Scenario: Anyone using MCAS, Conditional Access, Window 10 Endpoints and Google Chrome.
Challenge: How do you get Google Chrome to be recognised by Azure Conditional Access policies.
Issue : Azure Sign In’s, by default will not see Google Chrome as Azure AD Joined.
Browser = Chrome & Joined Type = [Blank]
However, by default Microsoft Edge does report as Azure AD Joined
Browser = Edge & Joined Type = Azure AD Joined
Solution : chrome://extensions/
Conditions in Conditional Access policy – Azure Active Directory | Microsoft Docs
“For Chrome support in Windows 10 Creators Update (version 1703) or later, install the Windows 10 Accounts extension. This extension is required when a Conditional Access policy requires device-specific details.
To automatically deploy this extension to Chrome browsers, create the following registry key:”
Path HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist
Name 1
Type REG_SZ (String)
Data ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx
Or Add manually
Extension now appears for Windows 10 Accounts show below
Then the next Azure/265 Sign in with show Azure AD Joined using Google Chrome
