Organizations gain valuable insights into the SaaS applications and detect Shadow IT by leveraging Josys Browser Extension. The browser extension can be remotely activated through Microsoft Intune, providing centralized management of saas applications and configurations across different devices used by the employees in the organization. This ensures that all user's browsers have the browser extensions installed for monitoring without requiring manual intervention.
This article includes the process of activating the Josys browser extension on any browser (Google Chrome/Microsoft Edge) and validating the activation using Microsoft Intune.
The deployment includes the following two steps:
1. Enrolling your device to Microsoft Intune
2. Activating and validating browser extension on your browser
Prerequisites
Before you begin with the activation, make sure that you have:
- A Microsoft Intune admin account
- A user group/users/devices in Microsoft Intune for enforcing the extension activation
- The end users enrolled their devices
1. Enrolling your device to Microsoft Intune
To enroll your device, download the Company Portal App and sign in using an admin account to enroll your device.
2. Activating and validating browser extension on your browser
The activation includes the following steps:
i. Creating a Configuration Profile
ii. Adding Organization key and User Id to managed storage
iii. Validating browser extension activation
i. Creating a Configuration Profile
Step 1: Log in to Microsoft Intune using an admin account. Navigate to Devices and select Configuration. Click Create and select New Policy.
Step 2: Choose Windows 10 and later as the Platform, Settings catalog for the Profile type, and click Create.
Step 3: Provide a name for the profile and click Next.
Step 4: Click Add settings under the Configuration settings tab.
Step 5: Enter Extension in the search bar and click Search to search for the Google Chrome/Microsoft Edge extension option.
Step 6: You have the option to select Google Chrome or Microsoft Edge browser and configure the necessary settings to push the extension and click Close.
- To push the extension to the Google Chrome browser, select Google Google Chrome Extensions option and select Configure the list of force-installed apps and extensions (User) under the setting.
- To push the extension to the Microsoft Edge browser, select the Microsoft Edge/Extensions option and select Control which extensions are installed silently (User) under the setting.
Step 7: Enable the Google Chrome/Microsoft Edge extension from the toggle button, enter the following extension ID and the URL in the respective field, and click Next.
Chrome Extension ID: moaklgcgokbgplldonjkoochhlefkbjf;https://clients2.google.com/service/update2/crx
Edge Extension ID: hjifncajikcdkhlofdjjlhcjoennmdfc;https://edge.microsoft.com/extensionwebstorebase/v1/crx
Step 8: Select Scope tags as required. The Default tag is selected by default.
Step 9: Select groups/users/devices in groups and click Next.
Step 10: Review the configuration settings and click Create.
ii. Adding Organization key and User email to managed storage
To enable an extension to access data from the managed_store, it's necessary to store the request data within the system registry, either in HKEY_LOCAL_MACHINE (HKLM) or HKEY_CURRENT_USER (HKCU).
HKCU should be used when the settings are tailored to individual users, particularly beneficial in shared system environments.
Data added to the below-specified registry will be automatically read by the browser and be configured within the managed store
- For Edge Browser:
HKLM\\SOFTWARE\\Policies\\Microsoft\\Edge\\3rdparty\\extensions\\
hjifncajikcdkhlofdjjlhcjoennmdfc
\\policy
- For Chrome Browser:
HKLM\\SOFTWARE\\Policies\\Google\\Chrome\\3rdparty\\extensions\\
moaklgcgokbgplldonjkoochhlefkbjf
\\policy
Create a script in PowerShell to automate the data creation in the correct manage path and upload it for all the users through Microsoft Intune.
a. Creating the PowerShell script to write data to the system registry
The following is the PowerShell Script for storing data in Microsoft Edge's managed storage file: josys-edge-extension-setup.ps1
$organization_key = “ADD_THE_ORGANIZATION_KEY” # get it from my account section on top right as shown below
$company_domain = “ADD_THE_DOMAIN # eg: @demojosys.com
$username = $null
while ($username -eq $null) {
$username= (Get-CimInstance Win32_Process -Filter 'name = "explorer.exe"' | Invoke-CimMethod -MethodName getowner).User
if ($username -is [array]) {
# Select the first username
$username=$username[0]
}
$username=$username -replace' ','.'
Start-Sleep -Seconds 5# Sleep for 5 seconds (optional)
}
$user_email = $username + $company_domain
echo "OrganizationKey: $organization_key UserEmail: $username"
$registry_path_edge = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\hjifncajikcdkhlofdjjlhcjoennmdfc\policy"
$parent_path_edge = Split-Path -Path $registry_path_edge
if (!(Test-Path $parent_path_edge)) {
New-Item -Path $parent_path_edge -Force -ItemType Directory | Out-Null
}
if (!(Test-Path $parent_path_edge\policy)) {
New-Item -Path ("$parent_path_edge\policy") -Force -ItemType Directory | Out-Null
}
Set-ItemProperty -Path $registry_path_edge -Name "OrganizationKey" -Value $organization_key
Set-ItemProperty -Path $registry_path_edge -Name "UserEmail" -Value $user_email
exit 0
The following is the PowerShell Script for storing data in Google Chrome's managed storage file: josys-chrome-extension-setup.ps1
$organization_key = “ADD_THE_ORGANIZATION_KEY” # get it from my account section on top right as shown below
$company_domain = “ADD_THE_DOMAIN # eg: @demojosys.com
$username = $null
while ($username -eq $null) {
$username= (Get-CimInstance Win32_Process -Filter 'name = "explorer.exe"' | Invoke-CimMethod -MethodName getowner).User
if ($username -is [array]) {
# Select the first username
$username=$username[0]
}
$username=$username -replace' ','.'
Start-Sleep -Seconds 5 # Sleep for 5 seconds (optional)
}
$user_email = $username + $company_domain
echo "OrganizationKey: $organization_key UserEmail: $username"
$registry_path_edge = "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\moaklgcgokbgplldonjkoochhlefkbjf\policy"
$parent_path_edge = Split-Path -Path $registry_path_edge
if (!(Test-Path $parent_path_edge)) {
New-Item -Path $parent_path_edge -Force -ItemType Directory | Out-Null
}
if (!(Test-Path $parent_path_edge\policy)) {
New-Item -Path ("$parent_path_edge\policy") -Force -ItemType Directory | Out-Null
}
Set-ItemProperty -Path $registry_path_edge -Name "OrganizationKey" -Value $organization_key
Set-ItemProperty -Path $registry_path_edge -Name "UserEmail" -Value $current_env
exit 0
Refer to section 1 of the Remote activation of Josys Browser Extension to locate your organization key.
b. Pushing the PowerShell script to the end user systems through Microsoft Intune
Step 1: Log in to Microsoft Intune using an admin account. Navigate to Devices and select Scripts and remediations. Click Add and select Windows 10 and later.
Step 2: Provide a name for the script and click Next.
Step 3: Upload the script and choose No for all toggle options. Click Next.
Step 4: Select groups/users/devices under groups and click Next.
Step 5: Review the script settings and click Add. The script takes some time to execute.
iii. Validating browser extension activation
After activating the browser extension, the IT Admin can validate the activation to ensure the extension is activated successfully.
Step 1: Open the Registry Editor on your targeted device.
Step 2: Navigate to the following registry key location based on your browser. The data for the Google Chrome/Microsoft Edge are stored in the following location:
Microsoft Edge Browser location:
HKLM\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\hjifncajikcdkhlofdjjlhcjoennmdfc\policy
Google Chrome Browser location
HKLM\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\moaklgcgokbgplldonjkoochhlefkbjf
\policy
Step 3. Check the key with the following value:
Chrome Extension ID: moaklgcgokbgplldonjkoochhlefkbjf
Edge Extension ID: hjifncajikcdkhlofdjjlhcjoennmdfc
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article