Blocking specific extensions or managing which extensions are allowed in Microsoft Edge across your organization is a common administrative task. While the provided reference specifically mentions configuring this via **Group Policy**, Intune can achieve the same results by deploying configuration profiles that apply these settings to your managed devices.
## Leveraging Intune for Edge Extension Management
Intune allows you to manage browser settings, including extensions, primarily through **Configuration Profiles**. You can use the Settings Catalog or Administrative Templates profiles to deploy policies that mirror traditional Group Policy settings.
The core principle involves configuring a policy that controls which extensions can be installed or run. This policy often uses a JSON string to define allowed or blocked extension IDs and update URLs.
### Key Policy: Configure Extension Management Settings
According to the provided reference, the relevant setting in Group Policy is found at:
`Administrative Templates > Microsoft Edge > Extensions > Configure extension management settings`
To block Edge extensions in Intune, you will configure a corresponding policy setting within a Configuration Profile. This policy requires you to specify the permissions for extensions, typically by defining a list of allowed, blocked, or force-installed extensions using a structured JSON string.
Enabling this policy in Intune allows you to define granular control over extensions by providing the required permissions in the JSON format.
## Steps to Block Edge Extensions Using Intune
Here’s a general approach to blocking Edge extensions using an Intune Configuration Profile:
1. **Access the Microsoft Endpoint Manager Admin Center:** Log in to the Intune portal.
2. **Navigate to Devices > Configuration profiles.**
3. **Create a New Profile:**
* Click **Create profile**.
* Select **Platform:** `Windows 10 and later`.
* Select **Profile type:** `Settings catalog` or `Administrative templates`.
* Click **Create**.
4. **Configure Basic Settings:** Give the profile a descriptive name (e.g., "Block Microsoft Edge Extensions") and an optional description. Click **Next**.
5. **Add Configuration Settings:**
* **For Settings Catalog:** Click **Add settings**. Search for settings related to "Edge" and "Extensions". Look for a setting like "Configure extension management settings" or similar under the Microsoft Edge section. Select it and any other relevant extension settings (e.g., controlling installation defaults).
* **For Administrative Templates:** Navigate through the structure to find the relevant Edge extension policy, similar to the Group Policy path: `Computer Configuration/Administrative Templates/Microsoft Edge/Extensions`. Find and select "Configure extension management settings".
6. **Configure the Policy Setting:** Enable the "Configure extension management settings" policy. In the provided text area (or equivalent for the setting), you will enter the **JSON string** that defines your extension management rules.
### Example JSON Structure for Blocking Extensions
The JSON string used to configure extension management settings is powerful and allows various configurations (blocking specific extensions, allowing only specific extensions, force installing extensions, etc.).
To **block all extensions by default** and only allow specific ones, your JSON might look like this:
```json
{
"*": {
"blocked": true
},
"extension_id_1": {
"blocked": false // Allows this specific extension
},
"extension_id_2": {
"blocked": false // Allows this specific extension
}
}To block specific extensions while allowing others by default, your JSON might look like this:
{
"extension_id_to_block_1": {
"blocked": true
},
"extension_id_to_block_2": {
"blocked": true
}
// All other extensions are allowed by default if no global rule is set
}You need to replace "extension_id_1", "extension_id_2", etc., with the actual extension IDs from the Microsoft Edge Add-ons store or other sources. You can find an extension's ID in its store URL (e.g., https://microsoftedge.microsoft.com/addons/detail/extension-name/EXTENSION_ID).
- Assign the Profile: Assign the configuration profile to the user groups or device groups you want to target.
- Review and Create: Review your settings and create the profile.
Intune will then deploy this configuration profile to the assigned devices, applying the specified Edge extension management settings.
Policy Details Summary
Here's a summary table of the key policy mentioned:
| Setting Name | Category (Intune) | Configuration Requirement | Effect |
|---|---|---|---|
| Configure extension management settings | Microsoft Edge > Extensions | Enable and provide a JSON string of rules | Controls which extensions are allowed or blocked |
By configuring this policy with the appropriate JSON string within an Intune Configuration Profile, you can effectively block or manage Microsoft Edge extensions for your users.
