Block Microsoft from running experiments in the Microsoft Edge browser

oldschool

Level 81
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,012
by Martin Brinkmann on January 01, 2020
Browsers like Firefox, Chrome or Microsoft Edge come with built-in functionality to run experiments. Browser makers like Mozilla or Google may enable or disable features or changes in select browsers; this is often used to A-B test features or get early feedback on new implementations.
While most users may not even notice that experiments are running in their browsers, it happened in the past that experiments caused issues. The latest case was revealed in November when administrators from around the world reported that a Chrome experiment would crash browsers in organizations worldwide.
Negative side-effects of experiments are a problem for home users and business users alike, and it is often desirable to disable or block experiments from being downloaded and run.
Microsoft distinguishes between controlled feature rollouts and experiments in the company's new Chromium-based Microsoft Edge web browser. Both are made available to part of the user base when they start to roll out but similarities end here.
Microsoft notes:
Microsoft Edge builds have features and functionality that are still in development or are experimental. Experiments are like CFR, but the size of the user group is much smaller for testing the new concept. These features are hidden by default until the feature's rolled out or the experiment's finished. Experiment flags are used to enable and disable these features.
System administrators may use the "Control communication with the Experimentation and Configuration Service" on pro and Enterprise editions of Windows 7, 8.1 or 10 to prevent experiments in the browser.

Here is what is needed for that:
  1. Get the latest Microsoft Edge policy file from the Microsoft Edge Insider website. It is likely that the policies will become available natively eventually when Edge is released and integrated in Windows.
  2. Extract the file (first a cab, then a zip).
  3. Open Windows > Admx.
  4. Copy the two .admx template files to C:\Windows\PolicyDefinitions\.
  5. Open the language folder that matches the system language and copy the .adml files to the corresponding language folder of C:\Windows\PolicyDefinitions\
  6. Open Start, type gpedit.msc and hit the Enter-key to open the Group Policy Editor. Consult this Docs page on the Microsoft website for additional scenarios, e.g. when domain controllers are used.
  7. Open Computer Configuration > Administrative Templates > Microsoft Edge.
  8. Open the policy "Control communication with the Experimentation and Configuration Service" policy.
  9. Set the policy to Enabled.
  10. Set it to either "Retrieve configurations only" or "Disable communication with the Experimentation and Configuration Service". Retrieve will download configuration payloads only, disable won't download or enable them.
The behavior of not configuring the policy differs depending on whether it is a managed or unmanaged device. Managed devices will download the configuration only while unmanaged devices will retrieve configurations and experiments. (via Tero Alhonen)



 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Looks like a load of work that one Windows update or upgrade might mess with after all that effort. Many don't have Group Policy either. Anyone intending to carry this out? I already have telemetry active for my Insider Build, so I don't really think it's worth the effort. But it seems worth a look from privacy and hardware utilization standpoints otherwise.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top