Microsoft Edge: Enterprise WebView2 runtime downgrade via Downgrade Version policy

🚨 The Signal: A new policy allows temporary rollback of WebView2 runtime versions for specific applications. This provides a controlled mitigation for app regressions while maintaining security updates, enhancing enterprise manageability.

The Impact

Organizations using WebView2 applications on managed Windows devices are affected, gaining a controlled method to mitigate application regressions with minimal security risk.

• Security Teams: Reduced risk of application-induced update delays for WebView2.
• Admins: New policy for targeted WebView2 version management.
• Application Owners: Improved stability for WebView2-dependent applications.
• Managed Windows Devices: Enhanced application compatibility and stability.

The Action

1. Review msedgewebview2.admx for the new 'Downgrade Version' policy.
2. Identify critical WebView2-based applications that may benefit from this policy.
3. Develop a policy deployment plan for targeted WebView2 runtime downgrades.
4. Implement Group Policy or MDM to configure the 'Downgrade Version' policy for specific applications.
5. Monitor application stability and WebView2 versioning post-implementation.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps · Essential Eight: Patch Applications, Application Control · ISM: ISM-0304, ISM-0843, ISM-1490, ISM-1544, ISM-1582, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1690, ISM-1691, ISM-1692, ISM-1693, ISM-1698, ISM-1699, ISM-1700, ISM-1704, ISM-1807, ISM-1808, ISM-1870, ISM-1871, ISM-1876, ISM-1901, ISM-1905