Enabling Conditional Access App Control for featured apps

Enabling Conditional Access App Control for featured apps

Cloud App Security offers the ability to leverage Conditional Access for Exchange Online and SharePoint Online but how do we configure this functionality?

Let’s start with your Azure Portal and browse to Conditional Access –> New Policy

Conditional Access

So as I previously mentioned this control only works for Exchange Online and SharePoint Online so you will need to select;

– Office 365 Exchange Online
– Office 365 SharePoint Online

Cloud apps

Under Session, you need to select Conditional Access App Control and as you can see below we only have 3 options

– Monitor only (Preview)
– Block downloads (Preview)
– Use custom policy…

Session

For the purpose of this post, I am going to just Monitor what happening their Cloud App Security to discover what’s happening within my tenancy.

Once the policy is enabled, sign into Exchange Online or SharePoint Online and you will be welcome by the below message. This demonstrates that Conditional Access App Control is now in place.

Welcome to Conditional Access App Control

From you Cloud App Security console you will be able to see this activity and all future activities

Conditional Access App Control

Regards,
The Author – Blogabout.Cloud

Are you worried about how your child is using their Andriod mobile phone? Take control with Family Link

Are you worried about how your child is using their Andriod mobile phone? Take control with Family Link

Hello Readers,

Recently my partner and I allowed our daughter to have her very first mobile but as a Security Consultant within the world of IT, I wanted to make sure that we could protect her and also ourselves. As you hear horror stories all the time with children building up hundreds of pounds of mobile phone charges.

After a bit of research and testing, I realized I could easily protect our child using native a application from the Google Play store.

The Family Link app from Google helps parents stay in the loop as their child or teen explores on their Android device, and lets parents set certain digital ground rules for their family.

With Family Link you can perform the following;
– Check your child location using Location Services on their Android phone
– Check what applications your child is using and how long for
– Lock the device if your child device is lost, or if you want to prevent usage
– Set daily screen time limits
– Set bedtime screen access
– Check what applications have been installed if you dont set “Adult Approval for Applications from Play Store”

As parents we are always concerned what our child can access from their mobile devices

With Family Link you can prevent;
– Access to Age rated applications that are not appropriate for your child
– Block mature sites

Common Questions

Will my child be able to use their phone when locked in case of an emergency?

Yes, your child will be able to make phone calls to emergency services or favorite contacts from their device.

Is my child device compatible for Family Link?

Family Link runs on Android devices running version 7.0 (Nougat) and higher devices running Android versions 5.0 and 6.0 (Lollipop and Marshmallow) may also be able to run Family Link. You will need to check the Google Help Center for more details.

What child age is Family Link targeted at?

Parents can also use Family Link to create a Google Account for their child under 13 (or the applicable age in your country). Once complete, children can sign-in to their device with their new account.

Can I add accounts to Family Link I have already created for my child(ren)?

If a child/teen already has a Google account, Family Link will walk their parent through linking their account to their child’s account. As part of that process, the child/teen may also need to download the Family Link (Child/Teen) app on their phone to complete the process of linking the accounts.

Once the accounts are linked, parents can use Family Link to help them do things like keep an eye on screen time and manage the content they use.

If your child is using Andriod device today, go and get Family Link.

Regards
The Author – Blogabout.Cloud

Microsoft Teams Roadmap Announcements for August 2019

Microsoft Teams Roadmap Announcements for August 2019

The following post contains the new features and updated features from August 2019. This post enables you to quickly glance at the Microsoft Teams Roadmap based on the latest information provided from Microsoft.

One thing I have included in this month round up is Microsoft Bookings as it now integrates with Skype and Teams.

New Features

New Features Current Status
Microsoft Teams – Focus Mode In Development
Microsoft Teams – Feedback surveys In Development
Microsoft Teams – Phone System Launching for GCC High and DoD In Development
Microsoft Teams – Cloud Voicemail enhancements In Development
Audio Conferencing via Direct Routing for GCC High and GCC DoD In Development
Microsoft Teams – Meet now In Development

Updated Features

Updated Current Status
Microsoft Teams – Manage discovery of private teams Rolling Out
Microsoft Teams: Partner Provided Calling Plans for Japan Launched
Microsoft Teams – Broadcast Meetings Launched
Microsoft Teams – Location Based Routing In Development
Microsoft Teams – Interoperability (1:1 Teams-Skype for Business chat) in Office 365 Government GCC and DoD In Development
Microsoft Teams – External Access in Office 365 Government GCC High and DoD Rolling Out
Microsoft Teams – Unified Presence (Skype for Business and Teams unified) in Office 365 Government GCC High and DoD In Development
Microsoft Teams – Phone System Updates for GCC In Development
Microsoft Teams – Screen sharing in Teams/Skype for Business interop Rolling Out
Microsoft Bookings – Online meetings Rolling Out
Microsoft Teams – Dynamic E911 In Development
Microsoft Teams – Cloud Voicemail enhancements Rolling Out

Remember if you would like to receive all the Microsoft Roadmaps updates to your Teams Client, check out this post.

Regards
The Author – Blogabout.Cloud

Microsoft Bookings – What is it and how do I enable it?

Microsoft Bookings – What is it and how do I enable it?

Microsoft Bookings has recently come to my attention as Bookings will integrate with Teams and Skype meeting capabilities. This will enable businesses to set up services with online Skype/Teams meeting enabled. A meeting link will be added to the booking invite which customers can use to join the appointment.

This feature is being rolled out Worldwide (Standard Multi-Tenant), Online, Exchange, Education tenants.

What is Microsoft Bookings?

Microsoft Bookings is an online and mobile app for small businesses who provide services to customers on an appointment basis. Examples of businesses include hair salons, dental offices, spas, law firms, financial services providers, consultants, and auto shops.

Bookings has three primary components:

  • A booking page where your customers can schedule appointments with the staff member who should provide the service. You can show this page on Facebook, where your customers can schedule appointments, or your own web site.
  • A set of web-based, business-facing pages where business owners can record customer preferences, manage staff lists and schedules, define services and pricing, set business hours, and customize how services and staff are scheduled
  • A business-facing mobile app where business owners can see all of their bookings, access customer lists and contact information, and make manual bookings

Is Booking enabled for subscription?

Bookings are turned on by default for customers who have the Office 365 Business Premium, or Office 365 A3 and Office 365 A5 subscriptions.
Bookings is also available to customers who have Office 365 Enterprise E3 and E5, but it is turned off by default.

Enabling Booking

Get the free Microsoft Bookings add-on for Enterprise subscriptions

If you subscription is Office 365 for Business, Office 365 Enterprise E3 or E5, the Microsoft Bookings app offered through the Business Apps (free) add-on is off by default. Follow these steps to get licenses and assign to your users.

Turn Bookings off for your entire organization using Exchange Online PowerShell

If you don’t have access to the Bookings setting in Microsoft 365 admin center, you can turn off Bookings by running the following command in PowerShell.

Before you can do this procedure, you need to Connect to Exchange Online PowerShell.

1
Set-OrganizationConfig -BookingsEnabled $false

Let’s make a Booking

Now we have enabled Microsoft Bookings for your tenant it will now be available within your Office 365 as shown below

Regards
The Author – Blogabout.Cloud

Convert Synced User into In-Cloud only User

Convert Synced User into In-Cloud only User

In this example I have local Active Directory with AAD Connect installed one of the Azure Region, which sync users and password hash to Office 365. I have now decided to migrate the authentication from local Active Directory to Office 365 and decommission on-premises Active Directory.

Azure Active Directory Connect Diagram

In order to transition from on-premises “Synced Identity” to “In Cloud Identity”, we will need to complete the following process.

Sign into the AAD Connect Server and Sync the Delta

The following command performs a sync of all AD Objects before attempting to convert into Cloud Only.

1
Start-ADSyncSyncCycle Delta

Turn off AAD Connect Sync

The following command turns off Azure Active Directory Connector while we perform all the following tasks. In this post I have outlined all steps which can be taken to convert AD Users account into Cloud Only.

1
Set-MsolDirSyncEnabled -EnableDirSync $false

Convert Single User to Cloud Only

The following command converts a single user into a Cloud Only account

1
Get-MsolUser -UserPrincipalName thewatchernode@blogabout.cloud | Set-MsolUser -ImmutableId $null

Remove Immutable ID of all users

The following command removes the Immutable ID for all users

1
Get-MsolUser | Set-MsolUser -ImmutableId $null

Remove Immutable ID for Bulk users

The following scripts allows you to modify users at bulk

$Filepath = $env:userprofile\desktop\file.csv
$csv = Import-Csv -Path $filepath
$immutableID=$null

Foreach($user in $csv)
{
Set-MsolUser -UserPrincipalName $user.UserPrincipalName -ImmutableID $immutableID
}

Turn on Azure Active Directory Connect Sync

Once you have completed all the required conversions of AD accounts to Cloud. Head back to your local Active Directory, move user(s) to an OU that isn’t synchronized using AADC.

This helps you as an IT Pro understand who has been converted at a quick glance now not worry about using PowerShell to discovery who is or isn’t.

The following command turns on Azure Active Directory Connector now that we have converted the users accounts to Cloud Only

1
Set-MsolDirSyncEnabled -EnableDirSync $true

Enable Force Sync if the Sync didn’t work

1
 Start-ADSyncSyncCycle -PolicyType Initial

If you are using an ADFS Server there is an additional step providing you have moved all your users to the Cloud. You will need to change the Federated Domain to Standard Domain


1
Convert-MsolDomainToStandard -DomainName blogabout.cloud -WhatIf<br>Convert-MsolDomainToStandard -DomainName
1
blogabout.cloud -Confirm

All that is left now is to log in as one of the converted users to prove Single Sign-On is working and logon as a Global Admin into Office 365 to check the sync status of the users has a pretty cloud for “In-Cloud”

Regards
The Author – Blogabout.Cloud

Windows 10 Azure AD – Something went wrong

Windows 10 Azure AD – Something went wrong

So I have been recently cleaning up my test lab Azure Active Directory and accidentally removed a device which I was still actively using within my tenant. I received the following error;

“Your organization has deleted this device. To fix this, contact your system administrator and provide error code 700003”

When trying to access organizational resources

In order to resolve this issue, you need to complete the following steps

– Remove the Work account from the Windows 10 device under your account –> Access Work or School and remove the account
– Open command line or PowerShell windows with Admin rights
– Enter the following command;
dsregcmd /leave

dsregcmd /leave

Enter command: “dsregcmd /status” to check if the system is now left the Azure AD

dsregcmd /status

You will now been able to register your device and access your organisation once again.

Regards
The Author – Blogabout.Cloud

Managing your on-premises device with Azure Update Manager

Managing your on-premises device with Azure Update Manager

Azure Update Manager allows customers manage their Azure VM and on-premises devices using an agent called (MMA) Microsoft Monitoring Agent. The client will by default check if its compliant every 12 hours and the agent initiates a scan to check for update compliance within 15 minutes of the agent being restarted, before an installation and after update installation.

Azure Update Manager only supports the following OS for patch cycles

Supported Client Types

Operating SystemNotes
Windows Server 2008, Windows Server 2008 R2 RTMSupports only update assessments.
Windows 2008 R2 SP1 and later (including Windows Server 2012 and 2016).Net Framework 4.5.1 or later is required
Windows Powershell 4.0 or later is required
Windows PowerShell 5.1 is recommended for increased reliability.
CentOS 6 (x86/x64) and 7 (x64)Linux agents must have access to an update repository. Classification-based patching requires ‘yum’ to return security data which CentOS doesn’t have out of the box. For more information on classification-based patching on CentOS
Red Hat Enterprise 6 (x86/x64) and 7 (x64) Linux agents must have access to an update repository.
SUSE Linux Enterprise Server 11 (x86/x64) and 12 (x64) Linux agents must have access to an update repository.
Ubuntu 14.04 LTS, 16.04 LTS, and 18.04 (x86/x64) Linux agents must have access to an update repository.

Unsupported Client Type

Operating SystemNotes
Windows ClientClient operating systems (such was Windows 7 and Windows 10 arent supported.
Windows Server 2016 Nano ServerqNot Supported

However, the Windows Client arent supported for patch management. The MMA agent can be installed if you just require update reporting using Azure Monitor.

Where do I start in configuring Azure Update Management?

The first thing we need is an Azure Automation Account

You will need to provide details as specified below

Please Note:

Log Analytics Workspace is required later in this process and its only currently available in the following locations;

Australia Southeast
Canada Central
Central India
East US
Japan East
Southeast Asia
UK South
West Central US
West Europe
West US 2

If you want to check where functionality located, please visit this url https://azure.microsoft.com/en-us/global-infrastructure/services/?products=monitor&regions=us-east,us-east-2,us-central,us-north-central,us-south-central,us-west-central,us-west,us-west-2,canada-east,canada-central,united-kingdom-south,united-kingdom-west,non-regional,south-africa-north,south-africa-west

Once the account has been created, select the newly account and go to Update Management Section and Update Management. This will show the Location you specified, Log Analytics Workspace subscription and you can now create the Log Analytics Workspace.

Configure Automation Account for Update Management

Once you press Enable, you’ll receive a message that “The installation of the Update Management solution is in progress.”

Enable Update Management with Log Analytics Workspace

Now we have successful created the Log Analytics Workspace you will be able to build the “Schedule Update Deployment” as shown below

Update Management – Schedule Update Deployment

Now we can get down with the nit and gritty of configuring deployment schedules based on your own requirement. This section will be configured down to personal preference for my Test Lab Machine.

Please Note:

The following information will only reference Windows Operating System, Linux is also available but will not be discussed.

Groups to update

In this section, you can filter the machines you would like to manage using Azure Update Management. This also includes the Non-Azure machines feature which is currently In Preview at the time of this post.

Azure Machines

If you select preview for your Azure Machines and unable to detect an clients. You may need onboard your Azure VM https://docs.microsoft.com/en-us/azure/automation/automation-onboard-solutions-from-vm

Non-Aure Machines

Machines to update

In this sectrion, depending how you are providing your client machines into the Azure Portal, you can use one of the three Types to select your machines

  • Saved Searches
  • Imported groups (AD,WSUS,SCCM)
  • Machines
Machines to update

Update classifications

In this section, you can select 8 individual classifications based on your requirements.

  • Critical updates
  • Security updates
  • Update rollups
  • Feature packs
  • Service packs
  • Definition updates
  • Tools
  • Updates

Select the type of update classifications you would like to apply to your client machines.

Include/Exclude updates

In this section you can Include or Exclude particular Microsoft update using the KB number without the KB prefix.

Schedule settings

In this section, you can specify the require schedule whether its run once or needs to recurrence cycle.

Pre-scripts + Post-scripts

In this section, Pre-scripts and Post-scripts are tasks that can be automatically executed before or after an update deployment run. You can configure up to one Pre-script and Post-script per deployment.

Finishing touches

Maintenance Window – To set the maintenance window, the duration must be a minimum of 30 minutes and less than 6 hours.
The last 20 minutes of the maintenance window is dedicated for machine restart and any remaining updates will not be started once this interval is reached. In-progress updates will finish being applied

Reboot options – There are currently 4 reboot options available

  • Reboot if required
  • Never reboot
  • Always reboot
  • Only reboot – will not install updates

Regards
The Author – Blogabout.Cloud

What is Global VNet Peering?

What is Global VNet Peering?

Global VNet Peering? This function has recently come to my attention while working with an international customer who is in the process of integrating into their new owners Azure Active Directory. Global VNet peering enables resources in your virtual network to communicate across Azure regions privately through the Microsoft backbone. Resources communicate directly, without gateways, extra hops, or transit over the public internet. This allows a high-bandwidth, low-latency connection across peered virtual networks in different regions.

Example of Vnet Peering between Regions

You can use Global VNet Peering to share resources within a global, private network. You can then easily replicate data across regions for redundancy and disaster recovery.

In my case I was integrating the Active Directory Domains and using Azure Active Directory Connector located in primary region to synchronize the AD Objects from one domain into the other. This approach provided a quick and simply migration without really complexity.

Global Vnet Peering is only currently supported for the following regions.

  • Americas: West Central US (Wyoming), West US 2 (Washington), Central US (Iowa), US East 2 (Virginia), Canada Central (Toronto), Canada East (Quebec City)
  • Asia Pacific: Southeast Asia (Singapore) Korea South (Buscan), South India (Chennai), Central India (Pune), West India (Mumbai)
  • Europe: UK South (London), UK West (Cardiff), West Europe (Netherlands)

Cost of VNET Peering within the same region

Inbound data transfer $0.01 per GB
Outbound data transfer $0.01 per GB

Cost of Global VNET Peering

Zone 1Zone 2Zone 3US Gov
Inbound data transfer $0.035 per GB $0.09 per GB $0.16 per GB $0.044 per GB
Outbound data transfer $0.035 per GB $0.09 per GB $0.16 per GB $0.044 per GB

Virtual Network TAP preview

Virtual Network TAP is a feature that allows customers to enable mirroring of their virtual machine network traffic to a packet collector.

GlobalUS Gov
VTAP $0.0125 per hour $0.0125 per hour

IP addresses

Public IP addresses, and reserved IP addresses can be used in services running inside a virtual network. They carry a nominal charge as outlined here

VPN Gateways

A virtual network can have one or more VPN gateways to connect back to on-premises network or other virtual networks in Azure. The VPN Gateway is charged as detailed here

Regards
The Author – Blogabout.Cloud

Applying your Windows 10 Start Layout using Microsoft Intune.

Applying your Windows 10 Start Layout using Microsoft Intune.

One of the many cool things about Microsoft Intune is the granular configuration of Windows 10 devices using the native functions available us today. In this little post we will look at just how easy is it to create a corporate Windows 10 layout and publish to all of your client desktops automatically.

The general prerequisites for this feature is that your Windows 10 desktops are synchronized and present in Azure Active Directory.

Export the Start Layout

When you have the Start screen layout that you want your users to see, use the Export-StartLayout cmdlet in Windows PowerShell to export the Start screen to an .xml file.

  1. From Start, open Windows PowerShell.
  2. At the Windows PowerShell command prompt, enter the following command:

1
Export-StartLayout –path $env:userprofile\desktop\StartLayout.xml

PowerShell Cmd

Applying a Start layout

Once you have an exported Start Layout you can use the XML file to apply this start layout to your entire organization using Microsoft Intune. Browse to your Intune Portal and go to Device Configuration –> Profile

Hopefully you may already have a Windows 10 – Device Restriction Profile.

If not, dont worry you will just have to create a new profile for Windows 10 and Device Restrictions.

Device Configuration Profiles

Once in the profile properties, go to Settings and look for “Start” as at this point you can upload your Windows 10 start menu layout. If you may chose you will also be able to affect the look of the start menu by blocking or hide elements on the menu. For example you can block Fast Switching and hide File Explorer from the Start.

Device Restriction Profile for Start Menu Settings

Once you have saved your configured and your Windows 10 device has checked in, it will receive your new and improved Start Menu

New Windows 10 Start Menu

Regards
The Author – Blogabout.Cloud

Installing and Managing Google Chrome with Microsoft Intune

Installing and Managing Google Chrome with Microsoft Intune

As the power of Microsoft Intune grows with great force, in this blog post we are going to look at how to install Google Chrome and manage via Microsoft Intune. I have been recently looking how to leverage Microsoft Intune for more than just Microsoft based tooling and Google Chrome can be installed and managed for Windows 10 desktop estate.

Installing Google Chrome

Download Google Chrome Package

Visit the following url to download Google Chrome for Enterprise
https://cloud.google.com/chrome-enterprise/browser/download/

Microsoft Intune

First of all, we need to log into your Azure Portal and go to the following location;

  • Microsoft Intune
  • Client Apps
  • Add
Microsoft Intune –> Client Apps –> Add
  • Line-of-business app
App Type

Now we need to select the GoogleChromeStandaloneEnterprise msi located within the zip file package

Google Chrome Enterprise Package
App package file

You will now need to populate a bit of information under App information field below App package files before being able to assign Google Chrome to all your enterprise or selected security groups.

As you can see from the image below I have targeted several security groups within my personal tenant and make the app required for all users / all devices.

Make sure you save you configured as you exit this configuration.

Managing Google Chrome

Import Google Chrome ADMX Templates

  • Download the Chrome ADMX templates.
    • You would have already completed this step when downloading the Google Chrome Msi.
  • Sign in to the Microsoft Azure portal.
  • Go to Intune  Device configuration  Profiles.
  • Next to Devices configuration – Profiles, click Create profile.
  • Enter the following text in these fields:
FieldText to enter
Name Windows 10 – Chrome configuration (or use any descriptive name)
Description Enter a description (optional)
Platform Windows 10 and later
Profile type Custom
Settings Custom (select from drop-down list)

Selecting Custom in the step above opens a new menu for OMA-URI settings. Click Add to add specific policies you can configure and enter the following text:

FieldText to enter
Name Chrome ADMX Ingestion
Description Enter a description (optional)
OMA-URI /Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx
Data type Profile type String (select from drop-down list)
  • Once you select String, a Value text field opens below. On your computer, go to
  • Copy the text from chrome.admx.
  • In the Value field, paste the chrome.admx text.
  • Click OK and OK again to save the Custom OMA-URI settings.
  • Click Create to create a new profile.

Configure Google Chrome Policy

  • Go to Intune –> Device Configuration –> Profile
  • Click the Windows 10 – Chrome configuration profile you created previous
  • Select Properties –> Settings –> Configure to open Custom OMA-URI setting
  • Click Add to a row
  • Enter text into the fields, following the examples below for the type of policy you’re implementing.

Example A: Disable Password Manager

FieldText to enter
Name Chrome – ADMX – PasswordManagerEnabled
DescriptionDisable Password Manager
OMA-URI ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~PasswordManager/PasswordManagerEnabled
Data typeString
Value
1
&lt;disabled/&gt;

List of all Google Chrome Configurations

The below tables provides all the settings that are available for delivery using Microsoft Intune

PolicyOMA-URIData typeExample value
Chrome – ADMX – AllowOutdatedPlugins./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/AllowOutdatedPluginsstring<disabled/>
Chrome – ADMX – AudioCaptureAllowedUrls./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/AudioCaptureAllowedUrlsstring<enabled/> <data id=”AudioCaptureAllowedUrlsDesc” value=”1&#xF000;[*.]example.com“/>
Chrome – ADMX – AutoFillEnabled./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/AutoFillEnabledstring<disabled/>
Chrome – ADMX – CloudPrintSubmitEnabled./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/CloudPrintSubmitEnabledstring<disabled/>
Chrome – ADMX – DefaultBrowserSettingEnabled./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/DefaultBrowserSettingEnabledstring<enabled/>
Chrome – ADMX – DefaultPopupsSetting./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~ContentSettings/DefaultPopupsSettingstring<enabled/> <data id=”DefaultPopupsSetting” value=”1″/>
Chrome – ADMX – DefaultSearchProviderEnabled./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~DefaultSearchProvider/DefaultSearchProviderEnabledstring<enabled/>
Chrome – ADMX – DefaultSearchProviderName./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~DefaultSearchProvider/DefaultSearchProviderNamestring<enabled/> <data id=”DefaultSearchProviderName” value=”Google Encrypted Search”/>
Chrome – ADMX – DefaultSearchProviderSearchURL./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~DefaultSearchProvider/DefaultSearchProviderSearchURLstring<enabled/> <data id=”DefaultSearchProviderSearchURL” value=”https://www.google.com/search?q={searchTerms}”/>
Chrome – ADMX – DisableSafeBrowsingProceedAnyway./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/DisableSafeBrowsingProceedAnywaystring<enabled/>
Chrome – ADMX – ExtensionInstallForcelist./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallForceliststring<enabled/> <data id=”ExtensionInstallForcelistDesc” value=”1&#xF000;heildphpnddilhkemkielfhnkaagiabh;https://clients2.google.com/service/update2/crx”/>
Chrome – ADMX – ForceGoogleSafeSearch./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ForceGoogleSafeSearchstring<enabled/>
Chrome – ADMX – ImportAutofillFormData./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportAutofillFormDatastring<disabled/>
Chrome – ADMX – ImportBookmarks./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportBookmarksstring<enabled/>
Chrome – ADMX – ImportHistory./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportHistorystring<disabled/>
Chrome – ADMX – ImportHomepage./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportHomepagestring<enabled/>
Chrome – ADMX – ImportSavedPasswords./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportSavedPasswordsstring<disabled/>
Chrome – ADMX – ImportSearchEngine./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ImportSearchEnginestring<disabled/>
Chrome – ADMX – NotificationsAllowedForUrls./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~ContentSettings/NotificationsAllowedForUrlsstring<enabled/> <data id=”NotificationsAllowedForUrlsDesc” value=”1&#xF000;[*.]example.com“/>
Chrome – ADMX – PasswordManagerEnabled./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~PasswordManager/PasswordManagerEnabledstring<disabled/>
Chrome – ADMX – PluginsAllowedForUrls./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~ContentSettings/PluginsAllowedForUrlsstring<enabled/> <data id=”PluginsAllowedForUrlsDesc” value=”1&#xF000;[*.]example1.com&#xF000;2&#xF000;[*.]example2.com“/>
Chrome – ADMX – SafeBrowsingEnabled./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~SafeBrowsing/SafeBrowsingEnabledstring<enabled/>
Chrome – ADMX – VideoCaptureAllowedUrls./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/VideoCaptureAllowedUrlsstring<enabled/> <data id=”VideoCaptureAllowedUrlsDesc” value=”1&#xF000;[*.]example.com“/>

This concludes this post.

Regards,
The Author – Blogabout.Cloud