Browser extensions assessment

Applies to:

• Microsoft Defender Vulnerability Management
• Microsoft 365 Defender
• Microsoft Defender for Servers Plan 2

Note

To use this feature you'll require Microsoft Defender Vulnerability Management Standalone or if you're already a Microsoft Defender for Endpoint Plan 2 customer, the Defender Vulnerability Management add-on.

A browser extension is a small software application that adds functionality to a web browser. Visibility into the browser extensions installed can help you ensure the safe usage of extensions in your organization.

The Browser extensions page displays a list of the browser extensions installed across different browsers in your organization. For each installed extension, you can see the devices it's installed on and if it's turned on or off on these devices. You can also filter the view by users to see which browser extensions they're using on which device. The information available will not only help you learn about the installed extensions, but it can help you make decisions on how you want to manage the extensions.

Tip

Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to sign up for a free trial.

View your browser extensions

1. Go to Vulnerability management > Software inventory in the Microsoft 365 Defender portal.
2. Select the Browser extensions tab.

Note

Browser extension assessment is only available on Windows devices. Only extensions that exist in Edge, Chrome, and Firefox, will appear in browser extension list.

The Browser extensions page opens with a list of the browser extensions installed across your organization, including details on the extension name, browser, the number of devices the extension is installed on, and the number that have it turned on.

You can use the Browser filter to view the relevant list of extensions for a particular browser.

The Requested permissions and Permissions risk columns provide more specific information on the number of permissions requested by the extension, and the permissions risk level based on the type of access to devices or sites it requested.

Select a browser extension to open its flyout pane, where you can learn more about the extension:

Where applicable, there will be a link available on this page to access the extension in the store it was installed from.

Browser extension permissions

Browser extensions usually need different types of permission to run properly, for example, they may require permission to modify a webpage.

Select the Permissions tab, from the browser extension flyout pane, to see information on the permissions the browser extension needs to run, and whether this permission is optional or not.

The permission risk level generated is based on the type of access the permission is requesting. You can use this information to help make an informed decision on whether you want to allow or block this extension.

Note

Risk is subjective, and it's up to each organization to determine the types of risk they are willing to take on.

Select a permission to see a further flyout with more information.

View installed devices

To see the list of the devices the extension is installed on, choose the Installed devices tab from the browser extension flyout pane:

From here, you can search for a particular device the extension is installed on, and you can export a list of the devices to a csv file.

View installed versions

Select the Installed versions tab, from the browser extension flyout pane, to see information on the versions of the extension installed in your organization.

Browser extensions on devices

You can also view a list of extensions installed on a device:

1. Select the device from the Installed devices tab in the flyout panel and select Open device page or select the device directly from the Device inventory page.

2. Select the Browser extensions tab to see a list of extensions installed on that device.

   

Browser extensions for each user

You can view a list of browser extensions for each user.

1. Select a browser extension from the list.

2. In the browser extension flyout, select the User tab. The list of browser extensions appear.

   

Browser extension APIs

You can use APIs to view all browser extensions installed in your organization, including installed versions, permissions requested, and associated risk. For more information, see:

• Export browser extensions assessment per device
• Get browser extensions permission information

Use advanced hunting

You can use advanced hunting queries to gain visibility on browser extensions in your organization. Find details about the browser extensions installed per device in the DeviceTvmBrowserExtensions table, or browser extension related information, including extensions permission information in the DeviceTvmBrowserExtensionsKB table.

Related articles

• Vulnerabilities in my organization
• Advanced hunting schema reference