Extensions
Note
You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the Microsoft Edge documentation landing page.
Currently, Microsoft Edge allows users to add or personalize, and uninstall extensions. You can prevent users from uninstalling extensions or sideloading of extensions, which does not prevent sideloading using Add-AppxPackage via PowerShell. Allowing sideloading of extensions installs and runs unverified extensions.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\
Allow Extensions
Supported versions: Microsoft Edge on Windows 10, version 1607 or later
Default setting: Enabled or not configured (Allowed)
Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.
Supported values
| Group Policy | MDM | Registry | Description |
|---|---|---|---|
| Disabled | 0 | 0 | Prevented |
| Enabled or not configured (default) |
1 | 1 | Allowed |
ADMX info and settings
ADMX info
- GP English name: Allow Extensions
- GP name: AllowExtensions
- GP path: Windows Components/Microsoft Edge
- GP ADMX file name: MicrosoftEdge.admx
MDM settings
- MDM name: Browser/AllowExtensions
- Supported devices: Desktop
- URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions
- Data type: Integer
Registry settings
- Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
- Value name: ExtensionsEnabled
- Value type: REG_DWORD
Related topics
Microsoft browser extension policy: This article describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content these browsers display. Techniques that aren't explicitly listed in this article are considered to be unsupported.
Allow sideloading of extensions
Supported versions: Microsoft Edge on Windows 10, version 1809
Default setting: Enabled (Allowed)
By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).
Supported values
| Group Policy | MDM | Registry | Description | Most restricted |
|---|---|---|---|---|
| Disabled or not configured | 0 | 0 | Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the Allows development of Windows Store apps and installing them from an integrated development environment (IDE) group policy, which you can find: Computer Configuration\Administrative Templates\Windows Components\App Package Deployment\ For the MDM setting, set the ApplicationManagement/AllowDeveloperUnlock policy to 1 (enabled). |
 |
| Enabled (default) |
1 | 1 | Allowed. |
ADMX info and settings
ADMX info
- GP English name: Allow sideloading of Extensions
- GP name: AllowSideloadingOfExtensions
- GP path: Windows Components/Microsoft Edge
- GP ADMX file name: MicrosoftEdge.admx
MDM settings
- MDM name: Browser/AllowSideloadingExtensions
- Supported devices: Desktop
- URI full path: ./Vendor/MSFT/Policy/Config/Browser/AllowSideloadingExtensions
- Data type: Integer
Registry settings
- Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
- Value name: AllowSideloadingOfExtensions
- Value type: REG_DWORD
Related policies
Allows development of Windows Store apps and installing them from an integrated development environment (IDE): When you enable this policy and the Allow all trusted apps to install policy, you allow users to develop Windows Store apps and install them directly from an IDE.
Allow all trusted apps to install: When you enable this policy, you can manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store apps.
Related topics
Enable your device for development: Access development features, along with other developer-focused settings to make it possible for you to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode.
Prevent turning off required extensions
Supported versions: Microsoft Edge on Windows 10, version 1809
Default setting: Disabled or not configured (Allowed)
Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy.
Supported values
| Group Policy | Description |
|---|---|
| Disabled or not configured (default) |
Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. |
| Enabled | Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office extension prevents users from turning it off: Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
ADMX info and settings
ADMX info
- GP English name: Prevent turning off required extensions
- GP name: PreventTurningOffRequiredExtensions
- GP path: Windows Components/Microsoft Edge
- GP ADMX file name: MicrosoftEdge.admx
MDM settings
- MDM name: Experience/PreventTurningOffRequiredExtensions
- Supported devices: Desktop
- URI full path: ./Vendor/MSFT/Policy/Config/Browser/PreventTurningOffRequiredExtensions
- Data type: String
Registry settings
- Path: HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
- Value name: PreventTurningOffRequiredExtensions
- Value type: REG_SZ
Related policies
Allow Developer Tools: Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools.
Related topics
- Find a package family name (PFN) for per-app VPN: There are two ways to find a PFN so that you can configure a per-app VPN.
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune: The Microsoft Store for Business gives you a place to find and purchase apps for your organization, individually, or in volume. By connecting the store to Microsoft Intune, you can manage volume-purchased apps from the Azure portal.
- How to assign apps to groups with Microsoft Intune: Apps can be assigned to devices whether or not Intune manages them.
- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager: Configuration Manager supports managing Microsoft Store for Business apps on both Windows 10 devices with the Configuration Manager client, and also Windows 10 devices enrolled with Microsoft Intune.
- How to add Windows line-of-business (LOB) apps to Microsoft Intune: A line-of-business (LOB) app is one that you add from an app installation file. Typically, these types of apps are written in-house.