How to disable IE11 using Intune

If you have been following the messages in the message center in Microsoft 365 Admin portal, then you must have seen the recent message MC316144 for the retirement of IE set for June 15, 2022. 

So what does this really mean? If you are still using IE11 in your organization, then all access attempts  made by the end users to the browser will get redirected to Microsoft Edge because IE11 desktop application will no longer be supported. Note: Windows 10 LTSC and Server not affected.

As the first step, I will suggest to check the Browser usage report dashboard in Microsoft 365 Admin Portal. This can be accessed by navigating to Reports>Usage.


The usage report will give you insight into how many users are still accessing legacy browsers. If you have a requirement for running sites in IE legacy mode and if you haven't already configured Enterprise IE mode, then you can head over to the my previous post Configure the Enterprise Site List mode the modern way for more details on how to set it up.

In my case, I didn't want to wait until June 2022 for IE11 browser to stop working and so decided to disable IE11 altogether and have access requests redirected to Microsoft Edge. Here how you can do it using Intune.

2. Browse to Devices – Windows – Configuration Profiles
3. Click Create Profile
4. Select Platform as Windows 10 and later
5. Select Profile as Templates>Custom
6. Provide a Name and hit next.
7. Click on Add and provide the following values -

Name - DisableInternetExplorerApp
OMA-URI - ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableInternetExplorerApp
Data Type - String
Value - <enabled/><data id="NotifyDisableIEOptions" value="1"/>

Other possible values that can be used - 

0 - Never if you don’t want to notify users that IE11 is disabled.
1 - Always if you want to notify users every time they're redirected from IE11.
2 - Once per user if you want to notify users only the first time they are redirected.

8. Assign to a user or device based group.

When you enable the Disable Internet Explorer 11 as a standalone browser policy, users have the following experience:

-The IE11 icon on the Start Menu will be removed, but the one on the taskbar will remain.

-When users try to launch shortcuts or file associations that use IE11, they will be redirected to open
  the same file/URL in Microsoft Edge.

-When users try to launch IE11 by directly invoking the iexplore.exe binary, Microsoft Edge will launch instead. (Unless you set the value for NotifyDisableIEOptions to 1 or 2)

End User Experience & Compliance

On launching the IE11 standalone app, user will see the following message.


On clicking the Ok button, user will automatically be redirected to Microsoft Edge.

Values can be checked in registry, as shown below.



Compliance status should update against the CSP in Intune.


That's it for now. Until next time..

Comments

Popular posts from this blog

How to force escrowing of BitLocker recovery keys using Intune

Prevent users from running certain programs or applications on Windows endpoints using Intune

Intune: Configure Printers for Non-Administrative Users