As a Chrome Enterprise administrator, you can manage Chrome Browser on Microsoft® Windows® computers using Microsoft® Intune, we will look at one such functionality of restricting url's on the managed devices, lets see how this works.


Pre-Requirements:

  1. Access to the Azure Intune portal where you will be creating the policies.
  2. Chrome Browser version on the managed device should be  69 or later.
  3. Any edition of Windows 10 except Windows Home


Lets get startetd !!


  1. Ingest the Chrome ADMX file into Intune, ADM/ADMX templates contain user and device policies, you can download the essential tool from here
    In my case I have downloaded the Chrome bundle for Windows 64‑bit as majority of the systems in my organisation are 64 bit chrome installed is aslo 64 bit.

  2. In the downloaded Chrome bundle go to : GoogleChromeEnterpriseBundle64.zip\Configuration\admx. Copy the text from chrome.admx from that location and paste it in a notepad.

  3. Sign in to the Microsoft Azure portal

  4. Go to Intune >Device configuration > Profiles.

  5. Next to Devices configuration – Profiles, click Create profile.


  6. Enter the following text in these fields:


  7. Selecting Custom in the step above opens a new menu for OMA-URI settings. Click Add to add specific policies you can configure and enter the following text(adding screenshot)
    Field
    Text to enter
    Name
    Chrome ADMX Ingestion
    Description 
    (optional) 
    OMA-URI
    ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx
    Data type
    String (select from drop-down list) 


  8. Once you select String, a Value text field opens below. Copy the text from chrome.admx that you copied in step 2. In the Value field, paste the copied content. Attaching the Chrome.admx file for Chrome bundle for Windows 64‑bit for your reference.

  9. Click OK and OK again to save the Custom OMA-URI settings.

  10. Click Create to create the new profile.

  11. Go to Intune >Device configuration >Profiles again

  12. Click the Windows 10 – Chrome configuration profile you created.

  13. Select Properties >Settings >Configure to open the Custom OMA-URI settings.

  14. Click Add to add a row.

  15. Enter text into the fields, as below for URL blacklist(adding screenshot)
    Field
    Text to enter
    Name
    Chrome – ADMX – URLBlacklist
    DescriptionList of URLs to blacklist
    OMA-URI ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/URLBlacklist
    Data type String
    Value 

    <enabled/>


    <data id="URLBlacklistDesc" 


    value="1&#xF000;http://www.cnn.com&#xF000;2&#xF000;http://www.abc.com"/>


    Important: When creating a key-value pair list (to list URLs for a blacklist or cookies allowed for specific URLs), use &#xF000; as the separator.




  16. After you’ve set the policies you want to configure, click OK and OK again to save the Custom OMA-URI settings.

  17. At the top, click Save to save the Windows 10 – Chrome configuration settings. You will see a Profile saved notification when successful.

  18. Go to Assignment and select the group of users/devices where you wish to apply this policy to:
  19. Allow time for Intune to propagate the policy to Chrome on one of the devices you’re managing. If the policy is taking time to push, verify that the device is enrolled and you have synced the device to get the latest policies from Intune.

  20. On a managed device, open Chrome Browser.

  21. In the address bar, enter chrome://policy and verify that the policy you set is enabled.
  22. Now, when the user tries to browse youtube.com, they get the following error:


For any other concerns related to Office 365 plan and subscriptions. You can reach out to us by submitting a ticket on our portal https://cloud.foetron.com/ or you can directly mail us at support@foetron.com. Check out our website www.foetron.com to know about the services offered by us.