A while back I created a post where we had a look at how to create a white list to allow Microsoft Edge extensions. As most extensions involve some kind of risk it is important to take control to make sure we help our users work as safe as possible.
In this post we are going to dig into how the new sidebar works and how to use Intune to manage it.
In my opinion the sidebar adds a completely new experience to Edge and I find myself using it more and more.
So, what is the new sidebar then?
Starting with version 104.0.1293.63 Edge includes a sidebar, which provides easy access to Outlook, M365 and other extensions to make it easier for us to multitask. As admins we have some cool ways to configure and customize the sidebar by using Intune (it is possible to use GPOs, should we need to).
To me, the main idea of the sidebar is about not having to navigate between different tabs, or even apps on your computer to stay as productive as possible.
Personally I like to open the Intune portal in a tab and have the Azure portal on the sidebar. This allows to me stay in one tab and not waste time jumping between tabs etc… I really like that the sidebar stays the same and doesn’t change, should I need to jump between tabs.
What if we decide not to customize the sidebar?
Remember the extensions/addons to Google Chrome, allowing users to sync company passwords to unmanaged devices etc etc…? Well, this could happen with Microsoft Edge as well, if we are not careful.. To me, Microsoft Edge is considered a managed browser and we should do what we can to help our users work as safe and productive as possible.
Creating a block list to block all extensions is my recommendation, because, we can always allow the extensions we need (white list).
By doing so, we help our users work safer and any necessary extensions will be allowed in a controlled way, makes sense – right?
Let’s rock enroll!
Let’s have a look at the experience when the sidebar is unmanaged.
We can hide/show the sidebar by:
- Open: Microsoft Edge
- Click: the elipsis (three dots) up to the right, next to your profile
- Click: Hide or Show the sidebar
Here it is shown:
At first glance I do not like the sidebar at all. To me the look and feel is too much “home computer”-like and I immediately get the feeling that it requires some tweaking.
Customize the sidebar: Extension_ID
OK, so now that we know what the out of the box experience is like, let’s have a look at our customization options.
We will start off by looking at the sidebar internals JSON file which includes a manifest for all sidebar apps, including the Extension_ID parameter for each app. We need the Extension_ID to specify the extensions we want to add to our white list.
❗Please note that sidebar Extension_ID and Edge addon Extension_ID is not the same thing.
Outlook will actually have one sidebar extension_id and one (completely different) addon extension_id, same goes for the other apps. Edge addons are usually found in the ribbon.
💡To complicate it further both the sidebar and addon extensions are configured by the same policy.
| Outlook sidebar extension_id | kfihiegbjaloebkmglnjnljoljgkkchm |
| Outlook addon extension_id | kkpalkknhlklpbflpcpkepmmbnmfailf |
- Open: Microsoft Edge
- Navigate to: edge://sidebar-internals
- Click: Export to JSON
- Optional: Open the JSON file in VS Code (or editor of your choice). I like to do that for read-ability
- OK, so now (in the JSON file) we want to search for Extension_ID to find the ID of the extensions we want to approve. I have created a list with the existing Extension_IDs (as per 2023-02-14).
For your convenience! 🙂
 Search | jbleckejnaboogigodiafflhkajdmpcl |
 Discover | nkbndigcebkoaejohleckhekfmcecfja |
 Shopping | ehlmnljdoejdahfjdfobmpfancoibmig |
 Toolbox | cjneempfhkonkkbcmnfdibgobmhbagaj |
 Games | gbmoeijgfngecijpcnbooedokgafmmji |
 Microsoft 365 | gecfnmoodchdkebjjffmdcmeghkflpib |
 Outlook | kfihiegbjaloebkmglnjnljoljgkkchm |
 Deezer | gekagaaiohabmaknhkbaofhhedhelemf |
 Apple Music | kjncpkplfnolibapodobnnjfgmjmiaba |
 Spotify | bhmhibnbialendcafinliemndanacfaj |
 Amazon Music | kmojgmpmopiiagdfbilgognmlegkonbk |
 Yandex Music | eijpepilkjkofamihbmjcnihgpbebafj |
 Facebook Messenger | khffkadolmfbdgahbabbhipadklfmhgf |
 Instagram | ceaifoolopnigfpidlheoagpheiplgii |
 WhatsApp | hloomjjkinpbjldhobfkfdamkmikjmdo |
 Gmail | olmhchkiafniffcaiciiomfdplnmklak |
 Youtube | hmlhageoffiiefnmojcgoagebofoifpl |
Update 2023-05-11: To enable search, both “Search” and “Discover” extension IDs must be allowed. I recommend to have these IDs on the force install list.
⭐ Thank you Craig Orth for getting this to my attention!
Customize the sidebar: Intune configuration profile
OK, so now we know about the extension_id, but how do we use them?
In this next part we will have a look at how to use Intune to customize the Edge sidebar with a configuration profile.
I will allow the following: Outlook, Spotify and Microsoft 365 and block everything else.
- Open: https://endpoint.microsoft.com
- Click: Devices -> Configuration Profiles
- Click: +Create profile
- Platform: Windows 10 and later
- Profile type: Settings catalog
- Click: Create
- Name: W10/11 – Microsoft Edge – Sidebar and extensions (or a name of your choice)
- Click: Next
- Click: +Add settings
- Optional: Find: Microsoft Edge -> Click: Show hubs sidebar to add that setting
This one will make sure that the sidebar is always enabled. ❗Users will be unable to hide it.
- Change to: Enabled
- Click: Extensions
- Click: Control which extensions cannot be installed, to add the setting
- Click: Enable
- Add: (*) to block all extensions
- Click: Enable
- Click: Control which extensions are installed silently, to add the setting
- Click: Enabled
- Add: The extension_ids of the extensions you want to install silently
- Click: Enabled
- Click: Allow specific extensions to be installed, to add the setting
- Click: Enabled
- Add: The extension_ids of the extensions you want to allow (white list)
- Click: Enabled
- 📷Printscreen as reference, I put Outlook, Spotify and Microsoft 365 on the white- and silently install list.
Note that you can put an extension_id on the white list without having it silently installed. This will allow the user to add it manually, should he/she want to.
- Click: Next, twice
- Assign: as per your preference
Customize the sidebar: End result (extensions)
OK, so now we have:
- Blocked all extensions
- Created a white list
- Silently installed Outlook, Spotify and Microsoft 365
Let’s have a look at the end result:
✅That looks just as the way we wanted it, right?
Customize the sidebar: Add a site
OK, so now that we know how to manage extensions, what about sites?
Personally, I enjoy adding sites to the sidebar. I use the Intune portal in a tab and the Azure portal on the sidebar (as I mentioned earlier).
Let’s have a look at how to do that, just to get the idea of what it can be used for.
- Open: https://portal.azure.com
- On the sidebar: Click: +
- Click: +Add current page
- Now close the Azure portal tab in Edge
- Open: https://endpoint.microsoft.com
- On the sidebar: Click the Azure portal icon and watch the magic happen. This is totally useful!!! Number one (1) is my Intune portal and number two (2) is my Azure portal, they are basically merged together 😍
Notice that the sidebar will remain even when I change tabs
- A minor gottcha: it is not possible to add edge:// sites to the sidebar. It will be greyed out.
💡We might see this if we click the settings button ⚙️and then on Customize sidebar.
Customize the sidebar: Pop the hood
Let’s pop the hood and see what happens to the local device when the policy hits.
📝This is useful when we need to troubleshoot. If you have worked with Edge addons and extensions you will notice that these are the same keys being used 💡
- Open: Regedit
- Navigate: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
- Notice that we have three new keys:
- ExtensionInstallAllowList
- Our white list. This is where we will find all approved extensions
- ExtensionInstallBlockList
- Our block list. Will be an asterix (*) when we block all extensions
- ExtensionInstallForceList
- Our silently install list
- ExtensionInstallAllowList
That’s it for this one! I hope that you will enjoy the sidebar just as much as I do!
Thanks for the detailed blog on Sidebar.
I reached here while searching last two days for a peculiar issue. Hope you can help me. I’ve already searched many hours over the internet and Microsoft documentation.
Had I reached your blog earlier, I would have saved many hours of reading in different places as you have given all of that together with nice screenshots all in one page. Thanks again.
There is an app E-Tree in sidebar that gives water points. It’s not a productive app but fun and engaging. Two days back after windows update it disappeared from sidebar.
I tried uninstalling the update. then I tried resetting edge. I even tried repair and uninstall (through cmd) but could not get E-Tree back.
On my laptop which has same windows 10 version with same updates and has same edge version is showing E-Tree happily. I’m logged in both devices with same Microsoft account.
Then I tried to delve deeper and found about sidebar-internals and extension_id.
Funnily this app is there in sidebar-internals but no extension_id – because it’s not loaded. It is visible in augmented tab of sidebar-internals.
On laptop its loaded and has proper extension_id.
What do you propose as the next possible step to try for hopefully resolving this?
Hi, thanks for reaching out!
– Are you using Intune or GPO to manage either of the devices?
– Compare the regkeys found here: Regedit -> Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge do you find anything that stands out?
//Nicklas
Nicklas,
Thanks for the awesome guide! Can you please add a note that an additional extension ID must be whitelisted for the Discover button to work? ID ofefcgjbeghpigppfmkologfjadafddi.
Reference: https://learn.microsoft.com/en-us/answers/questions/1199934/cant-make-discover-working-unless-extensioninstall
Hi Craig,
Thank you for getting this to my attention! I have updated the post now.
Best regards
//Nicklas
Great write up! Just wondering if there is a way to deploy websites to Intune device? Or even deploy the sidebar JSON, just an option we are trying to explore and would be super handy!
Hi Jason,
I am not sure of what you mean by deploy websites to an Intune device, but here is a link to an article on how to deploy web-apps: https://learn.microsoft.com/en-us/mem/intune/apps/web-app
In my opinion you’ll be better off by using policies to manage the sidebar, I have not tested to import a JSON.
//Nicklas
Great detail on the sidebar.
I was wondering something similar to the previous post. Is there anyway to modify the list of “sites” on the sidebar? Maybe via intune, by pushing the json config or registry etc??
Reasoning is to have a standardised sidebar with a known list of apps and sites that is kept consistent.
Hi Nicklas
I am trying to remove the drop app from our side bar. Do you know what the extension ID is? I have put the following one into our GPO that has already removed games and shopping but it is still there.
gbihlnbpmfkodghomcinpblknjhneknc
Thanks
Kevin
Hi, here is a good list as reference
“description”: “Get contextual information about the content and web page you are currently on.”,
“extension_id”: “ofefcgjbeghpigppfmkologfjadafddi”,
“description”: “Search without losing your place”,
“extension_id”: “jbleckejnaboogigodiafflhkajdmpcl”,
“description”: “Get contextual information about the content and web page you are currently on.”,
“extension_id”: “nkbndigcebkoaejohleckhekfmcecfja”,
“description”: “Coupons, compare savings and save money while you shop”,
“extension_id”: “ehlmnljdoejdahfjdfobmpfancoibmig”,
“description”: “Easy access to commonly used tools”,
“extension_id”: “cjneempfhkonkkbcmnfdibgobmhbagaj”,
“description”: “Play popular games for free”,
“extension_id”: “gbmoeijgfngecijpcnbooedokgafmmji”,
“description”: “Access Microsoft 365 apps for free”,
“extension_id”: “gecfnmoodchdkebjjffmdcmeghkflpib”,
“description”: “Check email while staying in your flow”,
“extension_id”: “kfihiegbjaloebkmglnjnljoljgkkchm”,
“description”: “Send files across your mobile and desktop devices”,
“extension_id”: “fjngpfnaikknjdhkckmncgicobbkcnle”,
“description”: “Take notes as you browse the web”,
“extension_id”: “gbihlnbpmfkodghomcinpblknjhneknc”,
“description”: “Short & easy exercise sessions at your seat for a quick healthy break”,
“extension_id”: “pjhpojmiobchgmchbkekckbgeigbbaje”,
“description”: “Listen to music on Deezer!”,
“extension_id”: “gekagaaiohabmaknhkbaofhhedhelemf”,
“description”: “Listen to music on Apple Music!”,
“extension_id”: “kjncpkplfnolibapodobnnjfgmjmiaba”,
“description”: “Listen to music on Spotify!”,
“extension_id”: “bhmhibnbialendcafinliemndanacfaj”,
“description”: “Listen to music on Amazon Music!”,
“extension_id”: “kmojgmpmopiiagdfbilgognmlegkonbk”,
“description”: ” Listen to music on Yandex Music!”,
“extension_id”: “eijpepilkjkofamihbmjcnihgpbebafj”,
“description”: ” Listen to music on Sound Cloud!”,
“extension_id”: “ghglcnachgghkhbafjogogiggghcpjig”,
“description”: “Chat with people via Messenger”,
“extension_id”: “khffkadolmfbdgahbabbhipadklfmhgf”,
“description”: “Chat with people via Instagram”,
“extension_id”: “ceaifoolopnigfpidlheoagpheiplgii”,
“description”: ” Chat with people via Twitter!”,
“extension_id”: “enkoeamdnimieoooocohgbdajhhkajko”,
“description”: ” Chat with people via Telegram!”,
“extension_id”: “pencekojiebcjhifbkfdncgmmooepclc”,
“description”: ” Listen to music on Last Music!”,
“extension_id”: “dabfebgaghanlbehmkmaflipiohdimmc”,
“description”: ” Listen to music on Ku Gou!”,
“extension_id”: “jpfjdekhebcolnfkpicpciaknbgcdcbm”,
“description”: ” Listen to music on QQ Music!”,
“extension_id”: “nnpnekncnhiglbokoiffmejlimgmgoam”,
“description”: ” Listen to music on Gaana Music!”,
“extension_id”: “hciemgmhplhpinoohcjpafmncmjapioh”,
“description”: ” Listen to music on Tidal Music!”,
“extension_id”: “bobbggphonhgdonfdibkfipfepfcildj”,
“description”: ” Listen to music on iHeart Music!”,
“extension_id”: “ppnnjfpaneghjbcepgedmlcgmfgkjhah”,
“description”: ” Chat with people via VK!”,
“extension_id”: “kkobcodijbdelbnhbfkkfncbeildnpie”,
“description”: ” Listen to music on Naver Vibe!”,
“extension_id”: “olkdlefmaniacnmgofabnpmomgcpdaip”,
“description”: ” Listen to music on 163 Music!”,
“extension_id”: “dmbljphlfghcnbohaoffiedmodfmkmol”,
“description”: “Chat with people via WhatsApp”,
“extension_id”: “hloomjjkinpbjldhobfkfdamkmikjmdo”,
“description”: “Check your chat while staying in the flow”,
“extension_id”: “piilhopgoheagglmepbmkpodfceclmab”,
“description”: “Check email while staying in your flow”,
“extension_id”: “olmhchkiafniffcaiciiomfdplnmklak”,
“description”: “Browse videos while staying in your flow”,
“extension_id”: “hmlhageoffiiefnmojcgoagebofoifpl”,
“description”: “Watch videos on the TikTok”,
“extension_id”: “jlipacegilfgfpgkefbjcncbfcoeecgj”,