Manage Microsoft Edge Chromium extensions with Microsoft Intune

Yes, again a blog post related to Microsoft Edge Chromium! This time a short post about how we can manage extensions (addons) for this new browser with Microsoft Intune.

If you are a Google Chrome user, you`re probably familiar with the possibility to add extensions to the browser. In the new Edge browser we also have the option to add extensions to the browser. With an Administrative Templates profile in Intune, we have the option to control these extensions.
With the Administrative Templates profile we can, for example, block all extensions, so users are not allowed to add just any extension themselves to the browser. This gives the organization control of which extensions are added to the browser.
With a second policy we can control which extensions are allowed to install (by the users manually) or even which extensions are installed silently.

Configure Administrative Templates profile

The Microsoft Edge extensions are managed with an Administrative Templates profile in Intune. In this example I show which setting is used to block all extensions and show which setting is used to install extensions silently.

  • Sign-in to the Device Management Portal
  • Browse to Devices – Windows
  • On the Configuration Profiles tab click Create profile
  • Give the configuration profile a Name
  • Enter a Description (optional)
  • Choose Windows 10 as Platform
  • Choose Administrative Templates as Profile type
  • Click Create
  • Open the settings tab
  • Select Edge version 77 and later from the drop-down list
  • Search for Extensions which gives an overview of all extension related settings
  • Click the setting Control which extensions cannot be installed
  • Select Enabled
  • Add an asterisk (*) to the first row (to block all extensions)
  • Click OK

To allow an Microsoft Store extension to be silently installed (or allowed to install manually), we need to add it to the configuration profile by using the extension ID. The extension ID of an extension can be easily found by visiting the Microsoft Store and search for the extension. The extension ID is shown in the address bar as last part of the URL as shown below.

If you want to silently install an extension from the Google Chrome Store, we also need to have the extension ID of the extension. This can be found by visiting the Chrome Store and search for the extension. The ID is shown in the address bar.

  • Switch back to the Endpoint Manager Portal
  • Click the setting Control which extensions are installed silently
  • Select Enabled
  • For a extension from the Microsoft store only add the extension IDs to the setting (on every row 1 ID)

For an Chrome store extension add the extension ID followed by the update URL (, separated by a semi colon.
For example:
Click OK when finished.

Don`t forget to assign the profile to a security group

If you have extensions you don`t want to get installed silently, but do want to allow the user to install it manually, use the setting ‘Allow specific extension to be installed.’

End-user experience

Let`s have a look at the end-user experience.
As soon as the policy is applied, the extensions are installed silently. The extensions can be found via the menu or by entering edge://extensions in the address bar.
In this example the first two extensions are installed from the Microsoft Store and the third extension from the Google Chrome Store.

When a user tries to install an extension from the store which is not allowed, the installation is blocked with a message like this.

That`s it for this blog post. Thank you again for reading.

If you want to read more posts about the Microsoft Edge browser, they are listed here.


  1. Hei!
    nice tutorial.
    i have question is it possible to install extensions from google store ?
    i have installed extension Manually and copied extension ID but when i am adding to administrive templates nothing happens ;(
    Policy by itself is pushed to Edge but extension not installed.

  2. Looks like Microsoft has updated Intune and the Admin Templates are much different now. I’m guessing they’re wanting us to move to a Powershell Script for this.

  3. Hi Peter!

    I know my question is not about Intune but I am despaetly stucked.
    First I wanted deploy my extension on the local machine with the registry then I tried it from a server with fileshare. Now I created a file share in Azure, I uploaded the crx file and I have an URL with SAS token what I write in the update_url parameter of key HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\Extensions\glmijebempncfacedohfpiihhnmebbpj. But the extension will not be installed.
    Can you help me, please?

Leave a Reply

Your email address will not be published.