Microsoft Edge: v.140 - Improved Navigation to Extension Surfaces

🚨 The Signal: Microsoft Edge will persistently display the extensions icon and provide direct menu access to extension management. This increases visibility and ease of access to browser extensions, potentially increasing the risk of users installing unapproved or malicious extensions.

The Impact

End users are affected by increased visibility of extensions, posing a risk of installing unapproved software.

• End users: Easier access to extensions may lead to installation of unapproved software.
• Security teams: Increased risk of shadow IT via browser extensions.
• IT administrators: Potential for more support requests related to browser performance or conflicts from extensions.

The Action

1. Review and enforce Microsoft Edge extension management policies via Intune or Group Policy.
2. Communicate acceptable use policies for browser extensions to end users.
3. Monitor for unapproved extensions using Microsoft Defender for Endpoint or similar tools.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860