Issue with Creating Policy in Intune to Force Install and Pin Bitwarden Extension for Chrome and Edge

Question

Hello,

I'm currently working on setting up a policy in Microsoft Intune to force install the Bitwarden extension for both Google Chrome and Microsoft Edge on managed devices. Additionally, I want the extension to be pinned to the browser's top bar for easy access by users.

Here are the steps I've taken so far:

1. Created a new Configuration Profile in Intune for Windows 10/11.

In the Configuration Profile, I’ve used the "Extensions" section to deploy the Bitwarden extension to both browsers (Chrome and Edge). I set the force-install policy for the extension in both browsers. Unfortunately, the extension gets installed, but it does not appear pinned to the browser's top bar, which is essential for quick access.

I’m struggling to find the correct settings or configuration to:

Ensure the Bitwarden extension is installed automatically. Pin the extension to the top bar of both browsers (Chrome and Edge).

Has anyone successfully configured this with Intune or have any suggestions on what additional settings might be needed? Any help or guidance on this would be greatly appreciated!

Additional Information:

Browsers: Google Chrome (Version 132.0.6834.160 (Official Build) (64-bit)) & Microsoft Edge (Version 132.0.2957.140 (Official build) (64-bit)) Bitwarden Extension: jbkfoedolllekgbhcbcoahefnbanhhlh

What I have tried previously:

Chrome:

<enabled/>

<data id="ExtensionSettings" value='{

"nckgahadagoaajjgafhacjanaoiihapd": {

"installation_mode": "force_installed",

"update_url": "https://clients2.google.com/service/update2/crx",

"toolbar_state": "force_shown"

}

}'/>

Edge:

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Edge/ExtensionSettings

<enabled/>

<data id="ExtensionSettings" value='{

"nckgahadagoaajjgafhacjanaoiihapd": {

"installation_mode": "force_installed",

"update_url": "https://clients2.google.com/service/update2/crx"

}

}'/>

Answer 1

Hi @Sepehr Ashtari

This is going to be organization-specific, but here is what I used to force-pin the Keeper Security extension in Microsoft Edge. You have to browse the registry and find the correct ADMX policy, then insert it into the "formula" provided by Microsoft. I assume Chrome works roughly the same way, but I have not attempted it.

Here's the article I used to figure this out: https://learn.microsoft.com/en-us/deployedge/configure-edge-with-mdm

Here's my OMA-URI. Yours may be different, depending on what name was used when the template was created. You may have to explore the registry to find the correct entry.

./Device/Vendor/MSFT/Policy/Config/microsoft_edge~Policy~microsoft_edge~Extensions/ExtensionSettings

Here's the corresponding registry entry:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault\A4CE4B82-AF07-4F03-8484-DEF4D1E6257D\microsoft_edge~Policy~microsoft_edge~Extensions\ExtensionSettingsThere is a registry entry that redirects the Registry Key Path. The entry is called:

RegKeyPathRedirect and the value is set to Software\Policies\Microsoft\Edge

This is one of the things that makes the OMA-URI process so obscure. However, for our purposes, the OMA-URI I provided is correct, even though the actual registry location of the settings is different.

Here's the String value I used, part of it was from your OP. I don't know that I need the installation mode or update URL, but it works, so I left it.

<enabled/>
<data id="ExtensionSettings" value='{"lfochlioelphaglamdcakfjemolpichk": {"installation_mode": "force_installed","update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx","toolbar_state": "force_shown"}}'/>

This is specific to Microsoft Edge, as Chrome's update URL will be different. Also, as @ShiJieLi-MSFT mentioned, Chrome uses a different value called "force-pin" to force the extension to pin in the browser.

I hope this helps.

Answer 2

Hi @Sepehr Ashtari,

To pin extension to toolbar by default, you need to add "toolbar_state": "force_shown", just like what you have done in the Chrome part. In the Edge part, you have missed "toolbar_state": "force_shown".

However, the reason why Chrome does not have it pinned is they have a different argument name for it: "toolbar_pin": "force_pinned". Reference: Configure ExtensionSettings policy.

To conclude:

Edge: "toolbar_state": "force_shown"

Chrome: "toolbar_pin": "force_pinned"

Please note that you may need to restart the browser to ensure the extension is installed and pinned to toolbar.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best Regards,

Shijie Li

Answer 3

Hi All,

Thank you for your help; it was really helpful. Unfortunately, I can't accept both answers because the system doesn't allow me to.

I realized that my issue was not pushing the ADMX policy for both browsers. So, I created two new policies and deployed the ADMX for Edge and Chrome, which can be found on the internet. I then used my approach with your suggested changes, and it worked.

Thank you again.

Regards,

Sepehr