Today on the Twitter was discussion about Edge extensions which are controlled by Microsoft Intune.
Why not to use new feature to manage extensions? Available via Admin Center?
— Jakub Piesik | MVP @ Windows 365 (@dzejzipl) July 13, 2023
And this discussion is reason why I decided to write that post where I will be describing newest feature to manage Edge extensions via Admin Portal. This feature is currently in public preview – so still not in GA (General Availability) so some things can change later.
First, before this feature will be released to the GA – you need to to opt-in for all preview features for specific users / or whole organization. To do that, visit the Microsoft 365 Admin center > Settings > Organization profile > Release preferences.
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-12.png)
After that, you can wait some time and visit again Admin center > Settings > Microsoft Edge and select Configuration profiles.
On this page you can create specific configuration related to the extensions and polices and after assign to proper groups.
On my case, I will create some configuration profile for Developer roles.
Click on the Add a profile button and provide a name and description.
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-13-1024x295.png)
Now we can start with primary work – managing the polices and extensions.
First, we will focus on the:
Extensions
For example, we want to add Adblock extension from Google Web Store – yes, it is possible!
- Open configuration profile which you want to edit
- Go to the extensions > Select extension
- Now you can select from configurable Microsoft Edge extensions with providing name or Extension ID
- Or you can add external extension from Google Web Store
- I will focus now on the second method
- You need to find Extension ID from URL: https://chrome.google.com/webstore/detail/adblock-%E2%80%94-best-ad-blocker/gighmmpiobklfepjocnamgkkbiglidom?hl=pl. In my case it will be information which is marked with bold text.
- Next go to the External extensions and provide ID, name and description.
- I will also add standard Microsoft Edge extension – for example, something for JSON formatter.
After saving details, my extension tab will be looks like:
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-14-1024x355.png)
Now we can manage those extension and configure installation policy, hosts to which this extension have access, permissions and toolbar state. Amazing, right? Yep, I know…
For example, we will focus now on the Adblock.
If you click on the Manage installation policy you will be able what you can do with that extension:
- Allow – this setting will allow users to install it, or not if they don’t want to.
- Block – this setting will block users to install this extension. We can also select checkbox to uninstall this extensions from managed devices and add proper message to end-users when they want to install blocked extension.
- Force – this setting will automatically install extension on managed devices and end-users will be not able to remove it
- Normal – this setting will automatically install extension on managed devices, but end-users will be able to remove it
If you want to block extension to work on some websites, visit the Manage hosts tab.
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-15-1024x360.png)
You can also prevent installation of some extension which was already approved if newer version of extension require for example, usage of clipboard.
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-16-1024x406.png)
You can set up a minimum version for extension to prevent users to install older version.
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-17.png)
And the last option is – should this extension be visible for end-users or hidden?
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-18.png)
As you can see, there are a lot option to configure for extension.
If you want to configure global setting, simple click on the Manage extensions button and you will see multiple settings which you can configure.
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-19-596x1024.png)
Configure them wisely and test first on the some IT users!
Assign profile to group
Step which is also required – and it is related to the group assignments. In my case, I’ve assigned policy to the All Developers
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-21.png)
Do some registry changes! oO
Next thing until this functionality is on the public preview – are settings which are not in the Settings Catalog for Intune. We need to implement them by Intune engineers, in meantime we need to add two keys manually:
As wrote on this website please add two keys on path: HKLM\Software\Policies\Microsoft\Edge or HKCU\Software\Policies\Microsoft\Edge if you want to publish new management settings for current users only.
You need to add two new values DWORD with name: EdgeAdminCenterEnabled and second with: EdgeAdminCenterUseOCPSEndpoint. Both values should have data: 1 to enable those settings.
If you don’t want to manage those settings via Group assignment in Admin Portal, there is a second way to deploy:
First, you need to have token ID. Just click on your policy and select Copy token ID
like on below screen:
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-22.png)
Next, create registry one key on path: HKLM\Software\Policies\Microsoft\Edge or HKCU\Software\Policies\Microsoft\Edge if you want to publish new management setting for current users only.
Create new value with name: EdgeAdminCenterEnrollmentToken with REG_SZ type and data: Token ID copied from Admin Portal.
How it is looks from end-user perspective?
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-23-1024x550.png)
and the policies view:
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-24-1024x421.png)
Additional polices?
As you can see on my last screen, I configured two polices. Those settings can be configured on the Polices tab, like on my screen:
![Working with Extensions for Edge via Admin Portal!](https://piesik.me/wp-content/uploads/2023/07/image-25.png)
Additional information!
First deployment of newly created configuration profiles can take up to 24 hours on the end-user device.
But if you do some changes in existing profile, for example add additional policy – it can take up to 90 minutes to update settings on the end-user device.
You just need to be patient! 🙂
Also – one more information.
For example, you’re configuring that some extension don’t have access to specific website – like Adblock and below is my configuration:
"gighmmpiobklfepjocnamgkkbiglidom": {
"blocked_permissions": [
"clipboardRead",
"clipboardWrite"
],
"installation_mode": "force_installed",
"override_update_url": true,
"runtime_blocked_hosts": [
"https://ipko.pl",
"https://www.ipko.pl"
],
From general understanding, – this extension shouldn’t be allowed on the specific website, but it is allowed. It is just not working on that website. I confirmed that with Microsoft.
Any questions? 🙂