Description

Deploy the ConcealBrowse extension to Google Chrome. Microsoft Edge, and Brave on Windows 10+ endpoints seamlessly with Intune and PowerShell.

Applies to

• Microsoft Intune
• Microsoft PowerShell

• Any edition of Windows 10 and 11 version 1709 and later

  • Windows Home, and S mode are not supported

• Google Chrome 101+

• Microsoft Edge version 77 and newer
  • Windows must be joined to Active Directory or Azure Active Directory
• Brave browser

Procedure

1. You may download the Install-ConcealBrowse.ps1 PowerShell script from this article: Current ConcealBrowse PowerShell Script
   1. The script contains detailed documentation and examples for your review.
2. Open your ConcealBrowse dashboard (https://dashboard.conceal.io) and navigate to the tab labelled Devices on the left side menu.
   
3. On the Devices page, click Register New Device in the upper right hand corner.
4. Once you click on Register a New Device, you will see two variables generated for the Company ID and Site ID. These will be used as arguments when executing the PowerShell script.
   
   

Intune Steps

Preparation

If you are transitioning your ConcealBrowse deployment from an Intune Configuration profile to the PowerShell script, you should edit the Configuration profile and un-assign any groups. This will prevent conflicts between the two deployment methods. Ultimately you may deleting the configuration profile once PowerShell deployment is successful.

Step 1: Customize the script

1. Open the Install-ConcealBrowse.ps1 script in your favorite editor, such as Visual Studio Code
2. Scroll down to the Parameters section, approximately line 75
3. For CompanyID and Site ID, paste in your unique IDs. Example below:
   

   [Parameter(ParameterSetName='Installation')]
       $CompanyID="2345678-9012-3456-7890-123456789012",
   [Parameter(ParameterSetName='Installation')]
       $SiteID="abcdefgh-ijkl-mnop-qrst-uvwxyzabcdef",

4. You may review the documentation and adjust other parameters as needed
5. Save

Step 2: Create a script policy

1. In the Intune console, click Devices > Scripts > +Add > Windows 10 and later
2. Name: Deploy ConcealBrowse Extension
3. Description: we recommend linking to this article
4. Next
5. Script location: Browse to the Install-ConcealBrowse.ps1 script modified in Step 1
6. Run this script using the logged on credentials: No
7. Enforce script signature check: No
8. Run script in 64 bit PowerShell Host: Yes
9. Next
10. Assign the script to a small test group of users before scaling up
11. Next
12. Review and Add

Step 3: Monitor run status

Intune devices check in when starting up and hourly for updates, thus restarting an assigned user's device will accelerate testing.

Monitor from Intune

1. While still in Devices > Scripts, click the Deploy ConcealBrowse Extension script
2. Click User or Device Status

Monitor from the Device

1. Agent logs on the client machine are typically in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs.
2. AgentExecutor.log track's PowerShell details.

References

• Use PowerShell scripts on Windows 10/11 devices in Intune
• Google Chrome Current Windows Security Technical Implementation Guide