This guide covers how to deploy the Push Security browser extension, including how to configure it to endpoints in your organization using Microsoft Endpoint Manager. We recommend that you deploy it first into a test environment, as you will be required to create policies and deploy a PowerShell script.
Note: Multiple steps in this guide overlap with the instructions in the relatedarticle. If you're following the guides to deploy settings for both browsers in your environment, please be sure to follow the steps closely to avoid missing settings that need to be applied in each instance.
Generating the extension config
Before we get started with configuring InTune, you need to generate a config specific to your team within the Push app. Skip to the next step if you’ve already done so.
In the Push app, head to thesection, and click on Enrollment options.
On the popup frame, click on the Managed button.
Next, click on the Device Management Software button, make sure Chrome is the selected browser, Windows is the selected OS, and click Generate config. This will provide you with a button to download a config specific to your team.
Once you’ve downloaded and extracted the zip file, proceed to the next step.
Creating a Configuration Profile
In, select Devices (1), Configuration profiles (2) and then Create profile (3). Select Windows 10 and later(4) as your target platform, Templates (5)as the Profile type, and finally select Administrative Templates (6) then click the Create (7) button.
Enter a descriptive name for the profile (8), and a description if required, then click on the Next (9) button.
On the next screen, make sure Computer Configuration is selected (10). In the Setting name listing, click on Google, followed by Google Chrome, then Extensions, and finally Configure the list of force-installed apps and extensions (11). If a page opens on the right side of your screen, scroll down, click the Enabled radio button (12), and paste the following string into the value field (13):
Finally, click OK (14).
Click Next at the bottom of the page and set any scope tags you require. On the following page, assign target groups (15), or set it to apply to all users and groups, if required. Click Next (16) at the bottom of the page.
On the final page, review the profile for any errors and finally click Create (17).
Creating a PowerShell Script
There are a few settings we can't configure via configuration profiles, so we'll need to create a PowerShell script that will run on each endpoint to finalize the configuration steps.
The purpose of the script is to create registry keys and values containing policy settings for the Push Security extension, as it's not possible to configure these values via administrative templates in InTune.
In, click on Devices (1), Scripts (2), Add (3), and then select Windows 10 and later (4) on the dropdown menu.
On the Add PowerShell script screen, provide a Name (5) for the script, a description (optional), and click Next (6).
Next, upload (8) chrome_push_security.ps1 included in the config.zip file generated in the Push app. Once uploaded, click on Yes next to the Run script in 64 bit PowerShell Host (8) option. This is an important step to make sure the registry keys are created in the correct location on 64-bit hosts. Click Next (9).
As with the previous section, click Add groups (10) to specify the group or groups you wish to deploy the settings to, or set it to apply to all users and groups if required. Click Next (11) at the bottom of the page.
On the final page, review the profile for any errors and finally click Create (12).
The configuration steps for deploying the Push Security browser extension for Google Chrome via Microsoft Endpoint Manager is complete.
If you have any questions or you need help setting up,and the Push team can help.