Description
Deploy ConcealBrowse to multiple browsers on macOS endpoints with Microsoft Intune. This is a two stage process as required by macOS architecture.
Stage 1 deploys the ConcealBrowse helper application which authenticates the browser extension(s) and provides you with telemetry such as the hostname and logged in username.
Stage 2 configures your browsers to install and require ConcealBrowse from each browser's web store.
Applies to
- Microsoft Intune
- Apple macOS
- Google Chrome
- Microsoft Edge
- Mozilla Firefox
- Brave browser
Before You Begin
- Request your customized ConcealBrowse.pkg from support@conceal.io. The customized file will includes your tenant's information.
- Download the customized macOS PKG
Stage 1: Install ConcealBrowse Helper application
- In the Intune console, click Apps > macOS > +Add
- App Type: macOS app (PKG)
- We have not been able to make other types work in our testing
- Click Select app package file
- Select TenantName-ConcealBrowse.pkg downloaded earlier
-
Click OK
-
Name: ConcealBrowse
- Description: ConcealBrowse is a lightweight browser extension that converts any browser to a secure, zero-trust browser, catching malware and credential theft attacks that bypass other security controls.
-
Publisher: Conceal
-
Other fields are optional
-
Next
- Pre and Post Install scripts are not used, Next
- Minimum operating system, oldest is OK, Next
- Ignore app version: No
- Next
-
Start by assigning the app to a test group and expand after initial testing, use the same group in the following Stages.
- The installation may not complete until the target device is restarted.
Stage 2: Deploy ConcealBrowse Extension to each browser
We highly recommend verifying that the ConcealBrowse helper application has installed on endpoints before configuring your browsers to install the ConcealBrowse Extension. If the extension is installed prior to the helper, the user will be prompted to log in which may cause confusion and disruption for your support team. |
These steps may vary depending on how you manage each browser. As this article is targeted to Intune, we will assume you manage your browsers with Intune.
Steps for Chrome, Brave, and Edge
Follow these steps all the way through for each browser you are configuring
- In the Intune console, click Devices > macOS > Configuration Profiles
- Check to see if you have an existing profile for your browser. From our testing you can only have one profile per application.
- If you do NOT have a profile for your browser, refer to the next section named: If you need to create a profile
- If you already have a profile, scroll down to the section: If you already have a profile
If you need to create a profile
-
Download the pre-configured plist file for your browser, they are attached to this article and may be found near the bottom
- Chrome or Brave: Select Intune_ConcealBrowse_Chrome.plist (the content is identical for both browsers)
- Edge: Select Intune_ConcealBrowse_Edge.plist
- Firefox: Select Intune_ConcealBrowse_Firefox.plist - In the Intune console, Click +Create > +New Policy
- Profile type: Templates
- Template name: Preference file
- Click Create -
Basics:
- Name: <Browser> Preferences (example: Chrome Preferences)
- Description: We recommend adding your name, date, and a link to this article
- Click Next -
Configuration settings:
- Preference domain name:
- - Chrome: com.google.chrome
- - Brave: com.brave.browser
- - Edge: com.microsoft.edge
- - Firefox: org.mozilla.firefox
- Click Select a file
- Browse to and select the plist file you downloaded in step 1
- Click Next -
Assignments:
- Choose a group to test the preferences with before expanding deployment
- Click Next, then Create
If you already have a profile
- Click on the existing profile
- Click Edit next to Configuration settings
-
Verify the Preference domain name is correct for your browser
- Chrome: com.google.Chrome
- Brave: com.brave.Browser
- Edge: com.microsoft.edge
- Firefox: org.mozilla.firefox -
Copy the contents of the existing Property list file (plist) into your favorite text editor
-
Search the plist for "ExtensionSettings", it’s unlikely to be present.
-
If ExtensionSettings is present you will need to merge the following into the existing ExtensionSettings section. Specifically lines 3-11 will be inserted.
-
-
For Chrome or Brave, add the following to the bottom of the existing plist file:
<key>ExtensionSettings</key>
<dict>
<key>jmdpihfpelphmllgmamebdbelmobjfpg</key>
<dict>
<key>installation_mode</key>
<string>force_installed</string>
<key>toolbar_pin</key>
<string>force_pinned</string>
<key>update_url</key>
<string>https://clients2.google.com/service/update2/crx</string>
</dict>
</dict> - For Edge, add the following to the bottom of the existing plist file
<key>ExtensionSettings</key>
<dict>
<key>ojjdicpccncniljgdmjcepenkkpmnnmk</key>
<dict>
<key>installation_mode</key>
<string>force_installed</string>
<key>toolbar_state</key>
<string>force_shown</string>
<key>update_url</key>
<string>https://edge.microsoft.com/extensionwebstorebase/v1/crx</string>
</dict>
</dict> - For Firefox, add the following to the bottom of the existing plist file.
<key>ExtensionSettings</key>
<dict>
<key>concealbrowse@conceal.io</key>
<dict>
<key>installation_mode</key>
<string>force_installed</string>
<key>install_url</key>
<string>https://conceal-browse.conceal.io/firefox/latest/concealbrowse.xpi</string>
</dict>
</dict> -
Save the updated filed to you computer
-
In the Preference file editing screen from step 3, click Select a file
-
Select the updated file on your computer and click Open
-
Click Review + save, then Save the updated profile
- It will take some time before Intune applies the profile to a targeted device
Verify the Configuration Profile has applied to your testing Mac(s)
- Open System Settings on a targeted Mac
- Navigate to Privacy & Security > Profiles
- When applied you see a profile named Custom Preferences Profile - tld.domain.browser (ex com.google.chrome)
- Open, or reopen, the targeted browser and the ConcealBrowse extension will be automatically installed. The extension will also automatically register to your dashboard thanks to the helper installed in Stage 1.
Recommended Step: Disable incognito and guest mode
It’s not possible to enforce extension usage in Incognito or Guest mode. Therefore it is recommended to disable them by adding the following to your browser's plist configuration.
Chrome and Brave:
<key>IncognitoModeAvailability</key>
<integer>1</integer>
<key>BrowserGuestModeEnabled</key>
<false/>
Edge:
<key>InPrivateModeAvailability</key>
<integer>1</integer>
<key>BrowserGuestModeEnabled</key>
<false/>
Firefox:
<key>DisablePrivateBrowsing</key>
<true/>
References
Was this article helpful?
Articles in this section
- Deploy ConcealBrowse on macOS using NinjaOne RMM
- Deploy ConcealBrowse on Windows 10+ using NinjaOne RMM
- Deploy ConcealBrowse on macOS using Jamf Pro Cloud
- Deploy ConcealBrowse on Windows 10+ using Kaseya VSA X
- Manually installing ConcealBrowse on macOS
- Introducing ConcealBrowse to end users
- Deploy ConcealBrowse on macOS using Intune
- Possible ThreatLocker effects when deploying ConcealBrowse
- Deploy ConcealBrowse on Windows 10+ using Atera RMM
- Deploy ConcealBrowse on Windows 10+ using Group Policy