Administering Brave at your Organization

As enterprises adopt the Brave browser at their workplace, they may require specific controls or configurations to ensure all the devices in their control are following company policy. Granular control for the Brave web browser can be achieved by using Policies.

Brave is built on Chromium and supports all of the policies that Chromium does.
Click here to view the Chromium policy documentation.

In addition to the standard Chromium policies, Brave has its own product specific policies.

This document will cover those Brave-specific policies and also aims to provide platform-specific guidance on how to administer Brave at your organization. 

Windows

Downloading and installing Brave policy templates

The latest Brave Policy Templates are always available for download here from our website here. Before installing the templates, you will need to verify which type of template you can use in your environment. This may depend on the tools and scripts you already have.

Start off by unzipping the policy_templates.zip that was downloaded. 

ADMX/ADML format (recommended)
This is the preferred template format on Windows and this is what you’d use with an MDM (mobile device management) solution. For example, Microsoft has a popular solution called InTune.

Assuming you unzip the policy_templates.zip file to C:\temp, you can find the files needed at:

C:\temp\windows\admx\

Brave.admx has the policy definition and you’d typically install on a device at

%systemroot%\PolicyDefinitions

<locale>\brave.adml has the locale specific part of the policy definition. For example, if your locale is en-US, this file would be en-US\brave.adml and you would install to:

%systemroot%\PolicyDefinitions\en-US

Legacy ADM format

This is an older style for supporting group policy and requires you to open the Windows Group Policy tool to import the policy (gpedit.msc).  You can then propagate this set of policies to other devices in your organization using Active Directory.

Assuming you unzip the policy_templates.zip file to C:\temp, you can find the files needed at

c:\temp\windows\adm\

When you have the Windows Local Group Policy Editor open, right click on Computer Configuration\Administrative Templates, click Add/Remove Templates and Add, and then select windows\adm\en-US\brave.adm from the Zip file. Once you have done this, Administrative Templates\Classic Administrative Templates (ADM) should show a new folder called “Brave”:

이 폴더를 통해 Brave의 다양한 설정을 탐색할 수 있습니다.

Registry (for Home Editions)

Group policy is not supported on the Home editions of the Windows operating system. It’s intended for the Professional editions.  However, you still can manage these devices using the registry.

The Zip file also contains an example file, windows\examples\brave.reg, for changing settings via the Windows registry.

Updater settings

Brave is configured to automatically update and (when installed) has an updater executable.

Unfortunately we do not yet have templates for Brave’s updater settings. 그러나, Chrome과 유사하게 사용자 정의할 수 있습니다. Please see Chrome’s documentation. There, you need to edit any .reg, .adm and .admx files with a text editor to replace Software\Policies\Google\Chrome with Software\Policies\BraveSoftware\Brave.

macOS

There are two approaches you can use for administering devices on macOS.

Using an MDM (recommended)

Some popular examples of MDM (mobile device manager) software would be Apple’s business.apple.com solution, Jamf, and Iru (formerly Kandji).  A .mobileconfig file can be generated and then loaded into the MDM software, which then propagates this config to each client device.

Using plist files via the command line

This would require SSH access to each device on the network. We don’t anticipate this as being a popular way of administering machines at a company, but it’s provided for completeness.

If you are on macOS, the policy on your device for Brave is stored in 

 ~/Library/Preferences/com.brave.browser.plist/

이 파일을 편집하려면 파일 자체를 편집해야 합니다(이 파일을 편집할 수 있는 Xcode 같은 소프트웨어가 필요하다는 사실에 유의하십시오). 다음 명령을 사용하여 macOS 터미널에서 .plist 파일을 편집할 수도 있습니다:

 defaults write com.brave.Browser -[policy name] [value]

For example, if you want to disable Private browsing windows in Brave, you would run the following command:

defaults write com.brave.Browser IncognitoModeAvailability -integer 1

값에 배열이 있는 경우 - 새로운 BraveShieldsDisabledForUrls 값과 같이, 아래에 표시된 형식이 됩니다.

defaults write com.brave.Browser BraveShieldsEnabledForUrls -array "https://twitter.com" "https://www.example.com"

The bundle identifier for Release channel is com.brave.browser. If you’re using Beta or Nightly, this will be different (com.brave.Browser.beta or com.brave.Browser.nightly, respectively). For local builds use com.brave.Browser.development.

Some policies on macOS must be set in a managed environment. 

sudo /usr/libexec/PlistBuddy -c "Add :BraveWalletDisabled bool true" /Library/Managed\ Preferences/com.brave.Browser.plist

And to clear 

sudo /usr/libexec/PlistBuddy -c "Delete :BraveWalletDisabled" /Library/Managed\ Preferences/com.brave.Browser.plist

If your machine is not part of a managed environment, you simply need to create this directory first:

sudo mkdir -p "/Library/Managed Preferences"
sudo chown root:wheel "/Library/Managed Preferences"
sudo chmod 755 "/Library/Managed Preferences"

You like need to run this to see the effect after restarting the browser when using the managed PlistBuddy commands:

sudo killall cfprefsd

Linux

Linux에서 Brave 정책은 여기 저장됩니다

/etc/brave/policies/managed/

Brave를 설치한 후 이 디렉토리가 없을 수 있습니다. 그러나 다음 명령을 사용하여 이 디렉토리를 생성할 수 있습니다:

mkdir -p /etc/brave/policies/managed/

일단 이 디렉토리가 생성되면, JSON 형식으로 작성된 그룹 정책 이름/키 형식의 파일을 해당 디렉토리에 배치할 수 있으며, 브라우저는 이를 자동으로 읽습니다. JSON 파일 내 정책의 형식은 다음과 같습니다:

{
    "[policy name]": [value]
}

For example, if you want to disable Private browsing windows in Brave, you could have the following in a JSON file called GroupPolicy.json:

{
    "IncognitoModeAvailability": 1
}

값에 배열이 있는 경우 - 새로운 BraveShieldsDisabledForUrls 값과 같이, 아래에 표시된 형식이 됩니다. 이 예제에서는 “GroupPolicy.json” 파일을 편집하여 프라이빗 창 기능을 비활성화하고, 특정 사이트 목록에 대해 Brave 방패를 비활성화했습니다 (이것이 “배열”입니다).

{
    "IncognitoModeAvailability": 1,
    "BraveShieldsDisabledForUrls": [
      "https://twitter.com",
      "https://www.example.com"
  ]
}

Mobile Platforms

Mobile platforms are controlled by an MDM (mobile device manager). 

Android

Click here for information about MDM on Android devices.

All of the policies supported by Chromium are supported in Brave also. Brave has its own policies defined also.

We don’t currently have templates for administering these inside of an MDM.

iOS

Click here for information about MDM on iOS devices.

Devices should be able to make use of the .mobileconfig solution outlined under macOS. However, support is limited.

The following admin policies are supported:
Support the Playlist admin policy on iOS

• Support the Brave VPN admin policy on iOS
• Support the Brave News admin policy on iOS
• Support the Brave Talk admin policy on iOS
• Support the Rewards admin policy on iOS
• Support the AI Chat admin policy on iOS

Is my device managed?

If you were curious if your device is being controlled by your organization, there are a few ways you can check.

1. Check the Main Menu:
   

   A managed device will display Managed by your organization at the bottom of the menu:

2. Visit brave://management to find out. It will tell you if you are managed (yes or no):
   
3. In Brave, you can open the page brave://policy. This will show policies that are in effect.

Brave 전용 정책 설정

Windows 그룹 정책 편집기 외에도 레지스트리를 통해 이러한 값을 설정할 수 있습니다:

Policy descriptions

Here is a breakdown of what each policy controls, categorized by function.

Web3, Crypto, & Rewards

These policies control the cryptocurrency and blockchain features unique to Brave.

BraveRewardsDisabled

Function: Controls the Brave Rewards program (where users earn BAT tokens for viewing privacy-preserving ads).

Effect: If set to true, the Rewards icon is hidden, and users cannot opt into ads or earn cryptocurrency.

BraveWalletDisabled

Function: Controls access to the built-in Brave Crypto Wallet.

Effect: If set to true, the wallet functionality is removed from the UI, preventing users from setting up or accessing the native crypto wallet.

Privacy & Security (Shields & VPN)

These policies manage the browser's defensive capabilities.

BraveShieldsDisabledForUrls

Function: Creates a "Whitelist."

Effect: You provide a list of URLs (websites). Brave Shields (ad and tracker blocking) will be automatically turned off for these specific sites. Useful for internal company tools that might break when trackers are blocked.

BraveShieldsEnabledForUrls

Function: Creates a "Blacklist" enforcement.

Effect: Ensures Shields are always turned on for the listed URLs, preventing the user from disabling them.

BraveVPNDisabled

Function: Controls the integration of the paid Brave VPN service.

Effect: If set to true, the VPN button and subscription options are removed from the browser interface.

AI & Content Features

These policies manage the extra tools and content feeds integrated into the browser.

BraveAIChatEnabled

Function: Controls "Leo," Brave's built-in AI assistant.

Effect: If set to false, the AI chat button in the sidebar and the address bar integration are disabled.

BraveNewsDisabled

Function: Controls the Brave News feed that appears on the New Tab Page.

Effect: If set to true, the Brave News feed is completely removed, usually resulting in a cleaner, faster-loading New Tab Page.

BravePlaylistEnabled

Function: Controls the Brave Playlist feature (which allows users to save video/audio from the web for offline playback).

Effect: Setting this to false disables the feature.

BraveSpeedreaderEnabled

Function: Controls Speedreader mode (which strips clutter/CSS from articles).

Effect: Enables or disables the automatic suggestion to switch to reader mode on compatible article pages.

BraveTalkDisabled

Function: Controls Brave Talk (the browser's private video conferencing tool).

Effect: If set to true, the widget and option to start a Brave Talk call are removed.

BraveWaybackMachineEnabled

Function: Controls the Internet Archive integration.

Effect: When enabled, if you encounter a "404 Page Not Found" error, Brave will ask if you want to view a saved version of the page from the Wayback Machine. Disable this to not be asked.

Telemetry, Analytics, & Sync

These policies control what data the browser sends back to Brave Software.

BraveP3AEnabled

Function: Stands for Privacy-Preserving Product Analytics.

Effect: Controls whether the browser sends anonymous usage data to Brave to help them improve the product. Enterprise environments often disable this.

BraveStatsPingEnabled

Function: Controls the basic "heartbeat" ping.

Effect: This is a very lightweight signal used to count active daily/monthly users. Disabling this stops the browser from announcing its presence to Brave's update servers.

BraveWebDiscoveryEnabled

Function: Controls the Web Discovery Project.

Effect: If enabled, the browser anonymously contributes data to help build the Brave Search index (helping Brave Search become independent of Google/Bing).

BraveSyncUrl

Function: Configures the Sync server location.

Effect: By default, Brave syncs to Brave's public servers. This policy allows an enterprise to force the browser to sync to a custom, self-hosted sync server instead, keeping data entirely within a private network.