How to Configure Google Chrome settings using Administrative templates | Intune

Microsoft introduced Intune administrative templates for Google chrome settings with Microsoft Intune Service release 2203. We can now avoid complicated process of using custom OMA-URI settings and use Intune administrative templates for quick configuration.

In this blog post, we will configure the following settings for Google chrome using using Administrative templates.

  • Configure Google chrome Homepage
  • Configure Google chrome Startup page
  • Enable password manager
  • Configure Chrome theme color

Create Google Chrome Device configuration profile

  • To create a Device configuration profile, login to Microsoft Endpoint Manager admin center and navigate to Devices > Windows > Configuration profiles and click on Create profile.
  • Select the following options:
    • Platform: Windows 10 and later
    • Profile type: Templates
    • Template name: Administrative template
  • Click on Create

Google Chrome settings | Intune

  • On the Basics page, provide the name for Device configuration profile and click on Next.

Google chrome browser settings

  • On the Configuration settings page, you will have 3 options:
    • All Settings
    • Computer Configurations
    • User Configurations
  • Select Computer Configuration and from Setting name select Google > Google Chrome.

Note: There are other options “Google Chrome – Default settings (user can override). You can use this template if you want to configure settings as default one and allowing user to change if they wish to do so.

Google chrome homepage | Google chrome home page

  • Scroll down to Settings and select Startup, Home page and New Tab page

Google chrome startup page

You can see the available setting in this group in next screen.

Configure Google Chrome Startup page

We will configure the Google Chrome startup page first. The page that automatically loads whenever you launch Google chrome is the startup page. You can add multiple startup pages and they all become available when you launch Chrome.

We need to configure two settings for Chrome startup page.

Select Action on startup setting and select Enabled from flyer display. Select Open a list of URL’s in Action on startup list box and click on Ok to return to previous window.

Google chrome browser settings

From the list of settings, select URL’s to open on startup settings and select Enabled from flyer display. Provide the list of URL’s which you want to open at startup in URL’s to open on startup text boxes.

Click on Ok to return to previous screen.

Intune Google chrome homepage

Configure Google Chrome Homepage

We will now configure the Google Chrome homepage. We will configure 3 settings for this.

Select Configure the home page URL settings, click on Enabled from flyer display. Provide home page URL under Home page URL text box.

Click on Ok to return to previous screen.

Intune | Device configuration profile | Chrome home page

Select Use New Tab Page as Homepage and click on Disabled. Please note that home page setting will not be effective if this setting is enabled. Click on Ok.

Intune | Device configuration profile | Chrome home page

Select Show Home button on toolbar setting and click on Enabled at flyer display. This option will allow us to navigate to home page by clicking on home button on tool bar. Click on Ok to return to previous screen.

Intune | Device configuration profile | Chrome home page

Enable saving passwords to the password manager

We will now configure the setting to enable saving password to the password manager. This is one of random setting we picked up for this demonstration.

To enable saving password to the password manager, select Enable saving passwords to the password manager setting and click on Enabled.

Click on Ok to return to previous screen.

Intune | Device configuration profile | Chrome Enable password saving

Configure the color of the browser’s theme

This is the last setting we picked for this demonstration. The setting will change the theme color of Chrome browser.

Select Configure the color of the browser’s theme, select Enabled from flyer display. Enter the hex color code in the Configure the color of the browser’s theme text box.

Click on Ok to return to previous screen.

You can use below W3schools link to pick a hexadecimal color code.

https://www.w3schools.com/colors/colors_picker.asp

Intune | Device configuration profile | Chrome theme color

Now we are done with all configuration. Click on All Settings to view the settings you have configured. All configured settings will appear on top.

Chrome configure home page URL

Click on Next button to move to next page. Click on Next on Scope tags page to move to Assignments page.

Assign the profile to AAD group and click on Next

Intune | Device configuration profile | Assignments

On the Review + create page, review the settings and click on Create.

You can view the notification area for a successful profile creation.

Intune | Device configuration profile | Review + create

The Device configuration profile is now created. You can monitor the configuration status from Device configuration profile > Profile Name > Device status blade.

Intune | Device configuration profile | Device status

You can also check the configuration status of each setting for a device from Devices > All Devices > <Device name> \ Device Configuration > <Device configuration profile name>

Intune | Device configuration profile | Device status per setting

Check the configuration status from Event Viewer on targeted device

Let’s see how we can validate the device configuration status from Event viewer on targeted device.

To verify the settings using Event Viewer, navigate to Applications and Services Logs \ Microsoft \Windows \DeviceManagement-Enterprise-Diagnostics-Provider\Admin.

You can see the following logs. We have captured the details for Browser theme color and Chrome startup page.

Event viewer: Browser theme color:

MDM PolicyManager: Set policy string, Policy: (BrowserThemeColor), Area: (chromeIntuneV1~Policy~googlechrome), EnrollmentID requesting merge: (67FDEB14-74D9-49E4-B125-2A3E931D82DE), Current User: (Device), String: (<enabled/><data id=”BrowserThemeColor” value=”#6656f5″ />), Enrollment Type: (0x6), Scope: (0x0).

Event viewer | Device management logs

Event Viewer: Startup Page:

MDM PolicyManager: Set policy string, Policy: (RestoreOnStartupURLs), Area: (chromeIntuneV1~Policy~googlechrome~Startup), EnrollmentID requesting merge: (67FDEB14-74D9-49E4-B125-2A3E931D82DE), Current User: (Device), String: (<enabled/><data id=”RestoreOnStartupURLsDesc” value=”1

Event viewer | Device management logs

Check the configuration setting from Google chrome

To verify the configuration from Google chrome, open the chrome browser and type chrome://settings in browser address bar.

The following changes can be noticed here.

  • Theme color: Google chrome theme changed to blue which is visible in Title bar and address bar. You can notice this by simply opening Google chrome.
  • Startup page: You can see startup page details in On Startup tab. The startup page has been set and settings grayed out. A user can’t change the settings.
  • Home button: You can see home button on tool bar. When you click on home button it will take you to home page you configured.
  • Managed browser: Since you have applied the settings through Intune, you can also see a message “your browser is managed by your organization”.

Google Chrome | Verify managed configuration

List of Settings Available in Intune Google Chrome Administrative Template

Allow or Deny Screen Capture:

Setting NameSetting Type
Allow Desktop, Window, and Tab capture by these originsDevice / User
Allow or deny screen captureDevice / User
Allow Same Origin Tab capture by these originsDevice / User
Allow Tab capture by these originsDevice / User
Allow Window and Tab capture by these originsDevice / User

Content Settings:

Setting NameSetting Type
Allow access to sensors on these sitesDevice / User
Allow cookies on these sitesDevice / User
Allow images on these sitesDevice / User
Allow insecure content on these sitesDevice / User
Allow JavaScript on these sitesDevice / User
Allow JavaScript to use JIT on these sitesDevice / User
Allow notifications on these sitesDevice / User
Allow popups on these sitesDevice / User
Allow read access via the File System API on these sitesDevice / User
Allow the Serial API on these sitesDevice / User
Allow WebUSB on these sitesDevice / User
Allow write access to files and directories on these sitesDevice / User
Automatically grant permission to sites to connect all serial ports.Device / User
Automatically grant permission to sites to connect to USB serial devices.Device / User
Automatically grant permission to these sites to connect to USB devices.Device / User
Automatically select client certificates for these sitesDevice / User
Block access to sensors on these sitesDevice / User
Block cookies on these sitesDevice / User
Block images on these sitesDevice / User
Block insecure content on these sitesDevice / User
Block JavaScript from using JIT on these sitesDevice / User
Block JavaScript on these sitesDevice / User
Block notifications on these sitesDevice / User
Block popups on these sitesDevice / User
Block read access via the File System API on these sitesDevice / User

Default search provider:

Setting NameSetting Type
Default search provider encodingsDevice / User
Default search provider iconDevice / User
Default search provider keywordDevice / User
Default search provider nameDevice / User
Default search provider new tab page URLDevice / User
Default search provider search URLDevice / User
Default search provider suggest URLDevice / User
Enable the default search providerDevice / User
List of alternate URLs for the default search providerDevice / User
Parameter providing search-by-image feature for the default search providerDevice / User
Parameters for image URL which uses POSTDevice / User
Parameters for search URL which uses POSTDevice / User
Parameters for suggest URL which uses POSTDevice / User

Extensions:

Setting NameSetting Type
Blocks external extensions from being installedDevice / User
Configure allowed app/extension typesDevice / User
Configure extension installation allow listDevice / User
Configure extension installation blocklistDevice / User
Configure extension, app, and user script install sourcesDevice / User
Configure the list of force-installed apps and extensionsDevice / User
Extension management settingsDevice / User

Startup, Home page and New Tab page:

Setting NameSetting Type
Use New Tab Page as homepageDevice / User
Action on startupDevice / User
Configure the home page URLDevice / User
Show Home button on toolbarDevice / User
URLs to open on startupDevice / User
Configure the New Tab page URLDevice / User

Password Manager:

Setting NameSetting Type
Enable saving passwords to the password managerDevice / User
Enable leak detection for entered credentialsDevice / User

Safe Browsing Settings:

Setting NameSetting Type
Configure the change password URL.Device / User
Configure the list of domains on which Safe Browsing will not trigger warning.Device / User
Configure the list of enterprise login URLs where password protection service should capture salted hashes of passwords.Device / User
Enable Safe Browsing Extended ReportingDevice / User
Password protection warning triggerDevice / User
Safe Browsing Protection LevelDevice / User

Printing:

Setting NameSetting Type
Default background graphics printing modeDevice / User
Default printer selection rulesDevice / User
Default printing page sizeDevice / User
Disable Print PreviewDevice / User
Disable printer types on the deny listDevice / User
Enable Google Cloud Print proxyDevice / User
Enable printingDevice / User
Enable submission of documents to Google Cloud PrintDevice / User
Print Headers and FootersDevice / User
Print PDF as Image AvailableDevice / User
Print PostScript ModeDevice / User
Print Rasterization ModeDevice / User
Print Rasterize PDF DPIDevice / User
Restrict background graphics printing modeDevice / User
Use System Default Printer as DefaultDevice / User

Related Posts:

Subscribe to Techuisitive Newsletter

Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.


Scroll to Top