Dynamics 365 / MS Dynamic CRM -Online / MS Dynamics 365 CRM (V9.1)

MS Dynamics 365 : Detect Browser Extensions/add-ons for D365/Power Apps installed on Users machine

Prashant Parkale2 Comments

What is Issue?

MS Dynamics 365 provides strong security model for data within the Dynamics 365 systems and as a organization, Dynamics 365 team works hard to set business processes by setting requirement level on columns, disabling fields on the form. But there are few extensions/add-ons available on internet for browser which changes these requirement levels and enables columns to make data change. So how to detect the users who installed these extensions on the browser?

The Reason-

These extensions are developed for development as well as operational purpose. But if this is exposed to end user, it may lead to serious data breach.

Solution-

In this case there are 2 options –

  1. Ask your organization IT team to restrict these extension to download/install into the browsers using Network Policies.
  2. Detect these extensions in Dynamics 365 and Perform some action like send notification to user for unsupported use of extension or warn the user for data security breach.

1st option will block extension for everyone in organization, so no development team or operations team will be able to download and install the extension on browser. This seems disadvantage for developers and operation teams who are responsible for customizations and data into system. Now 2nd option can help in this scenario.

Let’s see how we can detect any extension from our Dynamics 365 –

  • Identify the extension scripts –
    Every extension has some scripts to be loaded into browser , so we need to identify these scripts and its location in browser. (let’s considering chrome extension)
   var srcXYZExtension = "chrome-extension://{Extension ID}/scripts/xxxxxxx.js";
  • Detect the extension script using javascript –
    If you identified the script, try to load in the system using javascript. If it loads successfully, that means browser is having the extension installed, if it failed to load, then no extension installed on the browser.
    var s = document.createElement('script');
    s.id = srcId;
    s.onload = function () { CallSuccessMethod(srcId) };
    s.onerror = function () { console.log("js " + src + " not found"); };
    s.src = src;
    document.body.appendChild(s);
  • Now, if script is detected then do some Action –
    Example – Setting up the Global Notification in the app
   var TriggerActionObj =
    {
        actionLabel: "Learn More",
        eventHandler: function () {
            Xrm.Navigation.openUrl("https://mscrm16tech.com");
        }
    };
    var NotificationObj =
    {
        type: 2,
        level: 2,
        message: "Unsupported Extension on Browser detected for Dynamics 365 CRM! Please uninstall " + srcId + " the CRM extensions.",
        showCloseButton: false,
        action: TriggerActionObj
    };
        Xrm.App.addGlobalNotification(NotificationObj).then(
            function success(result) {
                console.log("Notification created with ID: " + result);
            },
            function (error) {
                console.log(error.message);
            }
        );

Here is the complete code-


function CheckScriptOnLoad(executionContext) {
    var srcXYZExtensionID = "XYZ Extension for Dynamics 365/Power Apps";
    var srcXYZExtension = "chrome-extension://{Extension ID}/scripts/xxxxxxx.js";
        setTimeout(function () {
            Ext_Detect(srcXYZExtension, srcXYZExtensionID, executionContext);
        }, 3000);
}
function Ext_Detect(src, srcId, executionContext) {
    var s = document.createElement('script');
    s.id = srcId;
    s.onload = function () { CallSuccessMethod(srcId) };
    s.onerror = function () { console.log("js " + src + " not found"); };
    s.src = src;
    document.body.appendChild(s);
}

function CallSuccessMethod(srcId) {
    var TriggerActionObj =
    {
        actionLabel: "Learn More",
        eventHandler: function () {
            Xrm.Navigation.openUrl("https://mscrm16tech.com");
        }
    };
    var NotificationObj =
    {
        type: 2,
        level: 2,
        message: "Unsupported Extension on Browser detected for Dynamics 365 CRM! Please uninstall " + srcId + " the CRM extensions.",
        showCloseButton: false,
        action: TriggerActionObj
    };
        Xrm.App.addGlobalNotification(NotificationObj).then(
            function success(result) {
                console.log("Notification created with ID: " + result);
            },
            function (error) {
                console.log(error.message);
            }
        );
}

Our script is ready. But how to use it? where to add this?

You can update the Application Ribbon of your Dynamics 365 Organization.

Add the hidden button on SubGrids/Home grid and add the custom enable rule. Call “CheckScriptOnLoad” function on enable rule of the hidden button. In my case I have added it on form’s ribbon on Application Ribbon.

Once Ribbon is published, reload the Dynamics 365 organization. On navigating to any table/record form, If extension is installed/enabled then it will show Global Notification, else no notification will be displayed.

Screenshot from my Organization-

When Extension is Enabled/Installed
When Extension is Disabled/Uninstalled

And it worked. Yay!!

Hope this will help…
Enjoy MS CRM!!!

Follow on Facebook- FB: MSCRM16Tech

2 thoughts on “MS Dynamics 365 : Detect Browser Extensions/add-ons for D365/Power Apps installed on Users machine

  1. Excellent implementation, this is a security threat for any organization.
    If we want to take it furthermore to share information with the IT team using the AZ HTTP function and calling that function from a hidden button as in this example, the AZ function can perform actions like informing IT Team via email or adding defaulted users to a list and send email to all the users at once.

    Like

    Reply

Leave a comment