February 14, 2023 is in its own way a historic date, after the end of support on June 15, 2022, Microsoft has officially disabled Internet Explorer in Windows and it is no longer possible to open it as a stand-alone program, in its place will in fact start Microsoft Edge.

I say historic because IE has accompanied us, for better or worse, for almost three decades and even with all its problems, it cannot be denied that it was the one that brought everyone to the web, the first step into the digital age that opened a world to us through its iconic blue “e”.
Historic even more for all of us working from behind the scenes: how many smile-wiping security problems and how many hours (days?) lost making our websites compatible with this monster of nonconformity to W3C did we go through?
Yet, albeit with great disappointment, Internet Explorer is still a necessity if we need access to particular devices that make use of ActiveX, NVR still on the market for example (sigh), specially developed intranet applications, or even some services from public authority (double sigh).

For all these cases we have to use Microsoft’s IE mode, this in fact allows us to use the Internet Explorer engine within the Edge browser.
So let’s see how to do it and of course how to do it through GPO!

IE mode site list

The easiest way to manage IE mode configuration is to create an actual list, in XML format, that will contain the rendering specifications for each legacy site.

To avoid making it by hand Microsoft made available a program called Enterprise Mode Site List Manager that in a very intuitive way allows us to manage sites and their compatibility level from IE5 onward. IE mode Enterprise Mode Site List Manager

In most cases setting the appropriate Compact Mode will be enough, in special cases however we might have a modern site, then opening on Edge, which links legacy pages.

In this case the most common problem could be related to authentication, by default in fact Edge and IE do not share session cookies, so if we authenticate in Edge we will not have access to legacy pages and vice versa!
To work around this we will have to manually edit the XML file by enabling shared-cookies as follows 

1
2

<shared-cookie domain="sitomolesto.contoso.com" name="nome_del_cookie_condiviso" path="" source-engine="Both">
</shared-cookie>
where domain and name are mandatory (actually it seems to work even with name="" as a wildcard but the official doc says you need an exact match), while path is optional.

The complete file will then look like this: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

<site-list version="2">
  <created-by>
    <tool>EMIESiteListManager</tool>
    <version>12.0.0.0</version>
    <date-created>05/10/2023 13:14:37</date-created>
  </created-by>
  <site url="sitodimiocugino.it">
    <compat-mode>IE11</compat-mode>
    <open-in>IE11</open-in>
  </site>
  <site url="internal.contoso.com">
    <compat-mode>IE5</compat-mode>
    <open-in>IE11</open-in>
  </site>
  <shared-cookie domain="sitomolesto.contoso.com" name="nome_del_cookie_condiviso" path="" source-engine="Both">
  </shared-cookie>
</site-list>

Handling IE mode via Group Policy

After creating the XML file, all we need to do is tell the clients where to find it. To do this we have 2 different possibilities:

  1. User Configuration/Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Use the Enterprise Mode IE website list
  2. User Configuration/Computer Configuration > Administrative Templates > Microsoft Edge > Configure the Enterprise Mode Site List

Setting only one of the two is sufficient but be aware that the second one overrides the first, so we could for example use 1 as global and 2 with specific targets such as tests or specific users/groups.
In any case at least one of the two must be enabled and the location of the XML file entered via:

  • HTTPS URL -> https://internal.contoso.com/iesites.xml
  • SHARED FILE -> \\myserver\shared_folder\iesites.xml
  • LOCAL FILE -> file:///c:/Users/<user>/Documents/iesites.xml

Finally, check that IE mode is enabled on User Configuration/Computer Configuration > Administrative Templates > Microsoft Edge > Configure Internet Explorer integration

Various tricks and troubleshooting

✅ IE mode works even if IE is disabled via Computer Configuration/Administrative Templates/Windows Components/Internet Explorer > Disable Internet Explorer 11 as a standalone browser

✅ Internet Explorer must still be enabled as a Windows feature; to check this, launch in PowerShell 

1

Get-WindowsOptionalFeature -online -FeatureName Internet-Explorer-Optional-amd64
and if it was not enabled 
1

dism /online /Enable-Feature /FeatureName:Internet-Explorer-Optional-amd64

✅ To easy check the settings on Edge or force reload of the site list we can enter edge://compat/iediagnostic directly into the browser address bar.

✅ If we don’t know which compat-mode to use we can access the old Internet Explorer DevTools via Run (Win + R) and enter %systemroot%\system32\f1212IEChooser.exe, choose an Edge TAB already open in IE mode and have fun with different emulations.

Conclusion

Although we had hoped to be rid of Internet Explorer and had the eulogy ready at the end we have to perform yet another miracle and resurrect it…
At least as we have seen we can handle it fairly easily and centrally manage whether and when to enable it.
On that note, let us know what use cases you still find out there, I’m sure some unexpected sites pop up :)