Manage Microsoft Edge Application using SCCM Software Updates
Using Configuration Manager 1910, you can not only create and deploy Microsoft Edge application but you can also manage Edge updates. Yes you can now deploy Microsoft Edge updates using SCCM 1910 and this is really a good thing.
In this post I will cover the steps to create Microsoft Edge Application. We will deploy it to test device collection. We can then look at managing Microsoft Edge updates using SCCM.
The Microsoft Edge browser has been in preview since a long time. But then the Admins could still deploy Edge as an application using Configuration Manager 1910. However one thing that was lacking was deploying Edge browser updates using SCCM.
Previously if you had to download Edge, you could pick the Beta, Dev, or Canary channel, along with a version of the Microsoft Edge client to deploy. With the release of Edge stable build, the Canary channel is now gone. You can read more about these channels here.
Configuration Manager 1910 allows you to create Edge application and deploy it to your clients. If you want to manually download the stable version of Edge and package it in SCCM, you can do that as well. To download the stable version of Edge browser, click here.
Note – Before you deploy Edge via SCCM, ensure the PowerShell Execution Policy is not set to Restricted on the client computers. If it is set to Restricted, then the deployment will fail.
Create Microsoft Edge Application Using SCCM
To create a new Microsoft Edge application using SCCM
- First of all, launch Configuration Manager console
- Go to Software Library > Overview > Microsoft Edge Management
- Right-click Microsoft Edge Management and click Create Microsoft Edge Application
The Microsoft Edge client installation wizard lets you create and deploy Edge application. On the Application Settings page, specify the application name and content location. Click Next.
Under Microsoft Edge client settings, you should find three channels.
Select Stable and version as Latest. Click Next.
On the Deployment page, select Yes if you want to deploy the application after you close this wizard or select No to deploy it later. I will select Yes here. Click Next.
Specify the collection to which you want to target the Edge deployment. Click Next.
On the content page, select the distribution point. Click Next.
On the Deployment page, since I selected Yes under “do you want to deploy the application now”, I can see the Purpose is set to Required. Click Next.
Click Next on rest of the pages and finally on Completion page click Close.
Microsoft Edge Application Deployment Report
After you deploy the Microsoft Edge application, you may want to check the application deployment status. You can run the report All application deployments (basic) located under Software Distribution > Application Monitoring.
Select the Microsoft Edge application and the device collection. The report should show you the deployment summary. In addition to that, you may use other built-in reports to get the similar data.
Manage Microsoft Edge Updates with SCCM
To get Microsoft Edge updates in the console, ensure you have enabled the Updates classification under Software Update Point properties > Classifications. If it’s already selected, proceed to next step.
Under Software Update Point properties > Products, select the Microsoft Edge product for synchronization.
Tip – If you don’t see Microsoft Edge product in the list, synchronize software updates once and check the products tab.
After you perform the above steps, click Synchronize Software Updates. Wait for the sync to complete and now check All Microsoft Edge Updates. You should the Microsoft Edge Updates for all the 3 channels – Beta, Dev and Stable.
Now that you have got the Edge Updates in the SCCM console, you can manage and deploy Microsoft Edge updates like any other update. For example you can add them to a Software Update Group and deploy. Or add them to your automatic deployment rule.
The edge browser is already configured on the SCCM server, but how do I add the domain to the trusted zone in the edge browser?
I get an error “Unable to get certificate for Powershell” when I try to create the Edge Application in SCCM. I’ve following the instructions others posted for copying in a new Install-Edge.ps1 but the download/package creation still fails.
Can someone help?
Can you turn on auto updates on through GPO AND also deploy updates through sccm? Due to everyone working from home at the moment. I think its a better idea to allow edge to check for updates and update automatically and allow sccm to push updates to users who are falling out of date, to ensure security. We dont have all users always on the our vpn from home. What do you think ?
Hello, I have few computers that already have edge chromium but these are not reporting to sccm as installed nor requiring update. All edge updates indicate 0 installed 0required but I sure know there are at least 10 installed. If the installation wasn’t done with sccm it doesn’t count?
I have the same problem.
Have you find a solution for that?
If you get an error during creation of the Edge application “Failed to download artifact”, see https://support.microsoft.com/en-us/help/4561494/microsoft-edge-application-creation-fails-in-configuration-manager for an updated PowerShell script to fix this
Any Ideas how to uninstall Edge via SCCM. what command to put?
I haven’t thought about this but I will added this to my to-do list.
I use “msiexec /x “Filename.msi” /q” and it worked out in my environment
has anybody also faced problems deploy Edge versions greater than 79 via SCCM to Windows 10 LTSB 2019 (version 79 stable is working)? I tried this but it does not work. If i try to install the package without SCCM on command line the error message saying I have to update my OS (has latest update 04/2020)?
Thanks for your guide, but I have a problem.
I found some users that installed Edge stable directly from internet before my application deploy.
On their PC ADR don’t work (Edge update are not in state “Disabled by organization”) and Edge looks update directly from internet.
Do you know if it’s possible change edge configuration and force update from my ADR?
Just for your information, there is a workaround for your node: “Before you deploy Edge via SCCM, ensure the PowerShell Execution Policy is not set to Restricted on the client computers. If it is set to Restricted, then the deployment will fail.”
After creating the deployment you just have to sign the 2 PowerShell Scripts “Install-Edge.ps1” (found in x64 and x86 folder) with an internal codesigning-certificate and refresh the content of the application on the DPs.
Yes and there is also another way to deal with that and i will be posting it soon.
Have you posted it somewhere else? I would like to know the way around this, thanks!
One simple solution might be to add the switch -ExecutionPolicy Bypass to the command lines in the Deployment Types the wizard creates. That’s what I did, anyway.
Do you have an explanation why the versions are different ?
On the Edge download page there is already version .71. Via WSUS / SUP / Catalog only version .68 is available.
Hi, you should now see the latest version of Edge if you create application. There was a delay and it has been rectified.
Hi, great information Prajwal – do you know if SCCM 1906 will be able to update Edge in Software Updates (as per your last section)? Given it is just a WSUS product, I was hoping so.
I know you won’t get the ‘Microsoft Edge Management’ node as you do in SCCM 1910 (nor the Edge application wizard) but would the Edge metadata not just appear in the ‘All Software Updates’ node after a sync (rather than the new ‘All Microsoft Edge Updates’ node)?
The reason I ask is I have customer not yet ready to go to 1910, they want to go to 1906 first – but they want to deploy and manage Edge..
I am not very sure on this but I don’t think Edge app and updates deployment will be possible only with SCCM 1910 and above. If you find the Edge updates working in SCCM 1906, let me know.
I would also like to know!
Great Guide Prajwal,
Any good guide how to Uninstall/Remove IE from the computers after this deployment because of the exploits around at the moment against IE?
Both SCCM or GPO sollution would work for me.
I’m not sure about SCCM, but the Edge Chromium GPO’s have a setting you can configure to replace IE when deploying or to leave in place. I hope that helps.
Thanks for this useful information