For administrators who manage Chrome browser on Windows for a business or school.
As a Chrome Enterprise administrator, you can use Microsoft Intune to deploy and manage Chrome browser on Windows devices.
Before you begin
- You need an administrator account to access the Microsoft Endpoint Manager admin center.
- To apply Chrome policies that are labeled as working only when joined to a Microsoft Active Directory domain, you need:
- Chrome browser version 69 or later.
- Any edition of Windows 10 and 11 but not Windows Home.
Step 1: Deploy Chrome browser
- Download the Chrome browser executable and select the channel taking into account your audience.
- When the executable is downloaded, you need to prepare it so that it can be uploaded in Intune.
- Download Microsoft’s Win32 Content Prep tool.
- Follow these instructions to prepare the Chrome browser app.
- Sign into the Microsoft Endpoint Manager admin center.
- Click Apps
Windows
Add.
- Click Add.
- For App type, select Windows App (Win32) and then click Select.
- In the App information page, click Select app package file and search for the file you prepared in step 2.
Note: The file must have the .intunewin extension. - When the file is uploaded, click OK.
- On the App information page, add your app details.
Some details of the Chrome browser app might be automatically filled in. - Click Next.
- In the Program page, configure the app installation and removal commands for the app by following these steps.
- Click Next.
- Configure any of the following as required:
- In the Requirements page, configure the requirements the device must meet before Chrome browser is installed and click Next.
- In the Detection rules page, configure any rules you require and click Next.
- In the Dependencies page, configure any dependencies you require and click Next.
- In the Supercedence page, configure any supercedences you require and click Next.
- In the Assignments page, configure any assignments you require and click Next.
- Select any applicable Included groups and Excluded groups.
- Click Next
Create.
Step 2: Configure Chrome browser with Settings Catalog
- Still in the Microsoft Endpoint Manager admin center, select Devices
Windows
Configuration Profiles.
- Click Create Profile.
- In Platforms, select Windows 10 and later.
- In Profile type, select Settings Catalog (preview).
- Enter a configuration name, for example Chrome browser configuration.
- In the Configuration Settings page, select Add Settings.
- In the search box, search for Chrome. You can now select from and configure a multitude of settings as detailed in the examples below.
Note: You don’t need to create separate policies to configure the different examples below. You can configure the examples below, and more, under the same policy. - Click Next.
- Select any applicable Included groups and Excluded groups, and respective Filters.
- Click Next.
- Select any applicable Scope tags.
- Click Next
Create.
Example A: Enable home button
Example B: Configure URL for homepage button
Example C: Enable site isolation for specified origins
Example D: Configure Legacy Browser Support
Example E: Allow specific extensions
Example F: Block external extensions from being installed
Example G: Manage bookmarks
Step 3: Confirm that the policy is set
After you apply any Chrome policies, users need to restart Chrome browser for the settings to take effect. You can check users’ devices to make sure the policy was applied correctly.
Note: Allow time for Intune to propagate the policy to Chrome on the devices you’re managing. If the policy is taking some time to push, verify that the device is enrolled and you have synced the device to get the latest policies from Intune.
- On a managed device, open Chrome browser.
- In the address bar, enter chrome://policy.
- Click Reload policies.
- Verify that the policy you set is enabled.
Step 4: Confirm the policy is set (Intune)
Allow time for Intune to propagate the policy to Chrome on the devices you’re managing. If the policy is taking some time to push, verify that the device is enrolled and you have synced the device to get the latest policies from Intune.
- In the Microsoft Endpoint Manager admin center, select Devices
Windows
Configuration Profiles, and click on the policy you just created.
- If want to see which devices have been targeted by the policy, including devices in a pending policy assignment state, click Device assignment status report.
- If want to view the configuration status of each setting for the policy across all devices and users, select the Per setting status report.
Related topics
Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.