Create an Intune Configuration Profile to deploy the “My Apps Secure Sign-in Experience” Extension for Edge

What is the “My Apps Secure Sign-in Experience” Extension for Edge

In order to leverage Single sign-on to your “Password Based” Azure AD applications, your Windows users will need to install a browser extension.

The “My Apps Secure Sign-in Experience” Browser Extension will handle the authentication to applications using the credentials that are stored in a Password Vault in Azure. I have another post coming soon on how to enable SSO for password based applications *

Your users will be prompted to download the extension when they select an application that is configured for “Password based” SSO. Alternatively, as an admin, you can deploy the extension to their computer – silently. Much better right?

*The extension also allows you to access internal company URLs, from an internet device, for apps published using the Application Proxy.

https://myapps.microsoft.com – User is prompted to install the extension when the access a password-based SSO enabled application

Deploy the Extension with Intune

Before we can publish any extension to Edge using Intune, we must first get the Application ID and Update URL for the extension.

1 . Navigate to https://microsoftedge.microsoft.com/addons/category/EdgeExtensionsEditorsPick

2 . Search for My Apps Secure Sign-in Extension

3 . Grab the App ID from the URL – gaaceiggkkiffbfdpmfapegoiohkiipl

4 . Sign in at https://devicemanagement.microsoft.com

5 . Navigate to Devices > Configuration Profiles

6 . Select Create Profile

7 . Choose the Platform “Windows 10 and later” and the Profile “Administrative Templates”

8 . Click Create

9 . Give the Configuration Profile a name e.g. Edge Extensions – My Apps Secure Sing-in

10 . Click Next

11 . Select Computer Configuration > Microsoft Edge > Extensions

12 . Select Control which extensions are installed silently

13 . Select Enabled and enter the Extension ID and Update URL using the following format and click OK

<ExtensionID>;<UpdateURL>
The Update URL for Edge Extensions is https://edge.microsoft.com/extensionwebstorebase/v1/crx

The ADMX value will be gaaceiggkkiffbfdpmfapegoiohkiipl;https://edge.microsoft.com/extensionwebstorebase/v1/crx

14 . Click Next

15 . Click Next

16 . Click the Assign to drop down box and choose All Devices *

* You can be more selective and choose a group of devices to deploy the Configuration Profile to instead of All Devices

17 . Click Next

18 . Review the profile and click Create

19 . Review the deployment status of the new Configuration Profile

20 . The devices will automatically install the extension. You can view if this was successful by viewing the extensions within Edge on the client device

Summary

In this post, we observed how to add the “My Apps Secure Sign-in Experience” Extension for Edge from an Intune Configuration Profile.

In the next post, we will give an example of how we can leverage this browser extension to give your users an SSO experience accessing corporate social media accounts – without giving them the social media account credentials!

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.