How to Set Google as Default Search Engine with CSP Intune Profiles

0
Edge Default Search Egine CSP Policy

Most of the Organisations follow “Traditional device management approach” which use Group policy as their primary tool to set security standards and end user settings. But in modern device management approach, we should try new solutions like Windows CSPs. In this post, we will see how to deploy and monitor Default Search Engine CSP policy via Microsoft Intune.

Modern device management uses Azure solutions. Azure cloud solutions include Autopilot, Intune, Windows update for business, Windows Analytics, etc. For more details on Modern management, you can read How to move from Traditional to Modern Management. In “Modern device management” world, Microsoft’s guideline is to use Windows 10 CSP’s wherever possible. And try to avoid Group policy unless and until it’s a real necessity.

TIP:Windows 10 RS4 & higher PCs managed through the Intune MDM channel will now have 
MDM setting prioritised over group policy starting with settings in the Policy CSP.

Content of the post

Overview of Windows 10 CSPs
How to Configure Default Search Engine CSP policy in Intune
How can we monitor the Default Search Engine CSP policy from Intune console?
End user experience of Default Search Engine Policy

Overview of Windows 10 CSPs

There are 500 + CSP’s for Windows 10 management. New CSP’s will added for every new Windows 10 release. In this post, we will see how to change default search engine in Edge as “google” instead of “Bing” using CSP. We will use Intune to deploy the CSP. Based on requirement you can use other CSP’s.

Below are the reference to new CSP’s added :

Below is the CSP to configure Default Search Engine and this CSP was added in Windows 10 1703. In this post, I’ll show you how to configure default search engine policy via Intune Profiles.

./Device/Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine

How to Configure Default Search Engine CSP Policy in Intune

As we already identified the CSP policy to change the default search engine, we can login to Azure portal Navigate to Microsoft Intune blade -> select Device configuration -> select Profiles -> select Create Profile.

configuration Profile
Intune configuration Profile

Navigate via Intune blade – Create profile – Settings – Configure – Custom OMA-URI Settings – Windows 10 and later – Add OMA-URI settings

Browser CSP Edge
Edge OMA URI

OMA-URI settings to setup Default Search Engine in the Edge browser and the value is the most important settings in the policy.

Name - Edge_Search_Engine
Description - NA
OMA-URI - ./Device/Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine
Data Type -String
Value - https://www.google.com/searchdomaincheck?format=opensearch

How to verify Default Search Engine CSP Policy Got Applied?

We can verify CSP deployment status from both Intune console and client side.We will go through each one. How can we monitor the CSP policy deployment from Intune console? Following are some of the options.

Intune Console:

Azure portal Navigate to Microsoft Intune blade -> Device configuration – profiles -> “Device configuration profile – > Device status.

As show below you can see list of computers and status of CSP deployment. This will help IT to understand how many computers successfully applied the CSP.

Intune assignment status

Client side :

Below are the different areas we can look to verify and troubleshoot CSP deployment issues.

  • Event viewer :

MDM events are captured in the Event Viewer as shown below

MDM PolicyManager: Set policy string, Policy: (SetDefaultSearchEngine), Area: (Browser),
EnrollmentID requesting merge: (DA7B33EF-0E91-4063-B9CB-0C2762E31147), Current User:
(Device), String: (https://www.google.com/searchdomaincheck?format=opensearch),Enrollment Type: (0x0), Scope: (0x0)

MDM Diagnostics event viewer

  • MDM Diagnostics :

As shown below you can see Browser policy is applied successfully. However for detailed diagnostics report click on create report.

MDM Diagnostics report

MDM Diagnostics report are in HTML format. Reports are available within C:\Users\Public\Documents\MDMDiagnostics\MDMDiagReport.html

  • WMI provider :

We can use MDM Bridge WMI Provider to see the setting applied by CSP’s on computer. You can connect to below WMI Name space and verify using Wbemtest or WMI Explorer.

MDM Bridge WMI Provider
MDM Bridge WMI Provider

Note : you need to launch wmiexplorer in system context otherwise setting will not show

  • Registry :

All the MDM Policy CSP settings applied on device registry is in below location

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Browser]
"SetDefaultSearchEngine"="https://www.google.com/searchdomaincheck?format=opensearch"
"SetDefaultSearchEngine_ProviderSet"=dword:00000001
MDM Registry
CSP Registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\DA7B33EF-0E91-4063-B9CB-0C2762E31147\default\Device\Browser]
"SetDefaultSearchEngine"="https://www.google.com/searchdomaincheck?format=opensearch"
"SetDefaultSearchEngine_LastWrite"=dword:00000001
MDM CSP Registry
MDM Intune Registry

End user experience of Default Search Engine CSP Policy

  • Default search engine is Bing before applying the Intune policy.

Bing Edge default search engine

  • Now search engine is Google after applying the Intune policy.

"<yoastmark

Note:

By default, users can change the default search engines. If you want to prevent users from changing this setting, then deploy additional CSP.

Browser/AllowSearchEngineCustomization

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.