In-Depth Guide: Automatically Clearing Chrome Browsing Data on Close with Intune
In environments where multiple users share a Windows PC—such as labs, kiosks, libraries, or clinical workstations—private browsing information must be removed after each session. Microsoft Intune can enforce a policy that clears Google Chrome’s browsing data on exit, ensuring no history, cookies, cached files, passwords, or form entries persist between users. This step-by-step guide covers planning, configuration, deployment, and verification.
Why Clear Chrome Data on Close?
- Protect User Privacy
Automatically wiping history and cookies prevents one user’s session from exposing another’s credentials or visited sites. - Avoid Cache-Related Errors
Stale caches can break web applications or display outdated content. Clearing data prevents login failures and rendering issues. - Ensure Compliance
In regulated industries, automatic data removal helps satisfy privacy and data-retention regulations. - Streamline Management
Users no longer need to remember manual cleanup. IT sets the policy once and it applies consistently.
What Data Gets Cleared?
When enabled, Chrome will delete on exit:
- Browsing history
- Download history
- Cookies and site data (login tokens, site preferences)
- Cached images and files
- Saved passwords
- Autofill form data (addresses, search queries)
- Site permissions (camera, microphone, location)
Prerequisites
- Windows 10 or later devices managed by Microsoft Intune.
- Chrome Enterprise MSI installed via Intune or Group Policy.
- Access to Chrome ADMX templates for the Settings catalog.
Step 1: Import Chrome ADMX Templates into Intune
- Download Templates
Obtain the latestchrome.admxand corresponding ADML files from Google’s enterprise bundle. - Create Administrative Templates Profile
- In Endpoint Manager, go to Devices > Configuration profiles.
- Click Create profile and select Windows 10 and later > Templates > Administrative Templates.
- Upload ADMX/ADML
- In the profile’s Custom ADMX section, import
chrome.admxand its language file (chrome.adml). - Save the profile (you will configure settings next).
- In the profile’s Custom ADMX section, import
Step 2: Configure the “Clear Browsing Data on Exit” Policy
- Edit the Administrative Templates Profile
- Enable the Setting
- Search for Clear browsing data on exit under the Google Chrome category.
- Policy name: BrowserClearOnExit (or similar).
- Set to Enabled.
- Specify Data Types
- If available, choose which data types to clear. Otherwise, enabling the policy clears all categories.
- Save the policy configuration.
Step 3: Deploy Chrome via Intune (if not already)
- Add a Line-of-Business App
- Navigate to Apps > Windows > Add.
- Choose Line-of-business app and upload the Chrome Enterprise MSI.
- Configure Install Behavior
- Install context: System
- Restart behavior: Suppress
- Assign the app to the same device groups targeted by the policy.
Step 4: Assign and Scope the Policy
- In Devices > Configuration profiles, select your Chrome Administrative Templates profile.
- Go to Assignments.
- Target the device or user groups for shared PCs.
- Save and initiate a Sync on test devices under Settings > Accounts > Access work or school > Sync.
Step 5: Verify Policy Application
- chrome://policy
- Open Chrome and navigate to
chrome://policy. - Confirm that BrowserClearOnExit appears and is set to Enabled.
- Open Chrome and navigate to
- Functional Test
- Browse several sites, log in to a web app, and fill out a form.
- Close Chrome completely (confirm no background processes).
- Reopen: history, cookies, passwords, and autofill should be cleared; sites should prompt for login again.
- Edge Cases
- Test on kiosk mode or with a guest account to ensure isolation.
Troubleshooting
- Policy Not Applied
- Confirm device check-in and policy sync.
- Verify the ADMX was correctly imported and no naming conflicts exist.
- Partial Data Remains
- Ensure Chrome is fully closed; background processes can preserve data.
- Consider a startup script that kills remaining Chrome processes before clear.
- User Experience
- Communicate that saved passwords will also clear.
- If passwords must persist, deploy a separate password-management solution instead of this policy.
Best Practices
- Scope Carefully: Apply only to shared or public-facing devices.
- Combine with Kiosk Configurations: Use Windows Assigned Access or Unified Write Filter for locked-down stations.
- Educate Users: Clearly inform staff or patrons that browsing data is ephemeral.
- Audit Regularly: Periodically review policy compliance and device status in Intune.
Conclusion
By enabling Chrome’s “Clear browsing data on exit” policy via Intune, administrators can enforce consistent privacy protection and eliminate stale cache issues on shared Windows devices. With ADMX templates imported and a simple configuration profile deployed, Chrome will automatically purge all browsing artifacts at close—providing every user with a clean, secure browsing environment.
