Microsoft Endpoint Manager – Configuration policies for Google Chrome

In the previous blog I introduced administrative templates in Intune. I showed how easily you can configure settings because administrative templates are almost like Active Directory GPOs. In this blog I want to show you some improvements Microsoft introduces two months ago in Microsoft Endpoint Manager 2203 release. This release contains a lot of new cool features and one of them is administrative templates for Google Chrome.

Why is it so important? Google Chrome is a standard in some companies as a default browser. How previous experience looked before 2203 release? Let me show you an example. If you wanted to configure some settings for Google Chrome first, you needed to ingest the Chrome ADMX file into Intune. Then you needed to configure custom settings one by one with OMA-URL (I will explain this topic in another blog):

 

That’s how setting looks like if you wanted to configure URL to open on startup. Looks quite complex if you don’t have an experience with custom settings, doesn’t it? Let’s see how you can configure policies with new administrative template and what the difference is. Go to Configuration profiles and click Create profile:

Then click Create. Provide a name of configuration profile and click Next:

In Computer Configuration section click Google, then choose Google Chrome. You can find hundreds of settings you can configure:

In below example we will configure some popular settings. The very first setting for browser every administrator configures is a home page. Settings in administrative templates are grouped by categories, so you can easily find home page setting in Startup, Home page and New Tab page section or you can use search:

Click on the setting name, enable the setting and provide the home page URL. Then click OK:

Next setting is Action on startup. Go to Google\Google Chrome\Startup, Home page and New Tab page and click on the setting name. Enable the setting and from dropdown list choose Restore the last session:

Then click OK. For security purposes I want to block saving passwords and I can configure Enable saving passwords to the password manager policy in Google\Google Chrome\Password manager section. Click on the policy name, disable saving passwords, and click OK:

Next, I want to restrict devices to download dangerous content. Find Allow download restrictions policy in Google\Google Chrome section:

Click on the policy name, then click Enable and from dropdown list choose Blocks malicious downloads and dangerous file types and click OK:

One more setting I want to configure is extensions for Google Chrome. I want to silently pre-install a few extensions for the users. Go to Google\Google Chrome\Extensions section and click on Configure the list of force-installed apps and extensions policy. Enable the policy and copypaste IDs of extensions you want to install. In my case it will be ggjhpefgjjfobnfoldnjipclpcfbgbhl for My Apps Secure Sign-in and aapbdbdomjkkjkaonfhkkikfgjllcleb for Google Translate:

Then click OK.

How to find extensions IDs? It’s very easy – just copypaste ID from extension URL:

The last setting I want to configure is a default browser:

Go to setting and enable it, then click OK.

We finished policies configuration for Google Chrome and now click Next twice to go on Assignments page:

In my environment I enable this configuration policies for all devices and click Next. On the Review + create page we see a list of settings I configured for Google Chrome:

Then click Create.

After policy synchronization we see they successfully applied on the device:

What is also visible in Google Chrome:

Happy deployment! For further information, please click here to contact our support team.

Share:

Facebook
Twitter
LinkedIn
Picture of Ievgen Liashov

Ievgen Liashov

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 028
Cyber Security

WME Security Briefing 27 September 2024

DragonRank SEO Manipulation Campaign Targeting IIS Servers Across Asia and Europe Overview A cyber espionage campaign is targeting IIS servers in several countries across Asia and Europe. The DragonRank campaign emanates from a simplified Chinese-speaking actor and specializes

Click Here to Read Full Article »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=