In this post, you will learn how to manage Microsoft Edge Extensions using Intune, aka Endpoint Manager. A Microsoft Edge extension is a small program that we use to add or modify features of Microsoft Edge Chromium.
An extension is structured similarly to a regular web app. It is intended to improve a user’s day-to-day browsing experience.
Being an IT admin, If you want to control and manage Microsoft Edge extensions, allow specific extensions to be installed and set to the control which extensions users cannot be installed. This blog post will guide you to manage Microsoft Edge extensions or add-ons.
Let’s check the steps to create a policy for Fast User Switching. When you create the policy, it creates a device configuration profile. You can then assign or deploy this profile to devices in your organization.
How to Manage Microsoft Edge Extensions using Intune
Let’s follow the below steps to manage Edge Extensions using Intune –
- Sign in to the Microsoft Endpoint Manager admin center
- Select Devices > Windows > Configuration profiles > Create profile.
In Create Profile, Select Platform, Windows 10, and later and Profile, Select Settings catalog (preview). Click on Create button.
On the Basics tab, enter a descriptive name, such as Manage Edge Chromium Extensions. Optionally, enter a Description for the policy, then select Next.
In Configuration settings, select Add settings.
How to Use Microsoft Edge Extension Policies using Intune
Select Microsoft Edge, Under Extensions, to see all the settings in this category. After adding your settings, click the cross mark at the right-hand corner to close the settings picker. For Example – I selected the settings below.
Allow specific extensions to be installed – By default, all extensions are allowed. However, if you block all extensions by setting the ‘ExtensionInstallBlockList’ policy to “*,” users can only install extensions defined in this policy.
Control which extensions cannot be installed – List specific extensions that users can NOT install in Microsoft Edge. When you deploy this policy, any extensions on this list that were previously installed will be disabled, and the user won’t be able to enable them.
If you remove an item from the list of blocked extensions, that extension is automatically re-enabled anywhere it was previously installed. Use “*” to block all extensions that aren’t explicitly listed in the allow list. If you don’t configure this policy, users can install any extension in Microsoft Edge.
It’s important to find the extension ID of an extension by visiting the Microsoft Store and searching for the extension. Open Microsoft Edge browser, Go to the Microsoft Edge Add-ons Store, and search for an extension you want to allow to collect the Extension ID.
Click on the extension (For Example: “Cisco Webex Extension”) you want to check, and In the address bar, you will get the ID as shown below that will be used to configure policies.
ikdddppdhmjcdfgilpnbkdeggoiicjgo – Cisco
All the settings are shown and configured with a default value. If you don’t want to configure a setting, then select the minus.
Set the Allow specific extensions to be installed to Enabled and add the extension IDs to exempt from the block list, For Example – Here I want to allow Cisco Webex Extension. Similarly, If you want to add more to the allowed list Click +Add and provide Extensions ID.
Set Control which extensions cannot be installed to Enabled, added “*“, to block all extension.
Under Assignments, In Included groups, select Add groups and then choose Select groups to include one or more groups. Select Next to continue.
In-Scope tags, you can assign a tag to filter the profile to specific IT groups. Add scope tags (if required) and click Next.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned.
A notification will appear automatically in the top right-hand corner with a message. Here you can see, Policy “Manage Edge Chromium Extensions” created successfully. The policy is also shown in the Configuration profiles list.
Your groups will receive your profile settings when the devices check-in with the Intune service.
Once the policy applies to the device, users will not install any other Extensions from the Store except the allowed extension (Cisco Webex Extension).
Ref: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-manage-extensions
Easily Manage Microsoft Edge Extensions Using Intune HTMD Blog (anoopcnair.com)