Planning your return to office strategy? See how Chrome OS can help.

Požadovaná stránka nie je momentálne k dispozícii vo vašom jazyku. V dolnej časti stránky si môžete vybrať iný jazyk alebo si môžete okamžite preložiť ľubovoľnú webovú stránku do požadovaného jazyka pomocou vstavanej funkcie prekladu v prehliadači Google Chrome.

Manage Chrome Browser with Microsoft Intune

As a Chrome Enterprise administrator, you can manage Chrome Browser on Microsoft® Windows® computers using Microsoft® Intune.

Before you begin

  • You need a username and password for the Microsoft® Azure® portal to sign in and access Intune. To apply Chrome policies that are labeled as working only when joined to a Microsoft® Active Directory® domain, you need:
    • Chrome Browser version 69 or later
    • Any edition of Windows 10 except Windows Home

Set up Intune to manage Chrome Browser

Step 1: Ingest the Chrome ADMX file into Intune
  1. Download the Chrome ADMX templates.
  2. Sign in to the Microsoft Azure portal.
  3. Go to Intune and then Device configuration and then Profiles.
  4. Next to Devices configuration – Profiles, click Create profile.
  5. Enter the following text in these fields:
    • Name
      Windows 10 – Chrome configuration (or use any descriptive name)
    • Description
      Enter a description (optional)
    • Platform
      Windows 10 and later
    • Profile type
      Custom
    • Settings
      Custom (select from drop-down list)
  6. Selecting Custom in the step above opens a new menu for OMA-URI settings. Click Add to add specific policies you can configure and enter the following text:
    • Name
      Chrome ADMX Ingestion
    • Description
      Enter a description (optional)
    • OMA-URI
      ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx
    • Data type
      String (select from drop-down list)
  7. Once you select String, a Value text field opens below. On your computer, go to template\windows\admx\chrome.admx and copy the text from chrome.admx.
  8. In the Value field, paste the chrome.admx text.
  9. Click OK and OK again to save the Custom OMA-URI settings.
  10. Click Create to create the new profile.
Step 2: Set up a Chrome policy with Intune
  1. Sign in to the Microsoft Azure portal.
  2. Go to Intune and then Device configuration and then Profiles.
  3. Click the Windows 10 – Chrome configuration profile you created in step 1.
  4. Select Properties and then Settingsand thenConfigure to open the Custom OMA-URI settings.
  5. Click Add to add a row.
  6. Enter text into the fields, following the examples below for the type of policy you’re implementing.
    Note: Listing a Description is optional, but the other fields are required.
  7. After you’ve set the policies you want to configure, click OK and OK again to save the Custom OMA-URI settings.
  8. At the top, click Save to save the Windows 10 – Chrome configuration settings. You will see a Profile saved notification when successful.

Example A: Enable home button

  • Name
    Chrome – ADMX – HomepageButton
  • Description
    Enable the home button
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome*~Startup*/ShowHomeButton
  • Data type
    String
  • Value
    <enabled/>

Example B: Configure URL for homepage button

  • Name
    Chrome – ADMX – HomepageLocation
  • Description
    Configure the URL the homepage button opens
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome*~Startup*/HomepageLocation
  • Data type 
    String
  • Value 
    <enabled/>

Example C: Enable site isolation

  • Name
    Chrome – ADMX – SitePerProcess
  • Description
    Enable Site Isolation
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/SitePerProcess
  • Data type 
    String
  • Value 
    <enabled/>

Example D: Set application locale value

  • Name
    Chrome – ADMX – ApplicationLocaleValue
  • Description
    Application locale
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ApplicationLocaleValue
  • Data type 
    String
  • Value 
    <enabled/>

    <data id="ApplicationLocaleValue" value="de"/>

Example E: Set URL blocklist

  • Name 
    Chrome – ADMX – URLBlocklist
  • Description 
    List of URLs to blocklist
  • OMA-URI 
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/URLBlocklist
  • Data type 
    String
  • Value 
    <enabled/>

    <data id="URLBlocklistDesc" value="1&#xF000;http://www.cnn.com&#xF000;2&#xF000;http://www.abc.com"/>

Important: When creating a key-value pair list (to list URLs for a blocklist or cookies allowed for specific URLs), use &#xF000; as the separator.

Example F: Allowlist specific extensions

  • Name 
    Chrome – ADMX – ExtensionInstallAllowlist
  • Description 
    Allowlist specific extensions
  • OMA-URI 
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome*~Startup*/ExtensionInstallAllowlist
  • Data type 
    String
  • Value 
    <enabled/>

Example G: Blocklist all extensions

  • Name
    Chrome – ADMX – ExtensionInstallBlocklist
  • Description 
    Extension Blocklist
  • OMA-URI 
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallBlocklist
  • Data type 
    String
  • Value 
    <enabled/>

    <data id="ExtensionInstallBlocklistDesc" value="1&#xF000;*"/>

Example H: Manage Bookmarks

  • Name 
    Chrome – ADMX – ManagedBookmarks
  • Description 
    Managed Bookmarks
  • OMA-URI 
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ManagedBookmarks
  • Data type 
    String
  • Value 
    <enabled/>

    <data id='ManagedBookmarks' value='[{"toplevel_name":"Company Bookmarks"},{"url":"microsoft.com","name":"Microsoft"},{"url":"blogs.technet.microsoft.com","name":"Favorite Blogs"},{"name":"Email services","children":[{"url":"gmail.com","name":"Gmail"},{"url":"outlook.com","name":"Outlook"}]}]'/>

Important: Use double quotes on the inner values and single quotes on the outer values.

For more examples of policies you can set using Microsoft Intune, see the spreadsheet Common Chrome Browser policies for Microsoft Intune.

Step 3: Confirm that the policy is set
  1. Allow time for Intune to propagate the policy to Chrome on one of the devices you’re managing. If the policy is taking time to push, verify that the device is enrolled and you have synced the device to get the latest policies from Intune.
  2. On a managed device, open Chrome Browser.
  3. In the address bar, enter chrome://policy and verify that the policy you set is enabled.
Step 4: (Optional) Configure other templates

In addition to managing the Chrome Browser following the steps above, you can ingest and configure other templates, such as Legacy Browser Support, Google Updater, or Chrome Beta Policy Templates.

To use these templates, first download them, insert the correct OMA-URI, and then add the correct value. For example, here's how to configure Legacy Browser Support:

  • Name 
    Chrome – ADMX – LegacyBrowserSupport
  • Description
    LBS
  • OMA-URI ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/LegacyBrowserSupport/Policy/LegacyBrowserSupportADMX
  • Data type 
    String
  • Value 
    Copy and paste the content in LegacyBrowserSupport.admx into the value field.

How to

  1. Download the Legacy Browser Support ADMX template.
  2. Enter the following:
  3. Add a new setting with the OMA-URI: ./Device/Vendor/MSFT/Policy/Config/LegacyBrowserSupport~Policy~Cat_LegacyBrowserSupport/UseIeSiteList_Policy and the value: <enabled/>

That's it! After syncing on the client, registry use_ie_site_list will be created under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\Extensions\heildphpnddilhkemkielfhnkaagiabh\policy.

Troubleshooting

  • If the policy you set in Intune is not appearing in your list of Chrome policies, make sure that you allowed adequate time for the policy to propagate from Intune to the machine.
  • To verify that the policy is in the registry, enter regedit to open the Registry Editor in Windows 10. Verify that the correctly defined policy is visible at HKLM\Software\Policies\Google\Chrome. If it’s not visible, it means the policy is not pushed correctly.
  • Make sure you've typed the OMA-URI correctly and ensure that the value is correct XML. If you get any of these wrong, an error message won't appear, but the policy won't be enforced on your users machines.
  • If you’re still having issues, see Microsoft's documentation on setting up and syncing devices with Intune.

Related topics

Was this helpful?
How can we improve it?
Vyhľadávanie
Vymazať vyhľadávanie
Zavrieť vyhľadávanie
Aplikácie Googlu
Hlavná ponuka
Search Help Center
true
410864
false