With Windows 10 1809 there is a lot of new MDM settings one of them is to prevent a end user to uninstall Edge browser extensions, that is a nice improvement – so if I as a admin forces a Edge Browser extensions on my users there is a reason for that and they are not allowed to remove it or turn it off again. This is also the only way I have found to auto enable Edge Browser extension without any user interaction.

Back in 2017 I wrote a blog post on How to deploy extensions for Microsoft Edge browser with Intune and WSfB in that blog post I deployed Microsoft Access Panel

 

The first ting you need to do is find the package family name (PFN) for Edge Browser extension you do not what the end user to uninstall.

There is different ways on doing this, in both cases you need to have the browser extensions installed on a device – in this blog post I will show two.

1 : Using PowerShell

Get-AppxPackage *AccessPanel*

That will return the result : PackageFamilyName : Microsoft.AccessPanelExtension_8wekyb3d8bbwe

How to mange Edge extensions - 02

2 : Using the MDMDiagReport.html

Start the settings app – Accounts – Access work or school – Connected to your tenant Azure AD
Click Info – Create Report
How to mange Edge extensions - 02a.png

Then the MDMDiagReport.html can be found at C:\Users\Public\Documents\MDMDiagnostics

Then you can find the PFN name : Microsoft.AccessPanelExtension_8wekyb3d8bbwe

How to mange Edge extensions - 01

How to create Intune Profile:

Start Microsoft 365 Device Management portal : https;//devicemanagement.microsoft.com

  1. Click Device Configuration
  2. Click Profile
  3. Click Create profile

Intune Extension profile - 01

  1. Enter a Name : Windows 10 – Manage Edge Extensions
  2. Select Platform : Windows 10 and later
  3. Select Profile type : Device restriction
  4. Select : Configure
  5. Select Category : Microsoft Edge Browser
  6. Select : Additional

Intune Extension profile - 02

Under additional is the new Edge Browser settings

  1. Enter the packages family name you found earlier
  2. Click Add

Intune Extension profile - 03

Now you are ready to assign the profile to your users

How does it look like from a user perspective:

The only thing that the end user can see is that the turn on/off settings is grayed out so they are not able to turn it off – the best side effect of this policy settings is that the extension you have deployed from Intune/MSfB is also automatic enabled without any end user interaction.

How to mange Edge extensions - Enduser

Uninstall is also blocked for the end user.

Intune Extension profile - 04.png

 

Happy testing !

Read more:

Policy CSP – Browser
Microsoft Edge Browser
What is the MyApps portal?