How to Set Google as Default Search Engine with CSP Intune Profiles. Most Organisations follow the “Traditional device management approach,” which uses Group policy as their primary tool to set security standards and end-user settings.
But in the modern device management approach, we should try new solutions like Windows CSPs. This post will see how to deploy and monitor the Default Search Engine CSP policy via Microsoft Intune.
Modern device management uses Azure solutions. Azure cloud solutions include Autopilot, Intune, Windows update for business, Windows Analytics, etc. For more details on Modern management, you can read How to move from Traditional to Modern Management.
In the “Modern device management” world, Microsoft’s guideline is to use Windows 10 CSP’s wherever possible. And try to avoid Group policy unless and until it’s a real necessity.
TIP: Windows 10 RS4 & higher PCs managed through the Intune MDM channel will now have
MDM setting is prioritized over group policy, starting with settings in the Policy CSP.
Content of the post
Overview of Windows 10 CSPs
How to Configure Default Search Engine CSP policy in Intune
How can we monitor the Default Search Engine CSP policy from Intune console?
End-user experience of Default Search Engine Policy
Overview of Windows 10 CSPs
There are 500 + CSPs for Windows 10 management. New CSPs will add for every new Windows 10 release. In this post, we will see how to change the default search engine in Edge to “google” instead of “Bing” using CSP. We will use Intune to deploy the CSP. Based on requirements, you can use other CSPs.
Below is the reference to new CSPs added :
Below is the CSP to configure the Default Search Engine, and this CSP was added in Windows 10 1703. In this post, I’ll show you how to configure the default search engine policy via Intune Profiles.
./Device/Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine
How to Configure Default Search Engine CSP Policy in Intune
As we already identified the CSP policy to change the default search engine, we can log in to the Azure portal, Navigate to Microsoft Intune blade ->, select Device configuration ->; select Profiles -> select Create Profile.
Navigate via Intune blade – Create a profile – Settings – Configure – Custom OMA-URI Settings – Windows 10 and later – Add OMA-URI settings.
OMA-URI settings set up Default Search Engine in the Edge browser, and the value is the most important setting in the policy.
- Name – Edge_Search_Engine
- Description – NA
- OMA-URI – ./Device/Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine
- Data Type -String
- Value – https://www.google.com/searchdomaincheck?format=opensearch
How to verify Default Search Engine CSP Policy Got Applied?
We can verify the CSP deployment status from both Intune console and the client-side. We will go through each one. How can we monitor the CSP policy deployment from Intune console? Following are some of the options.
Intune Console
Azure portal Navigate to Microsoft Intune blade -> Device configuration – profiles -> “Device configuration profile – > Device status.
As shown below, you can see a list of computers and the status of CSP deployment. This will help IT to understand how many computers successfully applied the CSP.
Client-side
Below are the different areas we can look to verify and troubleshoot CSP deployment issues.
- Event viewer :
MDM events are captured in the Event Viewer as shown below
MDM PolicyManager: Set policy string, Policy: (SetDefaultSearchEngine), Area: (Browser),
EnrollmentID requesting merge: (DA7B33EF-0E91-4063-B9CB-0C2762E31147), Current User:
(Device), String: (https://www.google.com/searchdomaincheck?format=opensearch),Enrollment Type: (0x0), Scope: (0x0)
- MDM Diagnostics :
As shown below, you can see Browser policy is applied successfully. However, for a detailed diagnostics report, click on create a report.
MDM Diagnostics report are in HTML format. Reports are available within C:\Users\Public\Documents\MDMDiagnostics\MDMDiagReport.html
- WMI provider :
We can use MDM Bridge WMI Provider to see the setting applied by CSPs on the computer. You can connect to below WMI Namespace and verify using Wbemtest or WMI Explorer.
Note: you need to launch wmiexplorer in the system context; otherwise setting will not show
- Registry :
All the MDM Policy CSP settings applied on the device registry are in the below location
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Browser]
“SetDefaultSearchEngine”=”https://www.google.com/searchdomaincheck?format=opensearch”
“SetDefaultSearchEngine_ProviderSet”=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\DA7B33EF-0E91-4063-B9CB-0C2762E31147\default\Device\Browser]
“SetDefaultSearchEngine”=”https://www.google.com/searchdomaincheck?format=opensearch”
“SetDefaultSearchEngine_LastWrite”=dword:00000001
End-user experience of Default Search Engine CSP Policy
- The default search engine is Bing before applying the Intune policy.
- Now search engine is Google after applying the Intune policy.
Note:
By default, users can change the default search engines. If you want to prevent users from changing this setting, deploy additional CSP.
Browser/AllowSearchEngineCustomization
Author
Vimal has more than ten years of experience in SCCM device management solutions. His main focus is on Device Management technologies like Microsoft Intune, ConfigMgr (SCCM), OS Deployment, and Patch Management. He writes about the technologies like SCCM, Windows 10, Microsoft Intune, and MDT.
Great stuff! However, I think you forgot to cover “assigning” the CSP policy.