Whitelisting Domains on Microsoft Edge Using Windows GPO

This setup allows you to avoid SmartScreen warnings on Microsoft Edge during simulated phishing campaigns. It uses Group Policy Objects in Active Directory.

Prerequisites

• Active Directory Domain Services (AD DS) running
• Domain Admin credentials
• Microsoft Edge installed (preinstalled on Windows 10/11)
• Access to Group Policy Management Console (gpmc.msc)
• Cyber Guru domains

The full list of landing page domains is available on the platform in the section:
"HELP > Support - Knowledge > Click here to download whitelisting additional informations"

About Edge ADMX Templates

ℹ️ Note: On Windows Server 2022, the Edge templates (msedge.admx) are already present in C:\Windows\PolicyDefinitions\. If you are using earlier versions of Windows Server or Windows, download the templates from https://www.microsoft.com/en-us/edge/business/download

Quick check: Open C:\Windows\PolicyDefinitions\ and look for the msedge.admx file. If it exists, you can go straight to Step 2.

Step 1: Check Edge ADMX Template

1. Open File Explorer and go to:

   C:\Windows\PolicyDefinitions\
   

2. Look for the msedge.admx file

If the file EXISTS:

• Go to Step 2

If the file does NOT exist:

• Download from https://www.microsoft.com/en-us/edge/business/download
• Extract the package

• Copy msedge.admx and msedge.adml to the appropriate folders:

  msedge.admx → C:\Windows\PolicyDefinitions\
  msedge.adml → C:\Windows\PolicyDefinitions\en-US\ (or it-IT\)
  

Step 2: Create and Link the GPO

1. Open Group Policy Management Console (gpmc.msc)
2. Navigate to the target OU (Organizational Unit)
3. Right-click on the OU → Create a GPO in this domain, and Link it here
4. Enter the name: Cyber Guru SmartScreen Whitelist - Edge
5. Click OK

Step 3: Configure SmartScreen Allowlist in GPO

1. From the GPMC console, right-click on the GPO → Edit

2. Go to:

   Computer Configuration → Policies → Administrative Templates
   → Microsoft Edge → SmartScreen settings
   

3. Find and open: "Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings"

4. Select Enabled

5. Click the Show button under "Value"

6. In the "Show Contents" window, enter the domains one per line:

   [DOMAIN-1]
   [DOMAIN-2]
   [DOMAIN-3]
   ...
   [DOMAIN-N]
   

7. Click OK when done

8. Click OK to save the policy

Step 4: Check on Endpoint

1. On a Windows client with Edge installed, force a policy update:

   gpupdate /force
   

2. Open Microsoft Edge and go to:

   edge://policy
   

3. Look for SmartScreenAllowListDomains - it should show the configured domains
4. Check that SmartScreen warnings do not appear when accessing whitelisted domains

⚠️ Warning: Do not globally disable SmartScreen on Edge. The whitelist policy lets you manage exceptions while keeping protection active for other sites.

Troubleshooting

The policy does not appear in edge://policy:

• Check that msedge.admx is in PolicyDefinitions
• Run gpupdate /force again
• Restart Edge

SmartScreen warnings still appear:

• Check that the domain is correct (case does not matter)
• Wait for policy propagation in AD (up to 30 minutes)
• Test with an InPrivate window to rule out cache

Note: Microsoft Defender for Endpoint (MDE)

⚠️ Warning: If your organization uses Microsoft Defender for Endpoint (MDE), the SmartScreenAllowListDomains policy set via GPO is ignored. In this case, whitelisting must be configured through the Microsoft 365 Defender portal