Explorer to Edge - 20

  1. Click Configure
  2. Click Microsoft Edge Browser
  3. Click Start experience

Move from Internet Explorer to Edge - 21

  1. Enter the URL from where ever you are storing the .xml file in “Enterprise mode site list location”

Move from Internet Explorer to Edge - 22

Then you just deploy the profile to your user and they will get the new behavior for the sites in the site list.

You also what to restricted the use of Internet Explorer and guide the to Microsoft Edge when using Internet Explorer with a site not listed in the Site List Manager.

You need a couple of settings first the AllowEnterpriseModeSiteList

Move from Internet Explorer to Edge - 1aa

Move from Internet Explorer to Edge - 2

  1. Name : EnterpriseModeSiteList
  2. OMA_URI : ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowEnterpriseModeSiteList
  3. Data type : String
  4. Value : <enabled/><data id=”EnterSiteListPrompt” value=”true” />

Move from Internet Explorer to Edge - 3

It is also a good idea to the Internet Explore homepage so when the end user is starting Internet Explorer then it will just open Microsoft Edge with the default home page

  1. Name : DisableHomePageChange
  2. OMA_URI : ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableHomePageChange
  3. Data type : String
  4. Value : <enabled/><data id=”EnterHomePagePrompt” value=”https://osddeployment.dk&#8221; />

Move from Internet Explorer to Edge - 6.png

The second part you need is RestrictInternetExplorer – I have not been able to create a Intune MDM setting for that one

Move from Internet Explorer to Edge - 1a

So the solution is a powershell script that sets the value

  1. Name : IE EnterpriseMode RestrictIE
  2. Script Location : browse and upload

Move from Internet Explorer to Edge - 4

The script can be downloaded from my Github


##################################################################################################

.SYNOPSIS
Policy Definition template file for Intune to run with the Microsoft Intune custome profile
This policy setup OneDrive For Business with AutoConfigure and KFM 

.NOTES
    FileName:    IE EnterpriseMode RestrictIE.ps1
    Author:      Per Larsen
    Created:     14-02-2019
    Product:     Internet Explorer
    Version:     1.0

###################################################################################################
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode"

#Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.
$Name = "RestrictIE"
$value = "1"
IF((Test-Path -LiteralPath $registryPath) -ne $true)
{  New-Item $registryPath -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath $registryPath -Name $Name -Value $value -PropertyType DWord -Force -ea SilentlyContinue;

 

When you are not using Internet Explorer any more there is a way top remove it:

How to remove Internet Explorer from Windows 10 with Intune

The end user experience:

The end user starts Internet Explorer and are automatic redirected to Microsoft Edge

end user expirence.gif

Read more:

Enterprise Mode Site List Manager (schema v.2)
The perils of using Internet Explorer as your default browser
Microsoft Edge deployment for IT Pros
How to deploy DoD Google Chrome STIG Computer Windows 10 policy with Intune