This article applies to organisations with a 'Hybrid' setup (both On-Premise Appliance and Cloud), as well as On-Premise only and Cloud only setups.
To use Cloud Filter on managed Windows devices enrolled in Microsoft Intune, you must deploy a system service, a script, and a browser extension.
- Use this article if your devices use Microsoft Edge only.
- If your devices use Google Chrome or a mixture of Google Chrome and Microsoft Edge, follow the instructions to install Cloud Filter on Windows using Intune (Chrome or Chrome and Edge)
Step 1: Download the Intune installer
- Go to software.smoothwall.com
- In the Unified Client section, select Windows x64
- This downloads the Windows 64-bit zip file (smoothwall-unified-client-x-windows.zip) to your computer, containing an .intunewin installer file and provisioning tools among other files. For this deployment, you only need the PowerShell script.
Step 2: Provision Intune
Edit the ps1 script file
- Edit the file named smoothwall-provisioning-winbook.ps1
- Add your serial number (16 characters, starting with UNCL) to the serial variable.
- Add the tenant ID if multi-tenanted, or leave the tenant variable empty if you are not.
- Save the file as a new version.
For example, if your serial number is UNCL123456789 and you want to provision tenant d77b701d-d1ca-4c8d-b4b9-a9b576167d92, the file will read:
######################################
$serial = "UNCL123456789"
$tenant = "d77b701d-d1ca-4c8d-b4b9-a9b576167d92"
######################################
Upload the script
- In Intune, go to Devices > Scripts and remediations.
- Add a new script for Windows 10 or later.
- In Script settings, select the edited script file.
- Set all the fields to No.
- Target the script to users, machines, or both that require Cloud Filter.
Alternative Method to provision Intune
If you are unable to run PowerShell scripts, you must instead deploy the following Registry values under this registry path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\dlcaglefdlidioooijnigjhfcndlncfp\policy\Smoothwall\
- ForceOS=chromeos
- SerialId = String (REG_SZ) containing your UNCL serial.
- TenantId= String (REG_SZ) containing your tenant ID, if you have a multi-tenant environment. If you don’t, leave this blank.
Step 3: Configure your browser
Edge requires some configuration to force install the Smoothwall extension along with locking them down to ensure safe usage.
In Intune, using an Administrative Template Profile, configure Edge with the following properties and target the Cloud Filter devices. These properties must apply at the Computer level, not the User level.
Control which extensions are installed silently:
- State= Enabled
- Value=dlcaglefdlidioooijnigjhfcndlncfp;https://edge.microsoft.com/extensionwebstorebase/v1/crx
Control where developer tools can be used:
- State=Enabled
- Value=Don’t allow using the developer tools
Configure InPrivate mode availability:
- State=Enabled
- Value=InPrivate mode disabled
Enable guest mode:
- State=Disabled
- Value=N/A
Enable profile creation from the Identity flyout menu or the Settings page:
- State=Disabled
- Value=N/A
Enable ending processes in the Browser task manager:
- State=Disabled
- Value=N/A
Browser sign-in settings:
- State=Enabled
- Value=Force users to sign-in to the browser
Restrict which accounts can be used to sign in to Microsoft Edge:
State=Enabled
Set this to a regular expression that matches your organisation's Azure AD email addresses. This prevents users from signing into the browser using other accounts which the filter will not recognise. For example: .*@example.com
Next steps
Check your deployment is working as expected:
You can also prevent users from using their own extensions with Intune using Microsoft’s guidance.