Microsoft Chrome Extensions

Do you still have users that love their Chrome? Haven’t convinced the org to switch to the new Edge Chromium? Want to make sure the user/security experience with Chrome matches the new features built into edge? Well if you do you are going to need to deploy some Microsoft Chrome Extensions. To help with that I made the below list of Chrome extensions you may want to consider deploying to your users. Let me know if I missed any you deploy?

The Best

Windows 10 Accounts

If you are using AzureAD for Authentication you are going to want this deployed to your Chrome users. With this addon deployed your users will auto be signed in to your Enterprise Apps. Additionally, if you are any device based auth from Win10 you will need this feature to pass the compliance status.

Microsoft Compliance Extension

Taking advantage of the great Endpoint DLP features offered with the MSFT compliance stack? Well if you are you should deploy the compliance extension. This gives Chrome the ability to detect what website your end-user is uploading your content to and block based on that. Without this Chrome defaults to blocking all sensitive data from transferring via the browser instead of being able to say upload to corporate SPO is allowed.

Microsoft Defender Browser Protection / SmartScreen

If you use MDE you should deploy this extension to Chrome. This gives the end-user a warning about why the page they were trying to visit was blocked. This is essentially the equivalent of enabling SmartScreen in Edge.

My Apps Secure Sign-in Extension

My Apps is an underrated extension, its primary focus is user experience. It lets you make the SSO apps readily available to your users. But also has some additional hidden benefits. The first is it makes password-based SSO available for your users, a huge win if you have a Corporate account you want available to your team. The Second is for admins it’s a great tool for debugging SAML Sign-on issues.

Deploying Via Intune

Let me pause right here and say the above 4 are the go-to extensions that I think should be deployed. The rest of the list is interesting but are more pocket scenarios that I don’t see a lot of orgs using/wanting. If you decide to use the above apps your next question should be how do I deploy this to my end-users in mass? Well for me the easiest is deploying them via Intune, I used the directions from Lucas Cantor. Ingesting the ADMX for Chrome was very easy. The force deploying of the extensions, not so much. This is because parsing the extensions into the correct form can be difficult. So if you want to deploy the above 4 here is the OMA URI you can use to save yourself some time.

<enabled/> <data id="ExtensionInstallForcelistDesc" value="1&#xF000;ppnbnpeolgkicgegkbkbjmhlideopiji;;2&#xF000;bkbeeeffjjeopflfhgeknacdieedcoml;;3&#xF000;echcggldkblhodogklpincgchnpgcdco&#xF000;4&#xF000;ggjhpefgjjfobnfoldnjipclpcfbgbhl"/>

The Rest

One Note Web Clipper

Who doesnt love OneNote? I use this extension all the time to grab parts of articles for reference later. But I dont think all my users would want this.

App Guard

App Guard is a very cool feature that you can use in Windows to Virtualize an app into an isolated container. The capability is available in Chrome with this extension. This isn’t in the above list because App Guard can be a very unwieldy deployment, that I just don’t see many orgs using.


This is an interesting one, I have used it a little and it’s nice for quickly responding to emails, But mostly i use it for quickly checking what’s coming up in my calendar.

Office Extension

Similar to the My Apps Extension, this provides a nice way to launch Word and PowerPoint. From a design perspective, this is a superior experience, I wish I could collapse the MySign ins to this one but unfortunately, it doesn’t support all the same features.

Autofill – Non Corporate

This app allows end-users to save passwords in authenticator on their phone then replay them in chrome. This is an interesting app, that I am thinking may add more value in the future. Unfortunately, this is only available for non Corporate Microsoft accounts, so accounts.