Categories
Subscribe
Getting started with web browser management in Jamf Pro
Introduction
One of the most common requests we receive here at dataJAR is for help providing a managed macOS web browser with Jamf.
While the choice of macOS browsers is plentiful, I will share how I manage my preferred browsers for use in a Mac deployment. I will explore Safari, Google Chrome and Microsoft Edge, while offering insight into how you can leverage policies supplied by vendors to manage these browsers in complex deployments.
Getting started
Why should you manage your browser? Well, there are some rather good reasons to consider.
Managing web browsers gives IT administrators an extensive array of web browsing policy capabilities to explore, as well as the ability to customise, deploy and enhance user experience – at the same time adding a healthy drop of functionality along the way.
To deliver the managed settings, I will stick to my preferred MDM tool at dataJAR – Jamf Pro. The same can be achieved, of course, through most enterprise level MDM tools available today.
Managing browsers within Jamf Pro is possible with the use of a ‘Property List File’, more commonly known as a ‘PLIST’ or ‘Preference’. This simple file can store data and settings in a key-value format using an XML structure.
The below example PLIST for Adobe Reader shows how this is structured. It is organised into a key value pairs format, making it readable for the computer. This is achieved by using keys, strings, dictionaries, arrays and numbers.
Editing PLIST files
The editing of PLIST files can be carried out using Apple’s in-built ‘Text Editor’. I would also recommend checking out BB Edit; more information on this handy tool can be found here.
In addition to manual configuration of your PLIST files, you can also use the tool I favour: iMazing Editor. This excellent app allows you to easily create custom PLIST files using a friendly interface, making light work of PLIST creation.
Configuring your browser
Safari
The default for macOS, Safari, has been around for twenty years. Interestingly, it was initially named Alexander and iBrowse before Apple finally settled on the name Safari.
For this first example below, I have created a PLIST with the following custom keys:
- Disable Notifications – Disables all Safari notifications.
- DownloadsClearingPolicy – Clears downloads folder when Safari quits.
- TabCreationPolicy – Sets new pages to open in a tab rather than a new window.
- WebKit2- Disable – Disables the use of plugIns.
This PLIST was created using the iMazing tool; you can select the required options and then export as PLIST for deployment.
Google Chrome Enterprise
Released in 2008, Chrome (as it is more commonly known) is a cross-platform browser with most of its code coming from the open source project by Google called Chromium:
To explore the options available to you for configuration, reference the resource below:
For the next example, I have added the following keys into the PLIST.
- Homepage Location – sets the URL to be used with the Homepage button in Chrome
- RestoreonStartupURLs – controls the URL shown on startup
This can be particularly handy if you would like your devices to open the browser to a specific page, such as an internal intranet or website.
Microsoft Edge
The new kid on the block, Microsoft Edge, has been available for macOS since 2020 and, like Google Chrome, it also uses open source code from the Google Chromium platform.
To discover which options are available for configuration, reference the resource below: Microsoft Edge policy list
In the following example, I have chosen to configure some add-ons for Edge to allow, block and force install.
Enable using the following:
ExtensionInstallAllowlist – this will allow for specific add-ons to be installed by the client.
Allowed add-ons:
Block using the following:
ExtensionInstallBlocklist – this will disable the extension if already installed and block any attempted future installations.
Blocked add-ons:
Force Install:
ExtensionInstallForcelist – this will install silently in the background add-ons or extensions.
Forced add-on:
To achieve the above, you need to grab the ID of the add-on or extension from its URL:
Deployment in Jamf Pro
With our PLIST file now created, it can be added to Jamf Pro. This can be achieved in a few simple steps.
- Select ‘Configuration Profiles’ from the ‘Computers’ section and create ‘New’ within Jamf Pro; here you can add some general information and a deployment type.
- Next, from the options on the left hand side, select ‘Application & Custom Settings’, choosing the ‘Upload’ option and then ‘Add’.
- Now you can add the preference domain – in this case com.apple.Safari. It is important to remember here you do not require an extension; with the domain set you can now select your PLIST using the ‘Upload’ button.
- With the PLIST now uploaded, the scope can be assigned, in this example I have used a Smart Group.
In conclusion
As demonstrated above, leveraging the management functionality of your MDM tool of choice allows you to easily and effectively enhance your users’ experience, while securing your environment overall. With new versions of each web browser, of course, will come more features and functionality to help you do even more. Understanding how (and why) to manipulate PLIST files and deploying settings to managed devices via an MDM tool, will provide you with a solid management framework that you can scale as your environment grows in size and complexity.
Can we help further?
Good management does not happen in isolation and the dataJAR team is always here to help. We work with our datajar.mobi customers on a daily basis to ensure managed browsers are used as effectively as possible in each organisation, so if you have any question, big or small, do not hesitate to ask in the #datajar channel in the macadmins slack, or via our contact us form on the dataJAR website.
