DeviceAuthenticationURLBlocklist

Setting the policy prevents webpages with prohibited URLs from loading during user authentication (e.g. in the login screen and lock screen). It provides a list of URL patterns that specify forbidden URLs. Leaving the policy unset means no URLs are prohibited during authentication. Format the URL pattern according to this format ( https://support.google.com/chrome/a?p=url_blocklist_filter_format ). Exceptions to these patterns can be defined in the related policy DeviceAuthenticationURLAllowlist. Certain URLs are necessary for authentication to succeed, including accounts.google.com, so they should not be blocked if online sign-in is required. Note: This policy does not apply to in-page JavaScript URLs with dynamically loaded data. If you blocked example.com/abc, then example.com could still load it using XMLHTTPRequest.