This Intune Configuration Policy completely disables Internet Explorer 11 on Windows 10/11 devices using a CSP-backed setting. The setting also controls the notification behaviour when IE is disabled.

It is assigned to all devices, ensuring global enforcement across the tenant.

This directly supports Essential Eight: User Application Hardening, which requires blocking legacy and insecure browser components.

The policy sets:

Setting:
​user_vendor_msft_policy_config_internetexplorer_disableinternetexplorerapp_v2
​Value:
​_1 (Disable Internet Explorer)

➡ This ensures the IE11 executable cannot be launched, even indirectly.
➡ Any calls to iexplore.exe are redirected or blocked.

This is the exact CSP Microsoft recommends for disabling IE at the OS level (post-deprecation).

Child setting configured:

Setting:
​user_vendor_msft_policy_config_internetexplorer_disableinternetexplorerapp_v2_notifydisableieoptions
​Value:
​_0 (Do not show IE disable notification options)

➡ Users do not get prompts or options to re-enable or modify IE behaviour.
➡ Smoothens the experience, avoiding confusion for non‑technical staff.

The configuration is targeted to:

This makes the setting universal across your Windows fleet—ideal for Essential Eight controls.

This policy is an Intune Configuration Profile using the Device Configuration Service Provider (CSP) with a ChoiceSettingInstance.

Key details:

Because it's a CSP-backed configuration, enforcement is immediate and strong, not preference‑based.