We are using Microsoft Security Baseline for Edge (and Chrome) because it includes the best practices and recommendations on settings that impact security. Having a security baseline is very important because the security settings required by an organization are so varied. Because the settings in the baseline are set to disable using an extension it is sometimes needed to enable specific browser extensions. How this can be done is going to be explained in the following items.

Browser extensions

Create a enable browser extensions policy

We are going to create a Setting catalog policy to enable extension for a user group. Go to the Endpoint Manager link , click on Devices, Configuration profiles and + Create profile

Select Platform Windows 10 and later

Select Profile type Settings catalog

Click on Create, fill the Name the of the policy

Click Next

Click on Add settings

in the next screen popping updo the following fill the right keyword (1) click on Search (2) pick the settings from the category picker

Create a policy for Microsoft Edge browser extensions

At (1) fill Allow specific extensions to be installed click on Microsoft Edge\Extensions.

Click on Allow specific extensions to be installed
By default, all extensions are allowed. However, if you block all extensions by setting the ‘ExtensionInstallBlockList’ policy to “*,” users can only install extensions defined in this policy. Example value: extension_id1 extension_id2

Enable the Setting

Create a policy for Google Chrome browser extensions

At (1) fill Extension IDs to exempt from the blocklist click on Administrative Templates\Google\Google Chrome\ Extensions.

Click on Extension IDs to exempt from the blocklist (User)

How to find the browser extension id’s

Because we need to add the extension ID to the setting to enable it, we need to find them.

For Edge go to : Microsoft Edge Add-ons

For chrome go to : https://chrome.google.com/webstore

Extension

Search for an extension like Lastpass

the Extension id can be found in the url, which is highlighted below

Extension
copy and paste this id to policy and this extension will be enabled.

Because we now enabled it for the user they allowed to install it but we can do this for them as well

Install the Extension for the users (silently)

Because we enable the extension why not silently install it for the user, if it’s an extension needed for a large group of users. This also can be done via the Setting catalog settings.

in the next screen popping updo the following fill the right keyword (1) click on Search (2) pick the settings from the category picker

Search for Control which extensions are installed silently for the Edge and Configure the list of force-installed apps and extensions for Chrome.

Use the same extension id as before.

Finalize the policy

Review the settings and extension id’s Click Next, give it an assignment, review it and create the policy

One thought on “Keep calm get some browser extensions”

Comments are closed.