<?xml version="1.0" encoding="utf-8"?>
<!--
  SafePrompt ADMX template — Active Directory Group Policy.
  Schema: ADMX 1.0 (Microsoft Group Policy administrative template).
  Reference: FR36 / FR37 / FR61, Epic 10 story 10.03.

  Placeholders to replace before deploying:
    <EXTENSION_ID>     Chrome Web Store extension ID
    <TENANT_API_KEY>   Tenant API key from the SafePrompt Dashboard
    <TENANT_UUID>      Tenant UUID from the SafePrompt Dashboard

  This template requires the official Google Chrome ADMX (chrome.admx)
  to be already loaded in the same PolicyDefinitions store, because
  ExtensionInstallForcelist and ExtensionSettings live under that namespace.
-->
<policyDefinitions xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                   revision="1.0"
                   schemaVersion="1.0">
  <policyNamespaces>
    <target prefix="safeprompt" namespace="MKIS.Policies.SafePrompt" />
    <using prefix="windows" namespace="Microsoft.Policies.Windows" />
  </policyNamespaces>

  <resources minRequiredRevision="1.0" />

  <supportedOn>
    <definitions>
      <definition name="SUPPORTED_WindowsAndChrome"
                  displayName="$(string.SUPPORTED_WindowsAndChrome)" />
    </definitions>
  </supportedOn>

  <categories>
    <category name="SafePromptCategory"
              displayName="$(string.SafePromptCategory)"
              explainText="$(string.SafePromptCategory_Help)" />
  </categories>

  <policies>
    <policy name="EnableExtension"
            class="Machine"
            displayName="$(string.EnableExtension)"
            explainText="$(string.EnableExtension_Help)"
            presentation="$(presentation.EnableExtension)"
            key="Software\Policies\Google\Chrome\3rdparty\extensions\&lt;EXTENSION_ID&gt;\policy">
      <parentCategory ref="SafePromptCategory" />
      <supportedOn ref="SUPPORTED_WindowsAndChrome" />
      <elements>
        <text id="TenantApiKey"
              valueName="tenant_api_key"
              required="true"
              maxLength="128" />
        <text id="TenantId"
              valueName="tenant_id"
              required="true"
              maxLength="64" />
      </elements>
    </policy>

    <policy name="ForceInstall"
            class="Machine"
            displayName="$(string.ForceInstall)"
            explainText="$(string.ForceInstall_Help)"
            presentation="$(presentation.ForceInstall)"
            key="Software\Policies\Google\Chrome\ExtensionInstallForcelist"
            valueName="1">
      <parentCategory ref="SafePromptCategory" />
      <supportedOn ref="SUPPORTED_WindowsAndChrome" />
      <elements>
        <text id="ForceInstallEntry"
              valueName="1"
              required="true"
              maxLength="256" />
      </elements>
    </policy>
  </policies>
</policyDefinitions>
