Browser extensions can be productivity boosters — or security liabilities. Whether it's Chrome or Microsoft Edge, extensions often request elevated permissions that can expose sensitive data or introduce vulnerabilities. As an admin, you can take control of extension usage across browsers using Intune.

This guide walks through which features to enable and adjust in Intune to manage Chrome and Edge extensions effectively, with practical recommendations for IT admins.

🚨 Why Extension Control Is Critical

Extensions can access tabs, clipboard, downloads, and even internal systems. Without governance, users may install tools that compromise security or violate compliance policies.

That’s why browser extension management via Intune is essential for organizations using Chrome and Edge in all environments.

🔧 Key Intune Features for Chrome and Edge Extensions

To manage browser extensions effectively, you’ll need to configure policies using the Settings Catalog in Microsoft Intune. Here's how to get started:

1. Sign in to the Microsoft Intune admin center

2. Select Devices > Manage devices > Configuration > Create > New policy.

3. Enter the following properties:

   • Platform: select Windows 10 and later

   • Profile type: Select Settings catalog.

4. Select Create.

5. In Basics, enter the following properties:

   • Name: Name your profiles so you can easily identify them later.

   • Description: Enter a description for the profile. This setting is optional but recommended.

6. Select Next.

7. In Configuration settings, select Add settings.

• Block All Extensions by Default

Benefit: Establishes a secure baseline.

How:

• Chrome: In the settings picker find and select category "Google Google Chrome Extensions" and select "Configure extension installation blocklist". Enable "Configure extension installation blocklist" and add "*" in the text box "Extension IDs the user should be prevented from installing (or * for all) (Device)".

• Edge: In the settings picker find and select category "Microsoft Edge\Extensions" and select "Control which extensions cannot be installed".

  Enable this setting and add "*" in the text box "Extension IDs the user should be prevented from installing (or * for all) (Device)".

• Extension Install Allowlist

  
  

This setting allows you to whitelist only approved extensions by specifying their unique IDs. It’s a powerful way to ensure that only trusted tools are available to users.

To find an extension’s ID, simply look at its Chrome Web Store or Edge Add-ons URL—it's the long string at the end of the link. Once added to the allowlist, users will only be able to install these specific extensions in their browsers. Any other extension, even if available in the store, will be blocked from installation.

This approach is ideal for organizations that want to maintain tight control over browser environments. The best practice is to maintain a centralized list of vetted extensions that support productivity, security, and compliance goals.

How:

• Chrome: In the settings picker find and select category "Google Google Chrome Extensions" and select "Configure extension installation allow list".

  Enable "Configure extension installation allow list" and add Extension IDs in the text box "Extension IDs to exempt from the blocklist (Device)".

• Edge: In the settings picker find and select category "Microsoft Edge\Extensions" and select "Allow specific extensions to be installed".

  Enable "Allow specific extensions to be installed" add Extension IDs in the text box "Extension IDs to exempt from the block list (Device)".

Once configured, apply the policy to the appropriate device groups. These settings will enforce extension controls across Chrome and Edge browsers, ensuring a secure and compliant browsing experience.

✅ Final Thoughts

Managing Chrome and Edge extensions with Intune is more than just locking things down—it’s about enabling secure, productive work environments. With the right policies, MSSPs can help clients reduce risk, stay compliant, and empower users

🤝 How We Can Help

As a Microsoft Cloud MSSP, we specialize in helping organizations secure and optimize their cloud environments—including browser extension management via Intune. Whether you're looking to implement best practices, enforce compliance, or streamline user experience across Microsoft 365, our team can guide you through every step.