Deploy the Microsoft Purview browser extension
Microsoft Purview provides browser extensions for Google Chrome and Mozilla Firefox to extend endpoint data loss prevention (DLP) capabilities on Windows devices. These extensions allow organizations to monitor and enforce DLP policies on sensitive data being accessed or shared through the browser, helping prevent unauthorized data leakage.
With the extension, you can:
Monitor how sensitive data is handled, including uploads to cloud services, copying to removable drives, and printing.
Apply data security policies in real time, such as blocking, auditing, or allowing actions under specific conditions.
Review browser activity logs and alerts in Activity explorer and the DLP Alerts dashboard to gain insight into policy compliance.
To use the Microsoft Purview extension in Chrome or Firefox, ensure your devices meet endpoint DLP prerequisites, including proper licensing, device onboarding, and appropriate administrative roles.
Deploy the Microsoft Purview extension for Chrome and Firefox
The Microsoft Purview browser extension allows your organization to monitor and protect sensitive data within Chrome and Firefox. Use these steps for individual installation, or deploy across multiple devices using Microsoft Intune or Group Policy.
Basic installation for Chrome
Select Add to Chrome and follow the on-screen instructions to complete the installation.
Basic installation for Firefox
Download the initial Microsoft Purview extension XPI file.
Open Firefox, and drag the downloaded file into the browser window.
Confirm the installation when prompted.
Organization-wide deployments
For large-scale deployments, your organization can use Microsoft Intune or Group Policy to automate installation across multiple devices. See the resources in the table for details:
| Browser | Deployment method |
|---|---|
| Chrome | Deploy using Microsoft Intune or Group Policy |
| Firefox | Deploy using Microsoft Intune or Group Policy |
Supported activities for DLP enforcement
Once the extension is installed, DLP enforcement applies to the following activities in Chrome and Firefox:
| Activity | Description | Policy actions |
|---|---|---|
| Upload to cloud | Monitors attempts to upload sensitive files to restricted cloud services. | Audit, Block with override, Block |
| Detects printing of sensitive files from the browser. | Audit, Block with override, Block | |
| Copy to clipboard | Tracks copying sensitive content from the browser to another app or process. | Audit, Block with override, Block |
| Copy to USB/removable storage | Monitors attempts to copy sensitive data to external devices. | Audit, Block with override, Block |
| Copy to network share | Detects copying sensitive data to network drives or shares. | Audit, Block with override, Block |
Test the extension
To ensure the Microsoft Purview extension is working as expected:
- Create or select a sensitive document that meets one of your organization's sensitive information types or a built-in sensitive information type.
- Open the file in Chrome or Firefox.
- Attempt a restricted action, such as uploading the document to a restricted cloud service, printing the document, or copying data from the file.
- A DLP notification should appear, indicating that the action is blocked or requires override if the extension is correctly enforcing policies.
By deploying the Microsoft Purview browser extension, your organization can enhance data protection on endpoint devices. Real-time monitoring and DLP enforcement in browsers help maintain compliance and reduce the risk of data loss.