A while ago, I blogged about deploying DMG type of apps to macOS devices using Intune. In this blog, I used Google Chrome as an example.
Deploying the app is one thing, but in an Enterprise environment, I also want to be able to configure the browser to enforce a few settings (also aligning the browser configuration with what is configured with Google Chrome on Windows devices is a good thing for a consistent employee experience)
This can be achieved with the macOS Intune configuration profile Property Lists
First of all, you should give the documentation on docs a quick read – one of the key points is you don’t upload a traditionally formatted .plist formatted file you would find on the macOS device – note the following:
The next useful resource to have on hand is the Chrome Enterprise policy list
You can filter on Operating System platform, chrome version and search for a policy name
e.g Searching for Homepage policy for macOS
Here you can get all of the required information for each policy setting
Here is an example of what I am configuring for the macOS device in my lab. This will configure the Homepage to thenewnumber2.com, Show the home button and adds the Windows Account extension (Really useful for smooth access to M365 services and office.com)
<key>ShowHomeButton</key> <true /> <key>HomepageLocation</key> <string>https://thenewnumber2.com</string> <key>NewTabPageLocation</key> <string>https://thenewnumber2.com</string> <key>HomepageIsNewTabPage</key> <true /> <key>RestoreOnStartup</key> <integer>5</integer> <key>RestoreOnStartupURLs</key> <array> <string>https://thenewnumber2.com</string> </array> <key>ComponentUpdatesEnabled</key> <true /> <key>ExtensionInstallForcelist</key> <array> <string>ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx</string> </array>
I have saved this as com.google.Chrome.plist
In Intune, navigate to Devices – macOS – Configuration profiles and click Create profile
On Profile type select Template, select Preference file and click on Create
Give the Configuration Profile an appropriate name and description
For Preference domain name, use com.google.Chrome
Select the the plist file created earlier
Note, the contents of the plist file shows here.
Assign this profile to an appropriate Azure AD group
Review the configuration profile and click Create
So how do I know this profile has configured what it need it to?
Opening Chrome on the macOS device is a good first step
Next up, type chrome://policy in the address bar. This will display all of the policies applied to the browser
You can also look in settings and see the policies set (and users are unable to change them).
And for anyone wondering where on the macOS device these configurations are located… Intune configured property list files are stored in /Library/Managed Preferences.
You’ll also note that the xml headers and appropriate tags have been added in.