Most Unified Service Desk customers today utilize the Internal WPF setting for CRM Pages and Standard Web Applications but there are distinct tradeoffs when using this setting in that it utilizes the WPF WebBrowser control for hosting URLs and there are some rendering differences between it and standard Internet Explorer. Another important point about the WebBrowser control is that all the memory that would normally sit in an IExplore.exe process, now lives inside your UnifiedServiceDesk.exe process. This has the effect of making it appear as though Unified Service Desk utilizes a lot more memory than it actually does. There is another way to host the browser built into USD 2.0, however, and that is called IE Process mode. Generally the guidance is to make sure that a specific web application (such as CRM) utilize only Internal WPF hosted controls or only IE Process hosted controls. This is because they are treated as separate sessions and use of both may cause an additional authentication step to be required that would otherwise be unnecessary.
So, suppose you decide you want to take advantage of the IE Process setting and so you switch your CRM hosted controls to utilize this setting. One thing you might notice right away are some http://event popups appearing with no content all over the place.
These popups are part of a mechanism that USD uses to communicate command and content from a web page back to USD for processing. This happens because when these popups occur in IE 11, it checks the security zone of the popup, and if the security zone the URL lives within happens to be in a zone where protected mode is NOT set , IE will not notify the hosting application about the event and will not allow USD to act on it. This URL happens to live in the Intranet zone by default, which also happens to have protected mode off by default.
To resolve this, the easiest solution is to simply turn on protected mode for the Intranet zone.
While this is the easiest solution, there are also other solutions. The end result needs to be that these popup URL's need to be part of a zone that has Protected Mode turned on. Since you can't add URL's to the Internet zone, you can add these URL's to the Restricted Zone instead, which has Protected Mode turned ON by default. Here are the standard URL's that should be added to your Restricted Zone.
Note that while this will work for standard USD internal events, if you have an actual intranet application that pops windows that you want to control with USD, you must similarly ensure that you also add these to an appropriate zone with protected mode on, or plan on it popping out.