1. Home
  2. Disable Browser Password Saving via Endpoint Manager (Intune)

Disable Browser Password Saving via Endpoint Manager (Intune)

Purpose

This article explains how to prevent browser from remembering credentials via Microsoft Endpoint Manager (Intune).

Prerequisites

  • Office 365 Global Administrator
  • Endpoint Manager Licensed and Deployed

Instructions – Create Policy

  1. Login to Office 365 Admin Center. https://admin.microsoft.com/Adminportal
  2. Go to Endpoint Manager.
  3. Click on Devices.
  4. Go to Configuration Profiles.
  5. Click on Create Profile.
  6. Continue below for the browsers required. You will need to create a Profile for each browser you want to block.

Microsoft Edge

  1. Configure the following and click Create. Platform “Windows 10 and Later”, Profile Type “Templates”, Template name “Administrative Templates”.
  2. Name the Profile “Block Password Saving Microsoft Edge” and click Next.
  3. In the search box type “Enable saving passwords to the password manager” then select the one that does not include “users can override” the click Next.
  4. Chose Disabled and Click Ok.
  5.  In the search box type “Disable synchronization of data using Microsoft sync services” then select the one that does not include “users can override” the click Next.
  6. Chose Enabled and Click Ok.
  7. Click Next.
  8. Leave scope as Default and click Next.
  9. Select All Users and All Devices (You may use custom groups as well). Click Next.
  10. Confirm the configuration and click Next.
  11. The policy will now deploy out to devices when they next check-in.
  12. Continue below for Chrome and Firefox Polices.

Google Chrome

  1. Download the Custom Chrome Polices from: https://chromeenterprise.google/browser/download/
  2. Unzip/Extract the downloaded Zip File.
  3. Open the extracted folder and Go to Configuration\admx and look for Chrome.admx
  4. Right Click on Chrome.admx and click Open with.
  5. Chose Notepad and unselect Always Use and click Ok.
  6. Ctrl+A to select everything and Right-Click and Copy. This will be needed in step 11.
  7. Back in End Point Manage. Click Create Profile.
  8. Configure the following and click Create. Platform “Windows 10 and Later”, Profile Type “Templates”, Template name “Custom”.
  9. Name and Description “Block Password Saving Google Chrome” and click Next.
  10. Click Add.
  11. Configure the following and click Save. Name: “Chrome ADMX Ingestion” OMA-URI: “./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx” Datatype: “String” Value: “Contents of Step 6” then click Save.
  12. Click Add again.
  13. Configure the following and click Save. Name: “Disable Password Manager” OMA-URI: “./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~PasswordManager/PasswordManagerEnabled” Datatype: “String” Value: “<disabled/>” then click Save.
  14. Click Add again.
  15. Configure the following and click Save. Name: “Disable Browser Signin” OMA-URI: “./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/BrowserSignin” Datatype: “String” Value: “<enabled/> <data id=”BrowserSignin” value=”0″/>” then click Save.
  16. Click Next.
  17. Select All Users and All Devices (You may use custom groups as well). Click Next
  18. Confirm the configuration and click Next.
  19. The policy will now deploy out to devices when they next check-in.
  20. Continue below for Firefox Polices.

FireFox

  1. Download FireFox Polices from: https://github.com/mozilla/policy-templates/releases
  2. Under Assets, Click policy_templates.zip to Download.
  3. Unzip/Extract the downloaded Zip File.
  4. Open the extracted folder and Go to policy_templates_v3.0\windows and look for firefox.admx
  5. Right Click on FireFox.admx and click Open with.
  6. Chose Notepad and unselect Always Use and click Ok.
  7. Ctrl+A to select everything and Right-Click and Copy. This will be needed in step 11
  8. Back in End Point Manage. Click Create Profile.
  9. Configure the following and click Create. Platform “Windows 10 and Later”, Profile Type “Templates”, Template name “Custom”.
  10. Name and Description “Block Password Saving Mozilla FireFox” and click Next.
  11. Click Add.
  12. Configure the following and click Save. Name: “FireFox ADMX ” OMA-URI: “./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Firefox/Policy/FirefoxAdmx” Datatype: “String” Value: “Contents of Step 7” then click Save.
  13. Click Add again.
  14. Configure the following and click Save. Name: “PasswordManagerEnabled” OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled” Datatype: “String” Value: “<disabled/>” then click Save.

  15. Click Add again.
  16. Configure the following and click Save. Name: “DisbaleFireFoxAccounts” OMA-URI: “./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts” Datatype: “String” Value: “<enabled/>” then click Save.
  17. Click Add again
  18. Configure the following and click Save. Name: “OfferToSaveLogins” OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins Datatype: “String” Value: “<disabled/>” then click Save.

  19. Click Next.
  20. Select All Users and All Devices (You may use custom groups as well). Click Next
  21. Confirm the configuration and click Next.
  22. The policy will now deploy out to devices when they next check-in.
  23. Finished.
Updated on August 24, 2021
Need Support?
Can't find the answer you're looking for?
Contact Support