This week is sort of a follow-up on the last couple of weeks. The last couple of weeks the focus was on getting started with the different Microsoft Purview extensions for Google Chrome and Mozilla Firefox, while this week the focus is on getting started with the Microsoft Defender Browser Protection extension for Google Chrome. The Microsoft Defender Browser Protection extension brings protection against online threats, like phishing and malicious websites, functionality known from SmartScreen in Microsoft Edge, to the Google Chrome browser. With that functionality it protects users against threats such as clicking on links in phishing emails and websites that are designed to trick users into downloading and installing malicious software. Of course Google Chrome also provides similar built-in functionality, but that will not be directly integrated with Microsoft Defender for Endpoint. This post will start with the steps to automatically configure the Microsoft Defender Browser Protection extension, on Windows devices, by using Microsoft Intune. And this post will end with the user experience when navigating to malicious websites, after installing the Microsoft Defender Browser Protection extension.
Important: The Microsoft Defender Browser Protection extension only mentions United States as supported region.
Installing Microsoft Defender Browser Protection extension
The automatic installation of the Microsoft Defender Browser Protection extension is actually pretty straightforward and comparable to the automatic installation of any other Google Chrome extension. The configuration can be managed via the Settings Catalog. The Settings Catalog nowadays also contains the ADMX-backed settings for Google Chrome. Those settings are backed by the Chrome.admx. The main setting that should be used for the forced installation of the Microsoft Defender Browser Protection extension, is Configure the list of force-installed apps and extensions. That setting provides the IT administrator with the ability specify a list of browser extensions that should be automatically force installed on the Windows device. The following 8 steps can be used for installing the required extension, by using Settings Catalog in Microsoft Intune.
- Open the Microsoft Intune admin center portal and navigate to Devices > Windows > Configuration profiles
- On the Windows | Configuration profiles blade, click Create > New Policy
- On the Create a profile blade, select Windows 10 and later > Settings catalog and click Create
- On the Basics page, provide at least a unique name to distinguish it from similar profiles and click Next
- On the Configuration settings page, as shown below in Figure 1, perform the following actions and click Next
- Click Add settings, navigate to Google > Google Chrome > Extensions and select Configure the list of force-installed apps and extensions in Settings picker
- Switch the slider with Configure the list of force-installed apps and extensions to Enabled (1) and specify bkbeeeffjjeopflfhgeknacdieedcoml;https://clients2.google.com/service/update2/crx with Extension/App IDs and update URLs to be silently installed (Device) to automatically force the installation of the Microsoft Defender Browser Protection extension
- On the Scope tags page, configure the required scope tags and click Next
- On the Assignments page, configure the assignment for the required user or devices and click Next
- On the Review + create page, verify the configuration and click Create
Note: This configuration can also be part of the any browser configuration for Google Chrome.
Experiencing the Microsoft Defender Browser Protection extension
When the configuration is in place to automatically force the installation of the Microsoft Defender Browser Protection extension for the Google Chrome browser, it’s time to experience the behavior. That experience should be experienced in two steps for the complete experience. The first step would be to simply experience the installation of the Microsoft Defender Browser Protection extension for the Google Chrome browser. That is pretty straightforward, as shown below in Figure 2, by simply looking at the installed extensions. It can’t be removed.
After the installation is completed successfully, it’s time to actually experience the behavior with the Microsoft Defender Browser Protection extension in the Google Chrome browser. Once the extension is in place, Microsoft provides multiple links to test the behavior of SmartScreen. For example, when opening the example phishing website that will result in a notification as shown below in Figure 3, in the Google Chrome browser.
More information
For more information about the Microsoft Defender Browser Protection extension, refer to the following docs.
- Create a policy using settings catalog in Microsoft Intune | Microsoft Learn
- Microsoft Defender Browser Protection – Chrome Web Store
Discover more from All about Microsoft Intune
Subscribe to get the latest posts sent to your email.
Great article, thanks for sharing! However, the Extension ID mentioned on step 5 (“echcggldkblhodogklpincgchnpgcdco”) is for the Microsoft Purview Extension. What you want here is “bkbeeeffjjeopflfhgeknacdieedcoml”, which refers to the Microsoft Defender Browser Protection extension.
Thank you, Daniel! I’ve adjusted it now.
Regards, Peter
Great article, I was under the belief that Microsoft is deprecating the Microsoft Defender Browser Protection. Is this incorrect or is this information? Regardless, enjoy reading your content.
Hi Jeremiah,
Yeah, I’ve had the same thoughts. But that was a couple of years ago, and now there have been some updates again. So, it seems to be alive (again).
Regards, Peter
Hi, How about for microsoft edge? how we can do that? thanks
Hi John,
What functionality are you missing? Microsoft Edge already has SmartScreen functionality.
Regards, Peter