This setup allows you to whitelist Cyber Guru domains on macOS devices managed with Microsoft Intune.
Prerequisites
- Microsoft Intune license
- macOS devices enrolled in Intune (Jamf, Apple DEP, or manual enrollment)
- Admin access to Microsoft Intune admin center (https://intune.microsoft.com)
- Chrome, Edge installed on Mac
- Cyber Guru domains
|
WHERE TO FIND THE FULL LIST OF LANDING PAGE DOMAINS
The full list of landing page domains is available on the platform in the section: "HELP > Support - Knowledge > Click here to download whitelisting additional informations" |
Chrome Configuration on macOS Intune
First, generate 2 unique UUIDs from the terminal:
uuidgen # for internal PayloadUUID uuidgen # for external PayloadUUID
Create the cyberguru-chrome.mobileconfig file with this structure (replace the UUIDs):
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadType</key>
<string>com.google.Chrome</string>
<key>PayloadIdentifier</key>
<string>com.cyberguru.chrome.safebrowsing</string>
<key>PayloadUUID</key>
<string>INSERT-UUID-1-HERE</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>SafeBrowsingAllowlistDomains</key>
<array>
<string>DOMAIN-1</string>
<string>DOMAIN-2</string>
...
</array>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>CyberGuru - Chrome Safe Browsing Allowlist</string>
<key>PayloadIdentifier</key>
<string>com.cyberguru.chrome.profile</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>INSERT-UUID-2-HERE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Navigate to: Devices → Configuration → Configuration profiles
Click + Create → New policy
Select: Platform: macOS | Profile type: Templates | Template Name: Custom
Enter the name:
Cyber Guru - Chrome Safe Browsing WhitelistClick Next
- Custom configuration profile name: Chrome SafeBrowsing Allowlist
- Deployment channel: Device channel
- Configuration profile file: click the folder icon and upload the .mobileconfig file you created above
- Make sure the file uploads correctly
Click Next
Assignments: Select the macOS device group
Click Next → Create
Edge Configuration on macOS Intune
First, generate 2 unique UUIDs from the terminal:
uuidgen # for internal PayloadUUID uuidgen # for external PayloadUUID
Create the cyberguru-edge.mobileconfig file with this structure (replace the UUIDs):
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadType</key>
<string>com.microsoft.Edge</string>
<key>PayloadIdentifier</key>
<string>com.cyberguru.edge.smartscreen</string>
<key>PayloadUUID</key>
<string>INSERT-UUID-1-HERE</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>SmartScreenAllowListDomains</key>
<array>
<string>DOMAIN-1</string>
<string>DOMAIN-2</string>
...
</array>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>CyberGuru - Edge SmartScreen Allowlist</string>
<key>PayloadIdentifier</key>
<string>com.cyberguru.edge.profile</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>INSERT-UUID-2-HERE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Navigate to: Devices → Configuration → Configuration profiles
Click + Create → New policy
Select: Platform: macOS | Profile type: Templates | Template Name: Custom
Enter the name:
Cyber Guru - Edge SmartScreen WhitelistClick Next
- Custom configuration profile name: Edge SmartScreen Allowlist
- Deployment channel: Device channel
- Configuration profile file: click the folder icon and upload the .mobileconfig file you created above
- Make sure the file uploads correctly
Click Next
Assignments: Select the macOS device group
Click Next → Create
Verification on macOS client
-
On a Mac enrolled in Intune, wait for the policy to sync (up to 30 minutes). To force a sync:
- System Preferences → Profiles → Manually sync if the option is available
- Or wait for the next automatic sync
Chrome: Open Chrome and go to
chrome://policy→ Look for SafeBrowsingAllowlistDomainsEdge: Open Edge and go to
edge://policy→ Look for SmartScreenAllowListDomains
ℹ️ Note: On macOS, syncing may be a bit slower than on Windows. Please wait up to 30 minutes for the policy to be fully applied.
Assigning to groups
Assign the policies to specific Mac groups:
- During creation, select Assignments
- Add the Azure AD macOS group
- Or, later, open the policy → Assignments → Edit
Editing and updating
To add or remove domains in the future:
- From the Intune console, open the policy
- Click Properties → Settings → Edit
- Edit the domains
- Click Save
- The policy will automatically update on synced Macs
Troubleshooting
The policy does not appear in chrome://policy on Mac:
- Check that the Mac is enrolled in Intune (System Preferences → Profiles)
- Wait up to 30 minutes for the initial sync
- Restart the Mac
- Check your internet connection
Error during Mac enrollment:
- Check that the Mac is compatible (macOS 10.14 or higher)
- Check Azure AD credentials
- Refer to the Intune documentation for macOS
Policies are not applied even after 30 minutes:
- Unenroll the Mac from System Preferences
- Re-enroll manually using Intune Company Portal
- If the issue persists, check the enrollment logs in the Intune admin center