There are many options to deploy the Keeper Browser Extension (KeeperFill) to browsers on Windows machines including Group Policy, SCCM and Intune.

Sample reference guides are linked below:

• Group Policy Deployment - Chrome

• Group Policy Deployment - Firefox

Overview

These step by step instructions allow you to deploy the Keeper Chrome extension to users through Intune.

(1) Go to the Intune Portal (https://intune.microsoft.com/)

(2) In the portal, navigate to Devices > Configuration.

(3) Select Manage Devices > Configuration

(4) On the Policies tab, click Create > New Policy.

(5) Under Platform, select Windows 10 and later.

(6) Under Profile Type, choose Settings Catalog, then click Create.

(7) Enter a Name for the configuration profile and an optional Description, then click Next.

(8) In the Configuration Settings tab, select + Add settings.

(9) Search for "Google Chrome", then select "Google Chrome Extensions" and then select "Configure the list of force-installed apps and extensions" below. Then select Next to continue.

(10) In the "Configuration Settings" tab, enable the "Configure the list of force-installed apps and extensions" option then paste the following on one line:

(11) Review the Scope tags and Assignments settings tabs to assign the appropriate groups, then click Create to finalize. Ensure that "All Users" or specific groups are assigned.

(12) Navigate back to “Devices | Configuration” > Hit Refresh

(13) Your newly created policy will appear

The policy is now active. If a plan member has not yet enrolled with Intune, they will be prompted to do so upon signing in to a managed device. Once enrolled, the Keeper browser extension will be installed automatically.

Pinning the Extension

To pin the Chrome extension on the user's browser:

(1) Click on the policy you created under Devices | Configuration

(2) Under the "Configuration settings" select "Edit"

(3) Click + Add setting then search for "Google Chrome" settings and select "Google Chrome Extensions" then select "Extension management settings" in the subcategory below.

(4) After selecting this option, close the window and under the "Configuration settings" tab, activate the setting "Configure extension management settings" and paste the below JSON into the box:

(5) Select "Review + Save" and save the settings.

Overview

These step by step instructions allow you to deploy the Keeper Microsoft Edge extension to users through Intune.

(1) Go to the Intune Portal (https://intune.microsoft.com/)

(2) In the portal, navigate to Devices > Configuration.

(3) Select Manage Devices > Configuration

(4) On the Policies tab, click Create > New Policy.

(5) Under Platform, select Windows 10 and later.

(6) Under Profile Type, choose Settings catalog, then click Create.

(7) Enter a Name for the configuration profile and an optional Description, then click Next.

(8) In the Configuration Settings tab, select + Add settings.

(9) Search for "Microsoft Edge\Extensions", then select "Control with extensions are installed silently" and select Next.

(10) In the "Configuration Settings" tab, enable the "Control with extensions are installed silently" option then paste the following on one line:

(11) Review the Scope tags and Assignments settings tabs to assign the appropriate groups, then click Create to finalize. Ensure that "All Users" or specific groups are assigned.

(12) Navigate back to “Devices | Configuration” > Hit Refresh

(13) Your newly created policy will appear

The policy is now active. If a plan member has not yet enrolled with Intune, they will be prompted to do so upon signing in to a managed device. Once enrolled, the Keeper browser extension will be installed automatically.

Pinning the Extension

To pin the Edge extension on the user's browser:

(1) Click on the policy you created under Devices | Configuration

(2) Under the "Configuration settings" select "Edit"

(3) Click + Add setting then select "Configure extension management settings" under the Microsoft Edge\Extensions picker.

(4) After selecting this option, close the window and under the "Configuration settings" tab, activate the setting "Configure extension management settings" and paste the below JSON into the box:

(5) Select "Review + Save" and save the settings.

The behavior and settings of the Chrome extension can be customized through the ExtensionSettings policy on Windows, Mac and Linux.

Please see the below link to learn about the various settings can be applied:

The behavior and settings of the Microsoft Edge extension can be customized through the ExtensionSettings policy on Microsoft Windows devices.

Please see the below link to learn about the various settings can be applied:

Deploying Keeper Chrome Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Google Chrome templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Chrome Policy Templates

On your domain controller, navigate to the URL, provided below, and download the correct 32 or 64 bit zip bundle. Extract the Google Chrome bundle to your desired location. Ex: C:\temp

1. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.admx file located within the 64-bit \GoogleChromeEnterpriseBundle64\Configuration\admx directory to C:\Windows\PolicyDefinitions OR 32-bit \GoogleChromeEnterpriseBundle\Configuration\admx directory to C:\Windows\PolicyDefinitions

2. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.adml file located within the 64-bit \GoogleChromeEnterpriseBundle64\Configuration\admx\en-US

Step 3: Create or Configure your Chrome Policy

1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Chrome Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

2. Name the policy something relevant. Ex: “Chrome Policy”

3. Once created, right click the new policy and select Edit.

4. Expand out Chrome Policy -> Computer Configuration -> Policies -> Administrative Templates -> Google Chrome -> Extensions then Right click and Edit the “Configure the list of force-installed apps and extensions”

5. Tick the Enable button, and then click the Show button.

6. Add the following text and click OK.

7. Click Apply, and then click OK

8. Disable Chrome's Built-In Password Manager by navigating to Google Chrome -> Password manager and then Right click and Edit the “Enable saving passwords to the password manager”

9. Tick the "Disabled" button, and then click Apply, and then click OK.

10. Following the same process as steps 8 - 9, direct within Google Chrome Administrative Templates Policy definitions, Disable Chrome's AutoFill capabilities by editing both "Enable AutoFill for addresses" and "Enable AutoFill for credit cards" and setting them to disabled.

11. (Optional) If you would like to disable Developer Tools, to further secure against users attempting to unmask a masked password / credential, still within the Google Chrome Administrative Templates Policy definitions, disable Developer Tools by editing "Control where developer tools can be used" end setting it to "Enabled" and select the Options value of "Don't allow using the developer tools" and click OK.

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, in which contains your Computers or Users, and select Link an Existing GPO.

13. Select the “Chrome Policy” and click “OK”

For any PC within that OU, the “Chrome Policy” will automatically install the Keeper Security Browser Extension, if Chrome is installed on those PCs as well as disable Chrome's, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Chrome Policies

On a target client device, open Google Chrome and navigate to chrome://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

You can also check your extension by navigating to chrome://extensions and ensuring your extensions are being forcefully installed.

You may need to close and reopen Google Chrome before the new policies appear.

Deploying Keeper Firefox Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Firefox Policy Templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Firefox Policy Templates

On your domain controller, download the zip file and extract the Firefox Policy Template file to your desired location. Ex: C:\temp

Step 2: Adding Firefox .admx and .adml files to Group Policy

1. Navigate to the directory in which you extracted the Firefox Policy Template file and copy the firefox.admx file located within the \policy_templates_v.(version)\windows directory to C:\Windows\PolicyDefinitions

2. Navigate to the directory in which you extracted the Firefox Policy Template file and copy the firefox.adml file located within the \policy_templates_v.(version)\windows\en-US directory to C:\Windows\PolicyDefinitions\en-US

Step 3: Create or Configure your Firefox Policy

1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Firefox Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

2. Name the policy something relevant. Ex: "Firefox Policy”

3. Once created, right click the new policy and select Edit.

4. Expand out Firefox Policy -> Computer Configuration -> Policies -> Administrative Templates -> Firefox -> Extensions then Right click and Edit the “Extensions to Install”

5. Tick the Enable button, and then click the Show button.

6. Add the full hyperlink to the Add-on from Mozilla, like below:

7. Click Apply, and then click OK

8. Now proceed to right clicking and Edit the “Prevent extensions from being disabled or removed”

9. Add the URL again from Step 6 above in the value field.

10. Click Apply, and then click OK

11. Disable the Firefox Built-In Password Manager by navigating direct within Firefox Administrative Templates Policy definitions and then Right click and edit both the Offer to save logins and Offer to save logins (default) and set to Disabled, Click Apply and then OK.

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, and select Link an Existing GPO.

13. Select the “Firefox Policy” and click “OK”

For any PC within that OU, the “Firefox Policy” will automatically install the Keeper Security Browser Extension, if Firefox is installed on those PCs as well as disable Firefox's, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Firefox Policies

On a target client device, open Firefox and navigate to about:policies to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

You may need to close and reopen Firefox before the new policies appear.

Deploying Keeper Edge Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Microsoft Edge templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Edge Policy Templates

1. On your domain controller, go to the Microsoft Edge Enterprise landing page to download the Microsoft Edge policy templates file (MicrosoftEdgePolicyTemplates.cab), by clicking on "Get Policy Files" and extract the contents to your desired location. Ex: C:\temp

2. Browse to the directory in which you saved the downloaded MicrosoftEdgePolicyTemplates.zip file. Extract the contents of the MicrosoftEdgePolicyTemplates.zip file to your desired location. Ex: C:\temp

Step 2: Adding Edge .admx and .adml files to Group Policy

1. Navigate to the directory in which you extracted the Microsoft Edge Templates zip file and copy the msedge.admx file located within the \windows\admx directory to C:\Windows\PolicyDefinitions

2. Navigate to the directory in which you extracted the Microsoft Edge Templates zip file and copy the msedge.adml file located within the \windows\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US

Step 3: Create or Configure your Edge Policy

1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Edge Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

2. Name the policy something relevant. Ex: “Edge Policy”

3. Once created, right click the new policy and select Edit.

4. Expand out Edge Policy -> Computer Configuration -> Policies -> Administrative Templates -> Microsoft Edge -> Extensions then Right click and Edit the “Control which extensions are installed silently”

5. Tick the Enable button, and then click the Show button.

6. Add the following text and click OK.

7. Click Apply, and then click OK

8. Disable Edge's Built-In Password Manager by navigating to Microsoft Edge -> Password manager and protection and then Right click and Edit the “Enable saving passwords to the password manager”

9. Tick the "Disabled" button, and then click Apply, and then click OK.

10. Following the same process as steps 8 - 9, directly within Microsoft Edge Administrative Templates Policy definitions, Disable the Edge AutoFill capabilities by editing both "Enable AutoFill for addresses" and "Enable AutoFill for credit cards" and setting them to disabled.

11. (Optional) If you would like to disable Developer Tools, to further secure against users attempting to unmask a masked password / credential, still within the Microsoft Edge Administrative Templates Policy definitions, disable Developer Tools by editing "Control where developer tools can be used" end setting it to "Enabled" and select the Options value of "Don't allow using the developer tools" and click OK.

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, in which contains your Computers or Users and select Link an Existing GPO.

13. Select the “Edge Policy” and click “OK”

For any PC or User within that OU, the “Edge Policy” will automatically install the Keeper Security Browser Extension, if Edge is installed on those PCs, as well as disable the Edge browser, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Edge Policies

On a target client device, open Microsoft Edge and navigate to edge://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

You can also check your extension by navigating to edge://extensions and ensuring your extensions are being forcefully installed.

You may need to close and reopen Microsoft Edge before the new policies appear.

Deploying Keeper Chrome Browser Extension via SCCM

This is a general guide in which describes how to utilize SCCM, against Google Chrome templates, to deploy the Keeper Browser extension to all desired PCs in your organization.

Step 1: Configuration Item

Create a new Configuration Item. This can be done within the Configuration Manager console, in the Assets and Compliance work space. Give it a suitable name, like Keeper Browser Extension, and click Next.

Step 2: Platform Selection

Select the appropriate platforms in which this Configuration will apply to and click Next.

Step 3: Create New Settings Configuration

Create a new settings configuration by clicking New.

Configure the new settings, as shown below, and click OK.

Step 4: Create New Compliance Rule

Now click on the "Compliance Rules" tab and click on New.

Configure the new compliance rules, as shown below, and click OK.

Click OK to create the new compliance rule.

Click Close to finish the new configuration item wizard.

Step 5: Configuration Baseline

In order to deploy this Configuration item, you need a baseline unless you have an existing baseline you would rather use.

Create a new Configuration Baseline in the Configuration Manager console, in the Asset and Compliance work space. Give it a suitable name and click Add > Configuration Item.

Add your newly created Keeper Browser Extension Configuration Item, shown within the Available Configuration Items pane and click OK.

Finish creating the new Configuration Baseline by clicking on OK.

Step 6: Deployment

Finally!!!! The Configuration Baseline containing the Keeper Browser Extension Configuration Item needs to be deployed. When deploying a baseline, remember to tick ON the Remediate noncompliant rules when supported. Also, consider how often the compliance should be evaluated. For ex: Group policies updates, by default, every 90 minutes. If this is replacing a GPO, consider to lower the policies update interval. Click OK to complete the configuration baseline.

Step 7: End user experience

Once the SCCM client has updated its policies, per device, and the Configuration Baseline has run, on a target client device, open Google Chrome and navigate to chrome://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

You can also check your extension by navigating to chrome://extensions and ensuring your extensions are being forcefully installed.