How to manage Microsoft Edge for Mac settings with Intune

Microsoft is developing a new version of the Edge browser based on the Chromium open source project. At the moment of writing Chromium based Edge is available for Windows and macOS in three release channels; Canary, Dev and Beta.
To manage settings for the Windows version of Edge with Microsoft Intune, Microsoft provides us with Administrative templates in the Intune portal, which contain a lot of settings.
For the Mac version of Edge, we don`t have this option. For macOS we need to created a configuration file (plist file), which we can deploy as a custom configuration policy in Intune.

In this blog post I will show to manage Edge for macOS using Microsoft Intune and such a plist file.

Preparation

To deploy custom settings to macOS we need to have a property list (plist) file which we can deploy with a custom configuration policy. An example plist file is provided by Microsoft on the Edge Insider website (on the Enterprise page) where you can also download several different installer files.

The file can be easily edited On Windows by using a text editor like Notepad++ or on macOS with an application like Xcode. The plist file itself cannot be deployed using Intune. Before we can deploy it we need to convert the file, for example by using mcxToProfile which can be downloaded from GitHub.

As the file from Microsoft is just an example file with hand a full of settings, let`s have a look at all the available settings we can manage. To get an overview of all the available settings, start the Edge browser on your Mac and type edge://policy in the search bar.

As no policies are applied (by default), the list of available policies is empty. Check Show policies with no value to get an overview of all the settings. You can use the box on the right to search through the settings.
Click on Show more to see the value set for the setting.
When you click on the setting (policy name) itself, you are redirected to Microsoft Docs.

On the Microsoft Docs site, you get more information about the specific policy setting as you can see below. The policy name is at the top, which matches the policy name we see in the policy list in the Edge browser. A description can be found on the site, the Data Type and the value which can be set for the data type.
Besides the policy name, the data type is also important to note, we need those two in the configuration file.

Edit the configuration file

We now have an example configuration file, we know where to find the available policy settings and where to find the additional information about the policy settings. We have all the information to create our own configuration file by editing the example file.

First rename the downloaded example file to com.microsoft.Edge.plist.

Below is a part of an example plist file opened in Notepad++ for the Windows users like I am.

Let`s take a deeper look at this example. I highlighted three examples, with three different data types:
Integer
String
Boolean


The first policy example is BrowserSignin, which is data type Integer.
On the first row of the policy, the policyname is placed as key. On the second row the actual setting is configured, in this case integer. Data type integer uses numbers to configure the setting. Which number corresponds with the setting you want to set, is found on Microsoft docs.

The second example is HomepageLocation, with data type String.
The value of a string is usually a word, for example a website.

The third example is PreventSmartScreenPromptOverride, with data type Boolean.
The value for boolean is true or false.

If we open such a plist file in Xcode, it looks like the one below;
The Integer data type is Number in Xcode.
Data type String is also String in Xcode.
And Boolean is just shown as Boolean.

When we are done adding all the required policy settings, we need to convert the plist file to a mobileconfig file so we can deploy it with Intune. There are several apps to convert such a file, I choose mcxToProfile. mcxToProfile is a command line tool which you can run in Terminal.
As you can read on Github, this is the command to convert a plist file:
./mcxToProfile.py –plist /path/to/a/plist –identifier MyApplicationPrefs

In our case we need to specify the location to our com.microsoft.Edge.plist file and our Identifier is com.microsoft.Edge:
./mcxToProfile.py –plist ./com.microsoft.Edge.plist –identifier com.microsoft.Edge

By using com.microsoft.Edge as Identifier we make sure this will be used in file as PayloadIdentifier and in the mobileconfig filename.

The end result is a configuration file com.microsoft.Edge.mobileconfig which is ready to be deployed with Intune.

Create a custom configuration policy in Intune

We have the configuration file ready for deployment, let`s create a custom configuration policy in the Microsoft Intune portal.

  • Give the configuration profile a Name
  • Enter a Description
  • Choose macOS as Platform
  • Choose Custom as Profile type
  • Click the Settings tab
  • Give the Custom configuration profile a name on the settings tab
  • Click the folder icon to browse to your configuration file and upload the file
  • Click OK – Click Create

Don`t forget to assign the configuration profile.

End-user experience

The policy file is configured to our needs and deployed with Intune by using a custom configuration policy. Let`s have a look at how that all looks at the Mac.

When we now start one of the Edge browsers and type edge://policy in the search bar, we see the settings applied via Intune.

When we open the options menu using the three dots on the top right, a message is shown at the bottom Managed By Your Organisation.

Settings which are managed using Intune are greyed out and marked with a briefcase icon, like the Show home button settings in below screen.

The location where you can see if the configuration profile is applied is under System preferences, Profiles.

That`s it for this blog post. I hope this information will help you getting started with managing the new Microsoft Edge browser with Microsoft Intune.

Share This!

Be the first to comment

Leave a Reply

Your email address will not be published.


*