In this post, you will learn how to manage Microsoft Edge Extensions using Intune, aka Endpoint Manager. A Microsoft Edge extension is a small program that we use to add or modify features of Microsoft Edge Chromium.
An extension is structured similarly to a regular web app. It is intended to improve a user’s day-to-day browsing experience.
Being an IT admin, If you want to control and manage Microsoft Edge extensions, allow specific extensions to be installed and set to the control which extensions users cannot be installed. This blog post will guide you to manage Microsoft Edge extensions or add-ons.
Let’s check the steps to create a policy for Fast User Switching. When you create the policy, it creates a device configuration profile. You can then assign or deploy this profile to devices in your organization.
You can learn to create a policy with Intune Settings Catalog. Let’s see a list of Intune Settings Catalog Policies.
How to Manage Microsoft Edge Extensions using Intune
Let’s follow the below steps to manage Edge Extensions using Intune –
- Sign in to the Microsoft Endpoint Manager admin center
- Select Devices > Windows > Configuration profiles > Create profile.
In Create Profile, Select Platform, Windows 10, and later and Profile, Select Settings catalog (preview). Click on Create button.
On the Basics tab, enter a descriptive name, such as Manage Edge Chromium Extensions. Optionally, enter a Description for the policy, then select Next.
In Configuration settings, select Add settings.
How to Use Microsoft Edge Extension Policies using Intune
Select Microsoft Edge, Under Extensions, to see all the settings in this category. After adding your settings, click the cross mark at the right-hand corner to close the settings picker. For Example – I selected the settings below.
Allow specific extensions to be installed – By default, all extensions are allowed. However, if you block all extensions by setting the ‘ExtensionInstallBlockList’ policy to “*,” users can only install extensions defined in this policy.
Control which extensions cannot be installed – List specific extensions that users can NOT install in Microsoft Edge. When you deploy this policy, any extensions on this list that were previously installed will be disabled, and the user won’t be able to enable them.
If you remove an item from the list of blocked extensions, that extension is automatically re-enabled anywhere it was previously installed. Use “*” to block all extensions that aren’t explicitly listed in the allow list. If you don’t configure this policy, users can install any extension in Microsoft Edge.
It’s important to find the extension ID of an extension by visiting the Microsoft Store and searching for the extension. Open Microsoft Edge browser, Go to the Microsoft Edge Add-ons Store, and search for an extension you want to allow to collect the Extension ID.
Click on the extension (For Example: “Cisco Webex Extension”) you want to check, and In the address bar, you will get the ID as shown below that will be used to configure policies.
ikdddppdhmjcdfgilpnbkdeggoiicjgo – Cisco
All the settings are shown and configured with a default value. If you don’t want to configure a setting, then select the minus.
Set the Allow specific extensions to be installed to Enabled and add the extension IDs to exempt from the block list, For Example – Here I want to allow Cisco Webex Extension. Similarly, If you want to add more to the allowed list Click +Add and provide Extensions ID.
Set Control which extensions cannot be installed to Enabled, added “*“, to block all extension.
Under Assignments, In Included groups, select Add groups and then choose Select groups to include one or more groups. Select Next to continue.
Assignments – Select groups to include | Manage Microsoft Edge Extensions using Intune
In-Scope tags, you can assign a tag to filter the profile to specific IT groups. Add scope tags (if required) and click Next.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned.
A notification will appear automatically in the top right-hand corner with a message. Here you can see, Policy “Manage Edge Chromium Extensions” created successfully. The policy is also shown in the Configuration profiles list.
Your groups will receive your profile settings when the devices check-in with the Intune service.
Once the policy applies to the device, users will not install any other Extensions from the Store except the allowed extension (Cisco Webex Extension).
Author
About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.
Hi,
Thanks for detailed write up, is there any policy to ensure that in “ingonito mode” user shouldn’t have option to untick the “Allow inPrivate ” & “allow access to file urls” or we have to force this option to be ticked during extension deployment.
Hi,
I am trying to install “my apps – secure sign in extension” silently with Intune on my machine. I have blocked all other extension but it is not installing on my machine. Could you please help what is I am missing:
This is the value I am using in Silent Installation. Although I have already used only Extension ID too.
gaaceiggkkiffbfdpmfapegoiohkiipl;https://edge.microsoft.com/extensionwebstorebase/v1/crx
@Rahul,
You want to try to leave out the update URL. This URL is only needed when the extension is hosted outside of the Add On store.
Can an extension be forced to appear in the toolbar?
and how do i remove it again from the targeted computers?
Windows only it would appear. Extension options are blank if creating policy for macOS.
Hi,
Sorry to be late to the conversation. When you remove an extension from the policy, does it uninstall from the browser? BTW, we are only enforcing extensions to be installed. Not enforcing blocking.
Good morning,
We implement the recommended Security Baselines to our Intune Devices.
To be specific:
Microsoft Edge Security Baseline Dec 2023:
Extensions
Control which extensions cannot be installed = Enabled
Extension IDs the user should be prevented from installing (or * for all) (Device) = *
I take it we have to turn off that piece of the Security Baseline and then create/add a specific Edge policy?
Kind regards,
Chris.