View Blog

Mar 2024

Block Browser Extensions with Group Policy and Intune

The web browser today has literally become the default app in this era of the cloud and spurred the growth of browser extensions. Browser extensions provide a convenient way to customize and enhance a user’s web browsing experience with added functionalities and features directly within the browser. However, just as you don’t want users utilizing certain applications on corporate devices, you might want to restrict certain browser extensions for reasons of security, compliancy, content control, productivity, and performance. For instance, you may not want users installing a VPN extension to get around your web filtering. Fortunately, there are a couple of ways to achieve this.

Create a Browser Extension Blocklist with Intune

If you use Intune to manage your Windows 10 and Windows 11 laptops, you can create a configuration profile that will specify which extensions a user cannot install. Extensions already installed prior to the deployment of blocklist will be disabled without a way for the user to enable them. Should the blocklist be removed at some point, the extension will automatically become enabled once again.

Using the Microsoft Intune Admin Center go to Devices > Configuration and create a new profile. Choose Windows 10 and later as the platform and Administrative Templates as the Profile type. Assign a name to the profile and then navigate to User Configuration > Microsoft Edge > Extensions and then enable “Control which extensions cannot be installed” and input the extension names you want to filter out. You can look up extension names on the Internet. An example is shown below.

Then assign the profile to the designated groups and complete the wizard. You can also apply Edge browser extension restriction on the Computer side. In the example below, I have configured a block list for the Chrome browser.

Create a Browser Extension Blocklist with Group Policy

You can do the same with Group Policy. Because we are using Administrative Templates, the setting navigation is basically identical. Create a GPO and use the Group Policy Management Editor to navigate to User Configuration > Administrative Templates > Microsoft Edge > Extensions and enable “Control which extensions cannot be installed” as shown below. Once again, you will need to input the names of the browser extensions.

Comments (0)

No Comments!