Automatically Keep Microsoft Edge Secure with Component Updates via Intune

Small, frequent updates to Microsoft Edge’s internal components—like phishing filters, certificate revocation lists, and malware definitions—play a big role in keeping your browser safe. Instead of manually tracking and deploying each tiny update, you can use Microsoft Intune to enforce component updates automatically. Here’s how to set it up and why it matters.

Why Component Updates Matter

Edge’s main browser updates deliver new features and major fixes. Component updates, by contrast, push critical security lists and small patches that:

• Block newly discovered phishing sites

• Refresh malware signature databases

• Update certificate revocation lists

Without these, users risk browsing with stale defenses against fast-moving threats. By enabling component updates in Intune, you ensure every Edge install across your organization stays current without manual effort.

How to Enable Edge Component Updates in Intune

1. Sign in to the Microsoft Intune admin center.

2. Navigate to Devices → Configuration profiles and click + Create.

3. Choose Windows 10 and later as the platform and Settings catalog as the profile type.

4. On the Basics tab, give your policy a clear name (for example, “Enable Edge Component Updates”) and an optional description.

5. In the Configuration settings tab, click + Add settings, then search for Microsoft Edge.

6. Under Edge settings, find ComponentUpdatesEnabled and set it to Enabled.

7. Click Next to assign scope tags if needed, then Next again to choose your target device groups (for example, “All Corporate Devices”).

8. Review your settings and click Create.

Within minutes, enrolled devices running Edge will begin syncing the new policy. Edge will automatically download and apply component updates as they become available.

Verifying Success

To confirm the policy applied correctly:

1. In Intune, go to Devices → Configuration profiles.

2. Find your policy and check its Policy status. It should show Success for targeted devices.

3. On a client machine, open Event Viewer and navigate to
   Applications and Services Logs → Microsoft → Windows → DeviceManagement-Enterprise-Diagnostics-Provider → Admin.

4. Look for Event ID 814, which logs “MDM PolicyManager: Set policy string, Policy: (ComponentUpdatesEnabled)”—a clear sign the setting took effect.

When to Disable Component Updates

You might disable component updates temporarily to troubleshoot compatibility issues or test legacy software. Simply repeat the steps above but set ComponentUpdatesEnabled to Disabled. Critical security patches marked as mandatory will still apply even if you disable this policy.

Best Practices

• Enforce by default: Enable component updates for all corporate devices to ensure continuous protection.

• Scope selectively: Use Intune’s assignment groups to pilot the policy on a small set of devices before broad rollout.

• Monitor regularly: Check policy status and Event Viewer logs weekly to catch any sync issues early.

• Combine with major updates: Pair this policy with Windows Update for Business settings to manage full Edge version upgrades.

Keeping browser defenses up to date is crucial. With Intune’s component update policy for Edge, you automate that vital layer of security—so your users can browse safely without delays or extra work for IT.