Merge pull request #10497 from haywoodsloan/8762-edge-pages

AB#8762 - Create a new TSG page for Microsoft Edge Browser product with multiple articles to be published

Author: haywoodsloan

support/docfx.json

@@ -72,6 +72,7 @@
         "dynamics-365/field-service/**.*": "MSDocsHeader-Dynamics365-Field-Service",
         "dynamics-365/sales/**.*": "MSDocsHeader-Dynamics365Sales",
         "mem/**.*": "MSDocsHeader-Intune",
+        "microsoft-edge/**.*": "MSDocsHeader-MSEdge",
         "power-platform/**.*": "MSDocsHeader-PowerPlatform",
         "power-platform/power-apps/**.*": "MSDocsHeader-MSPowerApps",
         "power-platform/power-automate/**.*": "MSDocsHeader-MSPowerAutomate",
@@ -249,6 +250,7 @@
         "microsoft-identity-manager/*.md": "microsoft-identity-manager",
         "dynamics/gp/*.md": "dynamics-gp",
         "mem/configmgr/**/*.md": "configuration-manager",
+        "microsoft-edge/**.*": "microsoft-edge",
         "system-center/**/*.md": "system-center",
         "windows/win32/**/*.md": "windows-dev-apps",
         "windows-hardware/drivers/**/*.md": "windows-hardware-driver-quality",
@@ -278,6 +280,7 @@
         "windows-365/**/*.md": "Windows 365",
         "mem/intune/**/*.md": "Intune",
         "mem/configmgr/**/*.md": "Configuration Manager",
+        "microsoft-edge/**.*": "Microsoft Edge",
         "system-center/dpm/**/*.md": "Data Protection Manager",
         "system-center/scom/**/*.md": "Operations Manager",
         "system-center/orchestrator/**/*.md": "Orchestrator",
@@ -343,6 +346,10 @@
           "ASP.NET",
           "ASP.NET Core"
         ],
+        "microsoft-edge/**.*": [
+          "Microsoft Edge", 
+          "Microsoft Edge Developer"
+        ],
         "sql/**/*.md": [
           "Troubleshoot",
           "sql"

support/index.yml

@@ -73,6 +73,11 @@ productDirectory:
     summary: Troubleshooting articles for Microsoft Dynamics 365
     url: dynamics-365/index.yml
 
+  - title: Microsoft Edge
+    imageSrc: "media/hub-landing/Edge.jpg"
+    summary: Troubleshooting articles for Microsoft Edge
+    url: microsoft-edge/welcome-edge.yml
+
   - title: Microsoft Entra
     imageSrc: "media/hub-landing/microsoft-entra.svg"
     summary: Troubleshooting articles for Microsoft Entra

support/microsoft-edge/development/media/unexpected-block-warning/report-site-safe-blocked.png

@@ -0,0 +1,79 @@
+---
+title: Troubleshoot Self-Hosted Extension Deployment Group Policy Issues
+description: Learn how to resolve deployment issues for self-hosted extensions in Microsoft Edge when you use Group Policy policies.
+ms.custom: 'sap:Web Platform and Development\Controls and Extensions'
+ms.reviewer: dili, Johnny.Xu, v-shaywood
+ms.date: 01/28/2026
+---
+
+# Failure to deploy self-hosted extension via group policy
+
+## Summary
+
+This article provides guidance to help you troubleshoot when a self-hosted extension fails to deploy through Group Policy. The extension might not appear for the target user even though you configured the policy. This article covers the common causes of this problem, including incorrect Group Policy configuration, missing or incorrect Content-Type headers on the web server, and invalid extension manifest or update manifest XML files. It also provides steps to resolve each cause.
+
+## Symptoms
+
+When you deploy a browser extension to Microsoft Edge by using the Group Policy [ExtensionInstallForcelist](/DeployEdge/microsoft-edge-browser-policies/extensioninstallforcelist) or [ExtensionSettings](/DeployEdge/microsoft-edge-browser-policies/extensionsettings) policy, the deployment fails, and the extension doesn't appear on the `edge://extensions` page for the target users.
+
+However, if you manually drag the same extension package (`.crx` file) onto the `edge://extensions` page by having [Developer mode](/microsoft-edge/extensions/getting-started/extension-sideloading#locally-installing-and-running-an-extension) enabled, the extension installs successfully.
+
+## Cause 1: Incorrect group policy configuration
+
+This problem occurs because the Group Policy **ExtensionInstallForcelist** or **ExtensionSettings** policy is configured incorrectly.
+
+### Solution: Verify and correct the Group Policy configuration
+
+Verify and correct the Group Policy extension configuration by using the following documentation:
+
+- [ExtensionInstallForcelist](/deployedge/microsoft-edge-browser-policies/extensioninstallforcelist)
+- [ExtensionSettings](/deployedge/microsoft-edge-browser-policies/extensionsettings)
+
+## Cause 2: Incorrect Content-Type header for the .crx file
+
+When you host the extension on an internal HTTP or HTTPS server, and the server doesn't return the correct **Content-Type** header for the `.crx` file, the extension deployment fails.
+
+If the `.crx` file isn't served by using the header, `Content-Type: application/x-chrome-extension`, Microsoft Edge and other Chromium-based browsers don't treat the file as an installable extension package if it's downloaded as part of the Group Policy installation flow.
+
+As a result, the policy is processed, but the browser doesn't silently install the extension.
+
+### Solution: Configure the web server to return the correct content type
+
+Configure the web server to return the correct `Content-Type` for `.crx` files. The HTTP response for the extension package must include the following header:
+
+```http
+Content-Type: application/x-chrome-extension
+```
+
+After you configure this header, Microsoft Edge recognizes the `.crx` file as an installable extension when it's downloaded through the policy.
+
+#### Example: Configure MIME mapping on IIS
+
+1. In **IIS Manager**, select the target site that hosts the extension.
+1. Double-click **MIME Types**.
+1. In the **Actions** pane, select **Add…**.
+1. Set **File name extension** to `.crx`.
+1. Set **MIME type** to `application/x-chrome-extension`.
+1. Select **OK**, then recycle the website or application pool, if it's necessary.
+
+## Cause 3: Invalid extension manifest or update manifest XML
+
+The extension metadata in `manifest.json` or in the _update manifest XML_ is invalid, such as in the following examples:
+
+- The `version` field in `manifest.json` uses an invalid format (for example, `1.0-beta` or other non-numeric characters).
+- The _update manifest XML_ that's used for self-hosted updates contains invalid or inconsistent values (for example, mismatched version numbers or malformed XML).
+
+In these cases, manual drag-and-drop installation might succeed in some scenarios. However, policy-based installation or automatic updates might fail.
+
+### Solution: Validate and correct the extension manifests
+
+Validate and correct the extension manifest or update manifest XML by following the Chrome documentation (applies also to Microsoft Edge and other Chromium-based browsers):
+
+- [Manifest - Version](https://developer.chrome.com/docs/extensions/reference/manifest/version)
+- [Self-host for Linux - Update manifest](https://developer.chrome.com/docs/extensions/how-to/distribute/host-on-linux#update_manifest)
+
+## Related content
+
+- [Self-host for Linux - Host](https://developer.chrome.com/docs/extensions/how-to/distribute/host-on-linux#hosting)
+
+[!INCLUDE [Third-party disclaimer](~/includes/third-party-disclaimer.md)]

support/microsoft-edge/development/media/unexpected-block-warning/report-site-safe-warn.png

@@ -0,0 +1,69 @@
+---
+title: Unexpected Block or Warning on Customer Website in Microsoft Edge
+description: Troubleshoot unexpected Microsoft Defender SmartScreen blocks or warnings on websites and learn how to report false positives.
+ms.custom: 'sap:Web Platform and Development\Connectivity and Navigation: TCP, HTTP, TLS, DNS, Proxies, Downloads'
+ms.reviewer: dili, Johnny.Xu, v-shaywood
+ms.date: 01/28/2026
+---
+
+# Unexpected SmartScreen block or warning on website
+
+When you visit a website in Microsoft Edge, [Microsoft Defender SmartScreen](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen) might block the site or display a warning if it determines that the site is potentially unsafe. This article discusses the criteria that SmartScreen uses to determine whether a site is potentially unsafe, and how to resolve the issue if a site is incorrectly marked as unsafe.
+
+## Symptoms
+
+When you visit a website, Microsoft Edge displays a warning page that indicates that the site is reported as unsafe.
+
+:::image type="content" source="./media/unexpected-block-warning/site-blocked.png" alt-text="View of the SmartScreen block page.":::
+
+## Cause
+
+Microsoft Defender SmartScreen determines whether a site is potentially unsafe based on several factors, as listed in the following table.
+
+| Dimension            | Description                                                                       |
+| -------------------- | --------------------------------------------------------------------------------- |
+| **URL Reputation**   | Newly registered domains, malicious history, hosting provider, and traffic volume |
+| **Page Content**     | Presence of deceptive forms, malicious scripts, or phishing pages                 |
+| **File Behavior**    | Whether sensitive files are downloaded and their signature status                 |
+| **TLS Security**     | Certificate validity and protocol version                                         |
+| **User Feedback**    | Number of reports and trust level                                                 |
+| **Dynamic Behavior** | JavaScript activity, redirects, and obfuscation                                   |
+
+If a site fails these dimension checks, SmartScreen reports the site as unsafe.
+
+## Solution
+
+If you believe the warning or block was incorrectly shown for a safe site, you can report it to Microsoft using the following steps.
+
+### If you're the website owner
+
+1. Select **Report that this site doesn't contain (malware/phishing) threats** under the **More information** header on the block page.
+
+   :::image type="content" source="./media/unexpected-block-warning/report-site-safe-blocked.png" alt-text="A SmartScreen block page that has the link to 'Report that this site doesn't contain malware threats' highlighted.":::
+
+1. Wait for a confirmation email message from the SmartScreen Reputation Group.
+
+1. If the issue is urgent, or you need a response after the Reputation Group's investigation, reply to the message from the Reputation Group to present your concerns.
+
+### If you're not the website owner
+
+1. Reach out to the website owner, and recommend that they report the issue by using the steps in [If you're the website owner](#if-youre-the-website-owner).
+
+1. Both the site owner and you can report the issue by using the [WDSI file submission portal](https://www.microsoft.com/en-us/wdsi/filesubmission). For more detailed information about submitting files for analysis, see [Submit files for analysis](/unified-secops/submission-guide).
+
+### Prevent your site from being blocked
+
+To reduce the likelihood of SmartScreen blocking your site:
+
+1. Enable _HTTPS_, and use a valid certificate.
+1. Block iframe from loading unknown third-party content.
+1. Use _Content Security Policy (CSP)_ and other secure response headers.
+1. Regularly scan for WebShells, trojans, and suspicious uploaded files.
+1. Maintain _domain reputation_ and avoid frequent changes to hosting or DNS.
+
+## Related content
+
+- [Microsoft Defender for Endpoint demonstrations](/defender-endpoint/defender-endpoint-demonstrations)
+- [Microsoft Defender SmartScreen Frequently Asked Questions](https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx)
+- [Microsoft Edge support for Microsoft Defender SmartScreen](/deployedge/microsoft-edge-security-smartscreen)
+- [SmartScreen URL reputation demonstration](/defender-endpoint/defender-endpoint-demonstration-smartscreen-url-reputation)

support/microsoft-edge/development/media/unexpected-block-warning/site-blocked.png

@@ -0,0 +1,39 @@
+---
+title: Learn About Group Policy Limits for InPrivate Extensions
+description: Works around an issue in which Group Policy doesn't allow enabling extensions for InPrivate browsing in Microsoft Edge.
+ms.custom: 'sap:Manageability and Deployment\Group Policy: ADM template and MDM'
+ms.reviewer: dili, Johnny.Xu, v-shaywood
+ms.date: 01/28/2026
+---
+
+# Can't enable extensions for InPrivate browsing by using Group Policy
+
+## Summary
+
+After you deploy an extension through [Group Policy](/windows-server/identity/ad-ds/manage/group-policy/group-policy-overview), you notice that there is no policy option to enable the extension for [InPrivate browsing](/legal/microsoft-edge/privacy#inprivate-browsing). This article explains why that policy option is missing, and how to manually enable the extension for InPrivate browsing.
+
+## Symptoms
+
+You experience the following issue
+1. By using Group Policy, you successfully deploy an extension to your clients.
+1. You want to enable the extension for InPrivate browsing by using a policy. However, no policy option for this configuration is available.
+
+## Cause
+
+By design, you can't enable extensions for InPrivate browsing through Group Policy. This restriction is intentional to protect user privacy during InPrivate browsing sessions.
+
+## Workaround
+
+To manually enable extensions for InPrivate browsing, follow these steps:
+
+1. Open Microsoft Edge, and go to `edge://extensions`.
+1. Find the extension that you want to enable for InPrivate browsing.
+1. Select **Details** for the corresponding extension.
+1. Select the **Allow in InPrivate** checkbox.
+
+   :::image type="content" source="./media/enable-extension-inprivate-policy/allow-inprivate.png" alt-text="The Allow in InPrivate option in Edge extension details.":::
+
+## Related content
+
+- [Configure extension management settings](/deployedge/microsoft-edge-browser-policies/extensionsettings)
+- [Microsoft Edge - Policies](/deployedge/microsoft-edge-policies#extensionsettings)