When deploying Cloud Filter Extension, configure these browser policies to help prevent users from bypassing the extension.
Important
On Windows devices, Cloud Filter uses Command Prompt (CMD) to communicate with native components. If your organisation restricts access to CMD, you must turn on the Force Windows executable Native Messaging hosts to launch directly policy.
Google Chrome
| Name | State | Value |
|---|---|---|
| Developer tools availability | Never allow use of built-in developer tools | 2 |
| Incognito mode | Disallow incognito mode | 1 |
| Browser guest mode | Prevent guest browser logins | false |
| Add profiles | Disable adding new profiles | false |
| Task manager | Block users from ending processes with the Chrome task manager | false |
Browser sign-in settings
If browser sign-in is required (for example, to allow bookmark synchronisation), restrict it to the managed domain using a Restrict sign-in to pattern policy.
| Name | State | Value |
|---|---|---|
| Browser sign-in settings | Disable browser sign-in | 0 |
Windows devices with CMD restricted
You must turn on this setting if your organisation blocks or restricts access to CMD.
Note
You must install the Google Chrome Browser ADMX templates to configure this option with Microsoft Intune.
| Name | State | Value |
|---|---|---|
| Force Windows executable Native Messaging hosts to launch directly | Directly launch executable native messaging hosts on Windows | Enabled |
Microsoft Edge
| Name | State | Value |
|---|---|---|
| Control where developer tools can be used | Enabled | Don’t allow using the developer tools |
| Configure InPrivate mode availability | Enabled | InPrivate mode disabled |
| Enable guest mode | Disabled | N/A |
| Enable profile creation from the Identity flyout menu or the Settings page | Disabled | N/A |
| Enable ending processes in the Browser task manager | Disabled | N/A |
Browser sign-in settings
If browser sign-in is required (for example, to allow bookmark synchronisation), restrict it to the managed domain using the Restrict which accounts can be used as Microsoft Edge primary accounts policy.
| Name | State | Value |
|---|---|---|
| Browser sign-in settings | Enabled | Disable Browser sign-in |
Windows devices with CMD restricted
You must turn on this setting if your organisation blocks or restricts access to CMD.
| Name | State | Value |
|---|---|---|
| Force Windows executable Native Messaging hosts to launch directly | Enabled | N/A |