We can now configure Google chrome settings using Intune administrative templates. This is a new feature introduced with Intune’s Service release 2203. Previously we only had option to use custom OMA-URI device configuration policy to deploy Google Chrome policies, for this we need to have rather more complicated process to ingest Google chrome policies using custom OMA-URI settings.
What are Google Chrome Settings
Google Chrome settings are the specific configuration setting which can be defined on devices to apply several changes such as configuring Home page URL, show home button on toolbar, block cookies etc, there are heaps of settings available which can be controlled through these settings.
All these settings are part of Administrative templates which can be done easily in On-premises environment with Active Directory installed, this can be done by importing ADMX templates for Google Chrome and copying it under SYSVOL’s policy definitions folder.
But the same process is not so simple while applying ADMX templates using Google chrome as there were no settings prior to Intune service release 2203. The only option left was to ingest Google chrome policies which requires a thorough understanding of Policy CSP (Policy configuration service provider to configure policies).
With the introduction of Intune 2203 version, Google chrome settings are included in Settings Catalog and Administrative Template. We can now create new configuration profiles to target Google chrome policies.
Create Google Chrome polices using Intune
Login to Microsoft Endpoint Manager admin center and navigate to Devices > Windows > Configuration profiles. Click on Create profile.
Select Platform as “Windows 10 and later” and Profile type showing 2 options:
Settings catalog (preview)
Google Chrome policies are available for both the options, either of them can be used. I am going to use Templates, click on it and under Template name select Administrative Templates, click on Create.
Under Create profile blade, provide name as Google Chrome and click Next.
Under Configuration settings, we have 3 options:
- All Settings
- Computer Configuration
- User Configuration
Select Computer Configuration, under Setting Name select Google. You have 2 options to select Either “Google Chrome” or “Google Chrome – Default Settings (users can override)”. Select the first one and click Next.
You will be listed with all settings, scroll down to select Start, Home page and New Tab page, this is what we are going to do now.
We will be making multiple changes over here. Click on URL’s to open on startup, enable it and specify the url www.google.com.au
Click on Show Home button on toolbar and select “Enabled”
Select Configure the home page URL and set Home page URL to https://www.microsoft.com
We are ready with the settings, click on Next.
Under Scope tags, click Next.
Under Assignments, target the configuration profile to existing group and click Next.
Under Review + create, verify the settings and click on Create.
Verify Google Chrome policy deployed via Intune
Login to windows 10 device. Once the sync is done, new settings will be applied.
Verify using Event Viewer
We can verify the settings using Event Viewer, navigate to Applications and Services Logs \ Microsoft \Windows \DeviceManagement-Enterprise-Diagnostics-Provider\Admin.
We can see all policies, following is the description:
MDM PolicyManager: Set policy string, Policy: (RestoreOnStartupURLs), Area: (chromeIntuneV1~Policy~googlechrome~Startup), EnrollmentID requesting merge: (5131251F-4468-4AE4-BD58-496B92F20322), Current User: (Device), String: (<enabled/><data id="RestoreOnStartupURLsDesc" value="1 www.google.com.au" />), Enrollment Type: (0x6), Scope: (0x0).
MDM PolicyManager: Set policy string, Policy: (HomepageLocation), Area: (chromeIntuneV1~Policy~googlechrome~Startup), EnrollmentID requesting merge: (5131251F-4468-4AE4-BD58-496B92F20322), Current User: (Device), String: (<enabled/><data id="HomepageLocation" value="https://www.microsoft.com" />), Enrollment Type: (0x6), Scope: (0x0).
MDM PolicyManager: Set policy string, Policy: (ShowHomeButton), Area: (chromeIntuneV1~Policy~googlechrome~Startup), EnrollmentID requesting merge: (5131251F-4468-4AE4-BD58-496B92F20322), Current User: (Device), String: (<enabled/>), Enrollment Type: (0x6), Scope: (0x0).
Verify through Google Chrome browser
Launch Google Chrome and go to settings.
Click On Startup, setting is applied and in disabled state, it cannot be changed as this is what we were expecting.
Click on Appearance, Show home button is set to website what we set and that too also in disabled set.
Verify Google Chrome Intune policies through Registry
We can verify the settings through registry as well. Open registry (regedit) and navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager. We can see all the magic has been done, all relevant policies are automatically created:
AdmxDefault – The location will be Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault
All default Admx templates automatically got imported, which shows list of all Google chrome policies
AdmxInstalled– Showing Chrome policy applied
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxInstalled\5131251F-4468-4AE4-BD58-496B92F20322\chromeIntuneV1\Policy\chromeIntuneV1This is showing list of all policies applied under Google Chrome policy.
Current\Device – Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\chromeIntuneV1~Policy~googlechrome~Startup
This will show list of current policies applied
Microsoft is using the name chromeIntuneV1 as GoogleChrome policy, which seems be getting updated with every new release of Google Chrome policies, and probably we don’t have to make any manual changes into it.