Deploy the ConcealBrowse extension to Chrome on Windows 10+ using Intune

Description

Deploy the ConcealBrowse extension to Google Chrome on Windows 10+ endpoints seamlessly with Microsoft Intune.

Applies to

Microsoft Intune
- You must have an administrator account for Intune to use this guide
Any edition of Windows 10 and 11 but not Windows Home
Google Chrome version 101 or later

Pre-requisite: Windows, Google Chrome, and ConcealBrowseChrome administrative templates

Check if the ADMX templates have been imported

In your web browser, log in to the Microsoft Endpoint Manager admin center
On the left, click Devices. Then under the Policy section click Configuration Profiles
While in Configuration Profiles, click the tab labeled Import ADMX
Verify that Windows.admx, google.admx, chrome.admx, and ConcealBrowseChrome.admx appear and have a status of Available
1. If they are all available, you may skip to either Procedure for Normal Installation (users can disable) or Procedure for Enforced Installation (users cannot disable)
2. If they are not available, continue to the next step below.

Download ConcealBrowse ADMX files

Download the ConcealBrowse.admx and .adml files attached to this article
Note the download location of the files for the import step

Download Windows ADMX files

Navigate to the official Microsoft ADMX templates for Windows 10+ here
Download and run the MSI file which extracts the ADMX files
Note the location of the extracted files for the import step

Download Chrome ADMX files

Navigate to the official Google’s ADMX templates and Google’s Updater ADM template here.
In the Manage Policies section for Policy templates, click the button labeled Download under the Chrome ADM/ADMX templates
Locate policy_templates.zip and unzip/extract it
Note the location of the extracted files for the import step

Import the ADMX templates

In your web browser navigate to the Microsoft Endpoint Manager admin center.
On the left click Devices. Then under the Policy section click Configuration Profiles
While in Configuration Profiles, click the tab labeled Import ADMX
NOTE: You must upload the windows.admx and windows.adml files before chrome.admx. If not, the error message "ADMX file referenced not found NamespaceMissing:Microsoft.Policies.Windows. Please upload it first." is displayed.
NOTE: You must upload the google.admx and google.adml files before chrome.admx. If not, the error message "ADMX file referenced not found NamespaceMissing:Google.Policies. Please upload it first." is displayed.
To import the Windows.admx and Windows.adml files:
1. Click Import
2. Select the ADMX file found at .../Windows.admx
3. Select the ADML file found at .../en-US/Windows.adml
4. Click Next
5. Click Create
To import the google.admx and google.adml files:
1. Click Import
2. Select the ADMX file found at .../policy_templates/windows/admx/google.admx
3. Select the ADML file found at .../policy_templates/windows/admx/en-US/google.adml
4. Click Next
5. Click Create
To import the chrome.admx and chrome.adml files:
1. Click Import
2. Select the ADMX file found at .../policy_templates/windows/admx/chrome.admx
3. Select the ADML file found at .../policy_templates/windows/admx/en-US/chrome.adml
4. Click Next
5. Click Create
To import the ConcealBrowse.admx and ConcealBrowse.adml files:
1. Click Import
2. Select the ADMX file found at .../ConcealBrowse.admx
3. Select the ADML file found at .../ConcealBrowse.adml
4. Click Next
5. Click Create
Verify the ADMX templates have successfully loaded by refreshing the Import ADMX list and verifying the Status is Available for all templates.

Procedure for Normal Installation (users can disable)

In the Microsoft Endpoint Manager admin center, click Devices > Windows > Configuration profiles
Click Create Profile
In Platforms, select Windows 10 and later
In Profile type, select Templates
Click Imported Administrative templates (Preview)
Click Create
Enter a configuration name, such as Google Chrome - ConcealBrowse
Click Next
Configure the policy based on the Chrome Settings Guide below
Select any applicable Scope Tags
Click Next
Select any applicable Included groups and Excluded groups, and respective Filters. We recommend starting with a small test group to verify the settings work as intended
Click Next
Click Create

Procedure for Enforced Installation (users cannot disable)

Use the Procedure for Normal Installation and within the "Extension management settings", edit the installation_mode from normal_installed to force_installed

Chrome Settings Guide

Required Settings

"Extension management settings"

Path: Computer Configuration\Google\Google Chrome\Extensions\Extension management settings
Toggle: Enabled
Value:

{ "jmdpihfpelphmllgmamebdbelmobjfpg": { "installation_mode": "normal_installed", "toolbar_pin": "force_pinned", "update_url": "https://clients2.google.com/service/update2/crx" }}

"Google Chrome, ConcealBrowse Company ID"

Path: Conceal\ConcealBrowse Extension
Toggle: Enabled
Value: Your Company ID, Find your Company ID & Site ID: Register New Device > Step 4

Example: abcdefgh-ijklm-nopq-rstuvwxyz123

"Google Chrome, ConcealBrowse Site ID"

Path: Conceal\ConcealBrowse Extension
Toggle: Enabled
Value: Your Site ID, Find your Company ID & Site ID: Register New Device > Step 4

Example: abcdefgh-ijklm-nopq-rstuvwxyz123

Recommended Settings

"Incognito mode availability"

Conceal Recommends because extensions cannot be enforced for Incognito mode (STIG Medium)
Path: Computer Configuration\Google\Google Chrome\Incognito mode availability
Toggle: Enabled
Value: Incognito mode disabled

"Enable guest mode in browser"

Conceal Recommends because extensions cannot be enforced for Guest mode (STIG Medium)
Path: Computer Configuration\Google\Google Chrome\Enable guest mode in browser
Toggle: Disabled

References

Attachments

ConcealBrowse.adml (2 KB) ConcealBrowse.admx (3 KB)

0 0

Was this article helpful?

0 out of 0 found this helpful

Articles in this section

Hey, how can we help?