We can now configure Google chrome settings using Intune administrative templates. This is a new feature introduced with Intune’s Service release 2203. Previously we only had option to use custom OMA-URI device configuration policy to deploy Google Chrome policies, for this we need to have rather more complicated process to ingest Google chrome policies using custom OMA-URI settings.

What are Google Chrome Settings

Google Chrome settings are the specific configuration setting which can be defined on devices to apply several changes such as configuring Home page URL, show home button on toolbar, block cookies etc, there are heaps of settings available which can be controlled through these settings.

All these settings are part of Administrative templates which can be done easily in On-premises environment with Active Directory installed, this can be done by importing ADMX templates for Google Chrome and copying it under SYSVOL’s policy definitions folder.

But the same process is not so simple while applying ADMX templates using Google chrome as there were no settings prior to Intune service release 2203. The only option left was to ingest Google chrome policies which requires a thorough understanding of Policy CSP (Policy configuration service provider to configure policies).

With the introduction of Intune 2203 version, Google chrome settings are included in Settings Catalog and Administrative Template. We can now create new configuration profiles to target Google chrome policies.

Create Google Chrome polices using Intune

Login to Microsoft Endpoint Manager admin center and navigate to Devices > Windows > Configuration profiles. Click on Create profile.

Google Chrome Create Profile

Select Platform as “Windows 10 and later” and Profile type showing 2 options:

Settings catalog (preview)

Google Chrome policies are available for both the options, either of them can be used. I am going to use Templates, click on it and under Template name select Administrative Templates, click on Create.

Google Chrome Intune Administrative Templates

Under Create profile blade, provide name as Google Chrome and click Next.

Intune Create Profile

Under Configuration settings, we have 3 options:

  • All Settings
  • Computer Configuration
  • User Configuration

Select Computer Configuration, under Setting Name select Google. You have 2 options to select Either “Google Chrome” or “Google Chrome – Default Settings (users can override)”. Select the first one and click Next.

Google Chrome Administrative Template Intune

You will be listed with all settings, scroll down to select Start, Home page and New Tab page, this is what we are going to do now.

Chrome settings intune

We will be making multiple changes over here. Click on URL’s to  open on startup, enable it and specify the url www.google.com.au

URL's to open on startup
Home page url

Click on Show Home button on toolbar  and select “Enabled”

Select Configure the home page URL  and set Home page URL to https://www.microsoft.com

We are ready with the settings, click on Next.

ConfigureGoogleChromeSetingsIntune 08

Under Scope tags, click Next.

Under Assignments, target the configuration profile to existing group and click Next.

ConfigureGoogleChromeSetingsIntune 09

Under Review + create, verify the settings and click on Create.

ConfigureGoogleChromeSetingsIntune 10

Verify Google Chrome policy deployed via Intune

Login to windows 10 device. Once the sync is done, new settings will be applied.

Verify using Event Viewer

We can verify the settings using Event Viewer, navigate to Applications and Services Logs \ Microsoft \Windows \DeviceManagement-Enterprise-Diagnostics-Provider\Admin.

We can see all policies, following is the description:

MDM PolicyManager: Set policy string, Policy: (RestoreOnStartupURLs), Area: (chromeIntuneV1~Policy~googlechrome~Startup), EnrollmentID requesting merge: (5131251F-4468-4AE4-BD58-496B92F20322), Current User: (Device), String: (<enabled/><data id="RestoreOnStartupURLsDesc" value="1 www.google.com.au" />), Enrollment Type: (0x6), Scope: (0x0).
ConfigureGoogleChromeSetingsIntune 14
MDM PolicyManager: Set policy string, Policy: (HomepageLocation), Area: (chromeIntuneV1~Policy~googlechrome~Startup), EnrollmentID requesting merge: (5131251F-4468-4AE4-BD58-496B92F20322), Current User: (Device), String: (<enabled/><data id="HomepageLocation" value="https://www.microsoft.com" />), Enrollment Type: (0x6), Scope: (0x0).
ConfigureGoogleChromeSetingsIntune 15
MDM PolicyManager: Set policy string, Policy: (ShowHomeButton), Area: (chromeIntuneV1~Policy~googlechrome~Startup), EnrollmentID requesting merge: (5131251F-4468-4AE4-BD58-496B92F20322), Current User: (Device), String: (<enabled/>), Enrollment Type: (0x6), Scope: (0x0).
ConfigureGoogleChromeSetingsIntune 16

Verify through Google Chrome browser

Launch Google Chrome and go to settings.

Click On Startup, setting is applied and in disabled state, it cannot be changed as this is what we were expecting.

Click on Appearance, Show home button is set to website what we set and that too also in disabled set.

Verify Google Chrome Intune policies through Registry

We can verify the settings through registry as well. Open registry (regedit) and navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager. We can see all the magic has been done, all relevant policies are automatically created:

AdmxDefault – The location will be Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault

All default Admx templates automatically got imported, which shows list of all Google chrome policies

AdmxInstalled– Showing Chrome policy applied

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxInstalled\5131251F-4468-4AE4-BD58-496B92F20322\chromeIntuneV1\Policy\chromeIntuneV1This is showing list of all policies applied under Google Chrome policy.

Current\Device – Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\chromeIntuneV1~Policy~googlechrome~Startup

This will show list of current policies applied

Microsoft is using the name chromeIntuneV1 as GoogleChrome policy, which seems be getting updated with every new release of Google Chrome policies, and probably we don’t have to make any manual changes into it.

Important Links

What’s new in Microsoft Intune | Microsoft Docs