Problem
Edge updates download in the background, but they do not apply until the browser restarts. Users who rarely close the browser can stay on older versions for weeks, so security patches stay pending.
In Microsoft Defender for Endpoint vulnerability reporting, this showed up as repeated findings for outdated browser versions.
So I moved to a policy that enforces predictable restart behavior and keeps browser patching moving.
Constraints
- Windows 11
- Intune
- Microsoft Edge (Chromium)
Same principle applies if you’re managing Chrome or other browsers - they all have similar update/restart policies you can push through Intune.
Decision
Configure Edge policies through Intune that:
- Force pending updates to apply
- Notify users 30 minutes before restart
- Give users a 1-hour window to save their work and restart on their terms
Users see a popup when an update is ready. They can restart immediately or wait up to an hour. After that, Edge restarts automatically.
Implementation
1. Create a Settings Catalog Profile
- Go to Intune admin center → Devices → Configuration → Create → New policy
- Select Windows 10 and later as platform
- Select Settings catalog as profile type
- Name it something clear like “Edge - Auto Update and Restart”
2. Add the Edge Update Settings
Click Add settings and search for “Microsoft Edge”. Add these settings:
Relaunch Notification Period
- Path: Microsoft Edge → Relaunch Notification Period
- Setting:
RelaunchNotificationPeriod - Value:
1800000(30 minutes in milliseconds)
This controls how long the notification shows before Edge restarts.
Relaunch Window
- Path: Microsoft Edge
- Setting:
RelaunchWindow - Value: Configure start and end time for the relaunch window
This gives users a predictable window when restarts can happen.
Force Browser Restart After Update
- Path: Microsoft Edge
- Setting:
RelaunchNotification - Value:
Required
This ensures users can’t ignore the update forever.
3. Alternative: Use Administrative Templates
If you prefer ADMX-based policies, you’ll need to import the Edge ADMX templates first. See Upload Custom ADMX Templates to Intune for how to do that.
Once imported:
- Go to Devices → Configuration → Create → New policy
- Select Windows 10 and later → Templates → Imported Administrative templates (Preview)
- Select your Edge template and navigate to Update
- Configure these policies:
| Policy | Value |
|---|---|
| Notify a user that a browser restart is recommended or required | Enabled - Required |
| Set the time period for update notifications | 1800000 |
| Set the time period before required update | 3600000 |
4. Assign the Profile
- Click Assignments
- Add your device or user groups
- Review and create
Outcome
When an update is pending:
- A notification appears in Edge: “An update is available. Restart within 30 minutes.”
- Users can click Restart now to apply immediately
- If they wait, Edge restarts automatically after the timer expires
- Work in progress gets session restore - tabs reopen after restart
The notification isn’t aggressive. It’s a small banner that reminds users without interrupting their work.
Trade-offs
Users (or you during testing) can check applied policies:
- Open Edge
- Go to
edge://policy/ - Look for
RelaunchNotificationandRelaunchNotificationPeriod
If the policies show up here, they’re active.
Trade-offs
- Milliseconds, not seconds - The time values are in milliseconds. 1800000 = 30 minutes. Don’t accidentally set 1800 (1.8 seconds).
- User complaints - Some users will push back on forced restarts. The 1-hour window helps. Explain it’s for security.
- Session restore - Edge should restore tabs after restart, but remind users to save work in web apps that don’t auto-save.