With Windows 10 1809 there is a lot of new MDM settings one of them is to prevent a end user to uninstall Edge browser extensions, that is a nice improvement – so if I as a admin forces a Edge Browser extensions on my users there is a reason for that and they are not allowed to remove it or turn it off again. This is also the only way I have found to auto enable Edge Browser extension without any user interaction.
Back in 2017 I wrote a blog post on How to deploy extensions for Microsoft Edge browser with Intune and WSfB in that blog post I deployed Microsoft Access Panel
The first ting you need to do is find the package family name (PFN) for Edge Browser extension you do not what the end user to uninstall.
There is different ways on doing this, in both cases you need to have the browser extensions installed on a device – in this blog post I will show two.
1 : Using PowerShell
That will return the result : PackageFamilyName : Microsoft.AccessPanelExtension_8wekyb3d8bbwe
2 : Using the MDMDiagReport.html
Start the settings app – Accounts – Access work or school – Connected to your tenant Azure AD
Click Info – Create Report
Then the MDMDiagReport.html can be found at C:\Users\Public\Documents\MDMDiagnostics
Then you can find the PFN name : Microsoft.AccessPanelExtension_8wekyb3d8bbwe
How to create Intune Profile:
Start Microsoft 365 Device Management portal : https;//devicemanagement.microsoft.com
- Click Device Configuration
- Click Profile
- Click Create profile
- Enter a Name : Windows 10 – Manage Edge Extensions
- Select Platform : Windows 10 and later
- Select Profile type : Device restriction
- Select : Configure
- Select Category : Microsoft Edge Browser
- Select : Additional
Under additional is the new Edge Browser settings
- Enter the packages family name you found earlier
- Click Add
Now you are ready to assign the profile to your users
How does it look like from a user perspective:
The only thing that the end user can see is that the turn on/off settings is grayed out so they are not able to turn it off – the best side effect of this policy settings is that the extension you have deployed from Intune/MSfB is also automatic enabled without any end user interaction.
Uninstall is also blocked for the end user.
Happy testing !