Category filter
Configuration profile to disable Incognito mode on macOS devices
Admins may want to disable Incognito mode in Chrome browsers on macOS devices to enforce browsing restrictions, prevent private browsing, or ensure compliance. To disable Incognito mode using the method mentioned below, the Chrome browser on users’ devices must be managed by the organization.
To enroll cloud-managed Chrome browsers, sign up for Chrome Browser Cloud Management (CBCM), generate an enrollment token, and add devices to the console. Once the Chrome browser is managed, admins can deploy a configuration profile using the Deploy Custom Configuration feature to remotely turn off Incognito mode on Macs.
The sample configuration profiles provided below are created using various profile creator applications.
Disable Incognito mode in Chrome browser
To ensure data protection and compliance, you can restrict users from browsing the web in Incognito mode. This can be done by providing the value ‘1’ for the key named IncognitoModeAvailability.
Following are the values either of which can be used for the IncognitoModeAvailability key:
- 0: Incognito mode available. Users have the option to open webpages in an Incognito window.
- 1: Incognito mode disabled. Users are unable to open webpages in an Incognito window.
- 2: Incognito mode forced. Users can only open webpages in an Incognito window.
Below is a sample configuration profile to disable Incognito mode on the user’s device.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <dict> <key>com.google.Chrome</key> <dict> <key>Forced</key> <array> <dict> <key>mcx_preference_settings</key> <dict> <key>IncognitoModeAvailability</key> <integer>1</integer> </dict> </dict> </array> </dict> </dict> <key>PayloadDisplayName</key> <string>Incognito mode disabled</string> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>com.Chrome.084A0A8A-118F-40DD-B8CC-B32E198C329C</string> <key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string> <key>PayloadUUID</key> <string>084A0A8A-118F-40DD-B8CC-B32E198C329C</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string>Incognito mode is disabled in Chrome browser</string> <key>PayloadDisplayName</key> <string>Disable incognito mode</string> <key>PayloadIdentifier</key> <string>macOS.C483851C-16C5-489F-8D3E-273E77A6216A</string> <key>PayloadOrganization</key> <string>CompanyName Inc.</string> <key>PayloadRemovalDisallowed</key> <false/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>275AAA46-FAEB-43CA-BE51-7C16212AF6EC</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist> |
Users need to restart the Chrome browser for the configuration profile to take effect.
- To create and customize configuration profiles, you can use tools like Apple Configurator, Profile Manager or manually create them using text editors.
- Use non-encrypted .mobileconfig, .xml, or plist files to deploy profiles across devices.
- Ensure that you do not associate conflicting configurations with the devices.
- It is recommended to manually validate the configuration profile on a system before executing it in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the configuration profile.
