A while back I created a post where we had a look at how to create a white list to allow Microsoft Edge extensions. As most extensions involve some kind of risk it is important to take control to make sure we help our users work as safe as possible.
In this post we are going to dig into how the new sidebar works and how to use Intune to manage it.
In my opinion the sidebar adds a completely new experience to Edge and I find myself using it more and more.
So, what is the new sidebar then?
Starting with version 104.0.1293.63 Edge includes a sidebar, which provides easy access to Outlook, M365 and other extensions to make it easier for us to multitask. As admins we have some cool ways to configure and customize the sidebar by using Intune (it is possible to use GPOs, should we need to).
To me, the main idea of the sidebar is about not having to navigate between different tabs, or even apps on your computer to stay as productive as possible.
Personally I like to open the Intune portal in a tab and have the Azure portal on the sidebar. This allows to me stay in one tab and not waste time jumping between tabs etc… I really like that the sidebar stays the same and doesn’t change, should I need to jump between tabs.
What if we decide not to customize the sidebar?
Remember the extensions/addons to Google Chrome, allowing users to sync company passwords to unmanaged devices etc etc…? Well, this could happen with Microsoft Edge as well, if we are not careful.. To me, Microsoft Edge is considered a managed browser and we should do what we can to help our users work as safe and productive as possible.
Creating a block list to block all extensions is my recommendation, because, we can always allow the extensions we need (white list).
By doing so, we help our users work safer and any necessary extensions will be allowed in a controlled way, makes sense – right?
Let’s rock enroll!
Let’s have a look at the experience when the sidebar is unmanaged.
We can hide/show the sidebar by:
- Open: Microsoft Edge
- Click: the elipsis (three dots) up to the right, next to your profile
- Click: Hide or Show the sidebar
Here it is shown:
At first glance I do not like the sidebar at all. To me the look and feel is too much “home computer”-like and I immediately get the feeling that it requires some tweaking.
Customize the sidebar: Extension_ID
OK, so now that we know what the out of the box experience is like, let’s have a look at our customization options.
We will start off by looking at the sidebar internals JSON file which includes a manifest for all sidebar apps, including the Extension_ID parameter for each app. We need the Extension_ID to specify the extensions we want to add to our white list.
❗Please note that sidebar Extension_ID and Edge addon Extension_ID is not the same thing.
Outlook will actually have one sidebar extension_id and one (completely different) addon extension_id, same goes for the other apps. Edge addons are usually found in the ribbon.
💡To complicate it further both the sidebar and addon extensions are configured by the same policy.
Outlook sidebar extension_id | kfihiegbjaloebkmglnjnljoljgkkchm |
Outlook addon extension_id | kkpalkknhlklpbflpcpkepmmbnmfailf |
- Open: Microsoft Edge
- Navigate to: edge://sidebar-internals
- Click: Export to JSON
- Optional: Open the JSON file in VS Code (or editor of your choice). I like to do that for read-ability
- OK, so now (in the JSON file) we want to search for Extension_ID to find the ID of the extensions we want to approve. I have created a list with the existing Extension_IDs (as per 2023-02-14).
For your convenience! 🙂
jbleckejnaboogigodiafflhkajdmpcl | |
nkbndigcebkoaejohleckhekfmcecfja | |
ehlmnljdoejdahfjdfobmpfancoibmig | |
cjneempfhkonkkbcmnfdibgobmhbagaj | |
gbmoeijgfngecijpcnbooedokgafmmji | |
gecfnmoodchdkebjjffmdcmeghkflpib | |
kfihiegbjaloebkmglnjnljoljgkkchm | |
gekagaaiohabmaknhkbaofhhedhelemf | |
kjncpkplfnolibapodobnnjfgmjmiaba | |
bhmhibnbialendcafinliemndanacfaj | |
kmojgmpmopiiagdfbilgognmlegkonbk | |
eijpepilkjkofamihbmjcnihgpbebafj | |
khffkadolmfbdgahbabbhipadklfmhgf | |
ceaifoolopnigfpidlheoagpheiplgii | |
hloomjjkinpbjldhobfkfdamkmikjmdo | |
olmhchkiafniffcaiciiomfdplnmklak | |
hmlhageoffiiefnmojcgoagebofoifpl |
Customize the sidebar: Intune configuration profile
OK, so now we know about the extension_id, but how do we use them?
In this next part we will have a look at how to use Intune to customize the Edge sidebar with a configuration profile.
I will allow the following: Outlook, Spotify and Microsoft 365 and block everything else.
- Open: https://endpoint.microsoft.com
- Click: Devices -> Configuration Profiles
- Click: +Create profile
- Platform: Windows 10 and later
- Profile type: Settings catalog
- Click: Create
- Name: W10/11 – Microsoft Edge – Sidebar and extensions (or a name of your choice)
- Click: Next
- Click: +Add settings
- Optional: Find: Microsoft Edge -> Click: Show hubs sidebar to add that setting
This one will make sure that the sidebar is always enabled. ❗Users will be unable to hide it. - Change to: Enabled
- Click: Extensions
- Click: Control which extensions cannot be installed, to add the setting
- Click: Enable
- Add: (*) to block all extensions
- Click: Enable
- Click: Control which extensions are installed silently, to add the setting
- Click: Enabled
- Add: The extension_ids of the extensions you want to install silently
- Click: Enabled
- Click: Allow specific extensions to be installed, to add the setting
- Click: Enabled
- Add: The extension_ids of the extensions you want to allow (white list)
- Click: Enabled
- 📷Printscreen as reference, I put Outlook, Spotify and Microsoft 365 on the white- and silently install list.
Note that you can put an extension_id on the white list without having it silently installed. This will allow the user to add it manually, should he/she want to. - Click: Next, twice
- Assign: as per your preference
Customize the sidebar: End result (extensions)
OK, so now we have:
- Blocked all extensions
- Created a white list
- Silently installed Outlook, Spotify and Microsoft 365
Let’s have a look at the end result:
✅That looks just as the way we wanted it, right?
Customize the sidebar: Add a site
OK, so now that we know how to manage extensions, what about sites?
Personally, I enjoy adding sites to the sidebar. I use the Intune portal in a tab and the Azure portal on the sidebar (as I mentioned earlier).
Let’s have a look at how to do that, just to get the idea of what it can be used for.
- Open: https://portal.azure.com
- On the sidebar: Click: +
- Click: +Add current page
- Now close the Azure portal tab in Edge
- Open: https://endpoint.microsoft.com
- On the sidebar: Click the Azure portal icon and watch the magic happen. This is totally useful!!! Number one (1) is my Intune portal and number two (2) is my Azure portal, they are basically merged together 😍
Notice that the sidebar will remain even when I change tabs - A minor gottcha: it is not possible to add edge:// sites to the sidebar. It will be greyed out.
💡We might see this if we click the settings button ⚙️and then on Customize sidebar.
Customize the sidebar: Pop the hood
Let’s pop the hood and see what happens to the local device when the policy hits.
📝This is useful when we need to troubleshoot. If you have worked with Edge addons and extensions you will notice that these are the same keys being used 💡
- Open: Regedit
- Navigate: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
- Notice that we have three new keys:
- ExtensionInstallAllowList
- Our white list. This is where we will find all approved extensions
- ExtensionInstallBlockList
- Our block list. Will be an asterix (*) when we block all extensions
- ExtensionInstallForceList
- Our silently install list
- ExtensionInstallAllowList
That’s it for this one! I hope that you will enjoy the sidebar just as much as I do!