Recently, Microsoft announced an “extension” as part of an update to its Office 365 ProPlus software that automatically forces company-wide Chrome and Firefox search engine defaults to Bing search, from what is, more than likely, Google. Because of the expected backlash, Microsoft reversed, at least at bit.

The extension will automatically seek out installations of independent browsers (through network and local device file systems) in order to edit configuration files outside its own software ecosystem.

Microsoft, in a halfhearted reversal, is going to compromise with modifications that comply more with administrators’ wishes to make the extension optional, rather than mandatory. Because of this, it will result in a timeline delay. Instead of automatically changing the default search engines for Chrome and Firefox to Bing, administrators will have to opt-in for it to do so. Actions will initially be limited to only Active Directory joined devices.

Basically, the extension won’t act like a worm that traverses the whole network looking for vulnerable computers, until sometime “in the future.”

In the future we will add specific settings to govern the deployment of the extension to unmanaged devices. 

Microsoft

Although it’s understandable that Microsoft would do this when you consider what is often done in tandem with an organization’s rules, but it’s still a bit troubling this would happen at all. We get that IT infrastructure setup ad maintenance requires super-user levels of control over software installation and configuration settings.

The issue is when organizations aren’t as restrictive, allowing users to install Chrome and Firefox, instead of limiting them to using Microsoft Edge or older versions of IE.

No matter how convenient the ability is to search for docs and refs from share drives and Microsoft applications through Chrome and Firefox default search is, users of these browser choices should have the right to do that through company resources and manage search defaults on their own.

There are some organizations that are very restrictive and requires secure access to sensitive information by authenticated staff and have “overlord” control over networked machines. This is a vital component of IT systems operations. In this situation, it’s normal to disallow software installations in begin with.

Having security incidents can be increase when browsers search with Microsoft in Bing accesses network resources. In this case, administrators need to be careful when considering these kinds of applications. They didn’t ask for the features new extension provides. They view the move as a marketing move.

It’s when users are allowed to install programs that policy and operations should be less impinging. Forcing a change in default search settings to Bing (while providing only last-minute instructions for admins who have to take action to prevent the extension from executing) isn’t a very good way to introduce a controversial procedure in Office 365 setup.

SourceDetlef Johnson