Browser extensions assessment

Applies to:

• Microsoft Defender for Endpoint Plan 2
• Microsoft Defender Vulnerability Management
• Microsoft 365 Defender

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Note

Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the Microsoft Defender Vulnerability Management public preview trial.

A browser extension is a small software application that adds functionality to a web browser. Visibility into the browser extensions installed can help you ensure the safe usage of extensions in your organization.

The Browser extensions page displays a list of the browser extensions installed across different browsers in your organization. For each installed extension, you can see the devices it's installed on and if it's turned on or off on these devices. The information available will not only help you learn about the installed extensions, but it can help you make decisions on how you would like to manage the extensions.

View your browser extensions

1. Go to Vulnerability management > Software inventory in the Microsoft 365 Defender portal.
2. Select the Browser extensions tab.

The Browser extensions page opens with a list of the browser extensions installed across your organization, including details on the extension name, browser, the number of devices the extension is installed on, and the number that have it turned on.

You can use the Browser filter to view the relevant list of extensions for a particular browser.

The Requested permissions and Permissions risk columns provide more specific information on the number of permissions requested by the extension, and the permissions risk level based on the type of access to devices or sites it requested.

Note

Only extensions that exist in Edge, Chrome, and Firefox on Windows devices, will appear in browser extension list.

Select a browser extension to open its flyout pane, where you can learn more about the extension:

Where applicable, there will be a link available on this page to access the extension in the store it was installed from.

Browser extension permissions

Browser extensions usually need different types of permission to run properly, for example, they may require permission to modify a webpage.

Select the Permissions tab, from the browser extension flyout pane, to see information on the permissions the browser extension needs to run, and whether this permission is optional or not.

The permission risk level generated is based on the type of access the permission is requesting. You can use this information to help make an informed decision on whether you want to allow or block this extension.

Note

Risk is subjective, and it's up to each organization to determine the types of risk they are willing to take on.

Select a permission to see a further flyout with more information.

View installed devices

To see the list of the devices the extension is installed on, choose the Installed devices tab from the browser extension flyout pane:

From here, you can search for a particular device the extension is installed on, and you can export a list of the devices to a csv file.

View installed versions

Select the Installed versions tab, from the browser extension flyout pane, to see information on the versions of the extension installed in your organization.

Browser extensions on devices

You can also view a list of extensions installed on a device:

1. Select the device from the Installed devices tab in the flyout panel and select Open device page or select the device directly from the Device inventory page.

2. Select the Browser extensions tab to see a list of extensions installed on that device.

   

Browser extension APIs

You can use APIs to view all browser extensions installed in your organization, including installed versions, permissions requested, and associated risk. For more information, see:

• Export browser extensions assessment per device
• Get browser extensions permission information

Use advanced hunting

You can use advanced hunting queries to gain visibility on browser extensions in your organization. Find details about the browser extensions installed per device in the DeviceTVMBrowserExtensions table, or browser extension related information, including extensions permission information in the DeviceTVMBrowserExtensionsKB table.

Related articles

• Vulnerabilities in my organization
• Advanced hunting schema reference