As the power of Microsoft Intune grows with great force, in this blog post we are going to look at how to install Google Chrome and manage via Microsoft Intune. I have been recently looking how to leverage Microsoft Intune for more than just Microsoft based tooling and Google Chrome can be installed and managed for Windows 10 desktop estate.
Intune lets you manage macOS devices to give users access to company email and apps. As an Intune admin, you can set up enrollment for company-owned macOS devices and personally owned macOS devices ('bring your own device' or BYOD). Add, configure, or create settings on macOS devices to use system extensions and kernel extensions. Also, allow users to override approved extensions, allow all extensions from a team identifier, or allow specific extensions or apps in Microsoft Intune.
Installing Google Chrome
Download Google Chrome Package
Visit the following url to download Google Chrome for Enterprise
https://cloud.google.com/chrome-enterprise/browser/download/
https://cloud.google.com/chrome-enterprise/browser/download/
![Mac Mac](/uploads/1/1/8/9/118934801/167976842.jpg)
- The Intune App Wrapping Tool for Mac must be run on a macOS machine. Mark the downloaded tool as an executable: Start the terminal app. Change the directory to the location where IntuneAppUtil is located.
- Microsoft Intune supports the deployment of applications using InstallApplication. This opens the possibility to manage Mac computers with Microsoft Intune, and automatically push Munki to provide additional functionality. The process for that is outlined in How to add macOS line-of-business (L.
Microsoft Intune
First of all, we need to log into your Azure Portal and go to the following location;
- Microsoft Intune
- Client Apps
- Add
- Line-of-business app
Now we need to select the GoogleChromeStandaloneEnterprise msi located within the zip file package
You will now need to populate a bit of information under App information field below App package files before being able to assign Google Chrome to all your enterprise or selected security groups.
As you can see from the image below I have targeted several security groups within my personal tenant and make the app required for all users / all devices.
![Intune For Mac Intune For Mac](/uploads/1/1/8/9/118934801/479995041.jpg)
Make sure you save you configured as you exit this configuration.
Managing Google Chrome
Import Google Chrome ADMX Templates
- Download the Chrome ADMX templates.
- You would have already completed this step when downloading the Google Chrome Msi.
- Sign in to the Microsoft Azure portal.
- Go to Intune Device configuration Profiles.
- Next to Devices configuration – Profiles, click Create
profile . - Enter the following text in these fields:
Field | Text to enter |
Name | Windows 10 – Chrome configuration (or use any descriptive name) |
Description | Enter a description (optional) |
Platform | Windows 10 and later |
Profile type | Custom |
Settings | Custom (select from drop-down list) |
Selecting Custom in the step above opens a new menu for OMA-URI settings. Click Add to add specific policies you can configure and enter the following text:
Field | Text to enter |
Name | Chrome ADMX Ingestion |
Description | Enter a description (optional) |
OMA-URI | /Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx |
Data typeProfile type | String (select from |
- Once you select String, a Value text field opens below. On your computer, go to
- Copy the text from chrome.admx.
- In the Value field, paste the chrome
. text.admx - Click OK and OK again to save the Custom OMA-URI settings.
- Click Create to create a new profile.
Configure Google Chrome Policy
- Go to Intune –> Device Configuration –> Profile
- Click the Windows 10 – Chrome configuration profile you created
previous - Select Properties –> Settings –> Configure to open Custom OMA-URI setting
- Click Add to a row
- Enter text into the fields, following the examples below for the type of policy you’re implementing.
Example A: Disable Password Manager
Field | Text to enter |
---|---|
Name | Chrome – ADMX – PasswordManagerEnabled |
Description | Disable Password Manager |
OMA-URI | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~PasswordManager/PasswordManagerEnabled |
Data type | String |
Value |
List of all Google Chrome Configurations
The below tables provides all the settings that are available for delivery using Microsoft Intune
Policy | OMA-URI | Data type | Example value |
Chrome – ADMX – AllowOutdatedPlugins | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/AllowOutdatedPlugins | string | <disabled/> |
Chrome – ADMX – AudioCaptureAllowedUrls | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/AudioCaptureAllowedUrls | string | <enabled/> <data id=”AudioCaptureAllowedUrlsDesc” value=”1[*.]example.com“/> |
Chrome – ADMX – AutoFillEnabled | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/AutoFillEnabled | string | <disabled/> |
Chrome – ADMX – CloudPrintSubmitEnabled | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/CloudPrintSubmitEnabled | string | <disabled/> |
Chrome – ADMX – DefaultBrowserSettingEnabled | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/DefaultBrowserSettingEnabled | string | <enabled/> |
Chrome – ADMX – DefaultPopupsSetting | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~ContentSettings/DefaultPopupsSetting | string | <enabled/> <data id=”DefaultPopupsSetting” value=”1″/> |
Chrome – ADMX – DefaultSearchProviderEnabled | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~DefaultSearchProvider/DefaultSearchProviderEnabled | string | <enabled/> |
Chrome – ADMX – DefaultSearchProviderName | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~DefaultSearchProvider/DefaultSearchProviderName | string | <enabled/> <data id=”DefaultSearchProviderName” value=”Google Encrypted Search”/> |
Chrome – ADMX – DefaultSearchProviderSearchURL | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~DefaultSearchProvider/DefaultSearchProviderSearchURL | string | <enabled/> <data id=”DefaultSearchProviderSearchURL” value=”https://www.google.com/search?q={searchTerms}”/> |
Chrome – ADMX – DisableSafeBrowsingProceedAnyway | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/DisableSafeBrowsingProceedAnyway | string | <enabled/> |
Chrome – ADMX – ExtensionInstallForcelist | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallForcelist | string | <enabled/> <data id=”ExtensionInstallForcelistDesc” value=”1heildphpnddilhkemkielfhnkaagiabh;https://clients2.google.com/service/update2/crx”/> |
Chrome – ADMX – ForceGoogleSafeSearch | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ForceGoogleSafeSearch | string | <enabled/> |
Chrome – ADMX – ImportAutofillFormData | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportAutofillFormData | string | <disabled/> |
Chrome – ADMX – ImportBookmarks | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportBookmarks | string | <enabled/> |
Chrome – ADMX – ImportHistory | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportHistory | string | <disabled/> |
Chrome – ADMX – ImportHomepage | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportHomepage | string | <enabled/> |
Chrome – ADMX – ImportSavedPasswords | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportSavedPasswords | string | <disabled/> |
Chrome – ADMX – ImportSearchEngine | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportSearchEngine | string | <disabled/> |
Chrome – ADMX – NotificationsAllowedForUrls | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~ContentSettings/NotificationsAllowedForUrls | string | <enabled/> <data id=”NotificationsAllowedForUrlsDesc” value=”1[*.]example.com“/> |
Chrome – ADMX – PasswordManagerEnabled | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~PasswordManager/PasswordManagerEnabled | string | <disabled/> |
Chrome – ADMX – PluginsAllowedForUrls | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~ContentSettings/PluginsAllowedForUrls | string | <enabled/> <data id=”PluginsAllowedForUrlsDesc” value=”1[*.]example1.com2[*.]example2.com“/> |
Chrome – ADMX – SafeBrowsingEnabled | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~SafeBrowsing/SafeBrowsingEnabled | string | <enabled/> |
Chrome – ADMX – VideoCaptureAllowedUrls | ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/VideoCaptureAllowedUrls | string | <enabled/> <data id=”VideoCaptureAllowedUrlsDesc” value=”1[*.]example.com“/> |
Intune Enroll Mac
This concludes this post.
Regards,
The Author – Blogabout.Cloud
The Author – Blogabout.Cloud
Related
Before directing users to register their Mac computers with Azure Active Directory (Azure AD), it is necessary to deploy Microsoft's Company Portal app.
Deploying the Company Portal app involves the following steps:
- Download the Company Portal app from Microsoft.
- Upload the Company Portal app to Jamf Pro as a package.
- (Optional) Identify Mac computers that do not have the Company Portal app installed.
- Deploy the Company Portal app to Mac computers.
Mac Intune Management
On a Mac computer, download the current version of the Company Portal app for macOS from the Microsoft website.
Important: Do not install it, you need a copy of the app to upload to Jamf Pro.
Intune For Mac
The CompanyPortal_Installer.pkg file can be downloaded from: https://go.microsoft.com/fwlink/?linkid=862280
Microsoft Intune For Mac
- Upload the Company Portal app to a distribution point in Jamf Pro.
- In Jamf Pro, navigate to Settings > Computer Management > Packages.
- Create a new package that includes the Company Portal app and click Save.
- In Jamf Pro, navigate to Computers > Smart Computer Groups.
- Create a new smart group that identifies Mac computers that do not have the CompanyPortal.app from Microsoft installed.
- Click Save.
- In Jamf Pro, navigate to Computers > Policies and create a policy that deploys the Company Portal app to users.
- Use the General payload to configure the following settings:
- For Trigger, select 'Enrollment Complete' and 'Recurring Check-in'.
- For Execution Frequency, select 'Once per computer'.
- Select the Packages payload, and then click Configure.
- Click Add for the package that includes the Company Portal app.
- Configure the settings for the package.
- Specify a distribution point for Mac computers to download the package from.
- Click the Scope tab to specify Mac computers on which the Company Portal app should be installed.You may also use the smart computer group created in step 3.
- Click Save.
Note: The policy runs on Mac computers in the scope the next time they check in with Jamf Pro and meet the criteria in the General payload.
Managing Packages
Find out how to create a package and upload a file to a distribution point in Jamf Pro.
Find out how to create a package and upload a file to a distribution point in Jamf Pro.
Smart Computer Groups
Find out how to create smart groups in Jamf Pro.
Find out how to create smart groups in Jamf Pro.