1.6.1 Ensure 'Configure extension management settings' is set to 'Enabled: *'


This policy setting controls extension management settings for Microsoft Edge, including any controlled by existing extension-related policies. This policy supersedes any legacy policies that might be set.

NOTE: This policy maps an extension ID or an update URL to its specific setting only. A default configuration can be set for the special ID '*', which applies to all extensions without a custom configuration in this policy. With an update URL, configuration applies to extensions with the exact update URL stated in the extension manifest. If the override_update_url flag is set to true, the extension is installed and updated using the update URL specified in the ExtensionInstallForcelist (Control which extensions are installed silently) policy or in update_url field in this policy. The flag override_update_url is ignored if the update_url is the Edge Add-ons website update URL.

Note #2: For more granular control the ExtensionInstallForcelist and ExtensionInstallAllowlist (Allow specific extensions to be installed) to allow or force install of specific extensions even if the store is blocked using the JSON in the the example. {'update_url:https://clients2.google.com/service/update2/crx':{'installation_mode':'blocked'}}

For more details, check out the detailed guide to ExtensionSettings policy available at the following link.

The recommended state for this setting is: Enabled: *.


Blocking extensions that could potentially allow remote control of the system through the browser is a good security practice. If there are extensions needed for securing the browser or for enterprise use these can be enabled by configuring either the setting Allow specific extensions to be installed.


Any installed extension will be removed unless it is specified on the extension allowlist, if an organization is using any approved password managers ensure that the extension is added to the allowlist.


To establish the recommended configuration via Group Policy, set the following UI path to Enabled: *:

Computer Configuration\Polices\Administrative Templates\Microsoft Edge\Extensions\Configure extension management settings

Default Value:

Not configured.

See Also


Item Details


References: 800-53|CM-10, 800-53|CM-11, 800-53|SC-18, CSCv7|7.2

Plugin: Windows

Control ID: 988c4f365cc3fe7b843075f257a6263ab6bb4953ca2b2b1839b146d3614df666