Comprehensive cross-platform Microsoft Intune MDM popup policy templates and automation scripts for browser management on macOS and Windows endpoints.
π Complete Deployment Guide: View on GitHub | View on GitHub Pages - Essential setup and configuration instructions
- Platforms: macOS (Safari, Edge, Chrome) | Windows (Edge, Chrome)
- Default: Block-all with allow-list examples
- Automation: PowerShell script injects allow/block lists per browser schema
- CI/CD: GitHub Actions validate PowerShell and policy files
- β Cross-platform coverage (macOS and Windows)
- β Multi-browser support (Safari, Edge, Chrome)
- β Intune-friendly templates (Graph-ready JSON, Safari XML)
- β Dynamic allow/block injection via PowerShell
- β CI checks: PowerShell lint and JSON/XML validation
- β Lint-safe logging and ShouldProcess
git clone https://github.com/a-ariff/browser-popup-mdm-automation.git
cd browser-popup-mdm-automation# Edit allow/block lists in policies folder
# macOS Chrome/Edge JSON: PopupsAllowedForUrls, PopupsBlockedForUrls, DefaultPopupsSetting
# Windows Chrome/Edge JSON: Same structure
# macOS Safari XML: PopupsBlockedForUrls, DefaultPopupsSetting# Use provided PowerShell script
.\scripts\New-IntunePopupPolicy.ps1 -Platform macOS -Browser Chrome| Platform | Safari | Edge | Chrome | Status |
|---|---|---|---|---|
| macOS 11+ | β | β | β | Tested |
| macOS 10.15 | β | β | β | Partial |
| Windows 10 | β | β | β | Tested |
| Windows 11 | β | β | β | Tested |
| iOS | β | β | β | N/A |
Browser-Popup-MDM-Automation/
βββ scripts/
β βββ New-IntunePopupPolicy.ps1
βββ policies/
β βββ macOS/
β β βββ safari-popup-policy.xml
β β βββ edge-popup-policy.json
β β βββ chrome-popup-policy.json
β βββ windows/
β βββ edge-popup-policy.json
β βββ chrome-popup-policy.json
βββ docs/
β βββ popup-policy-guide.md
β βββ assets/
βββ .github/workflows/
βββ ps-lint.yml
βββ validate-policies.yml
{
"PopupsAllowedForUrls": [
"https://example.com",
"https://trusted-site.com"
],
"PopupsBlockedForUrls": [
"https://malicious-site.com"
],
"DefaultPopupsSetting": 2
}<dict>
<key>PopupsBlockedForUrls</key>
<array>
<string>https://malicious-site.com</string>
</array>
<key>DefaultPopupsSetting</key>
<integer>2</integer>
</dict>Policy not applying
- Check device compliance in Intune admin center
- Verify policy assignment to correct groups
- Allow 24-48 hours for policy propagation
Browser not recognizing policy
- Ensure browser is managed by Intune
- Check browser version compatibility
- Restart browser after policy deployment
PowerShell script errors
- Run with -Verbose flag for detailed logging
- Check execution policy: Set-ExecutionPolicy RemoteSigned
- Verify all dependencies are installed
- Q1 2025: Add Firefox support
- Q2 2025: Mobile browser policies (iOS Safari)
- Q3 2025: Automated policy compliance reporting
- Q4 2025: Integration with Microsoft Graph PowerShell SDK v2
See CHANGELOG.md for detailed version history.
See CONTRIBUTING.md for contribution guidelines.
This project is licensed under the MIT License - see the LICENSE file for details.
- π Documentation
- π Issues
- π¬ Discussions