Add Windows Defender Browser Protection to Chrome with Intune

I recently read a really great post by Martin Bengtsson about utilizing Configuration Manager (SCCM) to force installation of the Windows Defender Browser Protection extension for Chrome. So I decided to take a different approach and deploy the extension utilizing a PowerShell script deployed through Microsoft Intune.

To learn more about the Windows Defender Browser Protection for Google Chrome please visit: https://chrome.google.com/webstore/detail/windows-defender-browser/bkbeeeffjjeopflfhgeknacdieedcoml

Assumptions

Windows 10 device enrolled in Intune

Let’s get started

I created the following PowerShell script to add the Defender Chrome extension as a registry entry:

New-Item -Path HKLM:\Software\Policies\Google\Chrome -Name ExtensionInstallForcelist –Force

$RegKey ="HKLM:\Software\Policies\Google\Chrome\ExtensionInstallForcelist"

Set-ItemProperty -path $RegKey -name 1 -value "bkbeeeffjjeopflfhgeknacdieedcoml;https://clients2.google.com/service/update2/crx"

I saved the script as a .ps1 file and added to Intune utilizing the steps below:

Name the script, upload, and save

Assign the script to a group

Sync your Windows 10 device with Intune

Sync the device with Intune 

Registry Before sync

Chrome without Defender browser protection

Registry after sync

Chrome with Defender browser protection

Once Chrome is launched, the extension is automatically downloaded to the extension directory and added to Chrome.

Chrome extension directory

In addition to configuration, Configuration Manager will also perform remediation if this is something you’re more concerned with, SCCM is the best path to go currently. Again read Martin Bengtsson’s detailed post for insight on deploying and remediating for the Windows Defender Browser Protection for Chrome extension through SCCM.