Restricting Specific URL's in Chrome

As a Chrome Enterprise administrator, you can manage Chrome Browser on Microsoft^® Windows^® computers using Microsoft^® Intune, we will look at one such functionality of restricting url's on the managed devices, lets see how this works.

Pre-Requirements:

1. Access to the Azure Intune portal where you will be creating the policies.
2. Chrome Browser version on the managed device should be  69 or later.
3. Any edition of Windows 10 except Windows Home

Lets get startetd !!

1. Ingest the Chrome ADMX file into Intune, ADM/ADMX templates contain user and device policies, you can download the essential tool from here
   In my case I have downloaded the Chrome bundle for Windows 64‑bit as majority of the systems in my organisation are 64 bit chrome installed is aslo 64 bit.
   
   
2. In the downloaded Chrome bundle go to : GoogleChromeEnterpriseBundle64.zip\Configuration\admx. Copy the text from chrome.admx from that location and paste it in a notepad.
   
   
3. Sign in to the Microsoft Azure portal 
   
   
4. Go to Intune >Device configuration > Profiles.
   
   
5. Next to Devices configuration – Profiles, click Create profile.
   
   
   
6. Enter the following text in these fields:
   
   
   
7. Selecting Custom in the step above opens a new menu for OMA-URI settings. Click Add to add specific policies you can configure and enter the following text(adding screenshot)
   

   Field	Text to enter
   Name	Chrome ADMX Ingestion
   Description	(optional)

   OMA-URI	./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx
   Data type	String (select from drop-down list)

   
   
   
8. Once you select String, a Value text field opens below. Copy the text from chrome.admx that you copied in step 2. In the Value field, paste the copied content. Attaching the Chrome.admx file for Chrome bundle for Windows 64‑bit for your reference.
   
   
9. Click OK and OK again to save the Custom OMA-URI settings.
   
   
10. Click Create to create the new profile.
    
    
11. Go to Intune >Device configuration >Profiles again
    
    
12. Click the Windows 10 – Chrome configuration profile you created.
    
    
13. Select Properties >Settings >Configure to open the Custom OMA-URI settings.
    
    
14. Click Add to add a row.
    
    
15. Enter text into the fields, as below for URL blacklist(adding screenshot)
    

    Field	Text to enter
    Name	Chrome – ADMX – URLBlacklist
    Description	List of URLs to blacklist
    OMA-URI	./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/URLBlacklist
    Data type	String
    Value	<enabled/> <data id="URLBlacklistDesc"  value="1&#xF000;http://www.cnn.com&#xF000;2&#xF000;http://www.abc.com"/> Important: When creating a key-value pair list (to list URLs for a blacklist or cookies allowed for specific URLs), use &#xF000; as the separator.

    
    
    
16. After you’ve set the policies you want to configure, click OK and OK again to save the Custom OMA-URI settings.
    
    
17. At the top, click Save to save the Windows 10 – Chrome configuration settings. You will see a Profile saved notification when successful.
    
    
18. Go to Assignment and select the group of users/devices where you wish to apply this policy to:
    
19. Allow time for Intune to propagate the policy to Chrome on one of the devices you’re managing. If the policy is taking time to push, verify that the device is enrolled and you have synced the device to get the latest policies from Intune.
    
    
20. On a managed device, open Chrome Browser.
    
    
21. In the address bar, enter chrome://policy and verify that the policy you set is enabled.
    
22. Now, when the user tries to browse youtube.com, they get the following error: