Simplifying the management and configuration of your favorite browser

This week is all about simplifying the management and configuration of your favorite browsers, by using Microsoft Intune. That’s definitely not the sexiest subject, but it’s important to be familiar with the easy options that are available nowadays. With the latest additions to Microsoft Intune, the management and configuration of the different browsers became more of a native functionality. Native functionality was already available for Microsoft Edge, and recently became available for Google Chrome. And now, with the recent addition of importing third-party administrative templates, it became available for every browser that could be easily managed within an on-premises environment, by using Group Policies. Besides that, there are even alternatives when really needed. This post will provide an overview of the different options for managing and configuring browsers.

Managing and configuring Microsoft Edge browser

When looking at managing and configuring your favorite browser, the most obvious browser to start with is Microsoft Edge. Within a Microsoft environment, Microsoft Edge provides the best integrated experience. From a management perspective as well as a Microsoft 365 perspective. When looking at Microsoft Intune, there are actually multiple methods for configuring Microsoft Edge. Let’s briefly walk through the different available options and describe my preference.

  • Security baseline: There is a security baseline available for Microsoft Edge that contains the Microsoft recommended configuration. That would be the ideal starting point for configuring Microsoft Edge. The challenge, however, is that the baseline is not very well maintained. At the moment of writing, the baseline is of September 2020 (Edge version 85 and later). From that perspective it’s better to create a custom security baseline configuration, based on the Microsoft Security Compliance Toolkit, by using Administrative Templates or Settings catalog. And keep that up to date.
  • Administrative Templates: There are Administrative Templates available, similar to the old-school Group Policies, for configuring and managing anything around Microsoft Edge. It provides the IT administrator with the ability to relatively easy configure settings that are available as an Administrative Template. A valid option for configuring Microsoft Edge.
  • Settings catalog: The Settings catalog is the ruler of all configuration options. It provides access to the same settings as Administrative Templates, and more. Besides that, it provides the IT administrator with the ability to create a single profile that contains all the available settings for Microsoft Edge and anything that might be related. My preferred method. Get started with a Settings catalog (as shown in Figure 1) by creating a new configuration profile.

Note: To verify the applied configuration in Microsoft Edge, simply navigate to edge://policy.

Managing and configuring Google Chrome browser

From a management and configuration perspective, the next browser in line would be Google Chrome. Even for Google Chrome, Microsoft Intune provides a native integration. The Group Policies that are provided by Google for managing Google Chrome, are also available within Microsoft Intune and maintained by Microsoft. Those are available by using Administrative Templates and Settings catalog. Just like with Microsoft Edge, my preferred method for configuring Google Chrome is using Settings catalog. For an extensive example see also this post about further simplifying management of the Google Chrome browser on Windows devices. Get started with a Settings catalog (as shown in Figure 2) by creating a new configuration profile.

Note: To verify the applied configuration in Google Chrome, simply navigate to chrome://policy.

Managing and configuring Mozilla Firefox browser

From a management and configuration perspective, there’s not immediately another browser next in line. From a popularity perspective, on the other hand, the next in line would probably be Mozilla Firefox. The Group Policies that are provided by Mozilla for managing Mozilla Firefox, can now also be imported directly into Microsoft Intune. That provides the IT administrator with an easy configuration experience, also for Mozilla Firefox. For an extensive example see also this post about easily managing third-party ADMX-files. Get started with Imported Administrative templates (as shown in Figure 3) by creating a new configuration profile.

Note: To verify the applied configuration in Mozilla Firefox, simply navigate to about:policies.

Managing and configuring any remaining browsers

Besides Microsoft Edge, Google Chrome and Mozilla Firefox, there are many other browsers. And many of those provide management and configuration capabilities. Browsers like Chromium, Brave, and Vivaldi, are all provided with Group Policy configuration capabilities. From a Microsoft Intune perspective, that brings the same configuration options to those browsers, as for Mozilla Firefox. When browsers don’t provide similar options, it gets more challenging. In that case, it really depends on what configuration options that browser does bring to the table. In the end, local configurations can also still be scripted.

More information

For more information about managing and configuring browsers, by using Microsoft Intune, refer to the following docs.

4 thoughts on “Simplifying the management and configuration of your favorite browser”

  1. Hi Peter,

    As of now, there appears to be a bug in the Extension Management setting for Firefox with imported ADMX templates. Firefox requires the whitelist in JSON format, but the text box in Intune doesn’t allow more than 1023 characters, unlike in GPMC. I have a ticket open with Microsoft, so we’ll see how long it will take to fix.
    Other than that, ADMX import is a huge time saver.

    Reply
  2. What’s your experience in how best to handle updates? It doesn’t make sense to deploy Win32 Apps every few weeks for all browsers. Chrome and FF both offer auto-update features – would you recommend using and controlling them through configurations like above’

    Reply
    • Hi Daniel,
      Apologies for the late reply, as I was enjoying my vacation. In the end it all depends on the business requirements and the level of control. For most users, the auto-update can be perfect, but for some users that use specific web apps that might not be the best idea.
      Regards, Peter

      Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.