Recently while working with the security team dealing with potential security incidents, we found that many users unknowingly allow the browsers to send notifications, without having proper knowledge of the consequences of this activity.
In the end, on their devices, the users end up getting a lot of adverts in the form of toast notifications from the browsers, where some of which can lead to actual security incidents, like the one as shown below.
There are many variants to these popups but they all use the same method, by abusing the notification center.
In this blog post, I will show you how you can disable browsers (Chrome/Edge) on Intune-managed Windows endpoint from generating push notifications across all sites.
Table of Contents
Disable browser (Chrome/Edge) from generating toast notifications on managed Windows endpoint with Intune
Intune Policy Creation
Here we will be creating a configuration profile for the platform Windows 10 and later of type Settings Catalog.
Provide an appropriate name for the profile.
In the Configuration settings tab, click on the Add settings to get to the Settings picker.
In the Settings picker, search using the term notification. We are looking for the below two settings to cater to Chrome and Edge.
- Administrative Templates\Google\Google Chrome\Content settings > Default notification setting
- Microsoft Edge\Content settings > Default notification setting
Set the Default notification setting to Enabled for both and then select Do not allow any site to show desktop notification from the dropdown beside the Default notification setting.
Here I am configuring the settings for the SYSTEM context but you have the option to configure the same for the USER context as well.
Next, you can add the required scope tag(s) if you use it in the environment, make the necessary assignment to finally review, and click on create button to confirm the creation of the profile.
We are done with the policy creation at this stage. Next, we need to monitor the policy deployment for success or failure.
Intune Policy Monitoring
All we need to do is to wait for the policy to sync and monitor the deployment. For test purposes, you can initiate manual sync for your test devices to quicken the process.
Confirm policy in effect from the managed-Endpoint
So let’s check how we can confirm from the endpoint itself if the policy is applied or not. For that, open Chrome and go to Settings > Privacy and security > Site settings
Within Site settings, scroll down to find Notifications (under the Permissions section) and you will see that it’s set to Don’t allow sites to send notifications as what we wanted.
As a user, you cannot override the settings here as it shows it’s being managed by enterprise policy.
For Edge, you can check the same from Settings > Cookies and then site permissions.
That’s all for today. Thanks for reading 🙂
Great tip
Thank you!