Microsofts latest attempt at a browser is maturing nicely. I’ve been using it as my daily driver for about a month now and so far so good. I’ve also started getting more requests from customers for ways to deploy and manage on their macOS devices.
This post will cover how to deploy the Edge application to macOS with VMware Workspace ONE UEM. This will include how to suppress requests to allow notifications, and how to set things like the homepage and stop the first launch tutorial.
The first point to remember is Edge is essentially Chrome, as it’s built upon the Chromium open source project. This brings with it the ability to use all your existing Chrome extensions, as well as any existing policies you may be delivering today via MDM.
Deploying Edge
Note: Uploading macOS applications to Workspace ONE UEM needs to be performed from a Mac, as you need to generate a plist file using the Workspace ONE Admin Assistant application.
- Download Edge from here: Click Here
- Login to Workspace ONE UEM. If you’re on 20.10+, you’ll now have the new Resources tab replacing Apps & Books (also, this is where you’ll find Profiles!) Click Resources / Apps / Native / Internal
- Click Add to upload an application, then “Application File”
- Click “Upload” and search for your downloaded Edge file.
- Here you’ll be asked to upload a plist file.
Download and install the Admin Assistant and launch it.
Drag and drop your Edge installer here, and the output will be in the Documents/Workspace ONE Admin Assistant folder.
Your output will look similar to the below. Head back to UEM and upload that plist.
Click Continue, and now we can set up the application!
Head to “Images” and upload the MicrosoftEdge_1.png file.
We’re now done with this section. We could set up some post-install/uninstall scripts or mark any ‘blocking’ (apps that need to close before this is installed) apps, but we can just click “Save & Assign”.
Assignment
In this window, we can give our assignment a name and description. These allow is to let others (and remind ourselves) about the reason for this deployment and its target. Select your assignment groups and delivery method. I’ve set this to On Demand so this doesn’t get automatically deployed when I click save. You can of course queue up deployment with the time selector.
Click “Create” and review the assignments.
You can get really creative here, but the real creativity in this comes in with the configuration we’ll sort later. Click “Save” and “Publish” and we’re done with uploading the application.
Prevent those Notifications Allow requests
If you want to make the installation process silent, you can supress the toast messages users will get for both the Microsoft Auto Updater and Edge itself.
For this, I used ProfileCreator to create a Notifications payload, which we will deliver as a Custom Settings payload in UEM.
<dict>
<key>NotificationSettings</key>
<array>
<dict>
<key>AlertType</key>
<integer>1</integer>
<key>BadgesEnabled</key>
<true/>
<key>BundleIdentifier</key>
<string>com.microsoft.edgemac</string>
<key>CriticalAlertEnabled</key>
<false/>
<key>NotificationsEnabled</key>
<true/>
<key>ShowInLockScreen</key>
<true/>
<key>ShowInNotificationCenter</key>
<true/>
<key>SoundsEnabled</key>
<true/>
</dict>
<dict>
<key>AlertType</key>
<integer>1</integer>
<key>BadgesEnabled</key>
<true/>
<key>BundleIdentifier</key>
<string>com.microsoft.autoupdate.fba</string>
<key>CriticalAlertEnabled</key>
<false/>
<key>NotificationsEnabled</key>
<true/>
<key>ShowInLockScreen</key>
<true/>
<key>ShowInNotificationCenter</key>
<true/>
<key>SoundsEnabled</key>
<true/>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Notifications</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.18446CF1-EB13-4F7F-8530-5C1E56F4CAB1.com.apple.notificationsettings.FB369439-1780-4B45-A5B2-1AC5BD482A2A</string>
<key>PayloadType</key>
<string>com.apple.notificationsettings</string>
<key>PayloadUUID</key>
<string>FB369439-1780-4B45-A5B2-1AC5BD482A2A</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>The important part of these is the Bindle Identifiers. com.microsoft.edgemac and com.microsoft.autoupdate.fba will prevent the two above screenshots from showing up to your users.
Copy the above code block, and head back to UEM. Go to Resources / Profiles & Baselines / Profiles. Click Add / Add Profile.
Select macOS / Device or User Profile (either is OK).
I set up my profiles as macOS – Edge Notifications, assigned to the same assignment group as the Edge app. I also set this to Auto, meaning this config will be on the device, regardless of the app being installed.
Then, scroll down on the left, and hit “Custom Settings”, and “Configure”.
Paste in the code in the text area, and click “Save and Publish” and then “Publish”
Configure and Customise Edge
This is the exciting part. Here we can define our settings for our users. It’s really important to know that you can have different customizations per user group, org group, or assignment group. So, people in HR could have an HR home page, and those in Sales could have a sales homepage.
As above, we will be using a Custom Settings payload to deploy the configuration. This is derived from the “Policy Files” available from the Edge for Business download site.
The “policy_manifest” has the keys we can use to add to the below.
<dict>
<key>PayloadContent</key>
<dict>
<key>com.microsoft.Edge</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>AutoSelectCertificateForUrls</key>
<array>
<string>{"pattern":"https://cas-aws.vmwareidentity.com/","filter":{"ISSUER":{"CN":"CN Issuing Name"}}}</string>
<string>{"pattern":"https://cas-aws.workspaceair.com/","filter":{"ISSUER":{"CN":"CN Issuing Name"}}}</string>
</array>
<key>DefaultCookiesSetting</key>
<integer>1</integer>
<key>FavoritesBarEnabled</key>
<true/>
<key>HideFirstRunExperience</key>
<true/>
<key>NewTabPageLocation</key>
<string>https://hub.company.com</string>
<key>HomepageLocation</key>
<string>https://hub.company.com</string>
<key>HomepageIsNewTabPage</key>
<false/>
<key>ManagedFavorites</key>
<array>
<dict>
<key>toplevel_name</key>
<string>Company Links</string>
</dict>
<dict>
<key>name</key>
<string>Self Service Portal</string>
<key>url</key>
<string>https://ds135.awmdm.com/MyDevice</string>
</dict>
<dict>
<key>name</key>
<string>VMware</string>
<key>url</key>
<string>vmware.com</string>
</dict>
<dict>
<key>name</key>
<string>Microsoft Edge links</string>
<key>children</key>
<array>
<dict>
<key>name</key>
<string>Microsoft Edge Insiders</string>
<key>url</key>
<string>www.microsoftedgeinsider.com</string>
</dict>
<dict>
<key>name</key>
<string>Microsoft Edge</string>
<key>url</key>
<string>www.microsoft.com/windows/microsoft-edge</string>
</dict>
</array>
</dict>
</array>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>MCXToProfile.d6ba4580-8bc9-4d9b-a0a1-f019dcbdc21a.alacarte.customsettings.e018cb09-de75-4195-ae80-b4cc25c02a76</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>e018cb09-de75-4195-ae80-b4cc25c02a76</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>- HideFirstRunExperience – Prevent the tutorials and set up screens from showing
- FavoritesBarEnabled – Enables the Fav bar
- NewTabPageLocation – Sets the URL for the new tab page
- HomepageLocation – Sets the Location of the home page
Deploy this as a Custom Settings Payload as you did for the previous step to suppress the notifications.
Testing and Troubleshooting
When you’re done and your config is deployed, any new user shouldnt have any notifications pop ups, and should have their browser configured.
#1 step here when you make any changes to configuration will be to fully quit Edge and restart it.
Check your Intelligent Hub Download’s tray
This is the best place to start to make sure your apps are downloading. Head to the Intelligent Hub, click Apps, then hit the download icon on the top right.
Check System Preferences > Profiles
You should see your new Edge profiles showing here.
Check System Preferences > Notifications
After first run of Edge, you can head to System Preferences > Notifications (after seeing that you dont see anything pop up!)
You should expect to see Notifications switched off for both “Microsoft Edge” and “Microsoft Update Assistant”. These options are also greyed out to users will be unable to edit them.
edge://policy
In the address bar, type edge://policy. You should expect to see your configuration.
Conclusion
Now you should have Microsoft Edge fully deployed to your Workspace ONE UEM macOS device estate!
If I’ve left anything out or any step is unclear please leave a comment below or head to Contact to get in touch.
Solutions Engineer @ Okta. Former SE at VMware for Workspace ONE. All things Identity, MDM and Mac. Occasionally takes photos of Bands at adammatthews.photography, and blogs at adammatthews.co.uk.