Browser extensions assessment in Microsoft Defender Vulnerability Management

Applies to:


To use this feature you'll require Microsoft Defender Vulnerability Management Standalone or if you're already a Microsoft Defender for Endpoint Plan 2 customer, the Defender Vulnerability Management add-on.

This browser extension is a small software application that adds functionality to a web browser for use with Microsoft Defender Vulnerability Management. This extension provides your security team with visibility into installed browser extensions to help ensure the safe usage of extensions in your organization.

The Browser extensions page displays a list of the browser extensions installed across different browsers in your organization. Browser extension details are collected across all the users that exist on a specific browser. For each installed extension, per browser, you can see the devices it's installed on, the users who installed it, and whether it's turned on or off on a device.

The information available helps your security team learn about the installed extensions, and use that information to make decisions on how you want to manage extensions.

View your browser extensions

  1. Sign in to the Microsoft Defender portal.

  2. Navigate to Endpoints > Vulnerability management > Inventories, then select the Browser extensions tab.


Browser extension assessment is only available on Windows devices. Only extensions that exist in Microsoft Edge, Chrome, and Firefox, appear in browser extension list.

The Browser extensions page opens with a list of the browser extensions installed across your organization, including details on the extension name, browser, the number of devices the extension is installed on, and the number of devices with the extensions turned on.

Screenshot of the Browser extensions tab

You can use the Browser filter to view the relevant list of extensions for a particular browser.

The Requested permissions and Permissions risk columns provide more specific information on the number of permissions requested by the extension, and the permissions risk level based on the type of access to devices or sites it requested.

Select a browser extension to open its flyout pane, where you can learn more about the extension:

Screenshot of the Browser extensions details pane

Where applicable, there's a link available on the flyout pane to access the extension in the store it was installed from.

Browser extension permissions

Browser extensions usually need different types of permission to run properly, for example, they might require permission to modify a webpage.

Select the Permissions tab, from the browser extension flyout pane, to see information on the permissions the browser extension needs to run, and whether this permission is optional or not.

Screenshot of the Browser extensions permissions page

The permission risk level generated is based on the type of access the permission is requesting. You can use this information to help make an informed decision on whether you want to allow or block this extension.


Risk is subjective. Each organization should determine the types of risk they're willing to take on.

Select a permission to see a further flyout with more information.

View installed devices

To see the list of the devices the extension is installed on, choose the Installed devices tab from the browser extension flyout pane:

Screenshot of the Browser extensions devices tab

From here, you can search for a particular device the extension is installed on, and you can export a list of the devices to a csv file.

View extension versions

Select the Extension versions tab, from the browser extension flyout pane, to see information on the versions of the extension installed in your organization.

Screenshot of the Browser extensions versions tab

View extensions users

Select the Users tab, from the browser extension flyout pane, to see a list of users who installed the browser extension.

Screenshot of the Browser extensions user tab.

Browser extensions on devices

You can also view a list of extensions installed on a device:

  1. Select the device from the Installed devices tab in the flyout pane and select Open device page or select the device directly from the Device inventory page.

  2. Select Inventories and then Browser extensions to see a list of extensions installed on that device.

    Screenshot of the Browser extensions in the devices page

Browser extension APIs

You can use APIs to view all browser extensions installed in your organization, including installed versions, permissions requested, and associated risk. For more information, see:

Use advanced hunting

You can use advanced hunting queries to gain visibility on browser extensions in your organization. Find details about the browser extensions installed per device in the DeviceTvmBrowserExtensions table, or browser extension related information, including extensions permission information in the DeviceTvmBrowserExtensionsKB table.