Chrome

The Current State of Edgium

“Edgium” or ‘The next version of Microsoft Edge’ is Microsoft’s rebuild of the Microsoft Edge browser, built on the open-source Chromium platform. I recently decided to start using it and see the current state of Edgium (which I’ll call it that for the rest of this post for clarification’s sake).

Microsoft Edge was met with a lot of resistance when launched – and although there were reasonable claims about it being the fastest browser around, there were a lot of features lacking and sites that wouldn’t work with it.

Here’s why Microsoft decided to abandon Edge as it is. It’s interesting to note that on mobile devices, they were already using an open-source foundation from the start, and for the desktop version there’s a focus on making sure all web standards are adopted.

You can download Microsoft Edge Beta right now and install it in parallel with the old Edge – or you can install the build that replaces old Edge direct from Microsoft here (keep in mind you can’t uninstall from this). The Beta is good if you want to have a play around before committing.

The expirience I’ve had so far is rock solid. There are some ways where it loosk and feels like Chrome, and others where it’s more Edgey. The import options (for me at least) just worked – I could import everything from browser history, favorites and saved passwords and pick which Chrome profile I wanted to import it from.

At the Edgium end, I’ve then created multiple profiles and imported each relevant profile across to match the experience I was having on Chrome. Multiple profiles is great when you’re doing things in Microsoft 365 and have multiple accounts (user and admin) and different tenants to access.

Also, Edgium fully supports Chrome extensions. Old Edge did have extensions too, but very few. Edgium will prompt, asking if you want to allow 3rd party extensions, and then you add them just like you would in Chrome:

The settings area of Edgium in my opinion, is much better than Chrome:

Google Chrome Settings Page
Microsoft Edgium Settings Page

There’s also already Group Policy ADM/ADMX files ready to use which gives IT Administrators a lot of control over the browser, which is worth putting in place and going through before you even consider piloting Edgium.

For IT Admins, also check out the security baseline you should use, currently in draft form.

Edgium also has an Internet Explorer mode, so hopefully this can end up with Edgium replacing Chrome, Internet Explorer and Old Edge with a single browser – it might take a while of course, but for a company looking to control the user experience a bit more and not manage lots of browsers, it’s looking hopeful.

At the time of writing there’s no announced release date of Edgium, but it’s expected to completely replace Edge – so it’s worth getting used to it early. I’m sure there will be some changes between here and launch, but it should all be small changes.

Personally I’ve made the move from Chrome to Edge and haven’t hit an issue yet. Old Edge is on the way out, and overall this seems to be a positive decision for all involved. Let’s see how

Azure AD Sign-in via Google Chrome and Conditional Access

While testing MFA, Conditional Access and all the other good stuff Azure AD provides, I came across this scenario:

Conditional Access configured to require MFA if the user wasn’t on an Azure AD Hybrid PC, or coming from an internal IP.

User on an Azure AD Hybrid PC, but on an external IP.

User uses Chrome to access a Microsoft resource, and gets challenged despite being on the Azure AD Hybrid PC.

It seems that the sign-in process isn’t aware of the state of the computer when using Chrome- but there is an easy fix: deploy Windows 10 Accounts extensions for Chrome.

This is really easy to do via Group Policy.

  1. If you don’t already have them, get the ADMX Group Policy files for Google Chrome and deploy into your environment
  2. Under User Configuration > Policies > Administrative Templates > Google > Google Chrome > Extensions, configure the policy ‘Configure the list of force-installed apps and extensions’:

3. Change the radio button to enabled, click ‘Show’ and enter the value for the add-in

ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx

4. Do your normal process of configuring the Group Policy object to target the users you want, run a gpupdate and see the addin silently turn up in Chrome. The only user impact will be a visible Windows logo to the left of the Google Accounts area in the top bar of Chrome.

Peter van de Woude has documented how to do this via registry, so read his post if you want info on how to do that –  as well as how to then deploy via Intune and PowerShell script.

Worth doing if you use Azure AD connect, and highly recommended if you’re using Conditional Access. 

How To Launch A URL In Google Chrome

Scenario:
We want to open a particular URL in Google Chrome, but the default browser is Internet Explorer. Most company apps either support or require Internet Explorer, so we don’t want to change the default browser – but one app works better in Chrome.

We could create a desktop shortcut using chrome.exe -url http://webpage.com, but the site is also linked from our Intranet – how do we get the link to always launch in the preferred browser?

 

Update 21st Dec 2016

Updates to Chrome seem to have broken this. Thanks to Chris Done for working with me on this fix:

1.Add the String Value of “URL Protocol” with a blank value to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\] or [HKEY_CLASSES_ROOT\Chrome]
(they’re one and the same)
“URL Protocol”:””

2. Modify the value of

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\command\Default]
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” — %1

3. Use a space in the URL after the // you’re using for your link:

ChromeHTML:// adamfowlerit.com

4. Create this key to remove the prompt on opening the link:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\ChromeHTML]
“WarnOnOpen”=dword:00000000

Here’s the registry settings you can copy and paste into a .reg file and import:

Copy from the next line

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML]
@=”Chrome HTML Document”
“URL Protocol”=””

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\DefaultIcon]
@=”C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0″

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\command]
@=”\”C:\\Program Files (x86)\\Google\\Chrome\\Application\\Chrome.exe\” — %1″

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\ChromeHTML]
“WarnOnOpen”=dword:00000000

Copy stops above this line

End of update 21st Dec 2016

Answer:
URI Schemes. Any program can be launched using a protocol (you can see which ones you already have in Windows under Control Panel > Default Programs > Associate a file type or protocol with a program > Scroll past all the extensions down to the protocols.

You may have something like ‘MAILTO’ which is used in the format “Mailto:”. Type that into your browser and it will either launch a new email from your default mail client, or ask you to set a default mail client.

Some apps automatically create their own protocol, but you can also create your own through registry entries. Details from MSDN are available here.

Luckily for Chrome, this is already done for you, using ChromeHTML. This means you should be able to call Chrome with “ChromeHTML:” and insert the URL you want after it to open – except it doesn’t work. Chrome will open, but no URL is passed over.

A user has logged this bug with Google several months ago, it hasn’t been fixed. There is a workaround though, that can easily be done via group policy to change a local registry setting.

As this user mentions, a quote needs to be taken out of the following registry key, so it looks like this:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\command]
@="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" -- %1"

The quote removed was before the % sign.

Once this is done, the ChromeHTML protocol can be used with a URL, as long as it’s in this format:

ChromeHTML:// google.com

Note the space after the slashes.

The next issue you will notice, is that Internet Explorer will most likely prompt when launching the URL, asking ‘Do you want to allow this website to open a program on your computer?’ – there is a tickbox you can remove to ‘Always ask before opening this type of address’ but this can also be suppressed via the registry.

Snapcomms have an article on how to do it with their product, but the same rules apply for Google Chrome, as long as you use the right key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\ChromeHTML]
“WarnOnOpen”=dword:00000000

Once this key exists, the prompt will no longer show for that particular protocol.

That’s it, now you can use a URL link such as “ChromeHTML:// adamfowlerit.com” on your intranet page to launch the website of your choice in Chrome browser.

Update 22nd January 2018

This issue has been marked as ‘Wont fix’ by the Chromium team. This means potentially, they may ‘break this/remove this/anything could happen’ in the future. Please be aware that you’re now doing something unsupported by Google. In November they removed more of the functionality that made this work, for reasons I can’t quite understand!