Microsoft releases Chromium-based Edge browser

On 15 January 2020, Microsoft made the Chromium-based Edge browser generally available for Windows and macOS. The release introduces built-in support for modern web standards, group policy controls aligned with Chrome management, and an Internet Explorer mode for legacy sites, requiring enterprise packaging, testing, and conditional access checks before rollout. This release represents a fundamental shift in Microsoft's browser strategy, abandoning the EdgeHTML rendering engine in favor of the open-source Chromium platform.

Technical Architecture and Platform Changes

The new Edge browser is built on the Chromium open-source project, the same foundation used by Google Chrome, Brave, Opera, and other modern browsers. This architectural change provides compatibility with web standards and extensions developed for the Chrome ecosystem while allowing Microsoft to add enterprise-focused features and integration with Windows security services.

The rendering engine change from EdgeHTML to Blink means that web developers can expect consistent behavior between Chrome and Edge, reducing cross-browser testing requirements for most web applications. However, you should validate internal applications that may have relied on EdgeHTML-specific behaviors or quirks.

Edge includes a multi-process architecture that isolates browser components and web content for security and stability. Each tab runs in a separate process, limiting the impact of crashes and providing security boundaries between sites. The browser supports hardware acceleration for improved performance on graphics-intensive web content.

Microsoft has integrated the browser with Windows Hello for passwordless authentication, Windows Defender SmartScreen for malicious site detection, and Azure Active Directory for enterprise identity management. These integrations provide security benefits not available in standalone Chrome deployments.

Enterprise Deployment and Management

Enterprise administrators can deploy Edge using MSI packages for Windows or PKG packages for macOS, with support for silent installation and configuration management. Microsoft provides administrative template (ADMX) files for Windows Group Policy and configuration profiles for macOS management through Jamf or other MDM solutions.

Policy controls cover browser behavior, security settings, extension management, privacy controls, and synchronization options. Organizations can configure mandatory policies that users cannot override and recommended policies that serve as defaults while allowing user modification. The policy framework aligns with Chrome's management model, enabling administrators familiar with Chrome Enterprise policies to transfer their knowledge.

Update management options include automatic updates from Microsoft servers, update deferrals for enterprise testing, and control over update channels (Stable, Beta, Dev, Canary). Organizations requiring strict change control can configure update policies to align with their patch management cycles.

For organizations migrating from legacy Edge or Internet Explorer, Microsoft provides Enterprise Site Lists that configure which sites should render in IE Mode, which should use Edge, and which should open in external applications. This enables gradual migration of legacy applications without forcing users to maintain multiple browsers.

Internet Explorer Mode for Legacy Applications

The integrated Internet Explorer mode allows Edge to render legacy websites and applications using the Internet Explorer 11 engine without launching a separate browser window. This feature addresses the significant installed base of enterprise applications built for Internet Explorer that cannot be immediately modernized.

IE Mode sites are configured through an Enterprise Site List XML file that administrators maintain and deploy through Group Policy or configuration management. The site list specifies which URLs should render in IE Mode, including support for different document modes (IE11, IE10, IE9, IE8, IE7, IE5) based on application requirements.

Transitions between Edge and IE Mode can occur smoothly as users navigate between modern and legacy sites. If you are affected, map their legacy application portfolio to determine which sites require IE Mode and configure appropriate entries in the site list.

Microsoft has committed to supporting IE Mode in Edge through at least 2029, providing organizations with a runway to modernize legacy applications. However, you should develop migration plans for applications still requiring IE Mode, as maintaining dual rendering capabilities adds complexity and potential security considerations.

Extension Governance and Security

Edge supports extensions from both the Microsoft Edge Add-ons store and the Chrome Web Store, significantly expanding the available extension ecosystem. This expanded compatibility creates extension supply chain risk that organizations must manage through governance policies.

Administrators can configure extension allow lists (specifying exactly which extensions are permitted), block lists (preventing specific problematic extensions), and force-install lists (automatically deploying required extensions). Extension policies should balance user productivity needs against security risk from untrusted code execution.

Extension permissions should be reviewed before approval, as extensions can request access to browsing data, form inputs, downloads, and other sensitive information. If you are affected, establish processes for evaluating extension security, monitoring for changes in extension permissions, and responding to reports of malicious extensions.

Consider implementing a tiered approval process where low-risk productivity extensions receive simplified approval while extensions requesting sensitive permissions undergo security review. Document approved extensions and periodically review the extension inventory to remove unused or deprecated extensions.

Identity and Data Protection Controls

Edge integrates with Azure Active Directory for enterprise identity management, enabling single sign-on to web applications and enforcement of conditional access policies. Organizations can require device compliance, multi-factor authentication, or specific network locations before allowing access to sensitive applications through the browser.

Browser synchronization can sync favorites, passwords, history, and settings across devices signed into the same Microsoft account. For enterprise environments, administrators should evaluate whether synchronization is appropriate for their security requirements and configure policies as needed. Sensitive environments may require disabling synchronization or limiting it to specific data types.

Profile separation enables users to maintain personal and work browser profiles with separate data, extensions, and signed-in accounts. This separation helps prevent data leakage between personal and corporate contexts while allowing users to access both environments from the same browser installation.

InPrivate browsing and tracking prevention controls provide user privacy options that organizations may want to configure to align with corporate privacy policies and regulatory requirements. The tracking prevention feature can be set to Basic, Balanced, or Strict levels depending on organizational preferences.

Deployment Planning and Migration Strategy

Validate installation channels (MSI or offline packages) and configure mandatory and recommended policies including extension allow/deny lists, password manager settings, Safe Browsing/SmartScreen options, and privacy controls. Test policy configurations in non-production environments before enterprise deployment.

Map legacy line-of-business sites to the integrated Internet Explorer mode and ensure the site list XML is version-controlled to prevent unintended rendering changes. Establish processes for updating the site list as applications are modernized or new legacy applications are identified.

Apply conditional access and sync restrictions for Azure AD accounts, verify cloud data residency requirements, and disable uncontrolled profile synchronization on shared devices. Coordinate browser deployment with identity and access management teams to ensure appropriate controls are configured.

Audit existing Chrome-based extensions for code-signing provenance, permissions requested, and update cadence before approving organization-wide deployment. Develop extension governance processes that balance security requirements with user productivity needs.

More on this topic

Further reading from our research library.

Developer · Credibility 91/100 · December 3, 2025

GitHub Copilot Enterprise Features and Organizational Deployment

GitHub Copilot Enterprise delivered significant capability expansions in late 2025 including codebase-aware suggestions, pull request assistance, and organizational knowledge integration. Enterprise adoption requires…

Developer · Credibility 73/100 · January 28, 2020

Adobe issues Magento 2.3.4 security updates (APSB20-02)

Running a Magento store? Drop what you are doing and patch. Adobe just released 2.3.4 with fixes for critical RCE bugs in email templates and page builder that Magecart crews will love. This is not theoretical—e-commerce…

Developer · Credibility 86/100 · January 1, 2020

Python 2.7 End of Life

Python 2 is officially dead. As of January 1, 2020, Python 2.7 gets no more security patches—period. If you have still got Python 2 code in production, you are now running unsupported software with known vulnerabilities…

Developer · Credibility 73/100 · February 4, 2020

Chrome 80 enforces SameSite-by-default cookie handling

Chrome 80 just changed how cookies work, and it might break your apps. Cookies without explicit SameSite attributes now default to Lax, which blocks cross-site requests. If you rely on cross-site authentication, embedded…

Developer · Credibility 91/100 · February 13, 2020

Developer — PostgreSQL

PostgreSQL released security updates for versions 12.2, 11.7, and older branches in February 2020. CVE-2020-1720 and bug fixes. If you are running PostgreSQL, update to stay supported.

Continue in the Developer pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Secure Software Supply Chain Tooling Guide

  Engineer developer platforms that deliver verifiable provenance, SBOM distribution, vendor assurance, and runtime integrity aligned with SLSA v1.0, NIST SP 800-204D, and CISA SBOM…

• AI-Assisted Development Governance Guide

  Govern GitHub Copilot, Azure AI, and internal generative assistants with controls aligned to NIST AI RMF 1.0, EU AI Act enforcement timelines, OMB M-24-10, and enterprise privacy…

• Developer Enablement & Platform Operations Guide

  Plan AI-assisted development, secure SDLC controls, and runtime upgrades using our research on GitHub Copilot, GitHub Advanced Security, and major language lifecycles.

Coverage intelligence

Published

January 15, 2020

Coverage pillar

Developer

Source credibility

90/100 — high confidence

Topics

Microsoft Edge · Chromium · Group Policy · IE Mode · Browser Security · Enterprise deployment

Sources cited

3 sources (blogs.windows.com, microsoft.com, docs.microsoft.com)

Reading time

6 min

Source material

1. Introducing the new Microsoft Edge and Bing — Microsoft
2. Microsoft Edge enterprise landing page — Microsoft
3. Microsoft Edge documentation — Microsoft