Like smartphones and desktop operating systems, one’s chosen web browser is always a topic of fierce emotional debate. It is very hard to convince someone to make the switch when they’ve been using something that’s pretty good for the best part of a decade. It took a while for Microsoft to add enough of the end-user expectations in Edge to make it a worthy alternative as people have gotten so used to extensions, profile syncing, themes, and the compatibility that Chromium offered them.
Today, I feel that Microsoft Edge is the best browser for business, not only because it wins in performance and security tests, but also because it simplifies life for both users and admins.
Compatibility & Performance
Since 2020, Edge has been running on Chromium. That’s the same one used by:
- Google Chrome
- + many more
Given this fact, it mostly* nulls the argument around how Edge is comparatively worse than Chrome, since the fundamental functions are shared.
*There are a small number of sites that require Google Chrome by developer choice.
Since Microsoft has a large enterprise customer base to cater for, Edge also has Internet Explorer mode built in which IT admins can configure to allow users to retain access to legacy sites that aren’t compatible with modern standards.
Microsoft Edge puts tabs to “sleep” when you’re not using them. This boosts your browser’s performance by releasing system resources like memory and CPU, to help ensure that the tabs you’re using have the resources they need.Microsoft
I’ve seen people using Chrome or Firefox extensions to achieve the same thing. It’s native in Edge, and fully customisable by the admin or end-user. For example, you may wish to add your Dynamics 365 URL to the list of sites that shouldn’t sleep.
We’ve all seen the memes…
Microsoft has done a lot to address this issue and Toms Guide tested this back in 2021.
For the IT admins
You only need manage one browser!
While Intune has the settings available for both Chrome and Edge, you still need to manually upload ADMX files to handle Firefox. The more browsers you have, the more you increase the attack surface within your org. Firefox does not have the same granularity of security controls as Chrome or Edge and it’s missing SmartScreen, your end-user’s first line of defence if they happen to find themselves on the wrong side of the internet.
For the end-users
You only need to use one browser!
In addition to ensuring legacy compatibility, we’re able to configure Edge to force synchronisation of the browser profile, meaning the experience is the same wherever you sign in with the work account (more on this later). We can push a managed favourites folder right on the bookmarks bar to give users a consistent experience when they need to navigate to work resources.
What about Add-ons and extensions?
For the big ones, there’s likely an Edge equivalent in the store – if it’s not there, extensions from the Google store can be permitted to run in Edge.
If you decide to enforce web content filtering included with many of the Microsoft SKUs, like Business Premium for example, Edge will give the end-users the clearest indication of why something has been blocked.
If the end-user has strict notification settings, they may not even see it on Firefox or Chrome.
If nothing else, this is the bit of this article that should get your attention.
Using Microsoft Edge exclusively is a method of data loss prevention.
Picture this: a user installs Chrome, Firefox, or another unknown browser on their work device, and they sign into it using their personal Google account (in the case of Chrome), then they sync their personal stuff onto the work device.
Firstly, we don’t want personal stuff on work devices. If you haven’t locked Chrome down, all those unknown extensions are about to get installed, what data is that looking at?
The user begins working with various company tools, where are all those passwords synced…? To their Google account, and eventually their home computer.
We have no visibility of where those credentials might be used, and we don’t know if the user’s home computer is already compromised. Why should we care? We’re not responsible for it.
We are responsible for the company data.
“We can lock down Chrome/Firefox to prevent this”
Yes you can.
In my view, to make it secure you’d disable sync, block saving of passwords, prevent extensions being installed, and disable all the other convenience features that create a slick end-user experience across multiple devices, while creating additional work whenever that user changes their PC.
By the time you’ve done this, third-party browsers will operate in a de facto guest mode, adding resistance to the user’s day.
Edge allows the company browsing experience to remain inside a corporate owned account.
Limit egress with Conditional Access
We create a policy that says: a work account can only signed into Edge on a compliant, company-owned device.
The user cannot go home and sync data to their personal device, and when they leave the company the account and all associated data is cleared. In addition, we should tweak our internal IT policy so that it states corporate-owned devices shouldn’t be used for personal affairs.
The end result is both your end-users and IT teams have an easier job when it comes to browsing the web.
For next level security, we can use Edge Application Guard windows… but that’s for a future post.