Microsoft defender for cloud apps is not allowing Chrome Plugins

Copper Contributor

MCAS is not allowing Chrome Plugins

Hi All

I have enabled Microsoft Defender for cloud apps for a Salesforce instance.

We were using a Chrome plugin called "Salesforce Inspector".

Plugin URL = https://chrome.google.com/webstore/detail/salesforce-inspector/aodjmnfhjibkcdimpodiifdjnnncaafh?hl=e...

After enabling the MDCA policy on the Salesforce instance, the plugin is not visible. MDCA blocks plugins, so how can we allow the legitimate use of plugins on our instance? 

3 Replies
Hi - I don't think Defender for Cloud Apps has any influence over locally Installed Browser Plugins. What I find far more likely is that this Plugin is unable to Handle the New Flow of Information, since it cannot talk directly to salesforce (It tries to use the Authentication Cookie from your browser to talk directly to Salesforce, which most likely clashes with either Entra ID Authentication or the Redirection to MDCA).

i tried to exclude the logged admin user from the entra id conditional access policy and the extension worked indeed ......... i have been thinking that i may use service account and exclude from the Conditional Access policy

what i mean that defender for cloud apps acts as a reverse proxy between the salesforce inspector plugin and salesforce cloud application ......... and as i think the url of salesforce changes when using mcas as reverse proxy .

The URL Changes, correct. I agree with the general sentiment that if you need the plugin you can't use salesforce through MDCA -
However I'm not certain a non-personal Account is the way to go here, except if you then use that account to track users in a different way (Think session recording of some sort). If you provide a way to bypass MDCA to a group of Users you might as well create an exception for them - but up to you.