Yes, again a blog post related to Microsoft Edge Chromium! This time a short post about how we can manage extensions (addons) for this new browser with Microsoft Intune.
If you are a Google Chrome user, you`re probably familiar with the possibility to add extensions to the browser. In the new Edge browser we also have the option to add extensions to the browser. With an Administrative Templates profile in Intune, we have the option to control these extensions.
With the Administrative Templates profile we can, for example, block all extensions, so users are not allowed to add just any extension themselves to the browser. This gives the organization control of which extensions are added to the browser.
With a second policy we can control which extensions are allowed to install (by the users manually) or even which extensions are installed silently.
Configure Administrative Templates profile
The Microsoft Edge extensions are managed with an Administrative Templates profile in Intune. In this example I show which setting is used to block all extensions and show which setting is used to install extensions silently.
- Sign-in to the Device Management Portal
- Browse to Devices – Windows
- On the Configuration Profiles tab click Create profile
- Give the configuration profile a Name
- Enter a Description (optional)
- Choose Windows 10 as Platform
- Choose Administrative Templates as Profile type
- Click Create
- Open the settings tab
- Select Edge version 77 and later from the drop-down list
- Search for Extensions which gives an overview of all extension related settings
- Click the setting Control which extensions cannot be installed
- Select Enabled
- Add an asterisk (*) to the first row (to block all extensions)
- Click OK
To allow an Microsoft Store extension to be silently installed (or allowed to install manually), we need to add it to the configuration profile by using the extension ID. The extension ID of an extension can be easily found by visiting the Microsoft Store and search for the extension. The extension ID is shown in the address bar as last part of the URL as shown below.
If you want to silently install an extension from the Google Chrome Store, we also need to have the extension ID of the extension. This can be found by visiting the Chrome Store and search for the extension. The ID is shown in the address bar.
- Switch back to the Endpoint Manager Portal
- Click the setting Control which extensions are installed silently
- Select Enabled
- For a extension from the Microsoft store only add the extension IDs to the setting (on every row 1 ID)
For an Chrome store extension add the extension ID followed by the update URL (https://clients2.google.com/service/update2/crx), separated by a semi colon.
For example:
ndjpnladcallmjemlbaebfadecfhkepb;https://clients2.google.com/service/update2/crx
Click OK when finished.
Don`t forget to assign the profile to a security group
If you have extensions you don`t want to get installed silently, but do want to allow the user to install it manually, use the setting ‘Allow specific extension to be installed.’
End-user experience
Let`s have a look at the end-user experience.
As soon as the policy is applied, the extensions are installed silently. The extensions can be found via the menu or by entering edge://extensions in the address bar.
In this example the first two extensions are installed from the Microsoft Store and the third extension from the Google Chrome Store.
When a user tries to install an extension from the store which is not allowed, the installation is blocked with a message like this.
That`s it for this blog post. Thank you again for reading.
If you want to read more posts about the Microsoft Edge browser, they are listed here.
Hei!
nice tutorial.
i have question is it possible to install extensions from google store ?
i have installed extension Manually and copied extension ID but when i am adding to administrive templates nothing happens ;(
Policy by itself is pushed to Edge but extension not installed.
Hi Varis,
Have a look at the article, I added instructions how to manage Google Chrome Store extensions 🙂
Thanks Peter!
missed that ;https://clients2.google.com/service/update2/crx
this needs to be added
Cheers
Looks like Microsoft has updated Intune and the Admin Templates are much different now. I’m guessing they’re wanting us to move to a Powershell Script for this.
The gui is changed, looks more like the GPMC console now. Probably highly requested by customers. But still the same settings are available.
The edge extension store is : https://edge.microsoft.com/extensionwebstorebase/v1/crx
Hi,
I am trying to install silently “my apps – secure sign in extension” with Intune. However, I am not getting the result.
I have blocked all the extensions and added my apps – ID to install silently templates.
“gaaceiggkkiffbfdpmfapegoiohkiipl;https://edge.microsoft.com/extensionwebstorebase/v1/crx”
But it still gives me no result.
It worked! Everything was right. Device needed some time 😛
Hi Peter!
I know my question is not about Intune but I am despaetly stucked.
First I wanted deploy my extension on the local machine with the registry then I tried it from a server with fileshare. Now I created a file share in Azure, I uploaded the crx file and I have an URL with SAS token what I write in the update_url parameter of key HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\Extensions\glmijebempncfacedohfpiihhnmebbpj. But the extension will not be installed.
Can you help me, please?