Installing Browser Protector on Windows Devices Using Intune

Deploy Protegrity Browser Protector remotely on Windows end-user devices using Intune and Administrative Templates.

Deploy Protegrity Browser Protector Extension with Intune

Follow these steps to configure and deploy the Administrative Template files for the Protegrity Browser Protector policy using Intune.

For more information Administrative Templates, refer to Microsoft Intune Administrative Templates.

Import ADMX and ADML Files

Sign in to the Microsoft Intune admin center.
Navigate to:
- Devices > Manage devices > Configuration > Import ADMX tab > Import.
- Or: Devices > By platform > Windows > Manage devices > Configuration > Import ADMX tab.
Upload the ADMX File:
- Replace pty_extension_id with the extension’s ID generated in pre-configuration steps.
- Save the file with a recognizable name, such as ProtegrityBrowserProtector.admx

<?xml version="1.0"?>  
<policyDefinitions revision="1.0" schemaVersion="1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">  
    <policyNamespaces>  
        <target namespace="Protegrity.Policies.BrowserProtector" prefix="ptyBrowserProtector" />  
        <using prefix="windows" namespace="Microsoft.Policies.Windows" />  
    </policyNamespaces>  
    <supersededAdm fileName="" />  
    <resources minRequiredRevision="1.0" fallbackCulture="en-US" />  
    <categories>  
        <category name="Protegrity_Browser_Extension_Configuration" displayName="$(string.Protegrity_Browser_Extension_Configuration)" />  
    </categories>  
    <policies>  
        <!-- Protegrity Browser Protector Configuration -->  
        <policy name="POL_ProtegrityBrowserProtector" 
        displayName="$(string.Protegrity_Browser_Extension_Configuration)" 
        explainText="$(string.Protegrity_Browser_Extension_Configuration_HELP)"
        class="Machine" key="SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\pty_extension_id\policy" presentation="$(presentation.POL_ProtegrityBrowserProtector)">  
            <parentCategory ref="Protegrity_Browser_Extension_Configuration" />  
            <supportedOn ref="windows:SUPPORTED_Windows10" /> 
            <elements>  
                <text id="TXT_ProtegrityBrowserProtector" valueName="ProtegrityBrowserProtector" />  
            </elements>  
        </policy>  
          
        <!-- Protegrity Browser Protector Installation/Updates -->  
        <policy name="POL_ExtensionSettings" 
        displayName="$(string.ExtensionSettings)"
        explainText="$(string.POL_ExtensionSettings_HELP)"
         class="Machine" key="SOFTWARE\Policies\Google\Chrome" presentation="$(presentation.POL_ExtensionSettings)">  
            <parentCategory ref="Protegrity_Browser_Extension_Configuration" />  
            <supportedOn ref="windows:SUPPORTED_Windows10" />  
            <elements>  
                <text id="TXT_ExtensionSettings" valueName="ExtensionSettings" />  
            </elements>  
        </policy>  
    </policies>  
</policyDefinitions>

Upload the ADML File:

Replace https://s3.region.amazonaws.com/s3-bucket-name/update.xml with the actual URL to a manifest.xml hosted on a private server.
Replace all placeholder values (e.g., app_registration_client_id, protector_endpoint_url, etc.) with configuration values recorded in pre-configuration chapter.
Save the file with a recognizable name, such as ProtegrityBrowserProtector.adml.

<?xml version="1.0"?>  
<policyDefinitionResources revision="1.0" schemaVersion="1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">  
    <displayName>Protegrity Browser Extension Configuration</displayName>  
    <description>Protegrity Browser Extension Configuration</description>  
    <resources>  
        <stringTable>  
            <string id="Protegrity_Browser_Extension_Configuration">Protegrity Browser Protector</string>  
            <string id="Protegrity_Browser_Extension_Configuration_HELP">Configures Protegrity Browser Protector settings.</string>  
            <string id="POL_ProtegrityBrowserProtector_HELP">Configures the JSON value for Protegrity Browser Protector settings.</string>  
            <string id="ExtensionSettings">Google Chrome Extension Settings</string>  
            <string id="POL_ExtensionSettings_HELP">Configures the settings for Google Chrome extensions.</string>  
        </stringTable>  
        <presentationTable>  
            <presentation id="POL_ProtegrityBrowserProtector">  
                <textBox refId="TXT_ProtegrityBrowserProtector">  
                    <label>ProtegrityBrowserProtector</label>  
                    <defaultValue>{"serviceEndpoint":{"authentication":{"type":"oauth2","identityProvider":"microsoft_entra_id","settings":{"msal_api":{"clientId":"app_registration_client_id","authority":"https://login.microsoftonline.com/app_registration_tenant_id"},"scopes":["app_registration_client_id/.default"]}},"url":"protector_endpoint_url"},"dataElements":[{"value":"data_element_1","label":"data_element_1_label"},{"value":"data_element_2","label":"data_element_2_label"}],"adminContactInfo":{"url":"extension_admin_page_url","phone":"extension_admin_phone","email":"extension_admin_email"}}</defaultValue>  
                </textBox>  
            </presentation>  
            <presentation id="POL_ExtensionSettings">  
                <textBox refId="TXT_ExtensionSettings">  
                    <label>ExtensionSettings</label>  
                    <defaultValue>{"pty_extension_id":{"installation_mode":"normal_installed","override_update_url":true,"update_url":"https://s3.region.amazonaws.com/s3-bucket-name/update.xml"}}</defaultValue>  
                </textBox>  
            </presentation>  
        </presentationTable>  
    </resources>  
</policyDefinitionResources>

Click Next.
In Review + Create, verify your selections and click Create.

Notes

Once imported, ADMX templates will appear in the list.
Use Refresh to update the list or Delete to remove templates.

Create a Profile Using Imported ADMX Files

For more details on the steps or configuration, refer to:

Sign in to the Microsoft Intune admin center.
Navigate to:
- Devices > Manage devices > Configuration > Create > New policy.
Enter the following properties:
- Platform: Select Windows 10 and later.
- Profile Type: Select Templates > Imported Administrative Templates (Preview).
Click Create.
In Basics, enter:
- Name: Provide a descriptive name, e.g., ADMX: Protegrity Browser Protector for Windows Devices.
- Description: (Optional) Add a brief description about the profile’s purpose, e.g., “Configures Protegrity Browser Protector security policies for managed devices.”
Click Next.
In Configuration Settings, configure the policies using the imported ADMX files specific to Protegrity Browser Protector.
Click Next.
Assign scope tags to filter the profile to specific IT groups, e.g., Security Team or Compliance Department.
Click Next.
Assign the profile to users or device groups:

User Groups: Configured settings apply to devices where users sign in.
Device Groups: Configured settings apply to all users on the assigned device.

For more information, refer to User Groups vs. Device Groups.
Click Next.
In Review + Create, verify your settings.
Click Create to save and assign the profile.

Assign the Profile to Devices

After creating the profile, go to the Assignments section. Assign the profile to the appropriate users or devices groups in Intune. Click Save to finalize the deployment.

Verify Deployment

On a managed device, sign in with a user account assigned to the policy. Open Chrome and navigate to chrome://policy to verify the ExtensionSettings policy is applied. Check that the extension is installed and updated from the private server.

Feedback

Was this page helpful?

Last modified : July 18, 2025