Oct 20 2020 02:40 PM - edited Oct 20 2020 02:44 PM
So whenever I enable this policy
This option in Edge which is related to secure DNS lookups, becomes unavailable and disabled
I see no relation between the 2 options.
in Edge policy I only have this
which should only apply to this
and not other settings. so In my perspective this is a bug/unwanted behavior.
I'll report it using feedback button on Edge too.
Edge Dev 87-88
Windows 10 20H2
if for any reason this is actually an expected behavior, please let me know with some explanation, thank you.
Oct 20 2020 03:48 PM
@HotCakeX Hi! I'm checking with our team about what you've noticed when DefaultGeolocationSetting is enabled. I'll follow up once I can gather some information. Thanks!
-Kelly
Oct 20 2020 05:19 PM
@HotCakeX - If the browser detects that the user is in a “managed” environment, then DoH can be configured only by policy, not the end-user. That’s because Enterprise environments often have specific requirements for network configuration that are more likely to be broken by Secure DNS.
On Windows, that detection shouldn't be tied to whether you've set a policy-- it should instead be tied to whether the machine is domain joined. On Mac, it looks like it may be tied to whether any policy is set.
https://blog.chromium.org/2020/05/a-safer-and-more-private-browsing-DoH.html
If you are an IT administrator, Chrome will disable Secure DNS if it detects a managed environment via the presence of one or more enterprise policies. We’ve also added new DNS-over-HTTPS enterprise policies to allow for a managed configuration of Secure DNS and encourage IT administrators to look into deploying DNS-over-HTTPS for their users.
Oct 21 2020 02:48 AM
@Eric_Lawrence
Thank you, that makes sense in enterprise environment,
but I only downloaded the latest policy files and installed them on my personal non-managed Windows 10 20H2
Oct 21 2020 09:13 AM - edited Oct 21 2020 01:40 PM
@HotCakeX The "Your browser is managed by your organization" banner in your Settings screenshot indicates that your system is "Managed".
I misread the Chromium code-- the check falls through, so if your machine has any policies set (see about:policy), it's deemed "Managed":
Oct 21 2020 09:25 AM
Hi,
okay so I just tried this, instead of using computer configuration, i used user configuration group policies,
but I'm still getting the managed device banner and basically the same result
Oct 21 2020 09:29 AM
Oct 21 2020 01:42 PM
SolutionOct 21 2020 02:03 PM
Oct 21 2020 01:42 PM
Solution