Browser extensions assessment
Applies to:
- Microsoft Defender Vulnerability Management
- Microsoft Defender XDR
- Microsoft Defender for Servers Plan 2
Note
To use this feature you'll require Microsoft Defender Vulnerability Management Standalone or if you're already a Microsoft Defender for Endpoint Plan 2 customer, the Defender Vulnerability Management add-on.
A browser extension is a small software application that adds functionality to a web browser. Visibility into the browser extensions installed can help you ensure the safe usage of extensions in your organization.
The Browser extensions page displays a list of the browser extensions installed across different browsers in your organization. Browser extension details are collected across all the users that exist on a specific browser. For each installed extension, per browser, you can see the devices it's installed on, the users who installed it and if it's turned on or off on a device.
The information available will not only help you learn about the installed extensions, but it can help you make decisions on how you want to manage the extensions.
Tip
Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to sign up for a free trial.
View your browser extensions
- Go to Vulnerability management > Inventories in the Microsoft Defender portal.
- Select the Browser extensions tab.
Note
Browser extension assessment is only available on Windows devices. Only extensions that exist in Edge, Chrome, and Firefox, will appear in browser extension list.
The Browser extensions page opens with a list of the browser extensions installed across your organization, including details on the extension name, browser, the number of devices the extension is installed on, and the number that have it turned on.
You can use the Browser filter to view the relevant list of extensions for a particular browser.
The Requested permissions and Permissions risk columns provide more specific information on the number of permissions requested by the extension, and the permissions risk level based on the type of access to devices or sites it requested.
Select a browser extension to open its flyout pane, where you can learn more about the extension:
Where applicable, there will be a link available on this page to access the extension in the store it was installed from.
Browser extension permissions
Browser extensions usually need different types of permission to run properly, for example, they might require permission to modify a webpage.
Select the Permissions tab, from the browser extension flyout pane, to see information on the permissions the browser extension needs to run, and whether this permission is optional or not.
The permission risk level generated is based on the type of access the permission is requesting. You can use this information to help make an informed decision on whether you want to allow or block this extension.
Note
Risk is subjective, and it's up to each organization to determine the types of risk they are willing to take on.
Select a permission to see a further flyout with more information.
View installed devices
To see the list of the devices the extension is installed on, choose the Installed devices tab from the browser extension flyout pane:
From here, you can search for a particular device the extension is installed on, and you can export a list of the devices to a csv file.
View extension versions
Select the Extensions versions tab, from the browser extension flyout pane, to see information on the versions of the extension installed in your organization.
View extensions users
Select the Users tab, from the browser extension flyout pane, to see a list of users who installed the browser extension.
Browser extensions on devices
You can also view a list of extensions installed on a device:
Select the device from the Installed devices tab in the flyout panel and select Open device page or select the device directly from the Device inventory page.
Select Inventories and then Browser extensions to see a list of extensions installed on that device.
Browser extension APIs
You can use APIs to view all browser extensions installed in your organization, including installed versions, permissions requested, and associated risk. For more information, see:
Use advanced hunting
You can use advanced hunting queries to gain visibility on browser extensions in your organization. Find details about the browser extensions installed per device in the DeviceTvmBrowserExtensions table, or browser extension related information, including extensions permission information in the DeviceTvmBrowserExtensionsKB table.
Related articles
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for