Skip to main content
News! Click here
Sign in
Deutsch Español Français Italiano

Whitelisting Domains via Microsoft Intune – Windows Clients

  • Updated

This setup allows you to whitelist Cyber Guru domains on Windows devices managed with Microsoft Intune (Azure AD / Entra ID Join).

Prerequisites

  • Microsoft Intune license (part of Microsoft 365 Business Premium or Enterprise)
  • Windows devices enrolled in Intune
  • Admin access to Microsoft Intune admin center (https://intune.microsoft.com)
  • Chrome, Edge installed on client devices
  • Chrome ADMX Template
  • Edge ADMX Template 
  • Cyber Guru domains
WHERE TO FIND THE FULL LIST OF LANDING PAGE DOMAINS
The full list of landing page domains is available on the platform in the section:
"HELP > Support - Knowledge > Click here to download whitelisting additional informations"

 

Download and configure Chrome ADMX template

  1. Download the Chrome ADMX templates from chromeenterprise.google/browser/download/
  2. Go to: intune.microsoft.com
  3. Navigate to: Devices → Configuration → Import ADMX
  4. Click: "+ Import"
  5. Upload google.admx as the ADMX file
  6. Upload google.adml as the ADML file (select the language)
  7. Click: Import and wait for processing (2-5 minutes)
  8. Repeat for chrome.admx + chrome.adml
  9. Wait until the status shows "Available" for both

 

Configure Chrome on Intune

  1. Log in to https://intune.microsoft.com with admin credentials

  2. Navigate to: Devices → Configuration → Configuration profiles

  3. Click + Create → New policy

  4. Select: Platform: Windows 10 and later | Profile type: Settings Catalog

  5. Enter the name: Cyber Guru - Chrome Safe Browsing Whitelist

  6. Click Next

  7. In Configuration settings, click + Add settings

  8. Search for: "SafeBrowsingAllowlistDomains" (under Google Chrome)

  9. In the results below, check the box next to: "Configure the list of domains on which Safe Browsing will not trigger warnings (User)"
  10. Close the Settings Picker (the policy will appear on the configuration page)
  11. Enable the policy (toggle ON)

  12. Use the + Add button to add entries or select "import" and upload a CSV file with the shared domain list:

    [DOMAIN-1]
[DOMAIN-2]
[DOMAIN-3]
... 
[DOMAIN-N]

    Remember to select the domains after adding them.

  13. Click Next

  14. Assignments: Select the target device or user group (e.g., "All devices" or a specific group)

  15. Click Next → Create

Configure Edge on Intune

  1. From the Intune console, click + Create → New policy

  2. Platform: Windows 10 and later | Type: Settings Catalog

  3. Name: Cyber Guru - Edge SmartScreen Whitelist

  4. Click Next

  5. Click + Add settings

  6. Search for: "SmartScreenAllowListDomains" (under Microsoft Edge)

  7. In the results below, check the box next to: "Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings (User)"
  8. Close the Settings Picker (the policy will appear on the configuration page)
  9. Enable the policy (toggle ON)

  10. Use the + Add button to add entries or select "import" and upload a CSV file with the shared domain list:

    [DOMAIN-1]
[DOMAIN-2]
[DOMAIN-3]
...
[DOMAIN-N]

    Remember to select the domains after adding them.

  11. Click Next

  12. Assignments: Select the target device or user group (e.g., "All devices" or a specific group)

  13. Click Next → Create

Client verification

  1. On a Windows device enrolled in Intune, sync the policies:

    • Open Settings → Privacy & security → Diagnostics & optional data
    • Click Diagnostic data
    • Wait for the sync (usually automatic, but you can force it by waiting 15 minutes)

  2. Chrome: Open Chrome and go to chrome://policy → Check that SafeBrowsingAllowlistDomains shows the domains

  3. Edge: Open Edge and go to edge://policy → Look for SmartScreenAllowListDomains

ℹ️ Note: Policy sync can take up to 30 minutes. If you don't see results right away, wait and then force a sync from the Windows client.

Granular assignment

You don't need to assign the policies to ALL devices. You can create specific groups:

  • Assign only to the IT department
  • Assign only to a specific set of testers
  • Assign by project

To assign to a specific group:

  1. From the policy, click Assignments
  2. Click + Edit included groups
  3. Select the target Azure AD group
  4. Click Select → Save

Editing and updating policies

If you add or remove domains in the future:

  1. From the Intune console, open the policy
  2. Click Properties → Settings → Edit
  3. Edit the domains
  4. Click Save
  5. The policy will automatically update on synced clients

Troubleshooting

The policy doesn't appear in chrome://policy:

  • Check that the device is enrolled in Intune (Settings → Privacy → Diagnostics)
  • Force sync and wait 30 minutes
  • Restart the browser
  • If it persists, unenroll and re-enroll the device

Error during assignment:

  • Check that the Azure AD group exists
  • Check that the devices are actually in the group
  • Check Intune licenses

Domains are not recognized:

  • Make sure there are no extra spaces

Note: Microsoft Defender for Endpoint (MDE)

⚠️ Warning: If your organization uses Microsoft Defender for Endpoint (MDE), the Edge SmartScreenAllowListDomains policy will be ignored, even if configured via Intune. Edge whitelisting must be set up through: https://security.microsoft.com → Settings → Endpoints → Indicators → URLs/Domains → add each domain with Action: Allow. 

Related articles