Edge
ID: adncfiefnfjddkdlfcckejoefaoehcdf
Update URL: https://extensions.securly.com/extensions.xml
Chrome:
ID: lcgajdcbmhepemmlpemkkpgagieehmjp
Update URL: https://extensions.securly.com/extensions.xml
Clarification on Managing Extensions with Intune and Google Workspace
Important Note for Administrators:
If your goal is to manage and lock down Windows PCs and browser extensions even when users are not signed into browsers, you must use Intune. In this case, Intune will override any extensions managed through Google Workspace (Google Admin Console). Therefore, extensions must be managed by Intune to ensure they are pushed to devices regardless of user sign-in status.
On the other hand, if your goal is to force users to use Chrome and ensure they are always signed in, you do not need to use Intune to push extensions. You can continue managing and pushing extensions through Google Admin Console, as users will always be signed into Chrome.
By understanding these configurations, you can better manage your environment and ensure that extensions are deployed according to your organization's needs.
----------------
Option 1: Using an ADMX template in Group Policy to deploy
Go to the Microsoft Edge Enterprise landing page to download the Microsoft Edge policy templates file (MicrosoftEdgePolicyTemplates.cab) and extract the contents.
Follow this guide to install the ADMX template to your domain or to your machine.
All settings can be configured within your Group Policy Editor under this path: (Computer Configuration or User Configuration) > Policies > Administrative Templates > Microsoft Edge
- Extensions > “Control which extensions are installed silently” (ExtensionInstallForcelist) should include the Securly Edge extension and any other mandatory extensions
- Extensions > “Control which extensions cannot be installed” [ExtensionInstallBlocklist] may be used to block all other extensions (such as VPNs or proxies)
- “Hide the First-run experience and splash screen” [HideFirstRunExperience] may be disabled
- “Configure InPrivate mode availability” [InPrivateModeAvailability] should be disabled
- “Enable guest mode” [BrowserGuestModeEnabled] should be disabled
- “Enable ending processes in the Browser task manager” [TaskManagerEndProcessEnabled] should be disabled
- “Browser sign-in settings” [BrowserSignin] may be used to force users to sign in to the browser, this can help with other Office apps
- “Control where developer tools can be used” [DeveloperToolsAvailability] should be disabled
For Chrome, you can download the ADMX templates and use the same instructions to deploy to your domain or to your workstation.
All settings can be configured within your Group Policy Editor under this path: (Computer Configuration or User Configuration) > Policies > Administrative Templates > Google > Google Chrome
- Extensions > “Configure the list of force-installed apps and extensions” [ExtensionInstallForcelist] should include the Securly Chrome extension and any other mandatory extensions
- Extensions > “Configure extension installation blocklist” [ExtensionInstallBlocklist] may be used to block all other extensions (such as VPNs or proxies)
- “IncognitoModeAvailability” [IncognitoModeAvailability] should be disabled
- “Enable guest mode in browser” [BrowserGuestModeEnabled] should be disabled
- “Enable ending processes in the Browser task manager” [TaskManagerEndProcessEnabled] should be disabled
- “Browser sign-in settings” [BrowserSignin] may be used to force users to sign in to the browser, this can help with other Office apps
- “Control where developer tools can be used” [DeveloperToolsAvailability] should be disabled
Option 2: Using Intune/Endpoint Manager to deploy
If you are using Intune/Endpoint Manager, follow the steps in the links below:
- Edge: https://bit.ly/34xZIvL
- Chrome: https://bit.ly/3gHAUUz
- ADMX instructions for Edge: rb.gy/0kkb1
- ADMX download for Edge: https://t.ly/83CUY
Option 3: Registry
[THIS METHOD OF DEPLOYMENT IS FOR TESTING PURPOSES ONLY]
The Securly Extension is one of the easiest and fastest ways to get started with Chrome and Edge browser filtering.
Manual configuration
The following registry files can be manually imported to test filtering or they can be pushed out through Group Policy. If a school chooses to use a Chromium Edge or Google Chrome ADMX template the results are identical and the options have the same outcome.
Here are the settings to enable the Securly extension and restrictions outlined in the best practices document in Chromium Edge and Google Chrome:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\ExtensionInstallForcelist]
"1"="adncfiefnfjddkdlfcckejoefaoehcdf;https://extensions.securly.com/extensions.xml"
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\ExtensionInstallBlocklist]
; This prevents other extensions being installed i.e. VPN/Proxy etc
; Note: any extension not listed in 'ExtensionInstallForcelist' will be disabled
"1"="*"
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge]
; Hides the welcome experience which creates shortcuts and asks to import settings and bookmarks. This can get in the way of the BrowserSignin policy.
"HideFirstRunExperience"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge]
; InPrivate Mode options are 0=Enabled [1=Disabled] 2=Forced
"InPrivateModeAvailability"=dword:00000001
; Guest Mode options are -=Enabled [0=Disabled]
"BrowserGuestModeEnabled"=dword:00000000
; Browser End Process options are -=Enabled [0=Disabled]
"TaskManagerEndProcessEnabled"=dword:00000000
; Developer Tools options are -=Enabled [2=Disabled]
"DeveloperToolsAvailability"=dword:00000002
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist]
"1"="lcgajdcbmhepemmlpemkkpgagieehmjp;https://extensions.securly.com/extensions.xml"
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallBlocklist]
"1"="*"
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome]
; Incognito Mode options are 0=Enabled [1=Disabled] 2=Forced
"IncognitoModeAvailability"=dword:00000001
; Guest Mode options are -=Enabled [0=Disabled]
"BrowserGuestModeEnabled"=dword:00000000
; Browser End Process options are -=Enabled [0=Disabled]
"TaskManagerEndProcessEnabled"=dword:00000000
; Browser Sign-in options are -=Enabled 0=Disabled [2=Forced]
"BrowserSignin"=dword:00000002
; Developer Tools options are -=Enabled [2=Disabled]
"DeveloperToolsAvailability"=dword:00000002
Additional Info: Securly Filter Extension Versions
Securly Filter has a small number of extensions to choose from depending on your environment. Securly recommends using our self-hosted extensions where possible as we can more quickly and easily control the version of the software that is released. With the Google/Microsoft hosted extensions there is a considerable delay when we publish updates and if there are any issues it takes a similarly long time to push fixes or updates.
Important note: When pushing out a Securly-hosted extension using G-Suite Admin Console, please ensure that the Update URL setting is changed to "Installation URL" instead of the inherited Google default "Updatecheck URL..."
Browser | Extension ID | Version |
---|---|---|
Chromebook Only | joflmkccibkooplaeoinecjbmdebglab | 2.98.68 (PKG-23 / Sep 2024) |
Chrome Browser (macOS/Windows) | lcgajdcbmhepemmlpemkkpgagieehmjp | 2.98.68 (PKG-23 / Sep 2024) |
Edge Browser | adncfiefnfjddkdlfcckejoefaoehcdf | 2.98.68 (PKG-23 / Sep 2024) |
Browser | Extension ID | Version |
---|---|---|
Chromebook Only | iheobagjkfklnlikgihanlhcddjoihkg | 2.98.65 (PKG-23 / Sep 2024) |
Browser | Extension ID | Version |
---|---|---|
Edge Browser | dfkheabholbfmmehflddbknjimnjelda | 2.98.42 (PKG-23 / Sep 2024) |
Some experimental extensions are usually published for specific tests to be completed by customers, these are listed here for completeness but should only be used under instruction from a Securly support team member.
Browser | Extension ID | Version |
---|---|---|
Chromebook | nldffgleokocdcddeocjmdgneoinbhfb | 2.98.0 (Think Twice) |
Chrome Browser (macOS/Windows) | hgpppmjalkmcmloikkbmonbpdakcklfp | 2.98.0 (Think Twice) |
Edge Browser | bjnmaaglmedeickpbmlhmjkndenggend | 2.98.0 (Think Twice) |
Chromebook | khfcjmoagjdbcchabenkohfbllefkbei | 2.98.0 (MV3) |
Chromebook | hgmfginomehjpgpacpjnjaijecknnaog | 2.98.51 (PKG-20 Beta - DNS Failsafe) |
Chrome Browser (macOS/Windows) | ehpfmanenigliflmbaiihbppncilhaha | 2.98.50 (Beta) |
Chromebook | knneimmpeamikmjijmnhjmmobddleohj | 2.98.60 (REL-6435) |
Edge Browser | cppgiodhimhhljofjomebpcgliegpddd | 2.98.61 (FILTER-3880) |
Chrome Browser (macOS/Windows) | pmjdkmdfhcbecicgaenammmpamphljpe | 2.98.61 (FILTER-3880) |
Chromebook | bemnimicbokkfdkgbghbpaelcagifglp | 2.97.1 (QA) |
Comments
Article is closed for comments.