Deploy ConcealBrowse on macOS using Jamf Pro Cloud Deploy ConcealBrowse on macOS using Jamf Pro Cloud

Deploy ConcealBrowse on macOS using Jamf Pro Cloud

Description

Deploy ConcealBrowse to multiple browsers on macOS endpoints with Jamf Pro Cloud. This is a two stage process as required by macOS architecture.

Stage 1 deploys the ConcealBrowse helper application which authenticates the browser extension(s) and provides you with telemetry such as the hostname and logged in username.

Stage 2 configures your browsers to install and require ConcealBrowse from each browser's web store.

Applies to

  • Jamf Pro Cloud
  • Apple macOS
  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox
  • Brave browser

Before You Begin

  1. Request your customized ConcealBrowse.pkg from support@conceal.io. The customized file will includes your tenant's information.
  2. Download the customized macOS PKG

Stage 1: Install ConcealBrowse Helper application

Upload the customized PKG which installs the ConcealBrowse helper

  1. In the Jamf Pro cloud console, click Settings > Computer Management > Packages
  2. Click +New

  3. Click Choose File, select the customized PKG downloaded earlier, click Open

  4. (Optional) Make the name friendlier like ConcealBrowse for <your company name>

  5. (Optional) Add other Info such as a link to this article

  6. Click Save

Create a policy to install the helper

  1. In the Jamf Pro cloud console, click Computers > Policies
  2. Click +New
  3. Name: Install ConcealBrowse Helper
  4. Trigger: Recurring Check-in
  5. Click Packages > Configure
  6. Click Add next to the ConcealBrowse PKG created in the previous section
  7. Click the Scope Tab
  8. Choose an appropriate computer scope such as Specific Computers, and one or more testing computers
  9. Click Save
  10. The installation may not complete until the targeted computers have restarted

In scope computers will install the ConcealBrowse helper at next check-in.

Stage 2: Deploy ConcealBrowse Extension to each browser

We highly recommend verifying that the ConcealBrowse helper application has installed on endpoints before configuring your browsers to install the ConcealBrowse Extension. If the extension is installed prior to the helper, the user will be prompted to log in which may cause confusion and disruption for your support team.

These steps may vary depending on how you manage each browser. As this article is targeted to Jamf Pro, we will assume you manage your browsers with Jamf Pro.

Steps for Chrome, Brave, and Edge

Follow these steps all the way through for each browser you are configuring

  1. In the Jamf Pro console, click Computers > Configuration Profiles
  2. Check to see if you have an existing profile for your browser. From our testing you can only have one profile per application.
    1. If you do NOT have a profile for your browser, refer to the next section named: If you need to create a profile
    2. If you already have a profile, scroll down to the section: If you already have a profile

If you need to create a profile

  1. Download the pre-configured plist file for your browser, they are attached to this article and may be found near the bottom
    - Chrome or Brave: Select JamfPro_ConcealBrowse_Chrome.plist (the content is identical for both browsers)
    - Edge: Select JamfPro_ConcealBrowse_Edge.plist
    - Firefox: Select JamfPro_ConcealBrowse_Firefox.plist

  2. In the Jamf Pro console, in Configuration Profiles, Click +New
    General:
    - Name: <Browser> Preferences (example: Chrome Preferences)
    - Description: We recommend adding your name, date, and a link to this article
  3. Click/Expand Application & Custom Settings, then click Upload
  4. Click +Add
  5. Preference Domain:
    - Chrome: com.google.chrome
    - Brave: com.brave.browser
    - Edge: com.microsoft.edge
    - Firefox: org.mozilla.firefox

  6. Scroll down, and click Upload

  7. Browse to and select the plist file you downloaded in step 1, click Open

  8. Click the Scope Tab

  9. Choose an appropriate computer scope such as Specific Computers, and one or more testing computers, this should match the scope from Stage 1

  10. Click Save

In scope computers will install the Configuration Profile shortly, or at next check-in.

If you already have a profile

We will assume your existing profile utilizes Custom Settings via Upload

  1. Click on the existing profile
  2. Click Edit
  3. Click/Expand Application & Custom Settings, then click Upload
  4. Verify the Preference domain name is correct for your browser
    - Chrome: com.google.chrome
    - Brave: com.brave.browser
    - Edge: com.microsoft.edge
    - Firefox: org.mozilla.firefox

  5. Search the Property List for "ExtensionSettings", it’s unlikely to be present.

    1. If ExtensionSettings is present you will need to merge the following into the existing ExtensionSettings section. Specifically lines 3-11 will be inserted.

  6. For Chrome or Brave, above the final </dict> and </plist> tags, add the following to the bottom of the existing plist file:

    <key>ExtensionSettings</key>
    <dict>
    <key>jmdpihfpelphmllgmamebdbelmobjfpg</key>
    <dict>
    <key>installation_mode</key>
    <string>force_installed</string>
    <key>toolbar_pin</key>
    <string>force_pinned</string>
    <key>update_url</key>
    <string>https://clients2.google.com/service/update2/crx</string>
    </dict>
    </dict>
  7. For Edge, above the final </dict> and </plist> tags, add the following to the bottom of the existing plist file
    <key>ExtensionSettings</key>
    <dict>
    <key>ojjdicpccncniljgdmjcepenkkpmnnmk</key>
    <dict>
    <key>installation_mode</key>
    <string>force_installed</string>
    <key>toolbar_state</key>
    <string>force_shown</string>
    <key>update_url</key>
    <string>https://edge.microsoft.com/extensionwebstorebase/v1/crx</string>
    </dict>
    </dict>
  8. For Firefox, above the final </dict> and </plist> tags, add the following to the bottom of the existing plist file.
    <key>ExtensionSettings</key>
    <dict>
    <key>concealbrowse@conceal.io</key>
    <dict>
    <key>installation_mode</key>
    <string>force_installed</string>
    <key>install_url</key>
    <string>https://conceal-browse.conceal.io/firefox/latest/concealbrowse.xpi</string>
    </dict>
    </dict>
  9. Click Save

In scope computers will install the modified Configuration Profile shortly, or at next check-in.

Verify the Configuration Profile has applied to your testing Mac(s)

  1. Open System Settings on a targeted Mac
  2. Navigate to Privacy & Security > Profiles
  3. When applied you will see a profile named <Browser> Preferences as named in an earlier step
  4. Open, or reopen, the targeted browser and the ConcealBrowse extension will be automatically installed. The extension will also automatically register to your dashboard thanks to the helper installed in Stage 1.
  5. You may check the browser configuration by looking at its policy page, restarting the browser causes it to check for new policies:
    - Chrome: chrome://policy
    - Brave: brave://policy
    - Edge: edge://policy
    - Firefox: about:policies

Recommended Step: Disable incognito and guest mode

It’s not possible to enforce extension usage in Incognito/InPrivate or Guest mode. Therefore it is recommended to disable them by adding the following to your browser's plist configuration.

Chrome and Brave:

<key>IncognitoModeAvailability</key>
<integer>1</integer>
<key>BrowserGuestModeEnabled</key>
<false/>

Edge:

<key>InPrivateModeAvailability</key>
<integer>1</integer>
<key>BrowserGuestModeEnabled</key>
<false/>

Firefox:

<key>DisablePrivateBrowsing</key>
<true/>

References