Mass deploy the CyberArk Browser Extension for Microsoft Edge

This topic describes how to use Active Directory Group Policy Management with Microsoft Edge templates to deploy CyberArk Identity Browser Extension to all PCs in your organization.

This document is a general guide. Details in your deployment may differ.

Step 1: Add Edge policy templates

  1. Open your browser and go to the following URL:

    https://www.microsoft.com/en-us/edge/business/download
  1. Download a Microsoft Edge policy templates file (MicrosoftEdgeEnterpriseX64.msi, MicrosoftEdgePolicyTemplates.cab, or MicrosoftEdgeEnterpriseARM64). Make sure you download the file that matches your organization's environment and preferences.

  2. Save the file in a temporary location. For example, C:\temp. Then copy the files to your domain controller.

Step 2: Add Edge .admx and .adml files to group policy

  1. On your domain controller, go to the directory where you copied the Microsoft Edge templates files. Copy the msedge.admx file located within the \windows\admx directory to C:\Windows\PolicyDefinitions.

  2. On the domain controller, go to the directory where you copied the Microsoft Edge templates files. Copy the msedge.adml file located within the \windows\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US.

    If you want a language other than en-US, go to the correct directory. For example, es-ES.

Step 3: Create or configure your Edge policy

  1. On your domain controller, open Group Policy Manager and expand the domain Group Policy Objects. If you do not have a group policy to use for Edge policies, right-click Group Policy Objects and create a new policy. Give the policy a relevant name, such as Edge Policy.

  1. Right-click the new policy and select Edit.

  2. Expand Edge Policy > Computer Configuration > Policies > Administrative Templates > Microsoft Edge > Extensions, then right click and edit Control which extensions are installed silently.

    If this policy will apply to users instead of computers, the Edge policies you will be expanding will be located under User Configuration -> Policies -> Administrative Templates -> Microsoft Edge.

  1. Select Enabled, then click Show.

  2. Add the following text and click OK.

    mblkikdcdlfpljlmgijhccbhiijkhded
  1. Click Apply, then click OK.

  2. Disable Microsoft Edge's Built-In Password Manager by going to Microsoft Edge > Password manager and protection, then right- click and edit Enable saving passwords to the password manager.

  3. Select Disabled, then click Apply and OK.

  1. Following the same process as steps 7 - 9, go to the Microsoft Edge Administrative Templates Policy definitions. Disable Edge AutoFill by editing Enable AutoFill for addresses and Enable AutoFill for credit cards and setting them to Disabled.

  2. (Optional) If you want to disable Developer Tools, to further secure against users attempting to unmask a masked password/credential, still within the Microsoft Edge Administrative Templates Policy definitions, edit Control where developer tools can be used and set it to Enabled. Select Don't allow using the developer tools and click OK.

  3. Exit the Group Policy Management Editor. Right-click an organizational unit (OU) containing your computers or users, and select Link an Existing GPO.

  4. Select Edge Policy and click OK.

If you have more than one OU that you want to link this new group policy to, repeat steps 11-12.

The Edge policy automatically installs CyberArk IdentityBrowser Extension, for any PC or user within that OU, if Edge is installed on those PCs. The Edge policy also disables the Edge browser's less secure, built-in password manager and AutoFill capabilities.

Step 4: Check your Edge policies

On a target client device, open Microsoft Edge and go to edge://policy to see all applied policies. If you applied policy settings on the local computer, policies should appear immediately.

You can also check your extension by going to edge://extensions to confirm that your extensions are being installed.

You might need to run gpupdate /force, in an elevated command prompt, to apply this new group policy to the PCs.

You may need to close and reopen Microsoft Edge before the new policies appear.