search cancel

Incident Unkown URL

book

Article ID: 254204

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

In some environments, or scenarios, it may be necessary to deploy the DLP Edge extension with a Group Policy. This especially applies to environments where other Edge extensions are already managed with GPOs due to GPO precedence over LGPO which is the default method used to deploy the browser extension by the Endpoint Agent.

Environment

15.7, 15.8, 16.0

Resolution

1. If not done before, download and install the latest Microsoft Edge policy template from the link below on your domain controller, or a workstation with RSAT:

Configure Microsoft Edge for Windows with policy settings | Microsoft Learn

2. Once done open Group Policy Management

3. Edit an existing Group Policy, or create a new one

4. Based on how you want the policy to be applied navigate to User/Computer Configuration -> Policies -> Administrative Templates -> Microsoft Edge -> Extensions, right click on "Control which extensions are installed silently" and hit "Edit"

Note: If Microsoft Edge is not present in the Administrative Templates review the installation process.

Configuring the GPO will create an ExtensionInstallForcelist policy for Microsoft Edge. More on the policy can be found here:

Microsoft Edge Browser Policy Documentation | Microsoft Learn

5. Enable the policy by marking the "Enabled" box, then click on the "Show..." button.

6. Obtain the ID of the Edge Extension from the following article:

DLP Agent Chrome and Edge browser extension management (broadcom.com)

At the moment of wring the ID of the Edge Extension for all DLP versions is lgliocaeggimgcpgbbejhdnbmajgaiii

7. Enter the ID of the extension into the Value field, hit OK and then Apply.

8. The policy should be effective with the next gpupdate on the workstation within the organization.

Attachments