IT Experts with over 25 years experiance

Mon- Fri 9:30 - 6:30 PST

24h Emergency Service

Call Today 877-355-2263

To Speak with us

Get Warranty

Register Your Warranty

Manage Chrome Browser with Microsoft Intune

Manage Chrome Browser with Microsoft Intune

As a Chrome Enterprise administrator, you can manage Chrome Browser on Microsoft® Windows® computers using Microsoft® Intune.

Before you begin

  • You need a username and password for the Microsoft® Azure® portal to sign in and access Intune. To apply Chrome policies that are labeled as working only when joined to a Microsoft® Active Directory® domain, you need:
    • Chrome Browser version 69 or later
    • Any edition of Windows 10 except Windows Home

Set up Intune to manage Chrome Browser

Step 1: Ingest the Chrome ADMX file into Intune

  1. Download the Chrome ADMX templates.
  2. Sign in to the Microsoft Azure portal.
  3. Go to Intune and then Device configuration and then Profiles.
  4. Next to Devices configuration – Profiles, click Create profile.
  5. Enter the following text in these fields:
    Field Text to enter
    Name Windows 10 – Chrome configuration (or use any descriptive name)
    Description Enter a description (optional)
    Platform Windows 10 and later
    Profile type Custom
    Settings Custom (select from drop-down list)
  6. Selecting Custom in the step above opens a new menu for OMA-URI settings. Click Add to add specific policies you can configure and enter the following text:
    Field Text to enter
    Name Chrome ADMX Ingestion
    Description Enter a description (optional)
    OMA-URI ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx
    Data type String (select from drop-down list)
  7. Once you select String, a Value text field opens below. On your computer, go to template\windows\admx\chrome.admx and copy the text from chrome.admx.
  8. In the Value field, paste the chrome.admx text.
  9. Click OK and OK again to save the Custom OMA-URI settings.
  10. Click Create to create the new profile.

Step 2: Set up a Chrome policy with Intune

  1. Sign in to the Microsoft Azure portal.
  2. Go to Intune and then Device configuration and then Profiles.
  3. Click the Windows 10 – Chrome configuration profile you created in step 1.
  4. Select Properties and then Settingsand thenConfigure to open the Custom OMA-URI settings.
  5. Click Add to add a row.
  6. Enter text into the fields, following the examples below for the type of policy you’re implementing.
    • Note: Listing a Description is optional, but the other fields are required.

    Example A: Enable site isolation

    Field Text to enter
    Name Chrome – ADMX – SitePerProcess
    Description Enable Site Isolation
    OMA-URI ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/SitePerProcess
    Data type String
    Value <enabled/>

    Example B: Set application locale value (change de to the local language code)

    Field Text to enter
    Name Chrome – ADMX – ApplicationLocaleValue
    Description Application locale
    OMA-URI ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ApplicationLocaleValue
    Data type String
    Value <enabled/>
    <data id="ApplicationLocaleValue" value="de"/>

    Example C: Set URL blacklist

    Field Text to enter
    Name Chrome – ADMX – URLBlacklist
    Description List of URLs to blacklist
    OMA-URI ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/URLBlacklist
    Data type String
    Value <enabled/>

    <data id="URLBlacklistDesc" value="1&#xF000;http://www.cnn.com&#xF000;2&#xF000;http://www.abc.com"/>

    Important: When creating a key-value pair list (to list URLs for a blacklist or cookies allowed for specific URLs), use &#xF000; as the separator.

    Example D: Blacklist all extensions

    Field Text to enter
    Name Chrome – ADMX – ExtensionInstallBlacklist
    Description Extension Blacklist
    OMA-URI ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallBlacklist
    Data type String
    Value <enabled/>

    <data id="ExtensionInstallBlacklistDesc" value="1&#xF000;*"/>

    Example E: Manage Bookmarks

    Field Text to enter
    Name Chrome – ADMX – ManagedBookmarks
    Description Managed Bookmarks
    OMA-URI ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ManagedBookmarks
    Data type String
    Value <enabled/>

    <data id='ManagedBookmarks' value='[{"toplevel_name":"Company Bookmarks"},{"url":"microsoft.com","name":"Microsoft"},{"url":"blogs.technet.microsoft.com","name":"Favorite Blogs"},{"name":"Email services","children":[{"url":"gmail.com","name":"Gmail"},{"url":"outlook.com","name":"Outlook"}]}]'/>

    Important: Use double quotes on the inner values and single quotes on the outer values.

  7. After you’ve set the policies you want to configure, click OK and OK again to save the Custom OMA-URI settings.
  8. At the top, click Save to save the Windows 10 – Chrome configuration settings. You will see a Profile saved notification when successful.

For more examples of policies you can set using Microsoft Intune, see the spreadsheet Common Chrome Browser policies for Microsoft Intune

Step 3: Confirm that the policy is set

  1. Allow time for Intune to propagate the policy to Chrome on one of the devices you’re managing. If the policy is taking time to push, verify that the device is enrolled and you have synced the device to get the latest policies from Intune.
  2. On a managed device, open Chrome Browser.
  3. In the address bar, enter chrome://policy and verify that the policy you set is enabled.

Step 4: (Optional) Configure other templates

In addition to managing the Chrome Browser following the steps above, you can ingest and configure other templates, such as Legacy Browser SupportGoogle Updater, or Chrome Beta Policy Templates.

To use these templates, first download them, insert the correct OMA-URI, and then add the correct value. For example, here’s how to configure Legacy Browser Support:

Field Text to enter
Name Chrome – ADMX – LegacyBrowserSupport
Description LBS
OMA-URI ../Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/LegacyBrowserSupport/Policy/LegacyBrowserSupportADMX
Data type String
Value Copy and paste the content in LegacyBrowserSupport.admx into the value field.
  1. Download the Legacy Browser Support ADMX template.
  2. Enter the following:
  3. Add a new setting with the OMA-URI: ./Device/Vendor/MSFT/Policy/Config/LegacyBrowserSupport~Policy~Cat_LegacyBrowserSupport/UseIeSiteList_Policy and the value: <enabled/>

That’s it! After syncing on the client, registry use_ie_site_list will be created under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\Extensions\heildphpnddilhkemkielfhnkaagiabh\policy.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Comments
    About
    We offer 24/7 Emergency Service to all of our customers. You can always count on AirPro Experts to get to you fast and get the job done right the first time. We use state-of-the-art diagnostic equipment to find the source of your heating and air conditioning problems and fix them fast.