Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)

Chrome Policies: Cookie handling

%3CLINGO-SUB%20id%3D%22lingo-sub-3249068%22%20slang%3D%22en-US%22%3EChrome%20Policies%3A%20Cookie%20handling%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3249068%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20Community%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20looking%20into%20Intune%20policies%20for%20Chrome%20to%20secure%20the%20browser%20-%20I%20would%20like%20to%20block%20third%20party%20cookies%20for%20untrusted%20sites%20(*%20all)%2C%20but%20allow%20it%20for%20trusted%20sites%20to%20make%20sure%20they%20are%20fully%20working.%20Is%20that%20possible%20and%20does%20ist%20need%20a%20special%20configuration%3F%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20far%20I%20tried%3CBR%20%2F%3EBlockThirdPartyCookies_recommended%3CBR%20%2F%3E%3CENABLED%3E%3C%2FENABLED%3E%3CBR%20%2F%3E%3CEM%3Eplus%3C%2FEM%3E%3CBR%20%2F%3ECookiesAllowedForUrls%3CBR%20%2F%3E%3CENABLED%3E%3C%2FENABLED%3E%3CDATA%20id%3D%22%26quot%3BCookiesAllowedForUrlsDesc%26quot%3B%22%20value%3D%22%26quot%3B***%26quot%3B%2F%22%3E%3C%2FDATA%3E%3C%2FP%3E%3CP%3EBut%20it%20does%20not%20seem%20to%20combine.%20Any%20hints%3F%20According%20to%20chrome%3A%2F%2Fpolicy%2F%20it's%20all%20listed.%3CBR%20%2F%3E%3CBR%20%2F%3EOr%20do%20I%20maybe%20need%20to%20adjust%20the%20content%20-%20for%20example%20for%20%3CEM%3Eoffice.com%3C%2FEM%3E%3A%20how%20can%20I%20include%20%3CEM%3E.office.com%3C%2FEM%3E%20and%20%3CEM%3E%3CA%20href%3D%22http%3A%2F%2Fwww.office.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ewww.office.com%3C%2FA%3E%3C%2FEM%3E%3F%20I%20only%20added%20%3CA%20href%3D%22http%3A%2F%2Foffice.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CEM%3Ehttp%3A%2F%2Foffice.com%3C%2FEM%3E%3C%2FA%3E%20to%20the%20allow%20list.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20regards%2C%3CBR%20%2F%3EEileen%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3249068%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3329195%22%20slang%3D%22en-US%22%3ERe%3A%20Chrome%20Policies%3A%20Cookie%20handling%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3329195%22%20slang%3D%22en-US%22%3E%3CBR%20%2F%3EEnable%20'Block%20third%20party%20cookies'%20using%20MEM%3CBR%20%2F%3E%3CBR%20%2F%3EFollow%20these%20steps%20to%20apply%20a%20MEM%20policy%3A%3CBR%20%2F%3E%3CBR%20%2F%3EGo%20to%20the%20Devices-%26gt%3B%20Configuration%20profiles%3CBR%20%2F%3ETo%20update%20an%20existing%20policy%3A%3CBR%20%2F%3EClick%20on%20the%20policy%20name%20in%20the%20list%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20the%20navigation%20bar%2C%20click%20on%20Properties%3CBR%20%2F%3ENext%20to%20Configuration%20settings%20click%20on%20Edit%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%E2%80%99d%20like%20to%20create%20a%20new%20policy%2C%20click%20on%20the%20Create%20Policy%20button%3CBR%20%2F%3E%3CBR%20%2F%3Ein%20the%20side%20panel%2C%20choose%3A%3CBR%20%2F%3EPlatform%3A%20Windows%2010%20and%20later%3CBR%20%2F%3EProfile%20Type%3A%20Administrative%20Templates%3CBR%20%2F%3EClick%20on%20Create%20button%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20the%20Configuration%20settings%20wizard%20step%2C%20set%20the%20following%3A%3CBR%20%2F%3ESet%20Computer%20Configuration-%26gt%3B%20Google%26gt%3BType%20third%20(in%20search%20box)%26gt%3BBlock%20Third-party%20Cookies%26gt%3Benabled%3CBR%20%2F%3EComplete%20all%20remaining%20wizard%20steps%2C%20review%20and%20Save%20policy%3C%2FLINGO-BODY%3E
Occasional Contributor

Dear Community,

 

I am looking into Intune policies for Chrome to secure the browser - I would like to block third party cookies for untrusted sites (* all), but allow it for trusted sites to make sure they are fully working. Is that possible and does ist need a special configuration?

So far I tried
BlockThirdPartyCookies_recommended
<enabled/>
plus
CookiesAllowedForUrls
<enabled/><data id="CookiesAllowedForUrlsDesc" value="***"/>

But it does not seem to combine. Any hints? According to chrome://policy/ it's all listed.

Or do I maybe need to adjust the content - for example for office.com: how can I include .office.com and www.office.com? I only added http://office.com to the allow list.

 

Kind regards,
Eileen

1 Reply

Enable 'Block third party cookies' using MEM

Follow these steps to apply a MEM policy:

Go to the Devices-> Configuration profiles
To update an existing policy:
Click on the policy name in the list

In the navigation bar, click on Properties
Next to Configuration settings click on Edit


If you’d like to create a new policy, click on the Create Policy button

in the side panel, choose:
Platform: Windows 10 and later
Profile Type: Administrative Templates
Click on Create button



In the Configuration settings wizard step, set the following:
Set Computer Configuration-> Google>Type third (in search box)>Block Third-party Cookies>enabled
Complete all remaining wizard steps, review and Save policy