Deploy these where you see fit as a New Policy -> Intune-ACSC-Windows-Hardening-Guidelines/office/scripts/OfficeMacroHardening-PreventActivationofOLE.ps1 at main · microsoft/Intune-ACSC-Windows-Hardening-Guidelines · GitHub for Edge and Chrome

Then Lock down users access to Settings pages in Both

Block access to a list of URLs (Device)

edge://settings/privacy, edge://settings/content, edge://extensions

Block access to a list of URLs (Device)

chrome://settings/privacy, chrome://settings/cookies, chrome://settings/security, chrome://flags, chrome://extensions, chrome://settings/content