Forum Discussion
Profile based apps installing for non admins
Our managed environment restricts the ability to install any apps (non-admins) though lately some collaboration apps (Teams, Zoom, etc) install directly to the user profile, circumventing the rights requirement. This creates risk via unapproved downloads over small circuits, ensuring updates can be performed in a managed way, and managed uninstall methods. We need a solution to restrict this type of download / install without creating additional restrictions via App Locker, general exe execution restrictions or zone download restrictions. File exe names change upon each download or we could call them by name via policy.
Specific to this larger issue, we will option to deploy 365 without Teams... so when a user needs to connect to a Teams meeting they would use the browser only. They are prompted to install the client upon connection, and we would like to prevent this without creating any additional content related problems when retrieving data from MS.... or anywhere else.
Browser = EDGE Chromium
- Hi,
if your environment doesn't allow installing apps/programs to non-admins, no app/program should be able to install, but PWA app (progressive web apps) can be installed regardless.
it can be controlled of course using Edge group policies.
Teams online doesn't need a client to be installed first. Teams online can be run standalone only through the browser.- jlorraineCopper Contributor
I'll clarify. Only admins should be able to install apps, though standard users can choose to install apps such as Teams when prompted while connecting to a Teams meeting. We would like to restrict the user-initiated install and force the session to run in the browser.
You mention EDGE policies, have you seen this scenario corrected by any specific GPO settings? I'm not finding them..
- Sir you don't need to install anything to use Teams meetings on the web, it's all done through the browser, the website. no need to install a client.
user can "install" the Teams website as an app in Edge (this install is not the same as installing a Win32 software), then user will receive notifications from Teams, and user can use it to join online meetings. Teams icon can appear in Start menu or taskbar for the user.
I do this myself with my M365 education subscription.
to block URLs in Edge there is a policy:
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#urlblocklist
more on PWAs: https://docs.microsoft.com/en-us/microsoft-edge/progressive-web-apps-chromium/
- smbridgesCopper ContributorWas there a fix found for this?