This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
After a deep search and test policies like APP Locker and APP Control for Business for Intune, on how to block extension files from downloads on any browser, we couldn't find a solution. Can someone please point us in the right direction? We need to block ANY downloads with extensions EXE and MSI applicable to a specific folder like Desktop or Downloads for a specific group. Not by Hash, path or publisher.
The best I could find from Settings Catalog are these, but not exactly what you want.
With policies or rules I don't think you can archive what you want by specifying only few folders. If you want to be extra secure what you users do, Applocker is still a good technology and can be implemented in Intune with xml rules, and same time keeping Users being users and not admins, you'll be fine :)
Thank you Pavel for your answer, but yes, I saw that one too for Chrome and Edge but it is not what I am looking for. I created a ticket with Support, and they weren't sure if there is an option for that, I will update the question if they answer me with a positive answer.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 61%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
Based on my search, I didn't find there is such setting. I noticed you have created a ticket, if there is anything helpful, please share with us. Thanks for your kindness.