top of page
Search

Microsoft Purview Browser Extension

  • Writer: Bjørnar Aassveen
    Bjørnar Aassveen
  • Aug 11
  • 2 min read

What is the Microsoft Purview Browser Extension?

The Microsoft Purview Browser Extension is an extension that extends Endpoint Data Loss Prevention (Endpoint DLP) to browsers such as Google Chrome and Mozilla Firefox. It enables logging and auditing of actions such as uploading sensitive files to cloud and AI services, printing, copying to clipboard, and saving to external media directly in the browser. For Microsoft Edge, this functionality is built-in (Stable version from 138 and later), but for Chrome and Firefox, the extension is required.


Requirements: Windows 10/11 (x64, build 1809+), Endpoint DLP enabled, and a Microsoft 365 E5/A5/G5 or equivalent license

Browser Extension can be deployed in several ways, both via GPO, Intune and manually. In this blog post I show how to deploy it via Intune.


Important to note

  • Data is only logged when policy violations occur (Policies you have defined in DLP). For example, when visiting a high-risk website or when uploading sensitive data to an AI tool (where these DLP rules are defined).


Data is displayed in Activity explorer, which in turn requires one of these roles

  • Global administrator

  • Compliance admin

  • Security admin

  • Compliance data admin

  • Global reader

  • Security reader

  • Reports reader




Google Chrome


For Chrome, the Purview extension must be installed. This is easiest done via the Intune Settings Catalog:

  1. Go to Intune Admin Center → Devices → Configuration → New policy.

    ree

  2. Select Windows 10 and later and Settings catalog.

    ree

  3. Under Google > Google Chrome > Extensions, enable Configure the list of force-installed apps and extensions.

    ree

  4. Add the following value:echcggldkblhodogklpincgchnpgcdco;https://clients2.google.com/service/update2/crx

    ree

  5. Assign to desired devices/users and complete the creation.


Mozilla Firefox


For Firefox, you must first add Firefox ADMX to Intune, then configure an OMA-URI policy


  1. Load Firefox ADMX into Intune

  2. Go to Intune Admin Center → Devices → Configuration profiles → Import ADMX.

  3. Upload Firefox ADMX templates (available for download from Mozilla GitHub Releases mozilla/policy-templates).


Once uploaded, you will have access to Firefox policies in Intune.

ree
ree

  1. Create a new configuration profile

  2. Go to Intune Admin Center → Devices → Configuration → New policy.

    Select: Platform: Windows 10 and later

    Profile type: Templates → Custom


      1. ree

  3. Add OMA-URI for ExtensionSettings

    Click Add and fill in:

    Name: Firefox Purview Extension

    OMA-URI

{
  "microsoft.defender.browser_extension.native_message_host@microsoft.com": {
    "installation_mode": "force_installed",
    "install_url": "https://github.com/microsoft/purview/raw/main/endpointDLP/browser_extension/prod-1.1.0.212.xpi",
    "updates_disabled": false
  }
}
ree

  1. Assign to desired devices/users and complete the creation.



When the policy is updated, the extension will be added to Chrome and Firefox.


ree


Bjørnar&AI

 
 
 

Comments

bottom of page