/
  • Last updated
/
  • 5 min read

How to Enable/Disable Microsoft Edge DNS (Secure DoH)

by Mauro Mendoza, IT Technical Writer
How to Enable/Disable Microsoft Edge DNS (Secure DoH) blog banner image

Instant Summary

Summarize Blog

This NinjaOne blog post offers a comprehensive basic CMD commands list and deep dive into Windows commands with over 70 essential cmd commands for both beginners and advanced users. It explains practical command prompt commands for file management, directory navigation, network troubleshooting, disk operations, and automation with real examples to improve productivity. Whether you’re learning foundational cmd commands or mastering advanced Windows CLI tools, this guide helps you use the Command Prompt more effectively.

Free Trial

Key Points

  • DNS-over-HTTPS (DoH) encrypts your browser’s DNS queries for privacy, but it can conflict with corporate network filters and internal resources.
  • Individual users can enable or disable DoH directly in Microsoft Edge’s settings under Privacy, search, and services > Security.
  • IT administrators enforce DoH settings across an organization using the ConfigureSecureDnsLookup Group Policy or Microsoft Intune.
  • If your DoH setting keeps reverting, it is being controlled by a mandatory enterprise policy set by your IT department.
  • Website loading failures after enabling DoH often indicate that your network is blocking the encrypted DNS protocol.

Secure DNS, or DNS-over-HTTPS (DoH), encrypts your DNS requests to shield your browsing from prying eyes, yet managing your Microsoft Edge DNS settings is crucial when this privacy feature clashes with workplace networks or security tools.

This guide will show you how to enable, disable, and control DoH, whether you’re tweaking a single browser or rolling out a company-wide policy.

Methods to turn DNS (DoH) on/off in Microsoft Edge

Managing DNS-over-HTTPS (DoH) settings in Microsoft Edge is essential for aligning browser security with your network’s operational requirements.

📌Use case: Configure DoH settings primarily for:

  • Network management: Disable DoH to ensure compatibility with corporate web filters, firewalls, and monitoring tools.
  • Internal resources: Turn it off when accessing local servers or sites with private domain names that require specific internal DNS.
  • Troubleshooting: Disable it as a diagnostic step when resolving persistent website connectivity issues.

📌Prerequisites: Before you begin, confirm:

  1. You are using Microsoft Edge on Windows 11.
  2. You have admin awareness of your organization’s DNS policy (for managed devices).
  3. For IT admins: The optional Edge ADMX/administrative templates are loaded for group policy deployment.

Method 1: Configure via Edge settings (For Individual Users)

Adjust Secure DNS directly in your Microsoft Edge browser for quick personal configuration.

Step-by-step procedure: 

  1. Open Microsoft Edge.
    • Type edge://settings/privacy into the address bar
    • Or navigate via Settings > Privacy, search, and services.
  2. Scroll down to the Security section.
  3. Find the toggle for “Use secure DNS to specify how to lookup the network address for websites.”
  4. Toggle it On to enable encryption or Off to disable it and use your system’s standard DNS.
    • Choosing a provider: If enabled, click “Choose a service provider” to select a preset (like Cloudflare or Google) or enter a custom DoH template URL.
    • Validation: To confirm the setting is active, you can use a DNS leak test website or check the network activity details in edge://net-export logs.

The change takes effect immediately. For a full reset, clear Edge’s DNS cache by navigating to edge://net-internals/#dns.

Method 2: Enforce via enterprise policy (For IT Administrators)

Deploy a standardized Secure DNS configuration across your Windows fleet using centralized management tools.

Use Group Policy (with the msedge.admx templates) or Microsoft Intune to enforce the ConfigureSecureDnsLookup policy.

Step-by-step procedure: 

  1. Locate the policy:
    • Navigate to Computer/User Configuration > Policies > Administrative Templates > Microsoft Edge.
  2. Configure the policy:
    • Enable the “Configure Secure DNS Lookup” policy.
  3. Set the mode: Select your desired enforcement level:
    • Off: Disables DoH.
    • Automatic (Default): Uses DoH if the system’s DNS server supports it.
    • Specified: Forces the use of a specific DoH provider by entering its URI template.

Once the policy is applied and the client machine refreshes (via gpupdate /force or a reboot), the setting is locked for all users. Individual users cannot modify it through the Edge settings UI, guaranteeing enterprise-wide DNS policy compliance.

Supporting method: Troubleshooting and advanced validation

Validate your Secure DNS configuration and resolve conflicts using these diagnostic steps.

Step-by-step procedure: 

If websites fail to load after changing DoH settings, follow this sequence:

  1. Clear caches:
    • Clear the browser’s DNS cache at edge://net-internals/#dns and the Windows DNS cache (run ipconfig /flushdns in Command Prompt as admin).
  2. Verify the active setting:
    • In Edge, revisit edge://settings/privacy to confirm the toggle is in the intended state (On/Off).
  3. Use diagnostic tools:
    • Check edge://net-internals/#dns to see which DNS resolver Edge is actively using.
    • Use the Network tab in Developer Tools (F12) to see if specific requests are failing with DNS-related errors.
  4. Check for Conflicts:
    • Ensure DoH configuration aligns with your system’s proxy and firewall settings. A web filter or firewall blocking HTTPS traffic to port 443 can prevent DoH from working.

After systematic troubleshooting, you will identify the root cause. This allows you to either correct your DoH settings or conclusively determine that disabling DoH is necessary for your specific network environment.

Troubleshooting common secure DNS issues

Resolve typical problems when managing DNS-over-HTTPS (DoH) with these direct solutions.

DoH only works in Edge

This is normal. Edge’s setting only encrypts browser traffic. For full-system encryption, configure DoH/DoT in Windows network settings.

Sites fail to load on certain networks

Managed networks often block external DoH. Disable Edge’s Secure DNS or switch to your organization’s approved resolver.

Security filters are bypassed

Public DoH can bypass internal DNS filtering. Coordinate with security teams to use a company-approved DoH endpoint that maintains logging.

Settings keep resetting

A centralized enterprise policy is enforcing the configuration. Only an administrator can change the deployed Group Policy or Intune setting.

Performance is slow

Test by disabling DoH as a baseline. Try a different provider or, for enterprises, deploy a local DoH resolver to reduce latency.

Configuring Edge DNS for security and compatibility

Effectively managing Edge DNS through Secure DNS gives you control over browser privacy while maintaining network compliance.

Whether you toggle it on for personal use or enforce it enterprise-wide via policy, the key is aligning this setting with your Windows configuration and existing security tools. This ensures your encrypted browsing works seamlessly without disrupting essential filters, logs, or internal resources.

Related topics

Start your Free Trial
Embracing Automation at Every Level

FAQs

Choosing a preset provider (like Cloudflare or Google) is the simplest method, as Edge automatically uses a known, reliable DoH template URL for that service.

Entering a custom DoH template URL is necessary if you want to use a different provider (like your ISP’s, a privacy-focused service like NextDNS, or an internal corporate resolver) that isn’t on Microsoft’s preset list.

When set to “Automatic,” Microsoft Edge will attempt to use DoH if your computer’s currently configured DNS server (from your network adapter or DHCP) is known to support it. If the DNS server does not support DoH, Edge will fall back to using standard, unencrypted DNS with that server, ensuring connectivity isn’t broken.

Clearing the DNS cache removes your computer’s locally stored record of recent website addresses. To do it fully, you must clear both the Windows DNS cache (run ipconfig /flushdns in Command Prompt as Administrator) and the Edge browser cache (go to edge://net-internals/#dns and click “Clear host cache”).

This helps because it forces your system to perform a fresh DNS lookup, which ensures it uses your newly configured DoH or standard DNS settings immediately.

Internal servers and tools often use private domain names (e.g., hrportal.internal) that are only defined on your organization’s local DNS servers.

When you enable DoH with a public provider (like Google DNS), your browser bypasses the company’s internal DNS servers and asks the public one for the address, which will not recognize or resolve these private names, leading to “Page not found” errors.

Yes, that’s correct. The “Secure DNS” setting in Microsoft Edge only applies to web traffic from the Edge browser itself. Other applications on your Windows PC (like email clients, gaming apps, or other browsers) will continue to use the standard DNS configured in your operating system’s network settings.

For full-system encryption, you need to configure DNS-over-HTTPS or DNS-over-TLS at the Windows level.

You might also like

How to Fix “Core Isolation Not Available” or Missing Memory Integrity in Windows 11 blog banner image

How to Fix “Core Isolation Not Available” or Missing Memory Integrity in Windows 11

How to Keep a Windows 11 Laptop Awake and Unlocked on AC Power blog banner image

How to Keep a Windows 11 Laptop Awake and Unlocked on AC Power

How to Reset and Clear Taskbar Pinned Items in Windows 11 blog banner image

How to Reset and Clear Taskbar Pinned Items in Windows 11

How to Turn Auto HDR On or Off in Windows 11 blog banner image

How to Turn Auto HDR On or Off in Windows 11

Set "Keep Printed Documents" On/Off in Windows 11 Print Queue blog banner image

Set “Keep Printed Documents” On/Off in Windows 11 Print Queue

How to Verify Local Security Authority Protection in Windows 11 blog banner image

How to Verify Local Security Authority Protection in Windows 11

Back to Blog Home
Ready to simplify the hardest parts of IT?
Start a Free Trial
Get a demo