How to Block Edge Extensions using Intune
In this post, I will show you how to block Edge extensions using Intune. You can restrict users from installing Microsoft Edge extensions using Intune(MEM).
You can easily manage Edge extensions using Intune and block specific edge extensions or only allow specific edge extensions to be installed by users.
There are two methods to control Microsoft Edge Extensions via Intune.
- Allow specific edge extensions to install and block specific extensions from installation.
- Block installing all the Edge extensions in Intune.
If you want to allow specific extensions to install, you create an Intune Edge extension allow list, and add the list of extension ID’s to the allow list. Whereas the second method is useful when you want to completely block installing all the extensions in Edge. If you have come here looking for the first method, I will probably cover that in a separate post.
I was talking to my colleague a few days ago, and he mentioned that in his organization, users are restricted from installing any Edge extensions. He works for an investment banking firm and usually the security is one notch higher than the rest of the companies.
He mentioned that even Bluetooth access is restricted via Intune. Blocking edge extensions using Intune prevents users from installing any add-on or extension. The best part here is you can completely block installation of Edge extensions using Intune, and it takes few steps to deploy this policy.
How to Block Edge Extensions using Intune
We will now create a Device Configuration Profile to block Edge extensions using Intune.
- First, sign in to the Microsoft Endpoint Manager admin center.
- Go to Devices > Windows > Configuration Profiles.
- Create a new Intune Configuration profile and define the settings to block edge extensions.
On Windows Configuration Profiles window, select Create Profile.
On the Create a Profile window, select Platform as Windows 10 and later. Select profile type as Settings catalog. Click Create.
On the Basics tab, specify the name of the profile as Block Edge Extensions, and you may add a profile description. Click Next.
On the Configuration Settings section, under Settings Catalog, click Add Settings.
On the Settings picker window, type “extensions” in the search box and click Search. From the search results, select Microsoft Edge\Extensions. Now select Control which extensions cannot be installed.
To block Edge extensions using Intune, we will use the Control which extensions cannot be installed setting in Intune. This setting lists specific extensions that users can NOT install in Microsoft Edge.
Enable the Control which extensions cannot be installed setting.
When you deploy this policy, any extensions on this list that were previously installed will be disabled, and the user won’t be able to enable them.
If you remove an item from the list of blocked extensions, that extension is automatically re-enabled anywhere it was previously installed.
You can use “*” to block all extensions that aren’t explicitly listed in the allow list. If you don’t configure this policy, users can install any extension in Microsoft Edge. Click Next.
On the Assignments window, specify the groups to which you want to target this policy. Click Next.
In Intune, Scope tags determine which objects admins can see. On the Scope tags section, you specify scope tags. Click Next.
On the Review + Create section, review all the settings defined to block edge extensions and select Create.
After you create a device configuration policy in Intune, a notification appears “Policy created successfully“. This confirms that we have deployed the policy to block installing edge extensions.
After you have successfully deployed the policy to block edge extensions, let’s test if the users can install extensions from Edge Add-ons store.
Launch the Edge browser and type
edge://extensions/ in the address bar. Select Get extensions for Microsoft Edge. From the list of extensions, select any extension and click Get.
You see a notification that states, “Your admin has blocked “extension name” – APP ID.
Even if you attempt to install Microsoft extensions, you see the same message. You cannot install any extensions because we have blocked it using a policy.
If you choose to install extensions from Google Chrome store, you see the following message – This extension is blocked by your organization. Instead of Get extension, you see Blocked by admin.
I hope this post helps you to restrict users from installing extensions in Edge browser. If you have any questions, add them in the comments section.
Have you got a way to only allow specific applications rather than just blocking all?
Good day! i was wondering if i have certain extensions that i need to be installed how to i go about blocking all extensions except for my whitelisted applications. Also are you familiar with the same policy in chrome? we have several students trying to access vpn and proxy extensions and would like them blocked if possible,. Thanks for any help you can give.