Microsoft Edge: v.145 - Adding protection against malicious sideloaded extensions

🚨 The Signal: Microsoft Edge will now automatically detect and disable malicious browser extensions installed outside the official store. This enhances protection against malware and supply chain attacks via compromised extensions.

The Impact

All Edge users are affected, with a reduced risk of malware infection and data exfiltration from malicious extensions.

• End Users: Reduced risk of malware from sideloaded extensions.
• Security Teams: Improved endpoint security posture and reduced incident response burden.
• IT Admins: Fewer user-reported issues related to browser extension malware.
• Compliance Officers: Enhanced adherence to application security controls.

The Action

1. Review existing Microsoft Edge extension policies for any custom sideloading requirements.
2. Communicate to users about the enhanced protection and the importance of using official extension stores.
3. Monitor Microsoft 365 Defender alerts for any detected malicious extensions.

Domain: M365-Apps · Impact: high · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860