ADMX Ingested CSP – Set Chrome Homepage with Intune

In addition to standard policies, CSP policies can also be used to configure ADMX-backed policies. With this policy we use a third-party administrative template where registry keys and associated values are defined.

The ADMX template is either shipped with OS or can be ingested into a device using CSP URI: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall

In this post you will set up ADMX-backed policies to configure Chrome homepage with Intune:

  • Get the chrome.admx file
  • Ingest the ADMX template in Intune
  • Determine what keys/settings need to be configured
  • Configure the settings
  • Test the policy

Get the chrome policy templates including the chrome.admx from here

Login to your tenant on https://portal.azure.com

  • Go to Intune -> Device Configuration ->profiels
  • In the Device Configuration blade click Create profile

  • In the Create Profile blade enter Chrome Config for Name and for Description
  • Select windows 10 or later for platform
  • Profile type is custom

  • In the new Custom OMA-URI Settings blade click Add
  • In the Add row blade enter Ingest Chrome ADMX for Name and for Description
  • For OMA-URI enter ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx
  • Data type is string and in the value box copy and paste the entire chrome.admx content

Now, let’s take a step back and discuss the settings that we need to configure to set up Chrome homepage

On a computer that has chrome.admx imported open regedit.exe

Go to HKLM\SOFTWARE\Microsoft\PolicyManager\ADMXDefault

You now have access to the Chome setting categories as defined in the ADMX template. I highlighted the settings we need to change

There are 4 settings we need to set. They are grouped in 2 category:

  • HomePageisNewTabPage should be disabled
  • HompageLocation should point to the homepage URL
  • RestoreOnStartup should have value 4
  • RestoreOmStartupURLs should point to your homepage

Let’s look at the logic we used when creating the settings.

Open chrome.admx in notepad++ or other editor. Search for HomePageisNewTabPage.

You see this setting is part of the Homepage category and we are looking for the disabled value

Let’s check the next one : HomepageLocation

When you search this in chrome.admx you find the following

For more information on how to construct ADMX-backed policies pleas consult the document here

Now, we have 4 policies we can add to the CSP policy

Now let’s look at each setting. If you plan to copy the settings and you get an error, consider replacing the quotes since WordPress is using its own quotes 😊

HomePageisNewTabPage

OMA-URI : ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Homepage/HomepageIsNewTabPage

Data Type : string

Value:

<disabled/>

HompageLocation

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Homepage/HomepageLocation

Data type : String

Value:

<enabled/>

<data id=”HomepageLocation” value=”https://gmarculescu.com”/>

RestoreOnStartup

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~RestoreOnStartupGroup/RestoreOnStartup

Data Type: String

Value:

<enabled/>

<data id=”RestoreOnStartup” value=”4″/>

RestoreOnStartupURLs

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~RestoreOnStartupGroup/RestoreOnStartupURLs

Data type: String

Value: <enabled/>

<data id=”RestoreOnStartupURLsDesc” value=”1&#xF000;https://gmarculescu.com”/>

If you want to automatically import the policy usig this script, you find the policy in JSON format here

Once you added and saved the policy you will have something like this:

Once deployed, the policy can be validated in chrome