This article applies to organisations with a Cloud setup, and those with a 'Hybrid' setup (both On-Premise Appliance and Cloud).
When deploying Cloud Filter Extension, use these settings to restrict users from bypassing the extension.
Edge
| Name | State | Value |
| Control where developer tools can be used | Enabled | Don’t allow using the developer tools |
| Configure InPrivate mode availability | Enabled | InPrivate mode disabled |
| Enable guest mode | Disabled | N/A |
| Enable profile creation from the Identity flyout menu or the Settings page | Disabled | N/A |
| Enable ending processes in the Browser task manager | Disabled | N/A |
|
Browser sign-in settings If sign-in is needed (for example, to allow bookmark sync), restrict it to the managed domain using the Restrict which accounts can be used as Microsoft Edge primary accounts setting. |
Enabled | Disable Browser sign-in |
|
Optional for Windows devices Force Windows executable Native Messaging hosts to launch directly |
Enabled | N/A |
Chrome
| Name | State | Value |
| Developer tools availability | Never allow use of built-in developer tools | 2 |
| Incognito mode | Disallow incognito mode | 1 |
| Browser guest mode | Prevent guest browser logins | false |
| Add profiles | Disable adding new profiles | false |
| Task manager | Block users from ending processes with the Chrome task manager | false |
|
If sign-in is needed (for example, to allow bookmark sync), restrict it to the managed domain with a Restrict sign-in to pattern policy. |
Disable browser sign-in | 0 |
|
Optional for Windows devices
Note You must install the Google Chrome Browser ADMX templates to use this option with Intune.
Force Windows executable Native Messaging hosts to launch directly |
Directly launch executable native messaging hosts on Windows | Enabled |