The Microsoft Edge Chromium Blocker Toolkit is a specialized utility designed for IT administrators who need to manage browser deployments within enterprise environments. It provides a controlled method to prevent the automatic delivery and installation of the Chromium-based Microsoft Edge browser via Windows Update.
Here is a comprehensive overview of how the toolkit operates, its core components, and how to implement it. Purpose and Functionality
The Blocker Toolkit is intended for organizations that require strict control over the software versions running on their network. When Microsoft transitioned Edge to the Chromium engine, the browser was designated for automatic distribution to all compatible Windows systems.
Deploying this toolkit ensures that the legacy version of Microsoft Edge remains undisturbed until an organization is fully prepared to migrate. It is important to note that the toolkit does not block users from manually downloading and installing Microsoft Edge Chromium from external media or the internet; it exclusively blocks the automated payload delivered through Windows Update. Key Components
The toolkit is packaged as a self-extracting executable file. Once extracted, it contains two primary components used to configure blocking mechanisms across an environment:
An Executable Script (.CMD): This script automates the creation of a specific registry key on the local machine. It can be integrated into deployment scripts or run manually on individual endpoints.
An Administrative Template (.ADMX and .ADML): These files allow administrators to import the blocking policy directly into Group Policy Objects (GPOs). This provides a centralized method to enforce the block across thousands of active directory domain-joined machines simultaneously. Registry Mechanism
At its core, the toolkit modifies the Windows Registry to signal Windows Update to skip the Edge Chromium payload. The script creates the following registry path and value: Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate Key Value Name: DoNotUpdateToEdgeWithChromium Data Type: REG_DWORD
Setting the value data to 1 activates the block, preventing Windows Update from installing the browser. Changing the value data to 0 (or deleting the key entirely) removes the restriction, allowing the system to receive the update during the next scheduled scan. Deployment Methods
Administrators have two primary paths for deploying the Blocker Toolkit depending on the scale of their infrastructure. Method 1: Using Group Policy (Centralized Management) Extract the toolkit contents to a local directory.
Copy the EdgeUpdate.admx file to the central Group Policy repository (C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions).
Copy the language-specific EdgeUpdate.adml file to the corresponding language folder (e.g., en-US) within the same directory. Open the Group Policy Management Editor.
Navigate to: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Microsoft Edge (Chromium-based) Blockers.
Enable the policy titled Prevent delivery of Microsoft Edge (Chromium-based) via Windows Update.
Method 2: Using the Command-Line Script (Local or Scripted Management)
The included .cmd file utilizes a specific syntax to toggle the block on a machine. The command must be executed from an elevated command prompt using the following syntax: EdgeChromium_Blocker.cmd [
While the Blocker Toolkit offers immediate control, it is fundamentally a temporary transitional tool. Microsoft designed the utility to support organizations during application compatibility testing. Because the legacy version of Edge has reached its end-of-support lifecycle and no longer receives critical security updates, maintaining a permanent block poses long-term security risks. Organizations should use the time bought by the Blocker Toolkit to validate internal web applications and plan a structured migration to a supported enterprise browser. To assist you further with your deployment planning, Learn how to verify the block status using PowerShell.
Review alternative management strategies using Microsoft Intune.
Leave a Reply