Information
This policy setting allows users to utilize the DirectInvoke protocol for opening files via applications inside of Microsoft Edge instead of downloading them to their device.
The recommended state for this setting is: Disabled
Allowing users to configure DirectInvoke could potentially allow malicious files to be automatically opened within Microsoft Edge. By not allowing this the end-user will need to download files allowing for the file to be scanned before opening.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled :
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Allow users to open files using the DirectInvoke protocol
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from:
Download Microsoft Edge for Business - Microsoft
.
Impact:
Users will have to download files to their device and will be unable to open them directly in Microsoft Edge. Disabling DirectInvoke could also prevent some SharePoint functions from working properly.