Overview
Browser settings and policy, such as ExtensionSettings, may be set by multiple sources. The typical sources are:
- Platform (on the device/registry/configProfile)
- Cloud (cloud management like Chrome Browser Cloud Management and Microsoft Edge management service).
If there is a conflict between sources, there is a hierarchy or order of precedence which determines which policy will be applied. There are also multiple settings which modify this behavior.
ConcealBrowse may be 'uninstalled' if it is configured in a lower priority source, and a higher priority source is configured.
Policy Conflict Example
This screenshot shows a conflict where registry settings (Platform) are overruling the Edge management service (Cloud):
This screenshot shows the registry settings, aka Platform settings:
Finally this screenshot shows the Edge Management Service settings:
Google Chrome
"By default, Chrome policies respect the following order:
- Platform policies (ConcealBrowse Installer, Mobile Device Management, Group Policy)
- Machine cloud policies (eg Chrome Browser Cloud Management)
- OS-user policies
- Cloud-user policies (Chrome profile)
This means that if the same policy is set using different methods, by default, the policy at top of the hierarchy is applied, and all other policies are ignored."
Reference: https://support.google.com/chrome/a/answer/9037717
Microsoft Edge
Similar to Chrome. Device policies overrule User policies. Local/Device settings overrule cloud/management settings.
- Platform/Machine Device Configuration (ConcealBrowse Installer, Mobile Device Management, Group Policy)
- Edge Management Enrollment Token (Device Policy)
- Edge Management service - Group assignment (User Policy)
Modifiers
Change Precedence order
Each browser has policies which allows the policy precedence to be customized. Some of these may be set in the browser's cloud management service.
Examples:
- (Chrome) CloudPolicyOverridesPlatformPolicy
- (Chrome) CloudUserPolicyOverridesCloudMachinePolicy
- EdgeManagementPolicyOverridesPlatformPolicy
- EdgeManagementUserPolicyOverridesCloudMachinePolicy
Merge conflicting policies
This option seems limited to Chrome only as of September 2024
"You can use either the Policy mergelist setting in the [Chrome] Admin console or the PolicyListMultipleSourceMergeList and PolicyDictionaryMultipleSourceMergeList policies to merge policies that are applied from multiple sources."
Reference: https://support.google.com/chrome/a/answer/9037717#:~:text=Merging%20Chrome%20policies
Was this article helpful?
Articles in this section
- Browser Extension Management Hierarchy and Precedence
- Clear ConcealBrowse Extension Data on Windows
- Conceal Standard Support
- ConcealBrowse extension interface walkthrough
- Does ConcealBrowse replace antivirus or EDR?
- End User Guide for submitting feedback
- Flagging a URL for Conceal to review
- Getting started with ConcealBrowse as an end user
- How do I know my version of the ConcealBrowse extension?
- How do I prepare for an internal phishing campaign with ConcealBrowse?