1. Home
  2. Deploying the Browser Extension via Endpoint Manager (Intune)
Searching...

Deploying the Browser Extension via Endpoint Manager (Intune)

Contents

Purpose

This article explains how to deploy the required Practice Protect browser extension using Microsoft Intune.

Prerequisites

  • Microsoft 365 tenant with Global Administrator or Intune Administrator role

  • Intune licensing (e.g. Intune Plan 1, Microsoft 365 E3/E5, or Business Premium). Note: Microsoft Entra ID alone does not include Intune capabilities

  • Devices must be enrolled in Intune

Instructions

  1. Sign in to the Microsoft Intune Admin Center
  2. In the left menu, click on Devices and then click on Configuration under Manage devices
  3. On the Policy tab, click Create and select New Policy
  4. Continue with the steps below for each required browser. You’ll need to create a separate policy or profile for every browser you intend to block.
Microsoft Edge
  1. Configure the following
    • For Platform choose Windows 10 and Later
    • For Profile Type choose Settings catalog
  2. Click Create
  3. Name the Profile to Deploy Practice Protect Plugin Microsoft Edge and click Next.
  4. In the Configuration settings tab, click Add settings.
  5. Search for Control which extensions are installed silently
  6. Choose Microsoft Edge\Extensions
  7. In the Setting name tick the box for Control which extensions are installed silently
  8. Enable the switch for Control which extensions are installed silently
  9. Copy the below Extension/App ID and paste it on the field that will show up. 
    mblkikdcdlfpljlmgijhccbhiijkhded;https://edge.microsoft.com/extensionwebstorebase/v1/crx

  10. Click Next.
  11. Leave scope as Default and click Next.
  12. On the Assignments tab, Click on Add all users and Add all devices.  Note: If you don’t want to deploy the policy to all users, select Add groups instead and assign it only to the preferred group.


  13. Click Next.
  14. Review the settings to ensure the extension ID and URL are correct.
  15. Click Create
  16. The policy will be enforced on targeted devices at their next Intune check-in
Google Chrome
  1. Configure the following
    • For Platform choose Windows 10 and Later
    • For Profile Type choose Settings catalog

  2. Name the Profile Deploy Practice Protect Plugin Google Chrome and click Next.
  3. In the Configuration settings tab, click Add settings.

  4. Search for Chrome and select Google Google Chrome Extensions

  5. Tick the box for Configure the list of force-installed apps and extensions.
  6. Enable the switch for Configure the list of force-installed apps and extensions
  7. Copy the below Extension/App ID and paste it on the field that will show up. 
    jifcoadedkediabkmjbflemiblmnbjfk;https://clients2.google.com/service/update2/crx

  8. Leave scope as Default and click Next.
  9. On the Assignments tab, Click on Add all users and Add all devices.
    Note    : If you don’t want to deploy the policy to all users, select Add groups and assign it only to the preferred group.
  10. Click Next.
  11. Review the settings to ensure the extension ID and URL are correct.
  12. Click Create to deploy the policy.
  13. The policy will be enforced on targeted devices at their next Intune check-in
Mozilla Firefox
  1. Download updated FireFox ADMX file from https://support.practiceprotect.com/downloads/firefox_updated.admx
  2. Go back in End Point Manage. Click Create Profile.
  3. Configure the following and click Create. Platform “Windows 10 and Later”, Profile Type “Templates”, Template name “Custom”.
  4. Fill out fields below and type “Deploy Practice Protect Plugin Mozilla Firefox” in the Name field then click Next
  5. Click Add to add a new OMA-URI.
  6. Fill Up all fileds.
    • Set Name to “Firefox ADMX”
    • OMA-URIto  “./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Firefox/Policy/FirefoxAdmx
    • Copy content from the file firefox_updated.admx to the “Value” field
      click Save.
  7. Click Add again.
  8. Fill Up all fileds.
    • Set Name to “Extensions_Install
    • OMA-URI to “./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
    • Data type “String
    • Value to “<enabled/>
      <data id=”Extensions” value=”1&#xF000;https://addons.mozilla.org/firefox/downloads/file/4110179/cyberark_identity_browser-23.5.4.xpi”/>and click Save.
  9. Click Add again.
  10. Fill Up all fileds.
    • Name = Extensions_Locked
    • OMA-URI = “./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
    • Data type to “String
    • Value to “<enabled/>
      <data id=”Extensions” value=”1&#xF000;IdaptiveBrowserExtension@idaptive.com”/>”
  11. Click Next.
  12. Select All Users and All Devices (You may use custom groups as well). Click Next
  13. Confirm the configuration and click Next.
  14. The policy will now be deployed to devices when they check-in next time.
  15. In case you are using Intune to disable “Password Manager”, you will need to use “firefox_updated.admx” file from this guide to avoid conflict.

Updated on October 28, 2025
Need Support?
Can't find the answer you're looking for?
Contact Support