How to Disable Internet Explorer 11 using Group Policy

In this post, I will show you how to disable Internet Explorer 11 using Group Policy. By using disable Internet Explorer 11 as a standalone browser policy setting, we will disable IE11 on computers.

Microsoft recently made a big announcement about Internet Explorer. Today, we are at the next stage of that journey: we are announcing that the future of Internet Explorer on Windows 10 is in Microsoft Edge.

With Microsoft Edge capable of assuming this responsibility and more, the Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022, for certain versions of Windows 10.

Microsoft Edge has Internet Explorer mode built in, so you can access those legacy Internet Explorer-based websites and applications straight from Microsoft Edge.

So now that Internet Explorer 11 is going out of support on June 15, 2022 you can look to disable Internet Explorer 11 on computers. You won’t be getting any updates for Internet Explorer once it goes out of Support.

While on the other hand, Microsoft Edge is an excellent browser and gets frequent updates. With SCCM, you can deploy Microsoft Edge and the Edge Updates.

Now the good thing is Microsoft Edge has IE built-in mode. If you have apps and website that rely on Internet Explorer, this is the good time to start using the IE mode and test the apps for compatibility with Edge.

Prerequisites to Disable IE11

The following Windows updates and Microsoft Edge software are required

• Windows updates
  • Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2: KB4598291 or later
  • Windows 10 version 1909, Windows Server version 1909: KB4598298 or later
  • Windows 10 version 1809, Windows Server version 1809, and Windows Server 2019: KB4598296 or later
  • Windows 10, version 1607, Windows Server 2016: KB4601318 or later
  • Windows 10 initial version (July 2015): KB4601331 or later
  • Windows 8.1: KB4601384 or later
  • Windows Server 2012: KB4601348 or later
• Microsoft Edge Stable Channel

How to Disable Internet Explorer 11 using Group Policy

To disable Internet Explorer 11 using group policy, follow these steps:

• Launch the Group Policy Management console. Right-click the domain and select Create a GPO in this domain and link it here.
• Go to Computer Configuration/Administrative Templates/Windows Components/Internet Explorer.
• Double-click Disable Internet Explorer 11 as a standalone browser.
• Select  Enabled. Under Options, select Always.
• Click OK to save the group policy.

If you need some explanation with screenshots, here it is. In the Group Policy Management console, expand domains. Right-click the domain and click Create a GPO in this domain, and link it here.

If you don’t want to apply the policy on domain level, you can apply the GPO to a test Organizational Unit first.

Enter the name of the policy as Disable Internet Explorer 11 and click OK.

Go to Computer Configuration/Administrative Templates/Windows Components/Internet Explorer. Look for setting Disable Internet Explorer 11 as a standalone browser. This policy lets you restrict launching of Internet Explorer 11 as a standalone browser. By default, this setting is in Not configured state.

Right click Disable Internet Explorer 11 as a standalone browser and click Edit. To enable this policy, click Enabled.

When you enable this setting, following changes are also applied.

• Prevents Internet Explorer 11 from launching as a standalone browser.
• Restricts Internet Explorer’s usage to Microsoft Edge’s native ‘Internet Explorer mode’.
• Redirects all attempts at launching Internet Explorer 11 to Microsoft Edge Stable Channel browser.
• Overrides any other policies that redirect to Internet Explorer 11.

Under Notify that Internet Explorer 11 browser is disabled, you see few options.

• Never – Select this if you don’t want to notify users that IE11 is disabled.
• Always – Choose this option if you want to notify users every time they’re redirected from IE11.
• Once per user – If you want to notify users only the first time they are redirected.

For now, I am going to select Always. Click Apply and OK.

On the client computers you can launch the command prompt as administrator and run the gpupdate /force once. The computer automatically checks with a domain controller and applies the settings defined in the GPO.

Now try launching the Internet Explorer and you get the following message. This action is restricted. For more information, please contact your system administrator.

I hope the steps covered in this post help you to disable Internet Explorer 11. If you have any questions, feel free to add them in the comments section below.