Remote activation of Josys Browser Extension using Microsoft Intune

Modified on Mon, 23 Dec at 3:46 AM

Organizations gain valuable insights into the SaaS applications and detect Shadow IT by leveraging Josys Browser Extension. The browser extension can be remotely activated through Microsoft Intune, providing centralized management of saas applications and configurations across different devices used by the employees in the organization. This ensures that all user's browsers have the browser extensions installed for monitoring without requiring manual intervention. 


This article includes the process of activating the Josys browser extension on any browser (Google Chrome/Microsoft Edge) and validating the activation using Microsoft Intune.


The deployment includes the following two steps:


1. Enrolling your device to Microsoft Intune

2. Activating and validating browser extension on your browser



Prerequisites


Before you begin with the activation, make sure that you have:

  • A Microsoft Intune admin account
  • A user group/users/devices in Microsoft Intune for enforcing the extension activation
  • The end users enrolled their devices



1. Enrolling your device to Microsoft Intune


To enroll your device, download the Company Portal App and sign in using an admin account to enroll your device.




2. Activating and validating browser extension on your browser


The activation includes the following steps:


i. Creating a Configuration Profile

ii. Adding Organization key and User Id to managed storage

iii. Validating browser extension activation



i. Creating a Configuration Profile


Step 1: Log in to Microsoft Intune using an admin account. Navigate to Devices and select Configuration. Click Create and select New Policy.



Step 2: Choose Windows 10 and later as the Platform, Settings catalog for the Profile type, and click Create.



Step 3: Provide a name for the profile and click Next.



Step 4: Click Add settings under the Configuration settings tab.




Step 5: Enter Extension in the search bar and click Search to search for the Google Chrome/Microsoft Edge extension option. 




Step 6: You have the option to select Google Chrome or Microsoft Edge browser and configure the necessary settings to push the extension and click Close.


  • To push the extension to the Google Chrome browser, select Google Google Chrome Extensions option and select Configure the list of force-installed apps and extensions (User) under the setting.



  • To push the extension to the Microsoft Edge browser, select the Microsoft Edge/Extensions option and select Control which extensions are installed silently (User) under the setting.



Step 7: Enable the Google Chrome/Microsoft Edge extension from the toggle button, enter the following extension ID and the URL in the respective field, and click Next.


Chrome Extension ID: moaklgcgokbgplldonjkoochhlefkbjf;https://clients2.google.com/service/update2/crx



Edge Extension ID: hjifncajikcdkhlofdjjlhcjoennmdfc;https://edge.microsoft.com/extensionwebstorebase/v1/crx



Step 8: Select Scope tags as required. The Default tag is selected by default.



Step 9: Select groups/users/devices in groups and click Next.



Step 10: Review the configuration settings and click Create.




ii. Adding Organization key and User email to managed storage

 

To enable an extension to access data from the managed_store, it's necessary to store the request data within the system registry, either in HKEY_LOCAL_MACHINE (HKLM) or HKEY_CURRENT_USER (HKCU).

HKCU should be used when the settings are tailored to individual users, particularly beneficial in shared system environments.

Data added to the below-specified registry will be automatically read by the browser and be configured within the managed store

  • For Edge Browser: HKLM\\SOFTWARE\\Policies\\Microsoft\\Edge\\3rdparty\\extensions\\hjifncajikcdkhlofdjjlhcjoennmdfc \\policy
  • For Chrome Browser: HKLM\\SOFTWARE\\Policies\\Google\\Chrome\\3rdparty\\extensions\\moaklgcgokbgplldonjkoochhlefkbjf\\policy


Create a script in PowerShell to automate the data creation in the correct manage path and upload it for all the users through Microsoft Intune.

 

a. Creating the PowerShell script to write data to the system registry

 

The following is the PowerShell Script for storing data in Microsoft Edge's managed storage file: josys-edge-extension-setup.ps1


$organization_key = “ADD_THE_ORGANIZATION_KEY” # get it from my account section on top right as shown below
$company_domain = “ADD_THE_DOMAIN # eg: @demojosys.com
$username = $null
while ($username -eq $null) {
$username= (Get-CimInstance Win32_Process -Filter 'name = "explorer.exe"' | Invoke-CimMethod -MethodName getowner).User
if ($username -is [array]) {
# Select the first username
$username=$username[0]
}
$username=$username -replace' ','.'
Start-Sleep -Seconds 5# Sleep for 5 seconds (optional)
}

$user_email = $username + $company_domain

echo "OrganizationKey: $organization_key UserEmail: $username"

$registry_path_edge = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\hjifncajikcdkhlofdjjlhcjoennmdfc\policy"
$parent_path_edge = Split-Path -Path $registry_path_edge

if (!(Test-Path $parent_path_edge)) {
New-Item -Path $parent_path_edge -Force -ItemType Directory | Out-Null
}

if (!(Test-Path $parent_path_edge\policy)) {
New-Item -Path ("$parent_path_edge\policy") -Force -ItemType Directory | Out-Null
}

Set-ItemProperty -Path $registry_path_edge -Name "OrganizationKey" -Value $organization_key
Set-ItemProperty -Path $registry_path_edge -Name "UserEmail" -Value $user_email

exit 0


The following is the PowerShell Script for storing data in Google Chrome's managed storage file: josys-chrome-extension-setup.ps1 

        

 

$organization_key = “ADD_THE_ORGANIZATION_KEY” # get it from my account section on top right as shown below
$company_domain = “ADD_THE_DOMAIN # eg: @demojosys.com
$username = $null
while ($username -eq $null) {
$username= (Get-CimInstance Win32_Process -Filter 'name = "explorer.exe"' | Invoke-CimMethod -MethodName getowner).User
if ($username -is [array]) {
# Select the first username
$username=$username[0]
}
$username=$username -replace' ','.'
Start-Sleep -Seconds 5 # Sleep for 5 seconds (optional)
}


$user_email = $username + $company_domain

echo "OrganizationKey: $organization_key UserEmail: $username"

$registry_path_edge = "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\moaklgcgokbgplldonjkoochhlefkbjf\policy"
$parent_path_edge = Split-Path -Path $registry_path_edge


if (!(Test-Path $parent_path_edge)) {
New-Item -Path $parent_path_edge -Force -ItemType Directory | Out-Null
}

if (!(Test-Path $parent_path_edge\policy)) {
New-Item -Path ("$parent_path_edge\policy") -Force -ItemType Directory | Out-Null
}

Set-ItemProperty -Path $registry_path_edge -Name "OrganizationKey" -Value $organization_key
Set-ItemProperty -Path $registry_path_edge -Name "UserEmail" -Value $current_env

exit 0


Refer to section 1 of the Remote activation of Josys Browser Extension to locate your organization key.  


b. Pushing the PowerShell script to the end user systems through Microsoft Intune

 

Step 1: Log in to Microsoft Intune using an admin account. Navigate to Devices and select Scripts and remediations. Click Add and select Windows 10 and later.

 

 

Step 2: Provide a name for the script and click Next.

 

 

 

Step 3: Upload the script and choose No for all toggle options. Click Next.

 

 


Step 4: Select groups/users/devices under groups and click Next.

 

 

Step 5: Review the script settings and click Add. The script takes some time to execute. 

 

 


iii. Validating browser extension activation


After activating the browser extension, the IT Admin can validate the activation to ensure the extension is activated successfully. 


Step 1: Open the Registry Editor on your targeted device.

  

Step 2: Navigate to the following registry key location based on your browser. The data for the Google Chrome/Microsoft Edge are stored in the following location:


Microsoft Edge Browser location: 

HKLM\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\hjifncajikcdkhlofdjjlhcjoennmdfc\policy


Google Chrome Browser location

HKLM\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\moaklgcgokbgplldonjkoochhlefkbjf\policy


Step 3. Check the key with the following value:


Chrome Extension ID: moaklgcgokbgplldonjkoochhlefkbjf

Edge Extension ID: hjifncajikcdkhlofdjjlhcjoennmdfc

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article