We are using Microsoft Security Baseline for Edge (and Chrome) because it includes the best practices and recommendations on settings that impact security. Having a security baseline is very important because the security settings required by an organization are so varied. Because the settings in the baseline are set to disable using an extension it is sometimes needed to enable specific browser extensions. How this can be done is going to be explained in the following items.
Create a enable browser extensions policy
We are going to create a Setting catalog policy to enable extension for a user group. Go to the Endpoint Manager link , click on Devices, Configuration profiles and + Create profile
Select Platform Windows 10 and later
Select Profile type Settings catalog
Click on Create, fill the Name the of the policy
Click Next
Click on Add settings
in the next screen popping updo the following fill the right keyword (1) click on Search (2) pick the settings from the category picker
Create a policy for Microsoft Edge browser extensions
At (1) fill Allow specific extensions to be installed click on Microsoft Edge\Extensions.
Click on Allow specific extensions to be installed
By default, all extensions are allowed. However, if you block all extensions by setting the ‘ExtensionInstallBlockList’ policy to “*,” users can only install extensions defined in this policy. Example value: extension_id1 extension_id2
Enable the Setting
Create a policy for Google Chrome browser extensions
At (1) fill Extension IDs to exempt from the blocklist click on Administrative Templates\Google\Google Chrome\ Extensions.
Click on Extension IDs to exempt from the blocklist (User)
How to find the browser extension id’s
Because we need to add the extension ID to the setting to enable it, we need to find them.
For Edge go to : Microsoft Edge Add-ons
For chrome go to : https://chrome.google.com/webstore
Search for an extension like Lastpass
the Extension id can be found in the url, which is highlighted below
Because we now enabled it for the user they allowed to install it but we can do this for them as well
Install the Extension for the users (silently)
Because we enable the extension why not silently install it for the user, if it’s an extension needed for a large group of users. This also can be done via the Setting catalog settings.
in the next screen popping updo the following fill the right keyword (1) click on Search (2) pick the settings from the category picker
Search for Control which extensions are installed silently for the Edge and Configure the list of force-installed apps and extensions for Chrome.
Use the same extension id as before.
Finalize the policy
Review the settings and extension id’s Click Next, give it an assignment, review it and create the policy
[…] Keep calm get some browser extensions […]