I recently read a really great post by Martin Bengtsson about utilizing Configuration Manager (SCCM) to force installation of the Windows Defender Browser Protection extension for Chrome. So I decided to take a different approach and deploy the extension utilizing a PowerShell script deployed through Microsoft Intune.
To learn more about the Windows Defender Browser Protection for Google Chrome please visit: https://chrome.google.com/webstore/detail/windows-defender-browser/bkbeeeffjjeopflfhgeknacdieedcoml
Windows 10 device enrolled in Intune
Let’s get started
I created the following PowerShell script to add the Defender Chrome extension as a registry entry:
New-Item -Path HKLM:\Software\Policies\Google\Chrome -Name ExtensionInstallForcelist –Force
Set-ItemProperty -path $RegKey -name 1 -value "bkbeeeffjjeopflfhgeknacdieedcoml;https://clients2.google.com/service/update2/crx"
I saved the script as a .ps1 file and added to Intune utilizing the steps below:
Name the script, upload, and save
Assign the script to a group
Sync your Windows 10 device with Intune
Sync the device with Intune
Registry Before sync
Chrome without Defender browser protection
Registry after sync
Chrome with Defender browser protection
Once Chrome is launched, the extension is automatically downloaded to the extension directory and added to Chrome.
Chrome extension directory
In addition to configuration, Configuration Manager will also perform remediation if this is something you’re more concerned with, SCCM is the best path to go currently. Again read Martin Bengtsson’s detailed post for insight on deploying and remediating for the Windows Defender Browser Protection for Chrome extension through SCCM.