Configure Google Chrome on macOS with Intune

A while ago, I blogged about deploying DMG type of apps to macOS devices using Intune.  In this blog, I used Google Chrome as an example.

Deploying the app is one thing, but in an Enterprise environment, I also want to be able to configure the browser to enforce a few settings (also aligning the browser configuration with what is configured with Google Chrome on Windows devices is a good thing for a consistent employee experience)

This can be achieved with the macOS Intune configuration profile Property Lists

First of all, you should give the documentation on docs a quick read – one of the key points is you don’t upload a traditionally formatted .plist formatted file you would find on the macOS device – note the following:

The next useful resource to have on hand is the Chrome Enterprise policy list

You can filter on Operating System platform, chrome version and search  for a policy name

e.g Searching for Homepage policy for macOS

Here you can get all of the required information for each policy setting

Here is an example of what I am configuring for the macOS device in my lab.  This will configure the Homepage to thenewnumber2.com, Show the home button and adds the Windows Account extension (Really useful for smooth access to M365 services and office.com)

 <key>ShowHomeButton</key>
    <true />
<key>HomepageLocation</key>
    <string>https://thenewnumber2.com</string>
<key>NewTabPageLocation</key>
    <string>https://thenewnumber2.com</string>
<key>HomepageIsNewTabPage</key>
    <true />
<key>RestoreOnStartup</key>
    <integer>5</integer>
<key>RestoreOnStartupURLs</key>
    <array>
        <string>https://thenewnumber2.com</string>
    </array>
<key>ComponentUpdatesEnabled</key>
    <true />
<key>ExtensionInstallForcelist</key>
    <array>
        <string>ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx</string>
    </array>

I have saved this as com.google.Chrome.plist

In Intune, navigate to Devices macOS Configuration profiles and click Create profile

On Profile type select Template, select Preference file and click on Create

Give the Configuration Profile an appropriate name and description

For Preference domain name, use com.google.Chrome

Select the the plist file created earlier

Note, the contents of the plist file shows here.

Assign this profile to an appropriate Azure AD group

Review the configuration profile and click Create

So how do I know this profile has configured what it need it to?

Opening Chrome on the macOS device is a good first step

Next up, type chrome://policy in the address bar.  This will display all of the policies applied to the browser

You can also look in settings and see the policies set (and users are unable to change them).

And for anyone wondering where on the macOS device these configurations are located…  Intune configured property list files are stored in /Library/Managed Preferences.

You’ll also note that the xml headers and appropriate tags have been added in.

P.

Categories: TechnologyTags: · · · ·

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s