Extension Allows from two separate policies

New Contributor

We are looking to have one corporate allow for extensions (by default all else are blocked).  However, we want to open up specific extensions only for specific groups.  Right now we are building it out so that we end up with two different policies (main and then the offshoot).  But if we have to add a new corporate extension, we now have to go into two policies, or three or however many and add the same extension to all of the policies.


We've tried previously to assign the two policies to one user but they end up conflicting.  Is there something we're missing or we just can't do it this way, we have to add the universal extensions to multiple configuration policies.

4 Replies
Hi, Just to be sure. what kind of extensions are we talking about :) ?
Right now both Chrome and Edge extensions, but eventually it will just be Edge.

@JamesFritz Were you able to get this working or more likely find a work around to do this?

Unfortunately, these things aren't 'stackable'. So yes, you will have to create a separate policy to configure all allowed extensions for each user group.


You may also create a custom solution (i.e. via scripting), but that begs the question: will that make things more or less manageable for your administrators?