As you probably already know, Microsoft is building a new Edge webbrowser based on the Chromium project. One of the features which Microsoft implemented in the latest build is Tracking prevention.
According to Microsoft, they build Tracking prevention to prevent website from tracking Edge users. Microsoft explains with these words;
Websites use trackers to collect info about your browsing. This info is used to improve sites and show you content like personalized ads. Some trackers collect and send your info to sites you haven’t visited.
In this new blog article I will explain how we can manage Tracking prevention for the new Chromium based Edge browser using Microsoft Intune (Endpoint Manager). As the Edge browser is available for both Windows and macOS, I will show how the settings are managed for both operating systems.
I use two policy settings to configure Tracking prevention;
One to enable tracking prevention and set the tracking prevention level (Basic, Balance or Strict).
The second to configure the Exceptions (excepted URLs).
Manage Tracking prevention settings for macOS
Let`s start with the configuration for the Edge version for macOS as that will cost us the most work.
Like explained in a recent post about managing Edge macOS settings with Intune, we need to use a custom configuration policy in Intune. In the custom configuration policy we upload a property list (plist) file with the required setting for Edge. If you want deeper inside in the steps for creating such a plist file, I suggest to read this previous blog about managing Edge on macOS.
Preparation
First we need to collect the required information which we need to use for configuring the Tracking prevention settings. All settings which can be managed can be found in the Edge browser. To get an overview of all available settings, start the Edge browser and type in edge://policy. In the search box search for Tracking.
Here we find the necessary settings;
AllowTrackingForUrls
TrackingPrevention
If we click on one of the policy settings, for example TrackingPrevention we are directed to the Microsoft documentation of corresponding setting.
Here we find additional information about the policy setting, like the Data type and Value which can be set for the Data type.
In this case the Data type is Integer and als value we can set a number which corresponds to a level of tracking prevention.
If we also have a look at the setting AllowTrackingForUrls, we see the Data type is List of strings and we can configure a list of URLs.
These two settings we need to implement in our plist file, which we do in the next step.
Create the plist file
An example plist file can be downloaded from the Edge Insider website, which we can than edit with Notepad++ on Windows or Xcode on macOS.
Download the example plist file and open the file with Xcode (or Notepadd++).
Under the root line we need to add a new line for the key TrackingPrevention. In the drop-down list choose the (Data) type, Number (Integer) and in the value box fill in the number which corresponds to the value you want to set.
As I want to set TrackingPrevention to Balanced, I set the value 2.
On a new line we enter AllowTrackingForUrls and as value we pick Array, as the Data type is List of string.
On the next line we start with Item 0, choose String as value and enter an URL.
For every URL we want to add, we start a new line. As you can see in the value box of AllowTrackingForURLs, the number in the value box is increasing.
After we have saved the file, we need to convert the plist file to a mobileconfig file. The conversion can be done using the tool mcxToProfile which can be downloaded from GitHub. On Github you can also read additional information about the tool.
Conversion needs to be done from the command line using Terminal.
In our case we need to specify the location to our com.microsoft.Edge.plist file and our Identifier is com.microsoft.Edge:
./mcxToProfile.py –plist ./com.microsoft.Edge.plist –identifier com.microsoft.Edge
By using com.microsoft.Edge as Identifier we make sure this will be used in file as PayloadIdentifier and in the mobileconfig filename.
The end result is a configuration file com.microsoft.Edge.mobileconfig which is ready to be deployed with Intune.
Create a custom configuration policy in Intune
Now that we have the configuration file, we need to add it to a custom configuration policy in Intune.
- Sign-in to the Device Management Portal
- Browse to Devices – macOS
- Configuration profiles
- Click Create profile
- Give the configuration profile a Name
- Enter a Description
- Choose macOS as Platform
- Choose Custom as Profile type
- Click the Settings tab
- Give the Custom configuration profile a name on the settings tab
- Click the folder icon to browse to your configuration file and upload the file
- Click OK – Click Create
The configuration policy is complete, don`t forget to assign te policy.
Manage Tracking prevention settings for Windows
To manage the Edge Tracking prevention for the Windows version, we don`t have to build a custom policy. Managing the new Edge Chromium based browser can be done by using an Administrative Templates policy in Intune.
Create an Administrative Templates policy in Intune
- Sign-in to the Device Management Portal
- Browse to Devices – Windows
- Configuration profiles
- Click Create profile
- Give the configuration profile a Name
- Enter a Description
- Choose Windows 10 and later as Platform
- Choose Administrative Templates as Profile type
- Click Create
- Open the Settings tab
- As Category choose Edge version 77 and later
- In the search box search for Tracking
- Open the policy setting Block tracking of users` web-browsing activity
- Select Enabled
- Make your choice from the drop-down list for the tracking prevention level
- Click OK
- Open the policy setting Configure tracking prevention exceptions for specific sites
- Select Enabled
- Enter the URLs for the excepted sites
- Click OK
The Administrative Templates policy is complete, don`t forget to assign te policy.
End-user experience
Let`s have a look at the end-user experience.
These screen shots are from the Edge browser running on macOS, but on Windows they almost look the same.
Open the Edge browser and type in edge://policy. We now see the two policy settings we have configured.
If we open Settings and browse to the Privacy and Services tab, we see the Tracking prevention policy is configured and greyed out. There is also a briefcase icon shown, to show the policy is managed by your organisation.
If we click on Exceptions, we see the URLs listed which we also configured.
If we open settings in Edge on a Windows 10 device, you see it looks almost the same.
That`s it for this post. I hope you find it informative.
Happy testing!
