New Policies: BrowserGuestModeEnforced - Enforce Edge guest mode

Version 147.0.3912.60: April 10, 2026 (Stable)

Release Summary

Announcements

• Microsoft 365 Copilot Chat. The Edge internal container page that hosts compliant M365 Copilot chat in the sidebar has been updated. Blocking internal edge:// or chrome-untrusted:// URLs isn't recommended as this may lead to unexpected errors and will disable the Microsoft 365 Sidebar Copilot Chat experience. For more information, see Allowlist for Microsoft Edge endpoints.
• Updated AI settings page happening in May. Settings for Copilot features will be housed under one AI settings page to create a cohesive setting experience. Existing admin controls and policy configurations continue to apply. Note: This is a controlled feature rollout. If you don't see this change, check back as we continue the rollout.
• Collections retirement. Microsoft begins retiring Collections. A banner is shown to existing Collections users. Users are no longer able to add new items to Collections. To keep saved content, users can export it, or move all pages to Favorites. For more information, see Organize your ideas with Collections in Microsoft Edge - Microsoft Support.
• Migration to improved V2 architecture for Workspaces. Workspaces, introduced in Edge in 2022, allows users to create durable sets of tabs that can be saved and shared with others. In order to improve reliability and performance of this feature, the following changes are being made:

1. Migrating data for saved Workspaces from OneDrive/SharePoint to Edge Sync service
2. Removing the collaboration/share functionality of this feature
   For organizations who have disabled Sync through policy, the existing v1 Workspace data will still be migrated to the new architecture. New v2 Workspaces created after migration will not sync across devices and will remain local to each device. This update occurs on a progressive rollout beginning in Edge Stable v145 and will continue rolling out in Edge v147. For more information, see Getting started with Microsoft Edge Workspaces.

• Custom primary password deprecation. Users will no longer be able to create a new custom primary password in Edge Settings edge://settings/autofill/passwords/settings. Users who already have a custom primary password configured will see a warning that the feature won't be available from June 4, 2026. On June 4, 2026, any users who are still using a custom primary password will be automatically migrated to device authentication. Additionally, the PrimaryPasswordSetting policy will no longer support the WithCustomPrimaryPassword option.

Feature Updates

• Cross Tenant Support using Intune MAM. Edge for Business extends its capability to deliver Intune App Protection Policies via Intune MAM. Organizations are enabled to apply data loss prevention controls to Edge for Business profiles even on devices managed by another tenant. This capability enforces Intune MAM policies-such as clipboard boundaries, watermarking, and protected downloads-within the Edge work profile, ensuring sensitive data remains governed by your tenant. When enabled, downloads initiated in Edge are redirected to OneDrive for Business instead of local storage, and leak controls for screenshots and DevTools activate when data protection settings are applied. This approach secures cross-tenant scenarios like contractors or mergers without requiring additional apps or disrupting the end user experience. For more information, see Cross-tenant support using Intune MAM.
• Clarify choices surrounding third-party cookie settings. Language under Settings >Privacy, search, and services>Cookies will be clarified to better describe the choices users have in managing third-party cookies. Note: This is a controlled feature rollout. If you don't see this feature, check back as we continue our rollout.
• Extensions monitoring in the Edge management service. The Microsoft Edge management service now allows admins to gain visibility into extensions installed across their managed users. From the extensions monitoring page, admins can see which extensions have been installed as well as manage user requests for blocked extensions. Note: This experience is in public preview and can be accessed by opting in to targeted release in the Microsoft 365 admin center. For more information, see Microsoft Edge Extensions Monitoring.
• Add setting to create or remove profile desktop shortcut for Windows. A new toggle is added in the profile settings to give users the ability to create or remove the profile desktop shortcut. Available only for Windows devices. Note: This is a controlled feature rollout. If you don't see this feature, check back as we continue our rollout.
• Copilot New Tab Page. Search, chat, and explore the web from one search box with Copilot suggested actions and curated work content to help your users get things done faster on the new, refreshed Copilot New Tab Page. Users can also view personalized news and activities. Admins can control availability to this feature using the CopilotNewTabPageEnabled policy. Note: This experience is in public preview and can be enabled via the Edge management service inside the Microsoft 365 Admin Center. The release timeline has been updated, and general availability is now expected in early May. For more information, see Configuring Copilot Features Microsoft Learn..
• Validate Edge builds early with enterprise preview. Enterprise preview provides a simpler way for admins to flight pre-release Edge builds to their users. To reduce friction and bolster usage, users will receive pre-release builds directly inside of their Stable Edge application. Admins can allow users to easily opt-out of the preview experience, using built-in rollback to switch between their pre-release and stable channels with ease. Microsoft 365 admin center users can configure the feature, view their flighting population, and receive personalized recommendations all in one place. Note: Part of this experience is in public preview and can be accessed by opting in to targeted release in the Microsoft 365 admin center. For more information, see Get started with Enterprise Preview in Microsoft Edge.
• Expanded Microsoft Purview Information Protection (MIP) support for Microsoft 365 Online. Microsoft Purview Information Protection enables data loss prevention (DLP) controls in Microsoft 365 documents by limiting or preventing certain actions on documents with specific sensitivity levels. When administrators enable Microsoft Purview Information Protection in the Edge management service, the policy enforces secure enterprise browser access for Microsoft Word, Excel, and PowerPoint. Starting in Edge version 147, support is also available for Outlook on the web (OWA). For more information, see Protect Office documents with Microsoft Purview Information Protection labeling.
• Copilot integration in Immersive Reader. Immersive Reader improves reading accessibility by simplifying webpages and removing visual distractions. When using Immersive Reader, users can now Summarize, Explain, and Chat with Copilot directly through the Immersive Reader toolbar. Available on Windows devices.

Fixes

• Fixed an issue where Edge and WebView2 deployments via WSUS or MSI-based enterprise packages failed to install with disabled auto-update policy configuration.

Policy Updates
New policies

• BrowserGuestModeEnforced - Enforce Edge guest mode
• DefaultDownloadDirectory - Set default download directory
• InPrivateModeUrlAllowlist - Allow access to a list of URLs in InPrivate mode.
• InPrivateModeUrlBlocklist - Block access to a list of URLs in InPrivate mode.
• PdfLocalFileAccessAllowedForDomains - Allow specified sites to access file:// URLs in the PDF Viewer
• XSLTEnabled - Control the availability of the XSLT feature
• AuthNegotiateDelegateByKdcPolicy - Use KDC policy to delegate credentials.
• MAMWithDeviceDLPEnabled -
• ProtectedContentIdentifiersAllowed - Allows web pages to use identifiers for the purpose of protected content playback

Obsolete policies

• PostQuantumKeyAgreementEnabled - Enable post-quantum key agreement for TLS (obsolete)