Comprehensive cross-platform Microsoft Intune MDM popup policy templates and automation scripts for browser management on macOS and Windows endpoints.
📄 Complete Deployment Guide: View on GitHub | View on GitHub Pages - Essential setup and configuration instructions
- Platforms: macOS (Safari, Edge, Chrome) | Windows (Edge, Chrome)
- Default: Block-all with allow-list examples
- Automation: PowerShell script injects allow/block lists per browser schema
- CI/CD: GitHub Actions validate PowerShell and policy files
- ✅ Cross-platform coverage (macOS and Windows)
- ✅ Multi-browser support (Safari, Edge, Chrome)
- ✅ Intune-friendly templates (Graph-ready JSON, Safari XML)
- ✅ Dynamic allow/block injection via PowerShell
- ✅ CI checks: PowerShell lint and JSON/XML validation
- ✅ Lint-safe logging and ShouldProcess
git clone https://github.com/a-ariff/browser-popup-mdm-automation.git
cd browser-popup-mdm-automation# Edit allow/block lists in policies folder
# macOS Chrome/Edge JSON: PopupsAllowedForUrls, PopupsBlockedForUrls, DefaultPopupsSetting
# Windows Chrome/Edge JSON: Same structure
# macOS Safari XML: PopupsBlockedForUrls, DefaultPopupsSetting# Use provided PowerShell script
.\scripts\New-IntunePopupPolicy.ps1 -Platform macOS -Browser Chrome| Platform | Safari | Edge | Chrome | Status |
|---|---|---|---|---|
| macOS 11+ | ✅ | ✅ | ✅ | Tested |
| macOS 10.15 | ✅ | ❌ | ✅ | Partial |
| Windows 10 | ❌ | ✅ | ✅ | Tested |
| Windows 11 | ❌ | ✅ | ✅ | Tested |
| iOS | ❌ | ❌ | ❌ | N/A |
Browser-Popup-MDM-Automation/
├── scripts/
│ └── New-IntunePopupPolicy.ps1
├── policies/
│ ├── macOS/
│ │ ├── safari-popup-policy.xml
│ │ ├── edge-popup-policy.json
│ │ └── chrome-popup-policy.json
│ └── windows/
│ ├── edge-popup-policy.json
│ └── chrome-popup-policy.json
├── docs/
│ ├── popup-policy-guide.md
│ └── assets/
└── .github/workflows/
├── ps-lint.yml
└── validate-policies.yml
{
"PopupsAllowedForUrls": [
"https://example.com",
"https://trusted-site.com"
],
"PopupsBlockedForUrls": [
"https://malicious-site.com"
],
"DefaultPopupsSetting": 2
}<dict>
<key>PopupsBlockedForUrls</key>
<array>
<string>https://malicious-site.com</string>
</array>
<key>DefaultPopupsSetting</key>
<integer>2</integer>
</dict>Policy not applying
- Check device compliance in Intune admin center
- Verify policy assignment to correct groups
- Allow 24-48 hours for policy propagation
Browser not recognizing policy
- Ensure browser is managed by Intune
- Check browser version compatibility
- Restart browser after policy deployment
PowerShell script errors
- Run with -Verbose flag for detailed logging
- Check execution policy: Set-ExecutionPolicy RemoteSigned
- Verify all dependencies are installed
- Q1 2025: Add Firefox support
- Q2 2025: Mobile browser policies (iOS Safari)
- Q3 2025: Automated policy compliance reporting
- Q4 2025: Integration with Microsoft Graph PowerShell SDK v2
See CHANGELOG.md for detailed version history.
See CONTRIBUTING.md for contribution guidelines.
This project is licensed under the MIT License - see the LICENSE file for details.
- 📖 Documentation
- 🐛 Issues
- 💬 Discussions