Deploy Trusted sites zone assignment using Intune

Deploy a set of trusted sites overriding users’ ability to add trusted sites themselves. To acheive this, an Intune configuration profile Trusted site zone assignment can be deployed to devices/users group as required.

Login to Intune Portal and navigate to: Devices > Windows > Configuration Profiles.

Hit the Create button and Select New policy

From the Create a profile menu, select Windows 10 and later for Platform , Templates for Profile type. Select Administrative templates and click Create.

Give the profile desired name and click Next.

In Configurations settings, select Computer Configuration and search for keyword “Site to Zone“, Site to Zone Assignment List setting will be listed under search results. Go ahead click on it to Select it.

Once selected, a Site to Zone Assignment List page will appear on right side explaining different zones and values required for these zone for setup. Since this profile is being used for trusted sites, we will use the Value “2” . Go ahead and select Enabled button and start entering the trusted sites as required. please ensure to set each value to “2”. See example below:

Learn more about Zones: https://learn.microsoft.com/en-us/troubleshoot/developer/browsers/security-privacy/ie-security-zones-registry-entries#zones

Once done adding the list of sites, click OK to close it and Hit Next on Configuration settings page.

Add Scope tags if needed.

Under Assignments, Click Add groups to target the policy deployment to specific group of devices/users. You can also select Add all users / All all devices.

Hit Next. Then Hit Review + Save button to save.