How to Disable Browser Password Saving via Endpoint Manager (Microsoft Intune)

Purpose

This article explains how to prevent browsers from remembering credentials via Microsoft Endpoint Manager (Intune).

Prerequisites

  • Office 365 Global Administrator
  • Endpoint Manager Licensed and Deployed

Instructions – Create Policy

  1. Login to Office 365 Admin Center. https://admin.microsoft.com/Adminportal
  2. Go to Endpoint Manager.
  3. Click on Devices.
  4. Go to Configuration Profiles.
  5. Click on Create Profile.
  6. Continue below for the browsers required. You will need to create a Profile for each browser you want to block.

Microsoft Edge

  1. Configure the following and click Create. Platform “Windows 10 and Later”, Profile Type “Templates”, Template name “Administrative Templates”.

Purpose

This article explains how to prevent browser from remembering credentials via Microsoft Endpoint Manager (Intune).

Prerequisites

  • Office 365 Global Administrator
  • Endpoint Manager Licensed and Deployed

Instructions – Create Policy

  1. Login to Office 365 Admin Center. https://admin.microsoft.com/Adminportal
  2. Go to Endpoint Manager.
  3. Click on Devices.
  4. Go to Configuration Profiles.
  5. Click on Create Profile.
  6. Continue below for the browsers required. You will need to create a Profile for each browser you want to block.

Microsoft Edge

  1. Configure the following and click Create. Platform “Windows 10 and Later”, Profile Type “Templates”, Template name “Administrative Templates”.
  2. Name the Profile “Block Password Saving Microsoft Edge” and click Next.
  3. In the search box type “Enable saving passwords to the password manager” then select the one that does not include “users can override” the click Next.
  4. Chose Disabled and Click Ok.
  5.  In the search box type “Disable synchronization of data using Microsoft sync services” then select the one that does not include “users can override” the click Next.
  6. Chose Enabled and Click Ok.
  7. Click Next.
  8. Leave scope as Default and click Next.
  9. Select All Users and All Devices (You may use custom groups as well). Click Next.
  10. Confirm the configuration and click Next.
  11. The policy will now deploy out to devices when they next check-in.
  12. Continue below for Chrome and Firefox Polices.

Google Chrome

  1. Click Create Profile
  2. Configure the following and click Create. Platform “Windows 10 and Later“, Profile Type “Settings catalog
  3. Name and Description “Block Password Saving Google Chrome” and click Next
  4. Click “Add settings”
  5. Type “google” in “Search” and select “Administrative Templates\ Google\ Google Chrome\ Password manager“. Then tick the box “Enable saving passwords to the password manager”
  6. Make sure that the policy is set to “Disabled” as it showed in the screenshot below and click “Next“.
  7. Click “Add all users” under Included groups to deploy the policy to all users.
  8. Click “Next” and “Create” to finish
  9. Continue below for Firefox Polices.

FireFox

  1. Download FireFox Polices from: https://github.com/mozilla/policy-templates/releases
  2. Under Assets, Click policy_templates.zip to Download.
  3. Unzip/Extract the downloaded Zip File.
  4. Open the extracted folder and Go to policy_templates_v3.0\windows and look for firefox.admx
  5. Right Click on FireFox.admx and click Open with.
  6. Chose Notepad and unselect Always Use and click Ok.
  7. Ctrl+A to select everything and Right-Click and Copy. This will be needed in step 11
  8. Back in End Point Manage. Click Create Profile.
  9. Configure the following and click Create. Platform “Windows 10 and Later”, Profile Type “Templates”, Template name “Custom”.
  10. Name and Description “Block Password Saving Mozilla FireFox” and click Next.
  11. Click Add.
  12. Configure the following and click Save. Name: “FireFox ADMX ” OMA-URI: “./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Firefox/Policy/FirefoxAdmx” Datatype: “String” Value: “Contents of Step 7” then click Save.
  13. Click Add again.
  14. Configure the following and click Save. Name: “PasswordManagerEnabled” OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled” Datatype: “String” Value: “<disabled/>” then click Save.
  15. Click Add again.
  16. Configure the following and click Save. Name: “DisbaleFireFoxAccounts” OMA-URI: “./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts” Datatype: “String” Value: “<enabled/>” then click Save.
  17. Click Add again
  18. Configure the following and click Save. Name: “OfferToSaveLogins” OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins Datatype: “String” Value: “<disabled/>” then click Save.
  19. Click Next.
  20. Select All Users and All Devices (You may use custom groups as well). Click Next
  21. Confirm the configuration and click Next.
  22. The policy will now deploy out to devices when they next check-in.
  23. Finished.

Ref: https://support.practiceprotect.com/knowledge-base/disable-browser-password-saving-via-endpoint-manager/