Today we’re discussing Limit Cookies from Specific Websites to the Current Session using Intune Policy settings in Microsoft Edge. As you know, the Settings Catalog is one of the most important features in Microsoft Intune, as it enables administrators to deploy a wide range of policies across the organization.
In this session, we’ll focus on the Microsoft Edge browser, specifically within the content category. This setting allows us to control cookie behavior so that certain websites can store cookies for the current browsing session without restriction, while still applying organizational rules to all other sites.
Cookies Session Only For Urls policy lets administrators list certain websites using specific URL patterns where cookies are kept only for the current browsing session. Once the session ends, usually when you close the browser window, these cookies are automatically deleted.
This helps protect privacy and ensures temporary or sensitive data from those sites is not stored on the device. If the Cookies Session Only For URLs policy is not set at all, its normal behavior. In this case, cookie handling depends on the Default Cookies Setting policy. If that policy is also not set, the user’s own cookie settings in the browser will be used.
What does the CookiesSessionOnlyForUrls Policy Do?
Cookies created by websites that match a URL pattern you define are deleted when the session ends (when the window closes).
Limit Cookies from Specific Websites to the Current Session using Intune Policy
Above, we discussed several details about the settings policy in Microsoft Edge. Now, let’s see how this policy can be deployed through the Microsoft Intune Admin Center. First, go to the Devices section. In Devices, select Configurations. In Configurations, click on the + Create policy option.
- Next, fill in the Platform and Profile type details in the Create profile window.
- Set Platform to Windows 10 and later, and set Profile type to Settings catalog.
- Then click Create.
- Block Cookies in Microsoft Edge Using Intune
- How to Control Default Pop-up for Specific Sites Using Intune Policy
- Allow or Block Hardware Keyboard Text Suggestions in Text Input using Intune Policy
Know the Basic Tab Importance
The Basics tab is the quickest step. Here, you need to enter the basic details such as the Name, Description, and Platform information. Since the platform is already set to Windows, you only need to provide a specific name and description for the policy, then click Next.
How to Handle Configuration Settings Tab
The next tab is Configuration settings. In this tab, click on Add settings. In the Add settings window, select Microsoft Edge. Under Microsoft Edge, choose the Content settings category. In the Content settings category, you will see different types of policies. Here, select Limit cookies from specific websites to the current session.
The Defaulted Mode
By default, you should understand that a policy can be either enabled or disabled. In this case, the policy is disabled by default. If you want to keep it in the disabled mode, you have to click Next to continue.
| Info |
|---|
| If Microsoft Edge is running in background mode, the session might not close when the last window is closed, meaning the cookies won’t be cleared when the window closes. See the ‘BackgroundModeEnabled’ (Continue running background apps after Microsoft Edge closes) policy for information about configuring what happens when Microsoft Edge runs in background mode. You can also use the ‘CookiesAllowedForUrls’ (Allow cookies on specific sites) and ‘CookiesBlockedForUrls’ (Block cookies on specific sites) policies to control which websites can create cookies. Note there cannot be conflicting URL patterns set between these three policies: – ‘CookiesBlockedForUrls’ – ‘CookiesAllowedForUrls’ – CookiesSessionOnlyForUrls If you set the ‘RestoreOnStartup‘ (Action to take on startup) policy to restore URLs from previous sessions, this policy is ignored, and cookies are stored permanently for those sites |
Enable the Policy by Your Choice
You can also enable a policy that is disabled by default. To do this, toggle the switch from left to right. Once enabled, the switch will turn blue and display the label Enabled. When the policy is enabled, an additional text box will appear. In this text box, you need to enter the URL(s) for which you want to limit cookies to the current session. You can add one or more URLs here.
- For this tutorial, I have added one example URL.
Scope Tags
Now your are on the Scope tags section. Scope tags are used to assign policies to specific admin groups for better management and filtering. If needed, you can add a scope tag here. However, for this policy, I chose to skip this section.
What is Assignments Section in a Deployment
Next, you’ll reach the Assignments section, which is a very important step. This is where you decide which user or device groups should receive the policy. In this case, I selected the specific group I wanted to apply the policy to. After selecting the group, click Next to continue.
The Summary Tab – Review + Create
The final step is the Review + Create tab, also known as the Summary tab. Here, you’ll find a complete overview of all the details and settings you’ve configured for the policy. Take a moment to review everything carefully. If everything looks fine, click Create to complete the process. If you spot any errors or need to make changes, you can return to the previous sections and update the information as needed.
- After clicking Create, you’ll receive a confirmation notification indicating that the policy has been successfully created.
How to Get Monitoring Status
To check the status of a policy in the Intune portal, navigate to Devices > Configuration, then select the policy by name. Look for a status of Succeeded 1, which indicates that the deployment was successful.
If you want to speed up the update, you can use a manual sync from the Company Portal. Keep in mind that the status may not update that time and wait a few minutes for the sync to finish before checking again.
Client Side Verifications
You can verify the confirmation in the Event Viewer by looking for Event ID 813 or 814. To access this, open Event Viewer and navigate to Applications and Services Logs > Microsoft > Windows >Device Management Enterprise Diagnostic Provider > Admin.
- You can see a list of policy-related events now.
- I found the policy details in the Event ID 814.
| Policy Details |
|---|
| MDM PolicyManaqer: Set policy strinq, Policy: (CookiesSessionOnlyForUrls), Area: (microsoft_edqe~Policy~microsoft_edqe~ContentSettinqs), EnrollmentID requestinq merqe: (EB427D85-802F-46D9-A3E2-D5B414587F63), Current User: (S-1-12-1-3449773194-1083384580- 749570698-1797466236), Strinq: (), Enrollment Type:(0x6), Scope: (0x1). |
How to Remove a Group From Policy
Start by navigating to the Monitoring status page via Devices > Configuration. Search for the policy by name and click on it to open its monitoring details. Scroll down to the Assignments section and click Edit. This will take you back to the policy’s assignment settings. From here, you can remove the group you no longer want the policy to apply to.
- For a view of the process, refer to the screenshot below.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
Delete a Policy
To delete a policy in Microsoft Intune, first sign in to the Microsoft Intune Admin Center. Navigate to Devices and then select Configuration. Locate and select the specific policy you want to remove. Once you’re on the policy details page, click the 3 -dot menu in the top right corner and choose Delete from the available options.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.