Edge
ID: dfkheabholbfmmehflddbknjimnjelda
Chrome:
ID: lcgajdcbmhepemmlpemkkpgagieehmjp
URL: https://extensions.securly.com/extensions.xml
----------------
Option 1: Using an ADMX template in Group Policy to deploy
Go to the Microsoft Edge Enterprise landing page to download the Microsoft Edge policy templates file (MicrosoftEdgePolicyTemplates.cab) and extract the contents.
Follow this guide to install the ADMX template to your domain or to your machine.
All settings can be configured within your Group Policy Editor under this path: (Computer Configuration or User Configuration) > Policies > Administrative Templates > Microsoft Edge
- Extensions > “Control which extensions are installed silently” (ExtensionInstallForcelist) should include the Securly Edge extension and any other mandatory extensions
- Extensions > “Control which extensions cannot be installed” [ExtensionInstallBlocklist] may be used to block all other extensions (such as VPNs or proxies)
- “Hide the First-run experience and splash screen” [HideFirstRunExperience] may be disabled
- “Configure InPrivate mode availability” [InPrivateModeAvailability] should be disabled
- “Enable guest mode” [BrowserGuestModeEnabled] should be disabled
- “Enable ending processes in the Browser task manager” [TaskManagerEndProcessEnabled] should be disabled
- “Browser sign-in settings” [BrowserSignin] may be used to force users to sign in to the browser, this can help with other Office apps
- “Control where developer tools can be used” [DeveloperToolsAvailability] should be disabled
For Chrome, you can download the ADMX templates and use the same instructions to deploy to your domain or to your workstation.
All settings can be configured within your Group Policy Editor under this path: (Computer Configuration or User Configuration) > Policies > Administrative Templates > Google > Google Chrome
- Extensions > “Configure the list of force-installed apps and extensions” [ExtensionInstallForcelist] should include the Securly Chrome extension and any other mandatory extensions
- Extensions > “Configure extension installation blocklist” [ExtensionInstallBlocklist] may be used to block all other extensions (such as VPNs or proxies)
- “IncognitoModeAvailability” [IncognitoModeAvailability] should be disabled
- “Enable guest mode in browser” [BrowserGuestModeEnabled] should be disabled
- “Enable ending processes in the Browser task manager” [TaskManagerEndProcessEnabled] should be disabled
- “Browser sign-in settings” [BrowserSignin] may be used to force users to sign in to the browser, this can help with other Office apps
- “Control where developer tools can be used” [DeveloperToolsAvailability] should be disabled
Option 2: Using Intune/Endpoint Manager to deploy
If you are using Intune/Endpoint Manager, follow the steps in the links below:
- Edge: https://bit.ly/34xZIvL
- Chrome: https://bit.ly/3gHAUUz
- ADMX instructions for Edge: rb.gy/0kkb1
- ADMX download for Edge: https://t.ly/83CUY
Option 3: Registry
[THIS METHOD OF DEPLOYMENT IS FOR TESTING PURPOSES ONLY]
The Securly Extension is one of the easiest and fastest ways to get started with Chrome and Edge browser filtering.
Manual configuration
The following registry files can be manually imported to test filtering or they can be pushed out through Group Policy. If a school chooses to use a Chromium Edge or Google Chrome ADMX template the results are identical and the options have the same outcome.
Here are the settings to enable the Securly extension and restrictions outlined in the best practices document in Chromium Edge and Google Chrome:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\ExtensionInstallForcelist]
"1"="dfkheabholbfmmehflddbknjimnjelda"
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\ExtensionInstallBlocklist]
; This prevents other extensions being installed i.e. VPN/Proxy etc
; Note: any extension not listed in 'ExtensionInstallForcelist' will be disabled
"1"="*"
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge]
; Hides the welcome experience which creates shortcuts and asks to import settings and bookmarks. This can get in the way of the BrowserSignin policy.
"HideFirstRunExperience"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge]
; InPrivate Mode options are 0=Enabled [1=Disabled] 2=Forced
"InPrivateModeAvailability"=dword:00000001
; Guest Mode options are -=Enabled [0=Disabled]
"BrowserGuestModeEnabled"=dword:00000000
; Browser End Process options are -=Enabled [0=Disabled]
"TaskManagerEndProcessEnabled"=dword:00000000
; Developer Tools options are -=Enabled [2=Disabled]
"DeveloperToolsAvailability"=dword:00000002
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist]
"1"="lcgajdcbmhepemmlpemkkpgagieehmjp"
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallBlocklist]
"1"="*"
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome]
; Incognito Mode options are 0=Enabled [1=Disabled] 2=Forced
"IncognitoModeAvailability"=dword:00000001
; Guest Mode options are -=Enabled [0=Disabled]
"BrowserGuestModeEnabled"=dword:00000000
; Browser End Process options are -=Enabled [0=Disabled]
"TaskManagerEndProcessEnabled"=dword:00000000
; Browser Sign-in options are -=Enabled 0=Disabled [2=Forced]
"BrowserSignin"=dword:00000002
; Developer Tools options are -=Enabled [2=Disabled]
"DeveloperToolsAvailability"=dword:00000002
Comments
Article is closed for comments.