Forum Discussion

LewisTaylor's avatar
LewisTaylor
Copper Contributor
Sep 03, 2019

Block Access To All Sites Except Whitelist Configuration Google Chrome In Intune

Due to the phasing out of the intune managed browser, we have deployed Google Chrome to our Corporate Owned Dedicated Devices. Within client apps - app configuration settings we can configure "Block access to a list of URLs" within the chrome browser. But I cannot seem to figure out if you can block all sites by default and then have the whitelist configured for allowed sites. Does anybody know if this is possible and if so what syntax do I need to put in the block access to a list of URLs configuration box?
  • LewisTaylor Hi,

    You need to blacklist everything and then use the Whitelist setting to allow whitelisted websites.. From the Google docs it should look like this.

    "*" blocks all requests; only whitelisted URLs will be allowed;

    I hope that helps.

    Regards,
    Jörgen

      • ProITadmin's avatar
        ProITadmin
        Copper Contributor

        Unfortunately, there is not much documentation on the syntax for multiple URL's or string values.
        I found that this syntax works for MS Edge app configuration policies:
        "https://contoso.com,microsoft.com,office.com,http://google.com,yahoo.com,chrome://policy,edge://flags"
        You have to use the protocol type of URL (HTTPS or HTTP or CHROME or EDGE commands) and follow each domain with a comma for that specific protocol.

        What I have found works on Google Chrome App config policy is to use an array instead of a string value:

         

         

        {
            "kind": "androidenterprise#managedConfiguration",
            "productId": "app:com.android.chrome",
            "managedProperty": [
                {
                    "key": "URLBlocklist",
                    "valueString": "*"
                },
                {
                    "key": "URLAllowlist",
                    "valueStringArray": [
                        "https://YOURDOMAIN.com",
                        "play.google.com",
                        "microsoftonline.com",
                        "microsoft.com",
                        "http://YOURDOMAIN.com",
                        "chrome://policy"
                    ]  
                }
            ]
        }
  • yliu-cvx's avatar
    yliu-cvx
    Copper Contributor
    Does anyone know the syntax to whitelist local file storage? For example, we have tested below, and it works - "file:///storage/emulated/0/Download/" when Chrome tries to open files as "file:///xxxxx/xxxx/123.jpg", however, sometime, Chrome is using "content://xxxxx/xxx/456.jpg" to open the file, so we tried "content://media/external/downloads/" where the file is, still blocked. Any idea?

    Thanks,

Resources