This week is all about the Microsoft Purview extension for the Google Chrome browser. Not because it’s something really new, but mainly to create some awareness around its existence. The Microsoft Purview extension for Google Chrome extends the Endpoint data loss prevention (Endpoint DLP) capabilities to sensitive items in the Google Chrome browser. After the installation of the Microsoft Purview extension for Google Chrome, on Windows devices, organizations get the ability to also monitor attempts to access or upload sensitive items to a Cloud service when using the Google Chrome browser, and to actually enforce protective actions via data loss prevention policies. This post will provide a brief overview of the Microsoft Purview extension for the Google Chrome browser, followed with the steps to automatically configure the extension on Windows devices by using Microsoft Intune. This post will end with the user experience after the installation of the Microsoft Purview extension.
Note: The Google Chrome extension that is discussed in this post is only applicable to Windows device.
Introducing Microsoft Purview extension in Google Chrome
The Microsoft Purview extension for the Google Chrome browser enables organizations to audit and manage a specific list of activities that user can take on sensitive items. An overview of those activities is summarized in the table below.
| Activity | Description | Policy actions |
|---|---|---|
| File copied to cloud | This activity detects when a user attempts to upload a sensitive item to a restricted service domain through the Google Chrome browser | audit, block with override, block |
| File printed | This activity detects when a user attempts to print a sensitive item from the Google Chrome browser to a local or network printer | audit, block with override, block |
| File copied to clipboard | This activity detects when a user attempts to copy and paste information from a sensitive item in the Google Chrome browser into another app, process, or item. | audit, block with override, block |
| File copied to removable storage | This activity detects when a user attempts to copy a sensitive item or information from the Google Chrome browser to removable media or USB device | audit, block with override, block |
| File copied to network share | This activity detects when a user attempts to copy a sensitive item or information from the Google Chrome browser to a network share or mapped network drive. | audit, block with override, block |
Note: Microsoft recommends to use Microsoft Edge if it’s needed to upload files in quick succession.
Besides that, it’s good to keep in mind that the DLPEngine caches all files for about 15 minutes to prevent repeated upload attempts. During that cache period, the file is blocked from being uploaded to any domain. So, if a user tries to upload to an unallowed domain and then immediately to an allowed domain, the cached response may block the upload attempt.
Installing Microsoft Purview extension in Google Chrome
After being familiar with the Microsoft Purview extension for the Google Chrome browser, and the different supported activities, it’s time to look at actually configuring it by using Microsoft Intune. The good news is that the configuration can be managed via the Settings Catalog. The Settings Catalog contains ADMX-backed settings for Google Chrome. Those settings are backed by the Chrome.admx. The main setting that should be used for the forced installation of the Microsoft Purview extension, is Configure the list of force-installed apps and extensions. That provides the IT administrator with the ability specify a list of browser extensions that should be installed. The following 8 steps can be used for installing the required extension, by using Settings Catalog.
- Open the Microsoft Intune admin center portal and navigate to Devices > Windows > Configuration profiles
- On the Windows | Configuration profiles blade, click Create > New Policy
- On the Create a profile blade, select Windows 10 and later > Settings catalog and click Create
- On the Basics page, provide at least a unique name to distinguish it from similar profiles and click Next
- On the Configuration settings page, as shown below in Figure 1, perform the following actions and click Next
- Click Add settings, navigate to Google > Google Chrome > Extensions and select Configure the list of force-installed apps and extensions in Settings picker
- Switch the slider with Configure the list of force-installed apps and extensions to Enabled (1) and specify echcggldkblhodogklpincgchnpgcdco;https://clients2.google.com/service/update2/crx with Extension/App IDs and update URLs to be silently installed (Device) to automatically force the installation of the Microsoft Purview extension
- On the Scope tags page, configure the required scope tags and click Next
- On the Assignments page, configure the assignment for the required user or devices and click Next
- On the Review + create page, verify the configuration and click Create
Note: This configuration can also be part of the any browser configuration for Google Chrome.
Experiencing the Microsoft Purview extension in Google Chrome
When the configuration is in place to automatically force the installation of the Microsoft Purview extension for the Google Chrome browser, it’s time to experience the behavior. That experience should be experienced in two steps for the complete experience. The first step would be to simply experience the installation of the Microsoft Purview extension for the Google Chrome browser. That is pretty straightforward, as shown below in Figure 2, by simply looking at the installed extensions. It can’t be removed.
After the installation is completed successfully, it’s time to actually experience the behavior with the Microsoft Purview extension in the Google Chrome browser. That requires Endpoint DLP to be configured. Once that’s in place, Microsoft provides multiple DLP scenarios to test the behavior of the Microsoft Purview extension in the Google Chrome browser. For example, when preventing copying specific data to ChatGPT will result in a notification as shown below in Figure 3.
More information
For more information about the Microsoft Purview extension for Google Chrome, refer to the following docs.
- Learn about the Microsoft Purview extension for Chrome | Microsoft Learn
- Get started with the Microsoft Purview extension for Chrome | Microsoft Learn
- Create a policy using settings catalog in Microsoft Intune | Microsoft Learn
Discover more from All about Microsoft Intune
Subscribe to get the latest posts sent to your email.